The Internet is becoming increasingly dangerous & 39; d be, due in large part to the inherent security risks posed by viruses and spyware. In addition, applications that access the Internet as part of their normal operations may have errors in their code that allows hackers to launch attacks against & 39; computer on which these applications are being d & 39 ; execution. The security and integrity & 39; digital assets is further compromised by the rapid growth cybercrooks that threatens to design and implement large-scale hoaxes such as phishing and ID theft.
In this light, it is clear that users need a reliable partner & 39; and Security between the Web browser and Internet & 39;, which will be free of these problems and will not harmful content computer.
The invade the Web browser & 39; s & 39; industry continues to be dominated by Windows-bundled Internet Explorer, with a share of 85% of the market, but in recent years a new breed of free, more functional and resilient Mariners appeared - the most popular being Mozilla / Firefox and Opera. All have received updates from serious security to help protect against the recent scandals and the safeguarding of users online.
Internet Explorer to version 6.0, essentially the same product that was included with Windows XP in 2001. There are eighteen months, the release of Windows XP Service Pack 2 IE significantly increased security, but it has not & 39; enabled & 39; eliminating many loopholes exploited by hostile program code. V & 39; Currently, Firefox is at version 1.5, but very different from its historical development (see next section) means that & 39; it can be considered at the same level of maturity that Explorer.
Currently Internet Microsoft is preparing its next-generation browser, Internet Explorer 7.0, Qu & 39; it plans to introduce in the first half of 2006. The company said that it had & 39; l & 39; intention to make the browser more secure and hard to help protect its users against the many problems that have beset the & 39; software on years.
We, as well as users of the Internet & 39; anywhere in the world, await the final results with interest. & 39; In the meantime, we decided to make our own assessment of the safety of & 39; IE 7 (beta) and its closest rival, Firefox 1.5.
History and overview
Internet Explorer is a web browser developed proprietary graphics by Microsoft. In 1995, the company dismissed & 39; the commercial version of & 39; Internet Explorer 3.0 from Spyglass Mosaic and integrated the program in its edition of Windows 95 OSR1. Later, it included IE4 as the default browser in Windows 98 - a movement that continues to raise many antitrust questions.
Firefox is an open-source browser developed by the Mozilla Foundation, whoever is responsible may collaborate in the 39 & ; writing and the & 39; improving its program code. Mozilla is known for its rigorous approach to security, promising a bonus of several thousand dollars for a major vulnerability in the product.
Security incidents and threat response
While any browser & 39; is perfect, major security lapses s & 39; product is a little more frequently with IE that & 39; with Firefox. To be fair, Firefox has less than 10% market share and is thus a less attractive target than IE, c & 39; is probably why both security researchers focus their attention on the vulnerability of Microsoft& 39;s browser , no Firefox. Some people have argued that if the market shares were reversed, bugs in Firefox only beginning to appear on a more frequent basis, as has recently been the case with Internet architecture Explorer.
The open-source Firefox contributes to the security Global Navigator; A community of skilled programmers can spot problems more quickly and correct them before a new release is available for general use. It has been said that the response time for Firefox threat about a week, whereas it can take months, engineers from Microsoft to fix critical bugs reported by security analysts - an unacceptable situation for users who remain unnecessarily exposed to exploits (hackers) during that period.
From response to the threat of view, Firefox is clearly the winner.
Security features
Phishing safeguard
New protection against financial fraud and & 39; d & 39; identity theft has been incorporated into the new IE. A so-called phishing filter " " now appears on the Internet Options menu, which aims to protect users against the disclosure of private information & 39; involuntarily to unauthorized parties. Here& 39;s how it works:
If a user visits a site of mystification that looks exactly like a genuine one - usually as a result of clicking on a link in a fraudulent e-mail - the browser detects a phishing attempt and compares the site to The list of known phishing sites. If the filter finds the site is a phishing culprit, it blocks the & 39; access to the site and informs the user of & 39; danger of letting his personal details on sites like this. The database of known phishing sites is updated regularly, and users have the option to report a phishing instant Microsoft evaluation.
We & 39; re happy to report that, even in beta, the filter looks operate fairly well, & 39; correctly identify half of the De & 39; test we visited sites phishing sites.
In Firefox, phishing protection is provided by third parties, such as extensions Safe Browsing Google (currently in beta for users based in the United States alone (see http://www.google.com/tools/ Firefox / safebrowsing / index.html), and this can be plugged into the & 39; menu.
As browser extension of additional protection against accidental phishing, the authors of the & 39; IE & 39; stated that they plan to make their products display & 39; URL for each site visited. With IE 6, & 39; this functionality is not yet available and a lot of pop-ups appeared without displaying an address in the previously non-existent address bar & 39;. Sadly, neither in the browser, we were able d & 39; reaching more than fifty percent of the ratio & 39; URL display, and we hope that this percentage will increase as the release of IE 7 approaches and Mozilla continues to work on improving & 39; its functionality in this area.
Restriction Web content
In executable of the current version of IE, Web sites suspects were free of & 39; n & 39; install almost any software that they want & 39; on Visitors " Machines. Well XP SP2 has dramatically reduced this possibility, many unnecessary add-ons and bars & 39; tools can be easily installed by inexperienced users. IE 7 should provide more protection for naive users, as it & 39; offer to run in protected mode, thus limiting the access & 39; V & 39; host OS files and settings and making these critical elements of the computer & 39; malware.
The inaccessible to default Firefox 1.5 is the availability of & 39; installed & 39; extensions and add-ons disabled; & 39; the user must manually change the settings to allow l & 39; addition of extensions & 39; The browser.
There is always a compromise between safety and functionality, but security experts always maintained that leaving websites freely launch executable code in the browser creates unlimited potential & 39; for exploitation. IE 7 will offer much greater flexibility in configuring the external code to be permitted At & 39; s run in the browser and what impact it would have on OS.
ActiveX restrictions
Aside some graphics enhancement of Web pages, in most cases ActiveX is more harmful than beneficial. lot of sites that serve as spyware and pop-up advertisements using ActiveX Scripting technology, and ActiveX Scripting & 39; in the Windows environment can be allowed to operate freely with & 39; administrator (root) privileges. Firefox 1.5 does not support Microsoft& 39;s proprietary ActiveX technology and so that the Firefox browser is more resistant against spyware infection.
In IE6, even with SP2 , ActiveX is allowed to run by default, which automatically makes IE users less protected against the threat of spyware. Over the next IE 7, it is not yet known whether Microsoft will continue this approach, but early indications at this point to be the case. This would be unfortunate, because & 39; current approach is clearly Security vulnerability.
Of course, IE users can manually disable ActiveX script on a Web site and let ActiveX be started automatically on all other sites visited. Or, conversely, they can disable Active Scripting on most visited sites and to enable it to run on a particular site. All of this can be configured under the Security tab & 39; in IE from the Options menu. however, it is unrealistic to expect & 39; s Internet novices, who need more protection, ToDo this.
Java, JavaScript and Visual Basic components
Java JavaScript and can be activated or deactivated by the two browsers. Firefox allows l & 39; user to specify permissions for the different actions of these scripts. IE 6 allows users to create a group of trusted sites to which global limitations on these scripts & 39; does not apply. In IE 7, More flexibility will be added that users toward a more customization of & 39; display web pages belonging to a particular site, it seemed Firefox d & 39; also provides greater flexibility parameters.
Internal download manager
IE & 7 39; S download manager will be revamped, and & 39; d have an option to pause and resume downloads - a feature not available with the current version. Specific actions will be defined after the end d & 39; a download, and users can view the newly-downloaded file with their anti-virus before running it. This approach is already in place with Firefox, if Microsoft is playing catch-up here.
Encryption data on protected sites
When you submit sensitive information, such as details of a transaction & 39; bank or financial institution, that & 39; it circulates in encrypted form by means of an HTTP secure & 39; (SHTTP) connection. Information is encrypted by your browser and decrypted at the reception. The new version of IE will use stronger encryption algorithms to reliably transfer your data without risking D & 39; be intercepted and deciphered by someone in transit. Cadenas An icon indicating & 39; that the user is on a secure site, will be in a place that the more obvious now, and more detailed information will be provided in order to help visitors & 39; to verify the authenticity of these & 39; Dispose of sites.
Firefox currently & 39; a more organized display of security certificates for its users, Microsoft has so clearly a room for improvement.
Updating
Both browsers are updated automatically when new code is ready. Firefox, this update days a mechanism already in place, as well as for IE 7, S & 39; it is expected that updates will be provided via Windows update technology.
Privacy enhancements
IE 7 will be given the opportunity for the user to define & 39; what flexibility private data will be saved and can be applied to different sites, users can easily remove the & 39; browsing history and other private information as passwords, cookies, information presented on a web form, download & l 39; history, and temporary files. In IE 6, these files are stored all over, and users have complained that there & 39; n & 39; is no obvious way to remove this information. Firefox already provides 1.5 This capability. Conclusion
IE 7 promises a lot of interesting security and privacy enhancements that will allow users & 39; d always be more secure. with the final users will receive a good, solid browser that, if Microsoft promises to be met, it will allow to compete in the well safety. & 39; As we have seen, Firefox 1.5 is already a role model, and it will be interesting to see what lies ahead for this talented challenger.
Igor Pankov is a Product Marketing Manager at Agnitum Ltd, the developers of Outpost Firewall PRO. free version is available for download.
Bookmark it:
No comments:
Post a Comment