Endpoint Protection

Given the increase of malicious activity in the current threatlandscape, consumers need to be more cautious when browsing theInternet. Web browsers are now supporting an increasing number oftechnologies. The more a Web browser has to deal with, the more likelya security hole will be inadvertently coded into it. Therefore, it's nowonder attackers are targeting the growing number of vulnerabilities inWeb browsers.

Over the last six months of 2006 we have been tracking thedistribution of attacks targeting Web browsers. The results show thatMicrosoft’s Internet Explorer leads with an extremely large margin inthe number of attackers targeting it. The primary focus of attacksseems to target ActiveX controls; ActiveX controls are not strictly apart of the browser, but simply provide functionality that can be usedby the browser. This brings into question the security viability ofMicrosoft’s latest version of their popular browser Internet Explorer 7.

Internet Explorer 7 attempts to deal with these issues by disablingActiveX controls by default. Unfortunately, I am not sure that thistype of solution will work all that well in the Web browserenvironment. The problem is that disabling functionality reducesusability; things that people once did with their browser are no longerpossible. Most people are frustrated by security features that restrictusability. As a consequence, people will probably simply enable ActiveXcontrols, and then their security will likely be compromised. In theend, it is possible that Microsoft’s attempt to resolve the issue ofbrowser security will ultimately fail. For more information, please seeSymantec's Internet Security Threat Report, Volume XI.