Threat Center Security News Prevention-based technology answer to browser holes, says expert
Prevention-based technology answer to browser holes, says expert Print E-mail
Written by Rebecca Mints   
Wednesday, 18 March 2009 01:02

There can be a permanent solution to the recurrent flaws and threats to security that had been discovered in many browsers, including the most popular Internet Explorer.

This is according to COMODO CEO and chief security architect Melih Abdulhayoglu who analyzed the security threats recently found in Opera, Mozilla and IE.

Abdulhayoglu, an electronics engineer from Bradford University, believes in the proverbial saying “prevention is better than cure” as he explains why there is no foolproof guarantee that a browser is ''safe” given that “all software is a work in progress.”

“Browsers are meant for you to browse. Not to secure your computer. Not to protect your files against prowlers on the Web. Not to stop attacks from sundry viruses and Trojans. While all browsers have some forms of protection built in today, no one can rely totally on the default security attributes,” he said in his column recently published on SecurityFocus.

“Security patches are effective only when they are made available to the user quickly. Disabling certain features in your browser, such as Javascript and ActiveX controls, will only limit your browsing capabilities. Regulating user behavior by blocking access to certain Web sites or monitoring downloads merely sidestep the issue. Regular operating-system and antivirus updates, using the latest browser version, and installing anti-spyware programs should be standard operating procedures, but are merely reacting to the threat,” he adds.

Abdulhayoglu recommends that browser developers and software vendors step to a “prevention-based technology” rather than come up with mere remedies.

“PC security must be based on prevention. A safeguard mechanism will ensure that prospective intruders are kept permanently at bay, regardless of the browser. The solution therefore lies in moving away from traditional detection-based software and stepping up to a prevention-based technology,” he says.

To explain his theorem, Abdulhayoglu likened 'prevention-based technology' to vaccination.

“Vaccination is an established and permanent method of preventing diseases by strengthening the body’s natural defenses against the causal elements. The solution lies in eliminating the threat by shoring up the immune system and creating a wall of defense, and not in just managing the symptom...The same principle applies to Internet browsers,” he said.


WTW Threat Level