Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analysis: Browser Security


Default assumption: Browsers are insecure. If we had a dollar for every flaw we've seen exploited--repeatedly--that let malware overrun our networks, we might have enough to cover cleanup efforts. Last year, 51 exploits targeted poorly designed ActiveX controls alone, according to Symantec. That's up from just 15 in 2005. Yes, ActiveX is off in Internet Explorer 7 by default, but if your end users need Adobe Reader or Flash functionality, you're back in the line of fire.

And users want every scrap of functionality. Information workers have made Web browsers the workhorse for knowledge exchange. Gartner estimates that demand for software as a service will grow more than 20 percent every year through 2010, and in our own recent SOA/Web services reader poll, nearly 80 percent of respondents said their enterprises currently use Web services--yet fewer than half secure both internal- and external-facing services (for more on SaaS, see our cover story).

Can IT resolve this dichotomy?

As with liberty, the price of Web browser security is eternal vigilance ... and a risk-management strategy, and attention to advances in security capabilities, and end user education, and strong centralized management.

  • 1