New
#1
An interesting read John. Thanks. By the way I much prefer your new avatar.
Always thought the old one was a bit creepy. Mind you I've never seen the movies:)
Protecting Browsers with Defense In Depth Techniques
-
-
Posts : 8,375 W7 Ultimate x64/W10 Pro x64/W11 Pro Triple Boot - Main PC W7 Remote PC Micro ATX W7 Pro x64/W11 ProNew #2
Sad news for DEP in IE 8! I just ran into one article on DEP being breached at Computerworld. Hacker busts IE8 on Windows 7 in 2 minutes
The part about being invulnerable forever is actually an understatement since this had been in no time. FFF 3.6 saw the same breach as well showing any browser is subject and why you still tend to need additional layers of protection inplace!
-
-
Posts : 8,375 W7 Ultimate x64/W10 Pro x64/W11 Pro Triple Boot - Main PC W7 Remote PC Micro ATX W7 Pro x64/W11 ProNew #4
I often give Opera or Chrome even an edge being two rather new browsers over IE and FF but still no guarantees there either! They just happen to have been out for less time where the percentages are lower.
The big lesson however is never being overconfident about anything! Sooner or later... it's only a matter of time.
-
-
-
Posts : 8,375 W7 Ultimate x64/W10 Pro x64/W11 Pro Triple Boot - Main PC W7 Remote PC Micro ATX W7 Pro x64/W11 ProNew #7
For a long time people switched to and recommended FF over IE 6 since that was full of security holes until more recently it became just as much a target for malwares as IE! The other two browsers mentioned once they have grown in popularity will suffer very much the same fate.
A recent report indicated Opera seeing only 6% while IE and FF were taking the bulk of hits won't stay that low on the percentage scale for long. Even with the MS Security Essentials being favored as an added local protection things will eventually get by undetected there too.
MS now has a take a serious look at improvements for IE 9 which will likely be seeing the beta out late this year as far as improving it's filters. It's a competition however between MS, Mozilla, and other browsers against the malware writers to start with! The typical user has to remain sharp or get caught up in the middle.
Protecting Browsers with Defense In Depth Techniques
Posted: 26 Mar 2010
More...Posted on half of Pete LePage on the Internet Explorer team.
Protecting Windows customers is an absolute priority for the Internet Explorer engineering team. That's why we work hard to make sure our browser has some of the best safety and privacy features available today. We've spent a lot of time talking about some of the more visible safety and privacy features like our SmartScreen Filter, that protects users from socially engineered malware and phishing attacks; or the InPrivate features that put you in control of how you share your information.
But there are a number of other features that aren't as visible and help prevent vulnerabilities from being exploited, though some are only available on newer platforms like Windows Vista or Windows 7. For example, Protected Mode helps ensure exploited code cannot access system or other resources. Address Space Layout Randomization (ASLR)helps prevent attackers from getting memory addresses to use in buffer overflow situations. Data Execution Prevention (DEP) helps to foil attacks by preventing code from running in memory that is marked non-executable. These defense in depth protections are designed to make it significantly harder for attackers to exploit vulnerabilities.
One way to think about what defense in depth techniques do is similar to the features offered by fire-proof safes that make them last longer in a fire. Without defense in depth techniques, a fire-proof safe may only protect its contents for an hour or two. A stronger fire-proof safe with several defense in depth features still won't guarantee the valuables forever, but adds significant time and protection to how long the contents will last.
Recently, there has been some news from some security researchers about how they've managed to bypass DEP or ASLR in Internet Explorer (and Firefox as well). But like the fire-proof safe example above, defense in depth techniques aren't designed to prevent every attack forever, but to instead make it significantly harder to exploit a vulnerability. Defense in depth features, including DEP and ASLR continue to be highly effective protection mechanisms.
Internet Explorer 8 on Windows 7 helps protect users with all of these defense in depth features, and there is nothing that you have to do to enable them - they're on by default. That's one of the reasons why we encourage users to make sure they're running the latest and most up-to-date software.
Quote
Related Discussions