REDMOND, Wash., March 17, 2006 — The Web browser is the most ubiquitous desktop application in the computing world. Whether it’s at home or at work, just about everyone uses one. Using the Web browser is the number one daily activity for business users to conduct research and access company applications.
Because of this indispensable role, there is a unique and demanding set of security issues associated with the use of a browser, which IT professionals, companies and individuals alike should be aware of. Combined with the open linking and click-through nature of the Web, there are ample avenues of attack for delivering all kinds of malicious software via the browser.
With new attack vectors being uncovered every day, it is critical for IT professionals to understand the basic issues of browser security, so they can understand and assess the potential impact of an attack on their users, and be prepared to deploy updates and take other proactive steps to help reduce risk.
During this month’s Security360 webcast, hosts Mike Nash and Amy Roberts will discuss the broad issue of browser security, address challenges associated with it, and recommend strategies and technologies to best protect any organization’s networking infrastructure from malware and other attacks prevalent with use of the browser.
Nash and Roberts will be joined by guests Michael Howard, senior security program Manager at Microsoft; Mark Russinovich, senior contributing editor for Windows IT Pro and chief software architect for Winternals Software; Joe Wilcox, an analyst with Jupiter Research; Mike Reavey, security program manager at Microsoft; Ron Chamberlin, former senior PC support specialist and lead of Security Group-Technology at Simmons College in Boston; Dean Hachamovitch, general manager of Microsoft’s Internet Explorer team; and Dr. Bill Hancock, executive vice president of the Commercial Business Division for SecureInfo.
As with every Security360 webcast, the hosts will conduct a lively roundtable discussion, present a checklist of recommendations and resources, and give the audience an opportunity to participate in a live question-and-answer session.
During the show, guests will provide tips and best practices on policies, processes and user education, which can help provide any organization with a safer computing experience.
Nash and the guests will discuss tools and techniques to help customers increase the security of the browser, including security enhancements in the upcoming release of Microsoft Internet Explorer 7, the first browser completely developed under Microsoft’s Security Development Lifecycle, which is designed to make security a priority from product conception to upgrade.
“Security is a critical issue for all browsers,” says Dean Hachamovitch, general manager of Microsoft’s Internet Explorer team. “Microsoft incorporates security concerns into the design phase on all of its products, and with Internet Explorer 7, we paid particular attention to addressing not only known threats but also creating a foundation that is capable of adapting to protect users from new attacks in the future. Make no mistake, Internet Explorer 7 is a more secure browser from the foundation on up.”
Expected out later this year, Internet Explorer 7 offers several new features to improve security across two main areas: malware protection and personal data protection. During the Solutions roundtable on Tuesday, Hachamovitch and other guests will discuss some of those features in more detail.
“I’m excited about Internet Explorer 7,” says Chamberlin. “It has a great anti-phishing tool in it.”
Other critical issues on the docket include user education policies, and how those are changing in light of the fact that boundaries between home and workplace computing are rapidly being blurred, because today’s work force is more mobile.
“It used to be that the corporate network was totally separate from the home,” says Jupiter’s Wilcox. “Now we have a commingling of network roles, of devices, of technology, and of user behavior, and all of that increases the attack vectors open to hackers.”
According to experts, that phenomenon makes it especially important to implement security that goes beyond the network perimeter. This means changing user behavior through education, and just as important, keeping the browser secure and updated.
According to Microsoft’s Reavey, uptake numbers for Microsoft’s Windows Update and automatic update programs show that more and more consumers are taking steps to protect their PCs. In addition to using automatic updates, Microsoft also recommends, at a minimum, using a firewall and up-to-date anti-virus and anti-spyware software.
“Those three things will help defend against most broad-based attacks,” says Reavey. “Certainly more consumers out there need to see that message.”
According to Roberts and the guests, the more companies reach out and educate their user base, the better off we all will be.
“Increasingly, the big target for hackers today is not the network, it’s the employee,” Roberts says. “Most workers, after all, are also consumers, and they switch roles at multiple points throughout their day. That’s why we think it’s important that companies play a major role in helping us all be more secure on the Web. What workers learn about security at their company, they’ll take home—and that benefits all of us.
“That’s why this month we’re going to take a look at some things they can do, both from a technology and a human perspective, to help ensure that their users are safe on the Internet, whether they’re working or just having fun.”