Malware on the web has exploded in recent years. Malicious organizations and users have moved from the Windows operating system as their main target to the web, and that with great success. When you look at the operating system in past years, you will notice that Microsoft has improved the security of it considerably, thanks to automatic updates and additional free security tools.
There are two main attack vectors on today's Internet. First the programs that users make use of to connect to websites, and second user ignorance, carelessness and lack of security sense.
Inexperienced users fall prey to attacks at a much higher rate than experienced users. Even commonly known best security practices, like making sure that an Internet browser is updated when the developer releases a new security patch, are often run in a time frame that is giving attackers ample time to exploit already fixed issues.
But it is not only the technology that is making attacks successful. It is also the users. Phishing for instance has been a problem for more than a decade on the Internet. One would think that users would learn to identify phishing emails by now, but that's not the reality. People fall for phishing attacks on a daily basis. This article would go too far to look at the root causes for this, but it is likely that ignorance plays a large part in this.
Lets go back to the browser for a moment. Most users know that they have to upgrade the browser when a new version comes out. Most browsers come with automatic update checks and installations these days. Only Google Chrome updates without user interaction, the other browsers, at least for now, display the update notification and give the user the option to run the update. If users opt out, they leave their browser insecure if the update fixed security issues.
Do you want to know how your browser compares to others? Sites like Browserscope allow you to run tests and compare the results with other versions of the same browser and Internet browsers from other companies.
Lets assume you have updated your browser to the latest version, and that you generally update the application immediately when a new version comes out.
You are secure now, right? Nope, you are not. Why? Because it is not only about the browser software. Browsers make automatic use of other applications, commonly called plugins. Popular plugins like Adobe Flash, Microsoft Silverlight or Java are attack vectors as well, and successful ones too.
If you fail to update the plug-ins that are enabled in the browser, you are still prone to attacks. That's why companies like Mozilla have started to integrate plug-in checks into the browser to inform the user about updates.
But you are secure when you update your operating system, browser and plugins whenever they are updated, right? Wrong again. Two attack vectors remain. First the user and second software vulnerabilities that have not been discovered or fixed yet. (There are actually more if you consider the local network as well. The computer could have a virus for instance that could render all browser security pointless. Another vector are local area network attacks)
A browser cannot help a user who enters credit card number, verification code and social security number in a web form on a site like paypal.com.sxrixxree.cn. Browsers could block the web address if it has been previously identified as a phishing website, if it was not, it is up to the user to come to that conclusion.
Browser developers are trying to automate security as much as possible, especially for users who do not know a thing about it. But even with all that automation, it boils down to the individual user in the end. Tech savvy users know that everyone should have at least a basic understanding of security to avoid the dangers on today's Internet. The reality on the other hand looks grim, and it does not look like it is going to change anytime soon.
How do you cope with the dangers on today's Internet? Do you try to educate family and friends, or have you given up on that?
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.