Quote:
Originally Posted by Ignitionnet
To be honest more often it's Java vulnerabilities and other plug-ins that are the problem rather than IE or any other browser per se.
A malware escaping the JRE sandbox is bad whichever browser the JRE is running through.
|
That's one thing people forget.
It's easy to blame Windows (or any OS) or any particular browser because these have produced lots of attack vectors in the past. But, Microsoft, Apple, the various Linux maintainers, and the browser manufacturers have all spent a lot of time and money over the last few years hardening the security on their code. They've experienced the problems and have worked to solve them.
As such, it's often easier for the bad guys to attack other software (something made easier by the fact that software that really doesn't need it is demanding network access now). The companies behind this software haven't had the problems to do with, so probably aren't prepared for them. At the moment, browser plugins and Java are being attacked and I think both Adobe and Oracle are working hard to improve the security in their products as a result. Neither are quite there yet, but it took the OS manufacturers a few years to get their act together.
I don't know what the next attack vector will be but I suspect it'll be other devices (such as smart TVs) that are suddenly wanting internet access as the companies behind these may not have a lot of experience of developing secure software. Or they may not be willing to spend the cash required to update old devices. Think about that. Microsoft have not long stopped patching a 13 year old OS. How many devices do you know of that receive updates beyond a year or two after release, if they receive any at all (I have an old Philips Freeview box that I bought when Freeview launched and it has never received a software update).