A study from the Swiss Federal Institute of Technology, Google and IBM says more than 600 million Internet browsers were at risk this year. "Insecure Web browsers are of course a critical security problem," the report noted. "But vulnerable plug-ins that are accessible (and exploitable) through the Web browser extend the 'insecurity iceberg' and form the part hidden below the water surface." The report says browsers need to have auto-update mechanisms that are enabled by default and that cause minimal disruption to users. Though Microsoft's Windows auto-update service includes Internet Explorer, patches are released less frequently in comparison with Mozilla's Firefox, which "can result in a lower short-term patching effectiveness," it said. Auto Updates Dave Marcus, McAfee's director of security research and communications, thinks the report is on target about browser and plug-in vulnerabilities. But he added that Microsoft's current method of conducting updates in a controlled manner makes better sense. "I can certainly understand why they are recommending auto updates, but that's always going to be problematic to enterprise environments, which have a lot of customized applications so you can theoretically break something," Marcus said. He also warned that malicious scripts are increasingly being embedded into hijacked Web sites. McAfee's technology "can actually evaluate pages and scan for those scripts to be sure they are not ...
Anytime
