Chapter 8. The Security Dangers in Browsers

One of the greatest security threats on the Internet attacks a piece of software you most likely use more than any otheryour web browser, such as Internet Explorer or Firefox.

Increasingly, web browsers have become a primary way that hackers invade people's PCs. Hackers use browsers as a way to get into people's systems or install malware such as spyware or Trojans when someone visits a website that contains this type of attack.

Browser-based attacks have become more common over the last several years for a number of reasons. One is that computers have become more secure over time. Today it is standard for people to run antivirus software, and sometimes antispyware as well. In addition, people run firewalls that protect them from attacks. Hackers have been looking for new methods of attackand browser-based attacks are a convenient one.

A second reason is how ubiquitous web use has become. Virtually anyone with a computer connects to the Internet and browses the Web, so there is a huge potential number of readymade targets.

Internet Explorer is the target of far more attacks than any other browserin fact, far more than all other browsers combined. It's a primary target due to the sheer ubiquity of the browser, which is used by the vast majority of people who use the Internet. But it's also a target because it has more security holes than other browsers, such as the use of a technology called ActiveX, which is used to download and run software inside a browser.

Additionally, unlike other browsers, Internet Explorer is directly tied into Windows. If you can successfully attack Internet Explorer, you can use it to attack Windows and an entire computer. Other browsers, such as Firefox, are not tied directly to the operating system.

There are many ways to attack a computer via the browser. In one common exploit, malware such as spyware or a Trojan is downloaded via the browser without a user's knowledge. In a similar attack, the user agrees to download a piece of malware, thinking that it is a useful piece of software.

One thing all browser-based attacks have in common is that they start with a visit to a website. In some cases, the website is run by a hacker who uses the website to launch attacks. In other instances, a hacker has been able to invade a website and plant malicious software that attacks browsers that visit the site.