The Internet is growing. With the steady rise of the number of users from emerging markets getting computers and joining the online world, opportunities abound for the bad guys to launch worldwide attacks. Some of these attacks target specifically these new markets and use password stealers and social engineering techniques. However, there is still a vast range of attacks that targets users through the Web browser.
In general, people tend to be confused when it comes to online security. They read security horror stories in the newspaper and they look to the operating system vendors and browser makers to make sure they are secure. At the RSA Conference 2009 Europe in London today, Amy Barzdukas, General Manager, Internet Explorer and Consumer Security at Microsoft, discussed what Microsoft is doing to improve the security in Internet Explorer 8.
The talk didn’t include technical details or upcoming defensie techniques, but focused on existing features and explored the logic behind Microsoft’s choices when it comes to implementing certain new features.
While Microsoft’s presentations are always top-notch, this one didn’t manage to convince me. Don’t get me wrong, what Ms. Barzdukas showcased does look advantageous, but the problem is that IE is still heavily plagued by security issues, and the features Microsoft talks about have a tendency not to work as advertised.
However, in recent years, Microsoft has made a notable effort and concentrated on secure development as well cooperating with law enforcement in order to prosecute cyber criminals. If this trend continues (and hopefully increases!), we might just have a product even security professionals will actually like to use.
The fact is that Internet Explorer is still dominating the browser market share so we can keep our fingers crossed that Microsoft continues to take security seriously and raises the bar for consumer protection. The desire to trust is a strong one and a company like Microsoft needs to give good advice and develop software that runs well without degrading the user experience.
Amy Barzdukas said: “We need to be relentless and focus on end users, we need to be transparent and provide them with clear choices.” I’d like to add that what they need is to hire cutting edge code hackers to make sure new versions of Internet Explorer are not prone to so many security issues. This will certainly solve some crucial problems end users face every day.