Google's Chrome browser may not have market share to compete with Firefox or Internet Explorer, but it's moving forward nonetheless. Soon it will even have the one feature that was requested by more beta testers than any other: an extension mechanism.
According to a page on Google's site, a future version of Chrome will support a variety of extensions; it's just not clear how they will be implemented yet. Among the goals cited are support for download managers, mash-up extensions, and my own personal favorite, ad blockers. Even industry-standard NPAPI plug-ins will be supported, if all goes according to plan.
But if you believe Eric Lawrence, the security program manager for Microsoft's Internet Explorer, that might not necessarily be a good thing. According to Lawrence, as Web browser software matures and the browser market broadens, the browser itself becomes a more difficult target for malware authors. It's too hard to reach a mass audience if you go that route. Instead, Lawrence says, today's attackers are targeting plug-ins.
Kettle, learn from pot
Initial reactions to Lawrence's comments during a Black Hat Webcast ranged from skepticism to outright derision. After all, who should have less to say about security vulnerabilities in browser components than Microsoft? ActiveX is arguably the most egregious security flaw ever to be intentionally introduced into a piece of software. Why should attackers go to the trouble of breaking a window when they can just walk in the front door?
But the intense scrutiny and criticism that ActiveX has weathered over the years has actually done the technology some good. ActiveX attacks persist, but they mostly rely on older versions of Internet Explorer that lack security improvements introduced in IE7. Meanwhile, other, less obvious targets have become the victims of more recent exploits.
For example, in 2007 security researchers demonstrated how sending a malformed PDF file to the Adobe Reader plug-in could cause a browser to execute mandatory JavaScript code. Another Adobe Reader flaw left browsers open to cross-site scripting attacks, and a similar vulnerability plagued the Adobe Flash plug-in earlier this year.
This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.
Download now »
Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.
Download now »
The emergence of WLANs has created a new breed of security threats to enterprise networks.
Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation
Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.
Download now »
Sign up to receive InfoWorld Resource Alerts
31 Recommendations
