German Government advice on web security not optimal

Trusteer says German Government advice on web security not optimal

by Michael Smith (Veshengro) (with material from Eskenzi PR)

London, January, 2009 – Reports that the German government has advised Internet users not to use Internet Explorer may not be the optimum solution to the problem of Web browser security, says Trusteer, the customer protection company for online businesses.

"The German government appears to be taking a knee-jerk reaction to reports that hackers have been exploiting an IE security weakness, but the problem is that, even if users switch to another Web browser, they are still likely to encounter similar potential security problems,” said Mickey Boodaei, Trusteer's CEO.

"What is really needed is a high security - but light-weight – browser security service that creates a secure environment between the users' keyboard and the Web site, so preventing man-in-the-middle, man-in-the-browser, phishing and similar attack methodologies," he added.

According to Boodaei - whose company has a number of prestigious banking clients whose customers use the firm's security technology to protect their online banking sessions - the German saga is in danger of descending into a war of words between the regulators and Microsoft, leaving Internet users to fend for themselves on the security front.

Browser vulnerabilities will keep cropping up, and as such the concept of perimeter defense for the consumer's PC are not realistic. The German government, he said, should really be working to help Internet users make their Web banking sessions more secure, rather than steering users towards alternative browser software which may also have its fair share of security vulnerabilities.

The problem, he explained, is that most Web browsers have vulnerabilities, in the same way that a regular telephone handset has potential for eavesdropping. What is needed is a technology - which is already available in the marketplace - to make the communication session more secure, rather than simply advising users to switch devices.

Trusteer's CEO went on to say that most of the vulnerabilities that his company hears about are discovered by researchers and then patched by the vendor, before being published. The problem is that, however, just like white hat security researchers, criminals have their own research activities and they find vulnerabilities which obviously they don't share with the vendors. And, he says, when they start exploiting one of these vulnerabilities, this is when it becomes a zero-day attack like the one used with Google.

"It's against this backdrop that we think Internet users need to understand that Firefox is actually not more secure than Internet Explorer. There are no significant architectural differences between the two browsers that would make Firefox less vulnerable," he said.

"Owing to its higher market profile, IE is tested more than other browsers by both the security and the criminal communities, resulting in more vulnerabilities being discovered. It's therefore important that the regulators understand this, and advise users accordingly," he added.

“If the German Government is advising on browser security will they next be telling Germans that they should not use adobe or flash as there are inherent risks and vulnerabilities in many widely used programs not just internet explorer?” he concluded.

For more on the German government IE advisory: http://bit.ly/72MdGW

For more on Trusteer: http://www.trusteer.com

Rapport from Trusteer is a lightweight browser plug-in plus security service that acts like a vault inside the browser and prevents redirection of user information to fraudulent websites. It protects personally identifiable information (PII) and Web pages from unauthorized access and theft while users are accessing sensitive Web sites. Trusteer also offers in-the-cloud reporting services where unauthorized access attempts detected by Rapport are analyzed by fraud experts who provide actionable intelligence to financial institutions.

Trusteer enables online businesses to secure communications with their customers over the Internet and protect PII from a user's keyboard into the company's Web site. Trusteer's flagship product, Rapport, allows online banks, brokerages, healthcare providers, and retailers to protect their customers from identity theft and financial fraud. Unlike conventional approaches to Web security, Rapport protects users' PII even if their computer is infected with malware including Trojans and keyloggers, or is victimized by pharming or phishing attacks. Trusteer is a privately held corporation led by former executives from Cyota/RSA Security, Imperva, and NetScreen/Juniper. For more information visit www.trusteer.com.

Personally, I must say that some companies are rather disingenuous when they make claims about Firefox being no more secure than Internet Explorer. The truth, from experts and normal users, is that Firefox is much more secure, and even more so if and when certain kinds of free and open-source plug-ins are being provided, installed and used.

Too many vendors, and this can be seen again and again, are too much in the pockets of the people in Redmond and cannot not, therefore, be seen as unbiased and neither are they. Rather the opposite and this can be seen time and again and in many different situations.

This is the same when the attacks are being led by many such vendors and companies against Open Source software, whether they be operating systems such as Linux, or simply applications such as Open Office, the GIMP and others. Understandably, in a way, as most Open Source, if not indeed all, is free at the point of take up. Something that those who make a living from writing software for a fee and selling proprietary software are dead against, it would seem, and hence the negative attitude.

Yes, there are problems with other browsers too and with Open Source software, including the likes of Ubuntu Linux and others but maybe the proprietary software vendors and companies might like to remember that it took just a few seconds for hackers to crack the latest Apple OS not so long ago, a couple of minutes for Vista but had to give up after a number of days on Ubuntu.

I rest my case.

© 2010