EnterpriseSecurity
SecurityProNews
ITmanagement







Retiring The Browser

By Dan Morrill
Expert Author
Article Date: 2007-04-25

The time when Internet Explorer, Safari, Netscape, and Firebox as your window to the internet is just about done for. What is going to replace it?

Rich internet applications that use components of your desktop and your browser make a more complex security model.

The potential of Web 2.0 and Web 3.0 is to bring richer content to you, to enable you to do things faster cheaper and better. Itnews.com.au is running a piece where they state:
The browser might not hold its place long as the default Web interface, giving way to richer, hybrid desktop-Web apps, execs in one panel discussion said. Web browser technology won't disappear, and rich Internet applications like the Joost Internet video player are being developed on top of Mozilla's code. Source: Itnews.com.au
After playing with hybrid apps for the last week like LeapTag, Joost Beta, and trying to get my hands on Apollo (if anyone has a copy send me a note, I would love to see how it works, I missed the beta signup) to see how these kinds of processes have an impact on the two security issues that we have.

We have the Browser security setting and the Operating System security settings, while they sometimes work hand in hand; more often than not, they are actually two separate security zones in a computer. By having a combined desktop browser application, how those two security zones interact, and which default setting on them (high, medium, and low for either one) is going to be the default security setting for the final object calls and data downloads.

This complexity is going to alter how many affiliated programs work, so it will be more interesting to cut and paste from one object say Word or Open Office, into IE or Firefox using an intermediary application like something developed with Apollo, that has both on line and off line capability. Can the buffer or files be altered when they have been stored for later forwarding when the system is again on line?

There is going to be a booming business in the security implications of these kinds of hybrid applications, and how they use both memory and disk space (can I pull information from slack space on a drive while waiting to go on line and then post across multiple back ends, one for the operations, and one for spying? What would that look like to a firewall, or to an IDS system?)

Security departments, corporate HR, corporate standards, and policies should start thinking about these now, as they are where technology is going. While it may be primitive now, and no one was thinking about security in the beginning, we have a real opportunity to start driving standards for security with the upcoming technologies.

By addressing the security implications now, we will not be trying 3 or 4 years from now to break bad habits that developers and users have developed over time.

Comments
About the Author:
Dan Morrill has been in the information security field for 18 years, both civilian and military, and is currently working on his Doctor of Management. Dan shares his insights on the important security issues of today through his blog, Managing Intellectual Property & IT Security, and is an active participant in the ITtoolbox blogging community.

Newsletter Archive | Submit Article | Advertising Information | About Us | Contact

EnterpriseSecurityNews is an iEntry, Inc.® publication © 1998-2008 All Rights Reserved Privacy Policy and Legal