Wednesday, March 17, 2010

Are Open Source Applications More Secure?

Full Disclosure: I am a long time Firefox user

Recently, there have been serious security advisories for Chrome, Safari, and Internet Explorer:
http://www.eweek.com/c/a/Security/IE-Attacks-Circulate-as-Microsoft-
Updates-Advisory-766154/
http://www.v3.co.uk/v3/news/2259391/apple-updates-safari-browser

While a patch is now available for Safari (and perhaps Chrome), the community is still waiting on a fix from Microsoft.

Browsers, and Internet Explorer in particular, are the most commonly used application in the world. Additionally, most web users visit one of the top 500 sites at least once a day. This intersection makes for a very attractive target for criminals. At any given moment, the site you are visiting, even the site you are using to read this post, could be attacking you through your browser and trying to seed your system with malware.

Your first line of defense is a secure browser. I can't prove this easily, but I think an open-source browser like Firefox will always be more secure than a proprietary browser.

My advice:
  1. Keep your browser up to date, note ie8 is not exposed by this current vulnerability
  2. Keep your OS up to date
  3. Run some sort of host-based intrusion protection system, if you have one of the consumer security suites you have this
  4. Run at least a basic network firewall
  5. Businesses should run a network intrusion protection system
For the really advanced users out there:

Make use of virtualization software and run a special purpose virtual machine for your banking and financial applications, run another virtual machine for casual web browsing and entertainment. Never ever browse the web using your host system.

One last piece of advice:

Don't forget to wear some green today!

Michael

No comments: