Imagine a web browser that sits as an application on your desktop.
If you click to open, it delivers you to a previously set website. You can navigate all you want through that particular website - maybe it’s Bank of America - but don’t try going to Facebook. It won’t let you. There’s no address bar.
They’re called single-site browsers (SSBs), or site-specific browsers, or maybe some other alliteration that I haven’t heard about yet.
The security benefits are easy to get. As Andrew Jaquith of the Yankee Group - I believe the first analyst to publicly present on this topic - said in an April blog post, “Because SSBs can, by definition, browse to only one website, many of the web-based attacks against users (phishing, cross-site scripting, cross-site request forgery) won’t work.”
Bored by the security ramifications? Mac enthusiast Todd Ditchendorf explains some of the more tangible benefits here.
The concept is still a nascent one, but we can expect to hear a lot more about in the coming months. Rumor has it that when Apple releases Safari 4, will include a capability to create SSBs.
As is often the case with neat innovations, the open-source community is leading the charge.
Ditchendorf, in fact, has already designed such an Mac application to make an SSB possible. It’s called Fluid. And the smart folks over at Mozilla are working on their version, known as Prism.
A big challenge will be getting the banks and other heavily phished retailers interested in offering this to customers. But it might be worth it. As Jaquith notes, SSBs could be “a great way to ‘brand’ a website and keep users safer, all at the same time.”
Of course, as with any security technology, this is not a silver bullet. Jaquith points out that previously installed malware, such as keyloggers, can still work on SSBs, as can things like DNS exploits.
The internet just got really small
By Dan Kaplan on Aug 5, 2008 10:46AM