The competition between the browsers, along with a newfound variety, has created both security advantages and new threats as attackers and malware writers adjust to the new landscape.
In a recent blog posting, F-Secure researcher Sean Sullivan pointed out that the bevy of IE alternatives is having unexpected benefits for some would-be exploit victims.
"Many of the malware samples and scams that we currently come across are targeting browser applications," Sullivan wrote.
"So enhancing browser security and an increase in competitiveness is a good thing."
Jamz Yaneza, senior threat researcher for Trend Micro shared similar thoughts, noting that traditionally, one vulnerability for one application was all you needed to infect the overwhelming majority of users.
"I think this is a good thing," Yaneza told vnunet.com.
"Given that Microsoft has 95 per cent of the retail desktop market, having a single browser means having a single exploit point."
There is also the wave of innovation brought by the competition. In order to keep up with the competition, the latest versions both Opera and Firefox have employed new security tools to detect and warn users when known phishing and malware sites are visited. The upcoming version of Internet Explorer is said to sport similar capabilities
With the advantages of a more diverse browser base, however, there comes a new crop of security threats.
In order to adapt to a greater variety amongst browsers and operating systems, malware writers have created exploit frameworks such as NeoSploit and MPack. The frameworks are able to scan which browser and operating system a visitor is using and then deliver a custom attack package specially targeted for that user.
The competing browsers also don't address some of the fundamental flaws in the way the web itself is built. Dave Marcus, security research and communications manager for McAfee, told vnunet.com that some basic tricks still work.
"It depends in what side of the house you're looking at, iframes work in Mozilla just the same as IE," said Marcus, referring to the practice of embedding small iframe tags in a compromised page which then redirects the user to a malware download site.
Other malware tactics, such as social engineering attacks with fake greeting cards or video codecs will also remain a threat regardless of which browser is being used.
While the competition in the web browser market has brought noticeable benefits, experts ultimately see the safety of users relying less on the browser and more the person behind it.
"Though there are different browsers, there is enough money out there to be made that it doesn't matter what browser you use," offered Yaneza.
"But it does matter what you do with your browser."
Browser wars changing security game
By Shaun Nichols on Jun 18, 2008 11:19AM