The Security Mentor

Yesterday I told you about some independent testing on several web browsers. It showed that Microsoft did a good job handling simple bogus input, on the tactical level.

How about the strategic level? What if the input looks right, but is actually malicious in some sophisticated way?

Yet another sophisticated attack on Internet Explorer showed up recently. It's a variation on a previous problem where a bad guy could trick you into installing a nasty program when all you thought you were doing was dragging a picture from one place to another. This latest bug was yet another strategic problem.

Microsoft keeps making fixes, and the attacks have to get more complicated in order to succeed. Microsoft is making progress. Security people in general think Microsoft will never entirely succeed because the problems are with the fundamental design of Internet Explorer. It's designed to run your computer. A browser like FireFox is designed to look at web pages, period. As long as IE has that much power, and as long as it's complicated, people will find complicated ways to trick it into doing bad things.