The track record of Web browsers is pretty lousy. Actually, it's not just Web browsers; the track record of computer software is pretty lousy. Bugs are absolutely rife. But Web browsers are particularly important here, because Web browsers are exposed to potentially hostile code all day long. An exploitable bug in my MP3 player or word processor is bad, sure—it's something that I would prefer not to be there—but with these programs the main thing I'm going to use is my own MP3s and documents that I (or my colleagues) have written. And these files are going to be harmless. But the main thing I do in my browser, practically the only thing I do, is to look at webpages that were put up by other people. Other people who may or may not have good intentions; people who may or may not secure their servers properly, audit their code, or virus-scan their machines.
The result is that my Web browser is exposed to potentially hostile code like no other program on my PC. My e-mail client comes in second, and it's a distant second; even when I get hundreds of e-mails a day, most of these are from colleagues rather than spammers/phishers/other miscreants and ne'er-do-wells. As such, isolating the browser with MIC isn't just something that's a good idea—it's something that you would have to have a really good reason not to do. And frankly, no such reason exists. The Web is unfortunately a dangerous place.
Of the big five, only two browsers currently use this protection on Windows; Internet Explorer (7 and 8), and Chrome. For this reason alone, I'd be hesitant to use Safari, Opera, or Firefox. Their security track record isn't really any better than Microsoft's, and the consequent exploitability of these browsers is much greater.
This advantage is not one that is merely hypothetical, either. In common with other vendors, Microsoft assigns a risk rating to every security flaw, and Internet Explorer flaws on Windows Vista and Windows 7 have quite consistently had lower risk ratings than those same flaws on Windows XP. Why? Because the flaws are greatly restricted by the MIC barrier. Microsoft might be biased, but there are security researchers who concur; Charlie Miller, so successful at pwn2own, regards Chrome and IE 8 on Windows 7 as arguably the safest Web browsing platform. It's no coincidence that these are the browsers that use MIC sandboxing. The protection works.
Windows XP supports none of this protection, nor will it ever. Denying XP users access to its latest and greatest browser isn't a bad thing: Windows XP users should be strongly discouraged from using their machines in any hostile environment. Far from saying that IE9 should be supported on XP, we should be demanding that the other three browsers start supporting these security features and dropping XP support, too. These really are features that everybody should be using.
No comments:
Post a Comment