Browser minefield: 637 million potential disasters waiting to blow up

Stephen Withers
Thursday, 03 July 2008 03:42

Your IT - Home IT

Both browser and plug-in currency could be efficiently checked if one or more trusted organisations maintained an up to date list with a standardised and secure interface for obtaining latest version information. Such a service could be directly accessed by browsers in place of or in addition to existing version-checking mechanisms, and could also be used by public-spirited web sites to alert visitors of outdated software (though we can't help wondering if that might provide a new way of tricking people into installing malware).

Another suggestion is the adoption of a "best before" date for plug-ins, with browsers automatically disabling any plug-in that has passed its best before date as a security measure. This idea draws on experience with food labelling - an item that has reached the best-before date might still be OK to use, but it is safer to avoid it.

But for now, it's all down to users and systems administrators. If you can't patch early and patch often, you'll need to take other precautions to block web-borne threats.