by Jen Sharp Why update the browser?

ou’re about to run out the improvements to browser hacker enters through the browser door, just need to look up software, hackers are busy gives certain access to the entire that phone number on yellow figuring out how to proverbially computer. Although pages online… typing in the pick the new lock. So it’s back to products are popular and clearly address… it’s loading, loading… the drawing board for programmers the market leader, the company then a dialog box pops up and to improve security again and suffers acrimonious attacks from Yscolds you: “There are updates encourage owners to update disgruntled hackers. There are ready for you to download. Would software. Astoundingly, an simply more “bad guys” taking you like to install them now?” estimated 90% of all virus, worm aim at Microsoft products. and spyware infections could have Microsoft addresses this in their been prevented if the user had “10 Immutable Laws of Security” installed the latest updates for the found at www.microsoft.com/ browser – as well as the operating technet/archive/community/colum It’s tempting to see these system. ns/security/essays/10imlaws.mspx. reminders as annoying and How do each of the popular However, SecurityFocus, located unnecessary, and just click browsers fare in susceptibility? at http://www.SecurityFocus.com, ‘cancel’ so you can get on with the Microsoft automatically installs the reports that IE6 contains 281 day. Why is it important to update IE browser as part of the Windows known unpatched vulnerabilities the browser? The two main Operating System (OS), since April 2001. IE7, the latest reasons are ying and yang, head Additionally, updates to IE version, is comparably better, with and heart, peanut butter and jelly: piggyback off of the automatic only 24 vulnerabilities since April 1. Security – a browser is the updates to the OS. Because these 2006. This sounds great until one door to the computer. 2. Experience – Known Security Issues new ideas to from Secunia http://secunia.com make the internet more fun Browser Extremely Highly Moderately Less Not and powerful are Critical Critical Critical Critical Critical continually Internet 0 0 4 8 8 evolving. Explorer 6 Common popular browsers are Internet 0 0 1 6 2 Microsoft’s Explorer 7 Jen Sharp JenSharp.com (IE), Mozilla Mozilla 0 0 0 2 2 , , , and Firefox America OnLine (AOL ) Opera 0 0 0 0 0 Security A browser is the door to the Safari 0 0 0 1 2 computer. It can’t be left wide open, unlocked, inviting vagrants! updates are often cumbersome, hears that all other browsers have Hackers and phishers recognize lengthy, and debilitating, some users a total of eight vulnerabilities this vulnerability and focus much choose to turn automatic updates combined! of their efforts on this entry point. off. This leaves the front door ajar. The large number of known, It is a vicious circle. As hacking In addition, IE is tied into the unresolved security risks with attempts are thwarted by operating system. Any nook a Microsoft’s Internet Explorer

38 THE KANSAS LIFELINE March 2008 Seems like I should know this, but… what is a browser exactly? addressing security issues preemptively and transparently. It can be downloaded free from HHere’s a definition from .org: A is a http://www.mozilla.com. software application that enables a user to display and Regardless of which Web interact with text, images, videos, music and other browser is chosen, a user also will information typically located on a at a Web site on likely have plug-ins, such as the or a local area network. Text and images Quicktime, RealPlayer, Flash, Java on a Web page can contain to other Web pages at or others. These add-ons enhance the same or different Website. Web browsers allow a user to viewing, but can also be a security quickly and easily access information provided on many Web risk. Security issues with browsers pages at many Web sites by traversing these . on handheld devices are also growing. Keeping these updated is crucial to filling in the gaps, Some browser is a worry but there are this project and continued to foster common plug-ins and pocket some options to increase security. the open development. The results browsers provide a mechanism for 1.Set the highest level of were so positive, they were able to automatic updates, but it would be security possible under Tools release Firefox in 2004, a stable, a good idea to specifically check > Internet Options > Security. secure and advanced browser that each to make sure of continued 2.Make up for these has given IE a run for its money. access to the latest version. deficiencies by taking The latest version of Firefox So why can’t browsers fix all advantage of the “Trusted structures its automatic updates so the “leaks” in security? There is a Sites” feature, which is a slick that Microsoft is taking notice way: make the Internet pure text. whitelist of domains that a and trying to reproduce the effect. Not many are willing to trade the user specifies trust in. Besides notifying the user when an present browsing experience for 3.The United States Computer update is available, the patches are one that is anemic and lackluster! usually small and download Readiness Team, found at Experience http://us-cert.gov, recommends quickly and unobtrusively. New ideas to make the Internet also to manually type Although not invulnerable to more fun and powerful are into the address bar, because problems, Firefox is better at a burgeoning tactic of phishers is to have a The graphic at point to a different left depicts a address than the one shown. typical "Windows" Or worse, they parasitically update use internationalized domain download which may contain the names with characters only protection slightly changed from necessary to familiar similar addresses. correct vulnerabilities A simple alternative; choose a when browsing better browser using the Internet Mac users have great options Explorer software. with Opera and Safari. Both browsers are stable and secure, although Opera seems to have better security while Safari touts better features. at one time was a contender in the “browser war” against IE. However, declining in popularity and unable to fund the project, they opened it up to public open source development and renamed it Mozilla. AOL purchased

March 2008 THE KANSAS LIFELINE 39 Why update . . .

continually evolving. Fortunately validator so Web pages can be Secure Socket Layers (SSL) there is an organization of checked against the standards. facilitates the encryption that cooperation between all Web makes sending private data across Web tool definitions developers so everyone can public access ways possible. The following Web tool incorporate and enjoy the An Internationalized Domain definitions are listed in the chart predictability of standards. Since Name or IDN is a URL that could on this page as they are supported 1994, the World Wide Web contain non-ASCII characters to Web tool browser support synopsis extracted from wikipedia.org

Consortium (W3C) at accommodate European languages, by each of the different browsers. http://www.w3c.org has led the or characters from non-Latin There are several formats to display way towards outlining the potential scripts such as Arabic or Chinese. images including JPEG, GIF, and of the fantastic experience the Web It’s important to have an expanded PNG. can be. It is comprised of way to represent these characters members, developers, the general Hyper Text Transfer Protocol not only to allow users to navigate public, and has a full time staff (HTTP ) is simply the method of a to the site they intend to visit, but dedicated to this end. The mark of "client" (which is the user's browser) also to thwart phishing scams. requesting information from internet an excellent browser is how well it Java and JavaScript are servers (the Webpage). supports the ideas and technologies versatile scripting languages that purported by the W3C. In addition, File Transfer Protocol (FTP) add functionality not possible with individual Web sites can be either allows users to upload files to a plain HTML. compliant or not. W3C has a server. ANDERSON PECK AGENCY, INC. 3645 S.W. Burlingame Rd. Topeka, KS 66611 Phone: 785/267-4850, 1-888/301-6025

We have designed a Safety Dividend Group Insurance Program For Kansas Rural Water Districts Dividends Paid: 1994 - 8%; 1995 - 16%; 1996 - 24%, 1997 - 11% 1998 - 5%; 1999 - 11%; 2000 - 18%; 2001 - 22.4%; 2002 - 22%; 2003 - 26%; 2004 - 27.1%; 2005 - 19.4%; 2006 - 21%; 2007 - 21.1% Coverages include: Property General Liability Autos Worker’s Comp. Inland Marine Fidelity Bonds Directors and Officers Liability This program is underwritten by EMC Insurance Companies Associate Member of KRWA

40 THE KANSAS LIFELINE March 2008 Extensible is one special case to allow (DOM) helps make pages which is a general-purpose markup exception to perpetually dynamic. It is required by some language that allows its users to maintaining the latest version: if JavaScript snippets for define their own elements. one does not actually ever connect functionality. RSS / ATOM Really Simple to the internet with a browser… oh Cascading Styles Sheets (CSS) Syndication provides Web feeds so wait, what is a browser is for? is a way of organizing the look and layout on a page. Not only does CSS make updating and Once done, it needs to be done again. Fortunately, maintaining sites quicker and easier, it helps keep coding clean developers are integrating more transparent and simple, thereby reducing load behind-the-scenes automatic updates. times. In addition, screen readers for the visually impaired “hear” pages designed with solid CSS are users can subscribe to favorite I am pleased to again present much nicer. Web sites and be notified when one of the preconference sessions DHTML / XHTML Hyper Text they are updated. This eliminates at the KRWA conference, Tuesday, Markup Language is the most the need to check sites manually March 25. "Building Blocks for basic set of rules on displaying and and the need to give out an e-mail Creating or Improving a Web Site" positioning text and elements on address for other kinds of news will provide training on Web page the screen. Lack of standardization notifications. ATOM is an alternate planning and design, how to here means the same Web page language for Web feeds. organize and select content and would look and function site maintenance. Whether your completely different depending on The reason NOT to upgrade goal is to create a Web site from what browser it was viewed with. Upgrading a browser is like scratch or improve and existing The D stands for Dynamic, which doing laundry. Once done, it needs site, this session will provide simply combines HTML, to be done again. Fortunately, concrete advice and practice. If JavaScript, DOM, CSS, or other developers are integrating more you can, bring your laptop and technologies. XHTML just transparent behind-the-scenes development software. We'll combines HTML with XML, or automatic updates. However, there have a great session.

March 2008 THE KANSAS LIFELINE 41