The Browser Is Broken | A story about internet monsters.

Whoever fights monsters should see to it that in the process he does not become a monster. And if you gaze long enough into a browser window, the browser window will gaze back into you.

by Friedrich Nietzsche

We love browsers, they are our window to the world. We love browsers so much that we have fought wars over them, wars so fierce and prolonged that only three browsers really survived. Two of them arguably survived because their developers also happen to own major operating systems and I do not even need to name names, when it comes to browsers, you all instinctively know who I am talking about. Whatever its name, we rely on the browser and we need the browser, otherwise how else are we supposed interact with the outside world? Go outside you say?

Well I am sorry, but I am far too busy for that.

Going outside is great, but when it comes to seeing whats going on elsewhere and interacting with it, going outside ain’t got nothing on the browser. We can agree that life without the browser would be remote and miserable.

But that doesn’t mean that the browser isn’t broken. That doesn’t mean that the browser doesn't let the monsters in. What? Don’t believe me? Who gave you that last virus without telling you that you were infected? Who let that ratfink ransomware come in and encrypt all of your stuff, demanding a bitcoin ransom to decrypt it all? Who greedily gorges themselves on cookies and tracking code to let others watch you? Who left the window open so those filthy degenerate perverts could look through the window into your bedroom and watch you getting changed? Go on, I will give you a guess and a clue.

It wasn’t that bloated excuse for word processor that is Microsoft Word, but then again it might have been, you never know these days. Nope, it was the browser and if you need yet more evidence its broken, when was the last time it stopped your ISP or whoever happens to be sniffing the Starbucks wifi network today from watching you browse Reddit? When was the last time it stopped those advertisers from assaulting your eyeballs without an adblock plugin lending a helping hand?

Never is the answer, its not the browsers problem apparently. Like I said, the browser is broken.

The problem we have is that the browser is broken and takes responsibility for nothing, choosing to shirk off its responsibilities to the anti-virus, the firewall or whatever security software you think will protect you. We already know how well they do though, you may as well have a ‘Beware Of The Dog’ sign as your screensaver and keep your fingers crossed.

The reason we have a clear problem is because the vast majority of attacks against your computer are not coming through your wifi connection, they are not coming through your IM client or from dirty USB sticks.

The browsers dirty little secret is that the vast majority of monsters are climbing in through its open window and even when you think you closed and locked that window, the browser still lets the monsters in. A recent study from the Ponemon institute stated the obvious and identified the browser as the primary attack vector for the majority of cyber attacks, but of course we already knew that because most of us have already been mauled by some sort of browser originating malware at some point. Even if we haven’t fallen victim to a ransomware attack yet, we all know that shady websites belch malware onto you through your browser, it doesn’t take a genius to work out that when you open a browser window and gaze for long enough into the abyss, the abyss will gaze back into you.

Brilliant, lets not use browsers then, that way nobody will ever steal our online dating messages, trading accounts or blog posts on breakfast. Oh wait, we actually need a browser for everything (unless there is an app for it) and not using them really isn’t an option for most people, so I suggest that we should do the next best thing and wear a condom.

We know every time we stick a piece of ourselves into the internet, we are going to catch some kind of nasty dose, so lets just wear internet condoms. By this I mean lets place a physical barrier between us and the nasty infectious stuff that lurks around on the internet, it is something that we are already used to when you think about it.

No glove, no love.

As IT professionals, we know that the vast majority of attacks originate in the internet browser, so why are we not isolating our users browsers? To be fair, a lot of us may not have heard of a smoking hot new cybersecurity model (according to Gartner) called remote browsing. Remote browsing is self explanatory, your internet users browser the internet through remote browsers, ones hosted and delivered from remote physically isolated servers and networks. By adopting remote browsing for your business, you push all of their browsing activity and the associated cyber risks away from your internal data and networks. By using remote browsing, you are physically isolating yourself from the monsters.

Do not use the browser on your local machine to browse the internet, there be dragons. Instead physically isolate your browser together with all of the malware that your browser picks up when you use it by using a remote browsing solution. If we are serious about protecting our users, we need to wake up to the fact that the browser is broken.

We need to start making remote browsers available to our users, because its the only real way to stop the vast majority of monsters from feeding upon the vast majority of innocent everyday internet users. Until we recognize that the browser is broken, that it causes most of our cybersecurity problems and treat it accordingly, our dependence on the browser will continue to put us at the mercy of the monsters. Give yourself internet peace of mind with our remote browsers.

EDITORIAL NOTE: What’s that? You like the things we write? Follow @WEB_GAP on Twitter for more!

Previous PostRIP Virtualization Cybersecurity
Next PostThe WEBGAP Engine