pandasecurity-browser-1

Web browsers are full of dangerous options that nobody uses. Most computers come with pre-loaded web browsers like Microsoft Internet Explorer, Mozilla Firefox, and Apple Safari, but these default web browsers are not configured for secure web browsing.

Anytime users are surfing the web, there can be a “variety of computer problems caused by anything from spyware being installed without your knowledge to intruders taking control of your computer”, as stated on the US-Cert website.

What may seem like a cool option for your Web Browser, could actually be a gateway for cyber-attackers that goes unseen to the average computer user. Sometimes “less is more”, and when it comes to computer security, the less entry-points a cyber-criminal has, the less we have to worry about defending ourselves.

There needs to be a complex balance between having freedom to use new technology functionalities, like web browser options, while at the same time, keeping the door shut to cyber-criminals.

But why download options if they are pointless? 83% of the latest browser functionalities are completely unnecessary, as revealed in a study from the University of Illinois. In fact, only 1% of the 10,000 most popular web pages use these features in some way, many of which do not even prove that they are useful.

83% of the latest browser functionalities are completely unnecessary.

A good example of this are the Ambient Light Events (ALS) that are designed so that websites perform differently depending on the levels of light that surround the device, and adapt the computer brightness to it. Although it sounds helpful, only 14 of the 10,000 websites that were cited in the study implement this and very few users are even aware that it exists.

 

pandasecurity-browser-2

 

Iframes is another story. It has become a very popular HTML element that is used in many different types of websites; interactive spaces on a web page allow users to insert part of another page onto their website (this is known as embedding). At least half of the most popular websites use this technology, and yet it is blocked 77% of the time due to security reasons. In 2013, hackers “seeded Internet searches with malicious iframe code, leading to iframe overlay attacks on many prominent networks.” The majority of social networks have stopped using this program.

 

Something else that has caught our attention is vibrate API, which enables websites to manage features on devices… if they decided to use them. Today, only 1 out of the 10,000 most popular websites does this, but still, the features remain available, not only for legitimate developers but also for potential attackers who could use it for their own benefit, for example to spy your conversations (like they did here).

 

A cybercriminal could use the vibration of your Smartphone to spy your conversations

 

The difficult balance of taking advantage of available options while maintaining security seems is difficult to have, at least in regard to the browsers. To be protected, users better have a good anti-virus that is capable of stopping assailants if they get through these online-cracks.