We love browsers, they are our window to the world.
We love browsers so much that we have fought wars over them, wars so fierce and prolonged that only three browsers really survived.
Two of them only survived because their developers also happen to own major operating systems and I do not even need to name names, when it comes to browsers, you all instinctively know who I am talking about.
Whatever its name, we rely on the browser and we need the browser, otherwise how else are we supposed interact with the outside world?
Go outside you say? Well I am sorry, but I am far too busy for that.
Going outside is great, but when it comes to seeing whats going on elsewhere and interacting with it, going outside ain’t got nothing on the browser. We can all agree that life without the browser would be miserable.
But that doesn’t mean that the browser isn’t broken.
What? Don’t believe me?
Who gave you that last virus without telling you that she was infected? Who let the WannaCry ransomware strain come in and encrypt all of your stuff, demanding a goddamn bitcoin ransom to decrypt it all? Who voluntarily gorges themselves on cookies and god knows what nefarious tracking software to let others track you and your habits? Who is it that allows bad websites to spontaneously pop open tabs containing even worse websites?
Who left the window open so that filthy pervert could walk straight into your house and watch you through your webcam?
Go on, I will give you three guesses and a clue. It wasn’t that bloated bitch Microsoft Word, although she might have done, you never know these days.
It was the browser and if you need yet more evidence that she is a total bitch, when was the last time she stopped your ISP or whoever happens to be sniffing the Starbucks wifi network today from watching you browse Reddit? When was the last time it stopped those degenerate advertisers from assaulting your eyeballs without an adblock plugin helping out?
Never is the answer, its not the browsers problem apparently.
Like I said, the browser is broken.
The fundamental problem we have as internet users is that the browser is broken and takes responsibility for nothing, choosing to shirk off its responsibilities to the anti-virus, the firewall or whatever security software you happen to be running to protect yourself.
We already know how well they get on though, you may as well have a ‘Beware Of The Dog’ sign as your screensaver, it can be just as effective.
The reason we have a fundamental problem is because the vast majority of attacks against your computer are not coming through your wifi connection, they are not coming through your IM client and except for the advanced persistent threat, they are mostly not coming through your email client.
The browsers dirty little secret is that the vast majority of attacks are climbing in through the open window that is your web browser and even when you think you closed and locked it, the browser is broken.
A recent study from the Ponemon institute identified the browser as the primary attack vector for the vast majority of cyber attacks, but of course most of us didn’t need to be told, because most of us have already been mauled by some sort of browser originating malware at some point.
Even if we haven’t fallen victim to a ransomware attack yet, we all know that shady websites belch malware on you through your browser, it doesn’t take a genius to work out that when you open a browser window to look into the abyss, sometimes things hungrily look back through the window at you.
Brilliant, lets not use browsers, that way nobody will ever steal my online dating messages, online trading accounts or blog posts on dating.
Oh wait, we actually need a browser for everything (unless there is an app for it) and not using them really isn’t an option for most people, so I suggest that we should do the next best thing and wear a condom.
We know every time we stick a piece of ourselves into the internet, we are going to catch some kind of nasty dose, so lets just wear internet condoms.
By this I mean lets place a physical barrier between us and the nasty infectious stuff that lurks around on the internet, it makes a lot of sense and is something that we are sort of already used to when you think about it.
And at this point I would like to apologize for my facetiousness and take on a more serious cybersecurity professional tone.
As IT professionals, we know that the vast majority of attacks originate in the internet browser, so why are we not isolating our users browsers?
Browser isolation is a simple premise, it requires that you recognize where all the trouble comes from (the internet) and commit yourself to physically isolating that trouble away from the things that matter to you the most.
You take the browser and all of the browsing activity associated with it and physically isolate it, away from your internal networks and IP.
There are a number of ways to achieve this end, you could let your users log into a disposable virtual desktop that is isolated and hosted on a third party server, effectively using somebody else’s browser for web browsing.
Its an effective way of isolating browsing activity, that we leveraged almost a decade ago, but unfortunately not very scalable and hugely expensive.
Virtualization is not particularly well suited to handling browser compute loads, its too expensive at scale and needs too much infrastructure.
Luckily there is more than one way to isolate a browser cost effectively.
If we are serious about protecting our users, we need to wake up to the fact that the browser is broken and start treating it like it is toxic.
We all need to start physically isolating our browsers, its really the only effective way to stem the vast majority of malware, ransomware and cyber attacks from affecting the vast majority of everyday internet users.
Until we recognize that the browser is broken, that it causes most of our cybersecurity problems and treat it accordingly, our dependence on the browser will continue to put us at the mercy of malware like Wannacry.
I work with tuCloud and use the tuCloud Safeweb Engine to physically isolate my web browser and browsing activity in a cost effective way. I also maintain their competitor list of browser isolation vendors here on the Index.co website.