For a while, Internet Explorer was the be all and end all. It is still pervasive and what (I believe) most businesses are still using. Then Mozilla Firefox was all the rage. I switched and I liked Firefox better. I found IE to be 'glitchy.' I have not used it regularly now for years. The only time I resort to it is when I have to for a class due to interface issues. Then I began to hear about how great Chrome was and that there were some security issues with Firefox add-ons. So I added Chrome to my tray. I have not looked back. I have not had any issues with Chrome and as I was reading various IT articles, I came across some information that made me like Chrome even more.
In 2011, Chrome was the only browser to show solid growth. Depending on where you look, StatCounter for instance, shows Chrome is now the most used browser in the world. That is debatable, depending on what the numbers are based. Net Applications places Chrome in second position behind IE. Popularity vs penetration however, impressive for Chrome to be in that ball park! Regardless of the actual numbers, the trend is this, IE experience the greatest decline and Chrome the greatest growth since the beginning of the year. Here are some reasons why.
Chrome offers built in-security practices. Google automatically updates their browsers whenever a new version is available. This shows that users, home and enterprise, are giving up control to the greater benefit of lower cost, convenience, and better security. Google often is quicker at getting a patch out than Adobe can release one for the same vulnerability in its built in Flash player and PDF reader.
Chrome also offers group policy compatibility to allow administrators to enforce certain features on supporting products. Chrome also utilizes sandbox technology to thwart attackers. Sandboxing is not a cure all, but it sure makes it more difficult to exploit the browser.
If you are still using IE or Firefox, I recommend you try Chrome. I think you will like it!
http://mashable.com/2012/07/02/chrome-vs-firefox/
http://twimgs.com/darkreading/securityservices/VRSN_NIA_iDefense_2012Trends_WhitePaper_20120127.pdf pg 16.
Thursday, September 20, 2012
Saturday, September 15, 2012
Patches by Teddi Moon
One of the biggest challenges IT
faces is trying to keep up with patching applications and operating systems. The stream of patches that need to be tested
and applied is overwhelming. Many times,
patches may not be accurate and may have to be rolled back.
The half-life of a vulnerability is
defined as the, ”time it takes to fix a flaw on half the instances of an application”. In 2009, the half life for many companies was
30 days to fix a vulnerability on half of its computers. In 2012, the number increased to 35
days. Java and Flash have terrible
half-life times. Internet Explorer and
Micorsoft Office have improved to about 15 days.
One answer may be a service that
provides custom patches. Building a
patch internally can be quite expensive.
Services that provide custom patches can slow the patch cycle, but the quality
and consistency of the patches can be improved. Outsourcing this service can free up your IT
people for other tasks. It is still
recommended that patches be staged, testing it on less critical systems first.
Those of you with experience working
from the chair of the one doing the patching, do you think this is a viable
option? Would this be a good idea?
Saturday, September 8, 2012
Which password? ....Really??? by Teddi Moon
The most common first-line defense for computer security is the password. This begins at computer logon and continues to network, software, and website security. As we all know, people are our weakest security link and passwords are where we often fail. Complex passwords are difficult to remember. It is challenging to think of and remember good strong passwords. Of these next two examples, which would you believe to be the best option as a strong password? "J8$kl934" or "MySmartDogGypsy"
You may be surprised to find that the simpler, but longer option is harder to crack. It takes less than 4 hours for a modern brute-force password cracker to cycle through every combination of characters for an eight character string of random letters, numbers, and symbols. It would take 317 years to crack the plain English phrase of 12 characters. I don't know about you, but for me, this is actually good news. I have a better chance of remembering a meaningful, (but obscure to someone else) phrase than some random, complicated series of characters. I am also more likely to be better about using unique phrases for each site/software.
So pass this information on to your family and the users you provide IT services for. It may be helpful to get them started by having an exercise to think of creative passwords. Many people enjoy creating and guessing fun license plate 'codes'. If passwords can be made more 'fun', meaningful, and users can be educated as to what truly is a strong password, it may result in better compliance with strong password practice. An introduction and some training in the capabilities of another tool, a password manager such as LastPass, can be used to help with password management. By helping our users to do the right thing, we may strengthen the weakest link.
Subscribe to:
Comments (Atom)