Hi malware fighters,
As there are persistent threats in various browsers that won’t go away until we negatively impact a huge number of webpages, we immediately recognize that there is not such a solution:
http://threatpost.com/en_us/blogs/web-won-t-be-safe-let-alone-secure-unless-we-break-it-020410?utm_source=Threatpost&utm_medium=Tabs&utm_campaign=Today’s+Most+Popular
Well there are two sides of the story web-page security hand in hand with (in-)browser security hindered by insecure user behavior (click on anything indiscriminately and suffer the consequences).
As soon as security issues like XSS, iFrame, heap spraying, SQL etc. etc. were/are being tackled new issues are being found up (now JIT-spraying helped by Flash-holes killing the last browser defences on Vista and Windows7), because with closed source code one never knows how many skeletons are still laying around undetected or still undisclosed, black hats may have one or three malcode cards still stuck up their sleeves to come and haunt the Internet):
http://forums.informaction.com/viewtopic.php?f=19&t=3768
Is this a race we can win at 1 in 150 sites malcode infested and the unaware still clicking IE6 on a non-patched non-updated OS with outdated java, Flash, readers, media players, other applications without browser JS script blocking and full admin rights a la default?
This is a nightmare seen from the point of Internet security and a malcreant’s paradise from the point of view of the malcoder and cyber criminal…
Well anyone who has read this posting will know better now,
polonus