15Seconds WebLog

More Browsers Mean Less Incentive to Attack?

Brian Livingston, in his article titled Run, Don't Walk, from Internet Explorer”, opines:

“If the marketplace supported 10 browsers today, hackers would have much less incentive to generate remote threats, which would require the development of specialized code for each alternative.”

This seems like the classic case for more browser support in the market place, but even with 10 browsers, would it really  provide much less incentive to write “specialized code for each alternative“?

Seems it would just take the determined attacker a bit longer. He still would only need to write the code once.

Posted: Jul 12 2004, 05:30 PM by FifteenSeconds | with 3 comment(s)

Comments

Shannon J Hager said:

if paid professional developers don't bother writing 2 versions of code that they are writing for their livelihood, I don't see scriptkiddies bothering to write a different version of the hack for each browser. The code would not have to be written only once, not sure why you say that.
# July 13, 2004 12:22 AM

15Seconds said:

I'm sorry. Let me clarify. Ten versions only once, not one version only once.

Paid pros now don't develop multiple versions because of the cost/benefits. If there were more browser parity, they probably would write multiple versions.

Are these pieces of malicious code so detailed and extensive that it would take much time to write multiple versions?
# July 13, 2004 9:01 AM

Shannon J Hager said:

In OS-level exploits, the code probably wouldn't be that different between browsers, assuming the browser simply passes off the responsibility to the OS (see the current shell: exploit). For exploits that are due to the browser, then I would say that the code could be completely different from browser to browser, if it worked at all.

This is immediately demonstrated by the number of cross-browser exploits in the last year. How many are there? Anyone? Anyone?

Knowing that I would have to test and/or write code for 9 browsers at 10% marketshare each instead of for 1 browser with 90% marketshare makes the scriptkiddie exploits a lot less exciting.
# July 13, 2004 4:35 PM
Leave a Comment

(required) 

(required) 

(optional)

(required)