O'Reilly logo

Malicious Mobile Code by Roger A. Grimes

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 8. Internet Browser Technologies

This begins a four-chapter discussion on all the ways malicious mobile code can attack your system through an Internet World Wide Web (WWW) browser, particularly Microsoft Internet Explorer. Chapter 8 starts the discussion by introducing the World Wide Web and the general technologies used in Microsoft’s Internet Explorer. Chapter 9 will discuss exploits of those technologies, give specific examples, and finish up with how to prevent attacks. Chapter 10 covers Java language exploits while Chapter 11 covers rogue ActiveX controls. Taken together, these four chapters are a solid introduction into the world of malicious mobile code in a browser-based environment.

Introduction

I’ll start with this sentence: no PC with an Internet-connected browser can be considered secure. No matter how well you think you have locked down a PC with an Internet browser, the software is too complex to close all the holes. If a PC under your control needs absolute security, remove the browser. If that isn’t the answer you were looking for, continue reading.

Yes, a computer can be compromised simply by surfing the Net. By default, when a web page is accessed, all of the allowable content is downloaded, scripted, launched, and if appropriate, executed. A rogue programmer has a whole arsenal of tools that can turn a simple-looking web link into something malicious. Rogue code can be accomplished through a browser using the following technologies:

  • HTML

  • Scripting languages ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required