Chapter 8. Internet Browser Technologies

This begins a four-chapter discussion on all the ways malicious mobile code can attack your system through an Internet World Wide Web (WWW) browser, particularly Microsoft Internet Explorer. Chapter 8 starts the discussion by introducing the World Wide Web and the general technologies used in Microsoft’s Internet Explorer. Chapter 9 will discuss exploits of those technologies, give specific examples, and finish up with how to prevent attacks. Chapter 10 covers Java language exploits while Chapter 11 covers rogue ActiveX controls. Taken together, these four chapters are a solid introduction into the world of malicious mobile code in a browser-based environment.


I’ll start with this sentence: no PC with an Internet-connected browser can be considered secure. No matter how well you think you have locked down a PC with an Internet browser, the software is too complex to close all the holes. If a PC under your control needs absolute security, remove the browser. If that isn’t the answer you were looking for, continue reading.

Yes, a computer can be compromised simply by surfing the Net. By default, when a web page is accessed, all of the allowable content is downloaded, scripted, launched, and if appropriate, executed. A rogue programmer has a whole arsenal of tools that can turn a simple-looking web link into something malicious. Rogue code can be accomplished through a browser using the following technologies:

  • HTML

  • Scripting languages ...

Get Malicious Mobile Code now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.