Safer Web Browsing: Two Different Browsers

The creator of PHP thinks that one way to safer Internet browsing is to use two different Browsers. One for everyday surfing and one dedicated to personal banking and finance, according to Computerworld on Tuesday.

Rasmus Lerdorf described what he called "hygienic surfing" at a keynote address last week at the MySQL Conference in Santa Clara. The reason is that "nine out of 10 Web sites have cross-site scripting holes (XSS)." These are Website flaws that let attackers inject malicious HTML and scripts which could re-direct a user to another site that will try to collect personal information and passwords stored in the Browser.

Mr. Lerdorf uses Safari only for personal sites and Firefox for everything else. That makes sure that any personal information stored in Safari never leaks out to an XSS.

However, some security experts wonder if the technique would be practical for everyone. "It would work. But only as long as you used one browser to surf to all the important sites, like your online bank and the sites you shop, and never used that browser for anything else," said Alfred Huger, the senior director of Symantec security response group.

Mr. Lerdorf admitted in the keynote that thereis not much the community can do to improve the security of PHP. Mr. Huger agreed. "The vast majority of cross-site scripting vulnerabilities are because of the programmer," he said. "Amateur developers often try their hand at PHP, with sometimes disastrous results."

The advice was to be very careful where and how you shop online, who you give your credit card numbers to, and how you get to your online bank.

TMO tip: Safari offers a feature called Reset Safari... in the Safari menu. This clears all cookies, history, downlod window and cache. Itis a good idea to execute that function after every on-line banking session if only a single Browser is used.