Rethinking Web Browser Security

Interestingly, much of the work being done on Web reputation systems—such as those offered by Trend Micro, McAfee and AVG—could quickly fall apart if DNS (Domain Name System) poisoning attacks gain traction in the wild, leveraging vulnerabilities such as the one recently found by security researcher Dan Kaminsky that prompted most DNS server providers to quickly issue a critical fix.  

Trend Micro Director of Web Security Business Ken Beer called DNS poisoning and infected host files “the Armageddon” because validation services base much of a Web site’s reputation score on the actual domain by evaluating the name against details provided by the domain registrars.

“We are starting to ramp up to do some degree of association [between IP address range and a domain name for a given amount of time],” Beer said. “But trying to direct map from this IP address to this domain for a period of time is really like chasing your tail.”

To keep DNS lookups accurate, administrators should make sure to patch their own DNS servers immediately and pressure ISPs to update their DNS servers as soon as possible. Administrators should also turn on features in their endpoint security solution or anti-virus platform that lock down the local hosts file, if that capability is an option.

Senior Analyst Andrew Garcia can be reached at agarcia@eweek.com.