You remember the movie. Bill Murray gets caught in an endless time loop where he relives the same day over and over and over again. Despite his daily efforts to change the future, he wakes up the next day and starts all over again - nothing ever changes. Hilarious movie! Turns out we've all been going through our own Groundhog Day experience with web browsers. Except it's not quite so funny
A couple weeks ago, I was reading a security bulletin published by Microsoft about yet another vulnerability in Internet Explorer. According to Microsoft: "The vulnerability could allow remote code execution if a user views a specially crafted webpage using an affected version of Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user."
This is a serious threat, and it's great that Microsoft alerted users and issued a patch. But wait – haven't we all seen this movie before? Doesn't it seem like every week we read about yet another vulnerability in IE? In fact, it's all so predictable and repeatable that we now celebrate Patch Tuesday each month, when Microsoft issues the new sets of security updates for IE, Windows, etc. It never changes and it never ends. Are you feeling a little like Bill Murray yet?
Ever wonder how long we've been in this endless non-security loop with web browsers? I was curious about that myself. So I dug into the Internet archives and found an article with this headline: "IE exploits top web security threat list." It's a headline you could have easily read last week, but this particular article was published in 2004 – 10 years ago!
So here we are in 2014, still in a Groundhog Day like loop, waiting to see if browser security will show its head this time around or if there will be another decade of security-winter, and meanwhile— we're still dealing with endless web browser vulnerabilities. And it's not just an IE problem – all browser vendors struggle (and fail) to protect end users. That's because traditional browsers were never designed to be security tools and will always be easy targets for cyber criminals. Browser vendors will never win this battle, which means we will all continue to be Bill Murrays in an endless loop.
The only way to get out of this loop is to replace the browser. As noted by Einstein in my previous blog post, it is the only logical solution to the problem. Sounds disruptive, but it's surprisingly simple. It involves deploying a remote, virtual browsing model that uses isolation technology to keep the bad stuff out, while still empowering all employees to safely leverage the full value of the web. Groundhog Day has become Groundhog Decade – it's time to end the madness.