One Prediction for 2008: Site-Specific Browsers

- - posted in research, security, web security | Comments

I’ve noticed that sometimes it takes two or three “pings” for an idea to seep into my consciousness. I just got my second “ping” on a potentially Big Idea: site-specific browsers (SSBs).

Some background. Recently my professional research has taken me far down the anti-malware rabbit-hole. My latest report, “Herd Intelligence Will Reshape the Anti-Malware Landscape” has generated a fair amount of positive buzz. The report details how, among other things, online identity credentials have become the common currency of a new professional criminal class.

But now that the report is in the can, I almost wish I’d waited a few months before writing it. That’s because perhaps one of the most elegant solutions for banks, stock trading accounts and credit unions seeking to combat identity theft might be one of the simplest. In essence, instead of having banks worry about whether the user’s general-purpose browser is secure, why not require the user to run a dedicated browser that won’t allow access to websites other than those its creator intended?

Indeed, if I had to make a prediction, I’d say that the future of Internet banking might look a lot like Todd Ditchendorf’s Fluid site-specific browser.

For a well-written overview of what’s going on with SSBs, see Chris Messina’s article, Fluid, Prism, Mozpad and site-specific browsers.

I’ve got some e-mails in to the Mozilla and Webkit teams, to prepare for the research note. More details as they emerge.

But in the meantime, I expect that we’ll all start hearing “site-specific browsers” and “security” in the same sentence, a lot, in 2008. Remember, you read it here first.

Comments