Why should browser's security be prioritized?

Clash Royale CLAN TAG#URR8PPP

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;

up vote
1
down vote

favorite

From this answer about browser security:

time to update if you really care about security

So if every other software and functions I need can work on a 32-bit OS, I guess the only reason for upgrade is browser's security? Can you explain why browser security should be placed on the top priority, when:

• Most of the websites I visit have SSL certificate, and


• I can smell fishy websites?

I hope that this is not the overconfidence effect. And I hope that I'm not overconfident that I don't have overconfidence effect.

tls web-browser

share|improve this question

asked 29 mins ago

Ooker

38239

add a comment | 

up vote
1
down vote

favorite

From this answer about browser security:

time to update if you really care about security

So if every other software and functions I need can work on a 32-bit OS, I guess the only reason for upgrade is browser's security? Can you explain why browser security should be placed on the top priority, when:

• Most of the websites I visit have SSL certificate, and


• I can smell fishy websites?

I hope that this is not the overconfidence effect. And I hope that I'm not overconfident that I don't have overconfidence effect.

tls web-browser

share|improve this question

asked 29 mins ago

Ooker

38239

add a comment | 

up vote
1
down vote

favorite

up vote
1
down vote

favorite

From this answer about browser security:

time to update if you really care about security

So if every other software and functions I need can work on a 32-bit OS, I guess the only reason for upgrade is browser's security? Can you explain why browser security should be placed on the top priority, when:

• Most of the websites I visit have SSL certificate, and


• I can smell fishy websites?

I hope that this is not the overconfidence effect. And I hope that I'm not overconfident that I don't have overconfidence effect.

tls web-browser

share|improve this question

asked 29 mins ago

Ooker

38239

From this answer about browser security:

time to update if you really care about security

So if every other software and functions I need can work on a 32-bit OS, I guess the only reason for upgrade is browser's security? Can you explain why browser security should be placed on the top priority, when:

• Most of the websites I visit have SSL certificate, and


• I can smell fishy websites?

I hope that this is not the overconfidence effect. And I hope that I'm not overconfident that I don't have overconfidence effect.

tls web-browser

tls web-browser

share|improve this question

asked 29 mins ago

Ooker

38239

share|improve this question

asked 29 mins ago

Ooker

38239

share|improve this question

share|improve this question

asked 29 mins ago

Ooker

38239

asked 29 mins ago

Ooker

38239

asked 29 mins ago

Ooker

38239

38239

add a comment | 

add a comment | 

2 Answers
2

active

oldest

votes

up vote
3
down vote

Can you explain why browser security should be placed on the top priority ...

Because the browser is processing lots of untrusted content from the internet.

Of course, if you use any other programs which does this (like Mail client, maybe Office program, PDF reader) you should keep these updated too since vulnerabilities in these programs are a regular attack vector too.

.. Most of the websites I visit have SSL certificate,

A SSL certificate says nothing about the trust you can have in a site. It only protects against sniffing modification of the traffic during transport. A HTTPS site can serve malware as much as a plain HTTP site can do.

Apart from that "Most of the websites" is not the same as "All of the websites".

I can smell fishy websites?

Even if you might be confident in your ability to sniff websites where the URL looks fishy (which might actually be overconfidence) I'm pretty sure that you will not know up-front of a site you visit regularly got hacked and is serving malware (i.e. Watering hole attack) or if it is serving malicious ads which are outside the control of the website itself (i.e. Malvertising).

share|improve this answer

edited 58 secs ago

answered 16 mins ago

Steffen Ullrich

106k10177245

add a comment | 

up vote
1
down vote

Not all the websites you visit have certificates. You can’t smell fishy websites. Certificate doesn’t mean the site isn’t trying to hack you.

The browser is the biggest attack vector against your computer. It will tend to run unvetted JavaScript code at least, and god knows what else. It constantly processes data from untrusted sources.

share|improve this answer

answered 13 mins ago

gnasher729

1,136511

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f194345%2fwhy-should-browsers-security-be-prioritized%23new-answer', 'question_page');

);

Post as a guest

Name Email

2 Answers
2

active

oldest

votes

2 Answers
2

active

oldest

votes

active

oldest

votes

active

oldest

votes

up vote
3
down vote

Can you explain why browser security should be placed on the top priority ...

Because the browser is processing lots of untrusted content from the internet.

Of course, if you use any other programs which does this (like Mail client, maybe Office program, PDF reader) you should keep these updated too since vulnerabilities in these programs are a regular attack vector too.

.. Most of the websites I visit have SSL certificate,

A SSL certificate says nothing about the trust you can have in a site. It only protects against sniffing modification of the traffic during transport. A HTTPS site can serve malware as much as a plain HTTP site can do.

Apart from that "Most of the websites" is not the same as "All of the websites".

I can smell fishy websites?

Even if you might be confident in your ability to sniff websites where the URL looks fishy (which might actually be overconfidence) I'm pretty sure that you will not know up-front of a site you visit regularly got hacked and is serving malware (i.e. Watering hole attack) or if it is serving malicious ads which are outside the control of the website itself (i.e. Malvertising).

share|improve this answer

edited 58 secs ago

answered 16 mins ago

Steffen Ullrich

106k10177245

add a comment | 

up vote
3
down vote

Can you explain why browser security should be placed on the top priority ...

Because the browser is processing lots of untrusted content from the internet.

Of course, if you use any other programs which does this (like Mail client, maybe Office program, PDF reader) you should keep these updated too since vulnerabilities in these programs are a regular attack vector too.

.. Most of the websites I visit have SSL certificate,

A SSL certificate says nothing about the trust you can have in a site. It only protects against sniffing modification of the traffic during transport. A HTTPS site can serve malware as much as a plain HTTP site can do.

Apart from that "Most of the websites" is not the same as "All of the websites".

I can smell fishy websites?

Even if you might be confident in your ability to sniff websites where the URL looks fishy (which might actually be overconfidence) I'm pretty sure that you will not know up-front of a site you visit regularly got hacked and is serving malware (i.e. Watering hole attack) or if it is serving malicious ads which are outside the control of the website itself (i.e. Malvertising).

share|improve this answer

edited 58 secs ago

answered 16 mins ago

Steffen Ullrich

106k10177245

add a comment | 

up vote
3
down vote

up vote
3
down vote

Can you explain why browser security should be placed on the top priority ...

Because the browser is processing lots of untrusted content from the internet.

Of course, if you use any other programs which does this (like Mail client, maybe Office program, PDF reader) you should keep these updated too since vulnerabilities in these programs are a regular attack vector too.

.. Most of the websites I visit have SSL certificate,

A SSL certificate says nothing about the trust you can have in a site. It only protects against sniffing modification of the traffic during transport. A HTTPS site can serve malware as much as a plain HTTP site can do.

Apart from that "Most of the websites" is not the same as "All of the websites".

I can smell fishy websites?

Even if you might be confident in your ability to sniff websites where the URL looks fishy (which might actually be overconfidence) I'm pretty sure that you will not know up-front of a site you visit regularly got hacked and is serving malware (i.e. Watering hole attack) or if it is serving malicious ads which are outside the control of the website itself (i.e. Malvertising).

share|improve this answer

edited 58 secs ago

answered 16 mins ago

Steffen Ullrich

106k10177245

Can you explain why browser security should be placed on the top priority ...

Because the browser is processing lots of untrusted content from the internet.

Of course, if you use any other programs which does this (like Mail client, maybe Office program, PDF reader) you should keep these updated too since vulnerabilities in these programs are a regular attack vector too.

.. Most of the websites I visit have SSL certificate,

A SSL certificate says nothing about the trust you can have in a site. It only protects against sniffing modification of the traffic during transport. A HTTPS site can serve malware as much as a plain HTTP site can do.

Apart from that "Most of the websites" is not the same as "All of the websites".

I can smell fishy websites?

Even if you might be confident in your ability to sniff websites where the URL looks fishy (which might actually be overconfidence) I'm pretty sure that you will not know up-front of a site you visit regularly got hacked and is serving malware (i.e. Watering hole attack) or if it is serving malicious ads which are outside the control of the website itself (i.e. Malvertising).

share|improve this answer

edited 58 secs ago

answered 16 mins ago

Steffen Ullrich

106k10177245

share|improve this answer

share|improve this answer

edited 58 secs ago

edited 58 secs ago

edited 58 secs ago

answered 16 mins ago

Steffen Ullrich

106k10177245

answered 16 mins ago

Steffen Ullrich

106k10177245

answered 16 mins ago

Steffen Ullrich

106k10177245

106k10177245

add a comment | 

add a comment | 

up vote
1
down vote

Not all the websites you visit have certificates. You can’t smell fishy websites. Certificate doesn’t mean the site isn’t trying to hack you.

The browser is the biggest attack vector against your computer. It will tend to run unvetted JavaScript code at least, and god knows what else. It constantly processes data from untrusted sources.

share|improve this answer

answered 13 mins ago

gnasher729

1,136511

add a comment | 

up vote
1
down vote

Not all the websites you visit have certificates. You can’t smell fishy websites. Certificate doesn’t mean the site isn’t trying to hack you.

The browser is the biggest attack vector against your computer. It will tend to run unvetted JavaScript code at least, and god knows what else. It constantly processes data from untrusted sources.

share|improve this answer

answered 13 mins ago

gnasher729

1,136511

add a comment | 

up vote
1
down vote

up vote
1
down vote

Not all the websites you visit have certificates. You can’t smell fishy websites. Certificate doesn’t mean the site isn’t trying to hack you.

The browser is the biggest attack vector against your computer. It will tend to run unvetted JavaScript code at least, and god knows what else. It constantly processes data from untrusted sources.

share|improve this answer

answered 13 mins ago

gnasher729

1,136511

Not all the websites you visit have certificates. You can’t smell fishy websites. Certificate doesn’t mean the site isn’t trying to hack you.

The browser is the biggest attack vector against your computer. It will tend to run unvetted JavaScript code at least, and god knows what else. It constantly processes data from untrusted sources.

share|improve this answer

answered 13 mins ago

gnasher729

1,136511

share|improve this answer

share|improve this answer

answered 13 mins ago

gnasher729

1,136511

answered 13 mins ago

gnasher729

1,136511

answered 13 mins ago

gnasher729

1,136511

1,136511

add a comment | 

add a comment | 

 

draft saved

draft discarded

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f194345%2fwhy-should-browsers-security-be-prioritized%23new-answer', 'question_page');

);

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Name Email

Name

Email

Name Email

Name

Email