Can a computer be infected by malware through web browser?

Can a computer be infected when it accesses a malicious web page?

Why is not a web browser 100% safe? What web resources, such as Java Script, Flash or a HTTP connection, can infect a computer?


Solution 1:

Yes you can. Usually a proper Anti-Virus program will intercept these attempts though. Of course, browsers don't have "built in" backdoors/vulnerabilities but they can exist nevertheless. When such a vulnerability is found by a hacker or other malicious user, that vulnerability can be exploited to infect the visitor of the web page.

If something could be made 100% safe, there wouldn't be any need of Anti-Virus programs at all. There's always some creative solution that can be found to infect people anyway and such an exploit can only be patched after it has been discovered.

It's like typing an entire book on your keyboard, without checking for typos. You will only discover your errors when you start reading/reviewing whatever you typed. Reading in this case, would be to just "use" the browser.

Most exploits are in 3rd party plugins (such as Flash, PDF reader plugins, media, etc.) so the browser maintainers don't have full control over what is run in their browser. It's like having a house built by 4 different contractors who don't know exactly what the others are working on or how they are doing it...

Solution 2:

Squall,

Software is intrinsically difficult to get right. For a glimpse at why, I recommend an article by Cem Kaner, an expert software tester. The article is called "The impossibility of complete testing." Also read his article on "Software Negligence and Testing Coverage"

A short answer is that software is complicated, demands perfection, and humans are imperfect. With limited resources, competition, and limited knowledge, a lot of software developers do the best they can. Those who are careful to produce even more secure software will never be able to compete--their products will be more expensive, late to market, have fewer features, etc. On the other hand, security is becoming an important customer consideration; while customers (and most developers) can't tell what's secure by looking at it, there are experts, analysts, and historical trends that teach us about security, and help us make better decisions about the products we buy and use.

Sometimes the more secure products will be more expensive, or lack other qualities we desire beyond just cost (features, usability, performance, etc).

In the world of software security, we generally accept that if an adversary has enough funding, motiviation, and/or resources, nothing is truly secure.

Security costs money, and it's a tradeoff.