Gartner Blog Network

Is Secure Browsing around the corner?

by Avivah Litan  |  March 4, 2011  |  3 Comments

Many banks, ecommerce and other firms who have web-accessible information and accounts to protect are waiting for the day when they don’t have to worry about attacks against their customers’ browsers and end points. Man-in-the-browser attacks (e.g. Zeus/SpyEye) are very much alive and well, and causing all kinds of problems amongst many of the companies I speak with.

Secure browsing is one option that could really help. And recently, I’ve been hearing about various innovative engineering feats that could get us there. For example, today I heard that the largest private bank in the world, conveniently located in Switzerland, is about to roll out USB-plug-in transaction signing devices that come with a proprietary locked down browser which communicates with the device’s firmware along with the bank’s server. This browser is also downloadable to a user’s PC and usable without any installation.

Swiss ebanking technology provider, CREALOGIX E-Banking, has been working with its privacy and security zealous banking clients on this technology for many years. There are several variations on this theme coming to market, and already in the market (See our research note “Tompkins Financial Distributes IronKey Locked-Down Secure Computing Devices to Banking Customers”). Interestingly, another Swiss bank, UBS distributed similar USB-pluggable devices from IBM to its corporate customers. And for the first time, we are starting to get earnest client interest in these options, as they wrestle with the man-in-the-browser attacks and need quick solutions for their complex legacy environments.

These devices, and even the software versions of the proprietary browsers, should go a long way towards keeping men out of our browsers.


Avivah Litan
VP Distinguished Analyst
19 years at Gartner
34 years IT industry

Avivah Litan is a Vice President and Distinguished Analyst in Gartner Research. Ms. Litan's areas of expertise include endpoint security, security analytics for cybersecurity and fraud, user and entity behavioral analytics, and insider threat detection. Read Full Bio

Thoughts on Is Secure Browsing around the corner?

  1. Andrew says:

    Unless these devices and software can also ensure that the user’s PC is clean of viruses and perhaps even keyloggers, then it’s going to be a futile attempt at placating the masses without actually offering real security.

    I’d also hope that any such browers would be available on all platforms, and I don’t just mean Windows and Mac.

  2. Jerry says:

    The scope should not be to “clean” the PC of viruses and other threats. That’s a hopeless task. The purpose should be to provide a transaction platform which is capable of operating securely also on an infected PC (i.e. the secure browser should be resistant against all known attacks). It would be interesting to learn how the various solutions compare on this front.

  3. Avivah Litan says:

    Right, these USB platforms circumvent the browser and OS on the PC and assume that the PC is NOT clean of viruses and other threats; hence the need for a closed locked down computing environment.

    We should start comparing the various solutions on this front.

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.