Do New Faster JavaScript Engines Lead To Faster Exploits?

When Ajax was first introduced by Microsoft several years ago, even though it was known by another name then, nobody knew the impact that it would have on modern day web development.

This single development has made JavaScript a first class language.

Probably less than 3 years ago, professional web developers were still getting JavaScript confused with Java, the compiled language.

Now the language is taken seriously by everybody.

It has its own frameworks and it now allows a web page to feel like a true application.

There is no more having to do a refresh when you want the application to perform an action.

To counteract all of the recent improvements in the Javascript applications that people make, the browsers out there have implemented improvements that allow the applications to go faster.

do faster JavaScript engines lead to faster exploits?

do faster JavaScript engines lead to faster exploits?

Faster JavaScript Engines

The Javascript engines have improved a great deal in a short amount of time but, even though the engines are getting faster, are they protecting the end consumer from advanced bugs that can now be introduced?

There are a lot of exploits that are delivered by Javascript.

Almost everyday you see a new web site whose JavaScript has been molded to perform some malicious purpose.

Now with Javascript taking an ever expanding role in web development, the chances of the average user running into an exploit almost doubles.

Before, if you ran across something suspicious, it would probably slow your browser down to a crawl and you would close it before it got the chance to execute.

Now, with the faster engines, it will speed right through and there may be no chance for you to stop it before it finishes.

There is a need for the new JavaScript engines that are being released to check for exploits as they are running.

Modern compilers and JIT (Just in time) compilers can evaluate buffer overflows and other items that might cause an exploit on a compiled program.

There should be something similar in the new JavaScript engines that are being released.

Until we can stop an XSS attack without crippling JavaScript functionality on our computer, we still have a long way to go.

As of right now there are no automatic ways to tell of a vulnerability while the script is already running.

The best way that we have to stop the problem is to use technology such as no-script and flashblock.

These plugins for Firefox and Chrome allow you to stop Javascript from running in your browser until you give it permission to do so.

Javascript analyzed at run time is sorely needed. It is the only way that we will remain protected with the new advances in javascript technology.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Speak Your Mind