Another Security Misstep

Netscape Navigator version 2.02 Gold running on Windows NT Server was the first browser to use NPAPI.
Netscape Navigator version 2.02 Gold running on Windows NT Server was the first browser to use NPAPI.

 

Following Microsoft Windows 10, the end of Google's support for the Netscape Plugin Application Programming Interface (NPAPI) in Sept. is expected to cause chaos in Korean e-commerce and its security once again.

The industry is getting nervous at the prospect of another disruption under the circumstances that the financial sector and the Internet industry are still reeling from the chaos caused by Windows 10.

The worries this time are due to Google's decision to discontinue its support for NPAPI on Chrome starting early next month. As personal firewalls used in open banking will not work and the security will not be guaranteed, it will be impossible to use open banking services. NPAPI is a cross-platform plugin architecture used for e-commerce and Internet banking on Chrome. In other words, the disappearance of NPAPI on Chrome will inevitably paralyze web sites that were built based on the plugin architecture.

As a result, an increasing number of experts are calling for the improvement of web sites in the form of Hypertext Markup Language 5 (HTML5), which does not use unstandardized programs like ActiveX and NPAPI.

According to the Ministry of Science, ICT and Future Planning and the Korea Internet & Security Agency (KISA) on Aug. 12, 78 out of 200 major private web sites that account for 78.2 percent of the Internet use in the nation are using 241 kinds of NPAPI. By function, security, authorization, and payment related to e-commerce make up 76.2 percent of the total. By category, portal sites like Naver and Daum and the financial sector are using NPAPI the most.

Currently, Internet Explorer represents 87.5 percent of the total web browsers used in the nation, while Chrome only constitutes less than 10 percent. However, the biggest worry for the financial IT industry is that Chrome users have loyalty to Google's web browser.

An official at KISA noted, "Those who are in charge of Internet banking web sites are saying that Chrome users are very reluctant to use other browsers, as in the case of iPhone mania." The official added, "Suppose that an average of 30,000 to 40,000 Chrome users utilize Internet banking services each day. Their needs cannot be ignored."

A more serious problem is open banking. Open banking is available on not only Internet Explorer, but also other web browsers such as Mac OS, Firefox, Chrome, and Safari. Experts are pointing out that once NPAPI is blocked, open banking services may also be unavailable. This phenomenon is attributable to the fact that it is necessary to operate NPAPI in order to install and run personal firewalls used in open banking or security programs like a virtual keyboard.

Hence, officials in the industry are apparently unhappy with the government's slow response to the termination of NPAPI. "We will discontinue our support for NPAPI on Chrome starting in Sept. 2014," said Google in a statement released in Sept. 2013. At that time, the Sept. 2014 deadline set by Google was extended to Sept. 2015 at the request of the Korean government and private enterprises. 

Nevertheless, the government has yet to come up with an alternative. It will only be possible for banks to actually respond to the end of NPAPI late this year. An official at a local computer security software company said, "The government asked for another postponement of the deadline this time. But I think that it will be difficult for Google to specifically consider the situation in Korea," adding, "The biggest problem is that Seoul approaches the issue with a complacent attitude that in a worst-case scenario, Internet Explorer will still be available."

To address the problem, the government and private Internet companies have already urged people to install the latest web browser. HTML5 makes it possible to see videos, play games, and experience graphics using a web browser, without any separate plug-in programs using unstandardized programs like ActiveX and NPAPI. That is, if Internet sites are built based on HTML5, users can conveniently use the Internet via tablet PCs or mobile devices, in addition to PCs.

Furthermore, an HTML5 web standard can reduce security concerns for online or mobile banking, since Flash is not required, which is vulnerable to hacking. From the perspective of companies running web sites, HTML5 will work to their advantage in terms of manpower management and cost reduction, since companies can build and manage their web sites using the same web standard.

Copyright © BusinessKorea. Prohibited from unauthorized reproduction and redistribution