Another instalment of Ask OSAlert. A reader sent us in a question about browser security and privacy. “Could you please advise me and your readers on what you consider to be the safest web browser? I am considering the term ‘safe’ from both a privacy and security stand point.”
The question further details the importance of this matter. “I spend more time on my browser than any other piece of software on any given day. Primarily because I use it at both at university for research and for entertainment (i.e. reading articles here),” the question reads, “The trend these days seems to indicate the browser is becoming more and more of a target rather than the OS.”
I’d say that there are two parts to this question. Not only is it important to take into account the browser itself, but also the platform it’s running on. It’s better to have both a browser and a platform with a proven security track record than to just have a browser with a proven track record in security.
Browser-wise, you are most likely best off with either Firefox or Chromium (not Google Chrome, but Chromium). I specifically mention these two because you also care a great deal about privacy. Since Chromium and Firefox are open source, you can be reasonably sure there’s no weirdness going on inside the code that you have to worry about. While browsers like Opera and Safari also have a good security track record, their closed-source nature means you can’t check the code for privacy-invading weirdness. I’m not saying Opera or Safari contain such weirdness – just that you can never be sure.
This extends to the platform aspect of the equation. There are several hardened Linux distributions out there, which are completely locked-down from a security standpoint. However, even desktop-oriented distributions like Ubuntu provide you with a safe, secure, and Free/free operating system. Similarly, while Mac OS X and Windows are/can be secure too, the closed-source nature of these platforms means you cannot check for any privacy-invading stuff in there (no matter how unlikely it may be).
What do our readers have to say about this one?
I second firefox and chromium. IE 8 is okay, but as a general rule avoid all internet explorers. Remember, at the end of the day the sites you visit and stuff you download make you vulnerable.
A few years back, Konqueror came out as being one of the most secure Browsers.
I don’t know if that still holds true, but I would at least rank it among FF and Chromium security wise.
And what we should not forget: Closed source addons like Flash, Silverlight and the likes are a BIG security hole.
What I am doung is: Using Konqueror for “usual web surfing”, no flash or java being activated. If I encounter a website which needs Flash or java, I start up Firefox where I have enabled that.
I am also using a self-built router with Linux as operating system and acting as hardware Firewall, and a Linux desktop with Firewall activated.
Maybe i AM paranoid, but being so is no proof I am not under attack .
Its an older article but you can find many like it.
http://www.securityfocus.com/news/11476/1
Most people who are really into web application security recommend Opera.
I half recall pdp tweeting something a while back about how he only runs opera now.
If you must stick open source
I would recommend Firefox with no-script running.
As for OS;
Hardened Gentoo
EnGarde Secure Linux
Or if money is no option Trusted Solaris.
But with anything security and privacy is a mind set. You can run trusted solaris locked down as tight as you can, but if you dont look at your audit logs, and you dont keep up to date on everything they do you little good.
Opera is much used in Russia anyway.
Also he said:
“with scripts and plug-ins disabled”
As a webdeveloper, I would say, their isn’t much wrong with Opera, the JavaScript engine is the only thing I have problems with, like parse errors problems with regular expressions. So yes, I would disable scripts on Opera, because I’m not impressed by that part.
I think Thom is just about Spot on in his assessments: FF or Chromium. However, my understanding is that Chromium is still a little flaky on Linux, and that leaves us with just the one choice: FF.
Also, it could be argued that the relative obscurity of a browser like Opera greatly enhances the apparent security. The fact it that very little (read: none) of the malware out there will be written to target it. Of course, basing one’s security policy on obscurity is generally seen as a bad move, yet I still think that there is something to this.
I should also point out if it’s platform security you want, you should probably look to something like OpenBSD over Linux. On the other hand, there healthy concern for security and outright paranoia
Don’t forget about Iron, which is based on chromium, but with all the privacy infringing features removed http://www.srware.net/en/software_srware_iron.php
After reading about Chromium vs Chrome, I had the feeling chromium was about the same as chrome. According to wikipedia:
Honestly, I don’t know really what the difference between them two is, except for logo/artwork/trademarks… I would suspect chromium, which I’m trying right now on linux, does the same privacy invading stuff as chrome.
Iron seems really nice, but there snapshot is outdated… It was not working correctly either here. And the adblock feature was not working, maybe not yet implemented in the linux build…
What I would like is a patch/option where you could just disable manually the privacy invading “features”[1] individually.
[1] http://en.wikipedia.org/wiki/Google_Chrome#Usage_tracking
That is the main browser that I use…
Safari running on Snow Leopard (in 64bit mode) has some great security features that have been added, however, Chrome is looking pretty good – its just disappointing that it isn’t in full form on Mac OS X.
As for Internet Explorer, they’ve improved security but now they’re putting all their hope on Silverlight instead of adopting open standards there will be a new vector of attack. This is a new trend where the new attacks are now focusing on the plugin as the weakest link rather than the browser itself.
What has safari added in terms of security? Last I read, it was the first one hacked in the hackathon.
Its a good browser, but not nearly the safest. Google sandboxes all plugins and all processes by default.
This is not true. Chrome does not currently sandbox the plugins as according to the developers it causes too many problems currently. There’s a command line switch to turn on plugin sandboxing though (-safe-plugins or similar).
i understood that was only on Linux that they weren’t running like that.
You’re right. From the intro comic: http://www.google.com/googlebooks/chrome/small_30.html
Due to their nonstandard behavior, they can’t be sandboxed. But they are separated out into a different process then the rest of the page.
But what security features have been added to Safari for Snow Leopard? I’m not trying to one up anyone or prove you wrong, I’m just curious about browser safety measures.
They added plug-in sandboxing to Safari, as announced at WWDC, for Snow Leopard’s Safari. Snow Leopard in general added a lot of memory protection features to OS X that were admittedly previously in other operating systems that were technically more secure than 10.5 (Leopard).
Apple has managed to catch up security-wise with Snow Leopard, although they don’t advertise that much since it’s a bit embarrassing to them how much Leopard and earlier OS X relied on security through obscurity. I predict that hackathons will be much less embarrassing for Apple in the future. (Though Safari probably remains less secure than Chrome on Vista or Windows 7, or than Firefox with NoScript on any platform. )
Please.
These “hackathons” are a joke, made for PR.
These “hackathons” are not in any way a metric you can use to conclude that “A is less secure than B”.
I never said they were a metric of anything, but you must admit, they’re the kind of PR that Apple doesn’t need – and Snow Leopard is more secure than Leopard in spite of the security-through-obscurity advantages of OS X.
Why do you think that? The winners are typically sitting on exploits for the browser on the platform for motnhs before the contest. IE, they’ve found an exploit that could be in the wild and hasn’t been detected by the vendor. How is that PR? How is that not a great test of the ease in finding vulnerabilities in browsers?
Well, as we all know, the U.S. State Department has already answered that question – It’s Internet Explorer on Microsoft Windows. I think all the malware, such as Conficker, are running on Linux or Mac, thanks to Firefox and Safari. Am I right?
Dunno for the US but the UK’s Royal Navy switched to Windows XP for their submarines, instead of Linux so I suppose they will use Internet Explorer too
http://sciencio.com/computer-science/9-1/608-british-royal-navy-wil…
Edited 2009-08-28 16:44 UTC
Knowing how military purchases get done in my country (Austria), I would have been surprized if Linux had made it in.
After all, approximately 5% of purchase prices are spent on “lobbying” (which in clear text is “corruption”). Microsoft certainly has that sort of money.
I cannot directly answer this question. However when I run windows (my girlfriend too), we use kmeleon (fast and lightweight) the last 3 years without any malware problem. Her brother use IE7 and trashed his laptop (I was unable to persuade him that Linux is better for inexperienced users). With FF I have experienced some glitches 3 months ago but I think it has to do with windows itself. On linux FF never gave any problem and similarly Seamonkey.
i’ve been running internet explorer since ie7 and haven’t had a problem yet. It really depends on your habits, not just your operating system/browser of choice
Perhaps it’s a bit of self-delusion, but with AdBlocker and NoScript add-ons, I would find it surprising Firefox isn’t just about as safe as one could hope.
Im using Firefox with two security add ons: NoScript and BetterPrivacy. I started using BetterPrivacy after it was recommended on PCWorld to deal with Flash cookies which don’t get cleared by your browser.
http://noscript.net/
https://addons.mozilla.org/en-US/firefox/addon/6623
http://www.pcworld.com/article/170323/flash_cookies_track_even_priv…
It would be better if it were sandboxed out the wazoo like Chrome. So, yes, we could hope for even more security. At the same time Chrome would be better if it had adBlocker and Noscript.
I use Opera, Chrome, and Firefox on Linux, XP, and OS X. I don’t know that the browser or OS you use really matters these days. You keep your system up to date, download software from trusted sources (MSDN or a trusted repository as opposed to isohunt), disable autorun on Windows, and disable Facebook API for good measure.
What I really worry about, is what measures companies who are entrusted with private data are doing to keep it safe. In just the past 6 months, I’ve received letters from a former employer, my bank, and my university stating that they have all lost a computer or had a breech of security that meant access to sensitive information. Three separate occasions. And these are only the companies with a fiduciary responsibility to tell me when they f–k up. What about the retailers, online merchants, etc who have no obligation to keep my buying habits and personal info private? How many times do they lose data and sweep it under the rug? What is really being done with my information?
But I’m digressing. I assume that the latest version of the browser I’m using is safe until the next update is available.
Thanks for the write up Thom. When you recommend Chromium (not Google Chrome, but Chromium) what do you mean? The Chromium website offers a link to download Google Chrome.
http://code.google.com/chromium/
Edited 2009-08-28 14:14 UTC
Chromium Updater
http://forums.tlokzz.com/downloads.php?do=file&id=3
I’ve seen different Chromium downloaders/installers out there. Not sure if there is much of a difference between them.
Perhaps you mean browsers based on Chromium-source (rather than Google’s Chrome) such as SRWare Iron? Or is there an actual browser called Chromium?
IE8, I use it daily, clearly MS has learned his lesson, to bad the reputation it has gained with the years in that area(well deserved btw) doesn’t help.
Edited 2009-08-28 14:39 UTC
I don’t think so. Still no SVG, weird DOM and unusable developer tools (at least there is one now, I agree).
They’ve marketed it well, because I hear a lot of people praise it, but IE8 is still not on par with other major browsers. It still require a lot of hacking to make standard javascript work on it. It’s certainly better than IE7 but that doesn’t tell much.
I’ve cleaned massive infestations off of nine computers in the past two weeks which resulted in the PCs in question being unusable (i.e., executable files could not be run, web browser hijacked, etc.) These ran the gamut of Microsoft’s operating systems: XP, Vista using IE 6, 7 and even 8. In my opinion, people who do a lot of web related tasks (social networking, web browsing, email and other OS independent tasks) are safest on a non-Windows Operating System like Mac OS-X, Linux, or Unix (*BSD). Regardless of the browser in use, Windows’ inherent security flaws are at issue in these drive by infections. If you must run Windows, use Firefox with ad-block plus and WOT (Web of Trust) extensions enabled at all times! You could also pop in your favorite Linux Live-CD or Live-USB for those times when you’re simply going to browse the web and don’t care about having your Windows apps at your fingertips.
Edited 2009-08-28 14:30 UTC
Which flaws exactly? I think the main problem with security today is that people are allowed to install random crap from the web. IE8 + User mode blocks everything, so I don’t see how you can blame windows. I’ve also cleaned computers and I’ve noticed that vista at least cuts down a lot of it. The worst machines I have seen were XP and the browser didn’t matter because most of the crap came from people trying to download:
Porn
Pirated material
Random codecs
Click me crap
Your computer is infected crap
So I guess my answer is that the safe browser is the one that is updated and running in user mode. IE has a bad rep but it is really more from 6. IE8 is fine, but so are the alternatives.
I agree completely. Vista seems significantly more resistant to web infections than XP (more than half of the infested machines I mentioned were XP machines.) I agree that IE in user mode is safer, however, most people don’t run this way. People seem to want to run as administrators. This is what I eluded to when I spoke of Windows inherent flaws. Once an administrator, always an administrator. Code can run wild. UAC tries to address this, but it doesn’t go far enough (and even then, users complained which led to the more lax UAC coming out in Win7.)
I also see Windows non-enforced separation of admin and user as biggest flaw.
They should install a Windows XP in a virtual machine for backwards compatibility, and have strict seperation between admin mode and user mode.
Every time someone wants to install something, a admin password should be asked.
The admin/user separation in Vista works great when you actually have an admin and a user. Asking a user every time for a password or uac will work for stopping junk that would normally install itself without permission but it doesn’t stop people that are wilfully trying to install crap.
It’s the dancing pigs problem
http://en.wikipedia.org/wiki/Dancing_pigs
There a a couple of reasons a privacy-concerned user should use Firefox, at least if no third-party tools are used to achieve the same effect:
1) BetterPrivacy will take care of long-term tracking via LSOs(Flash cookies) and DOM storage.
2) If third-party cookies are deactivated, Firefox will neither send nor accept cookies from third party sites (like Opera, Safari and Chrome accept third-party cookies).
3) Adblock Plus with EasyList/EasyPrivacy subscriptions will not only block unwanted advertisement, but also prevent advertisement companies from tracking you in most cases (both first-party and third-party tracking).
3) Firefox can be set via about:config to delete cookies after a certain amount of time automatically. To me this is a workable alternative to complete manual cookie control, especially to phase out long-term cookies of sites which have only been visited once.
4) RefControl allows to manipulate the referrer. If set to <replace> it will include the domain one is visiting instead of the one where the link was clicked. This will prevent most anti hot-linking measures to be triggered without affecting the browsing experience.
There are also more invasive extensions like NoScript which I do not use personally as it severely degrades my browsing experience due to the required micromanagement.
Edited 2009-08-28 14:37 UTC
Yes, one of the aces that Firefox has in its hand compared to others is the huge amount of available add-ons and extensions, many of which are security and privacy related. (Well, of course, you should first decide whether some add-on itself is secure or not.)
Besides of those already mentioned above, there’s also, for example:
– WOT (Web of trust) to warn you about malicious websites: https://addons.mozilla.org/en-US/firefox/addon/3456 )
– NoScript to block all scripts,
– Ghostery to see how websites may be tracking you
– RequestPolicy to control which cross-site requests are allowed
– Perspectives to prevent “man-in-the-middle” attacks when using SSH and HTTPS: http://www.cs.cmu.edu/~perspectives/ ,
and many others listed here: https://addons.mozilla.org/en-US/firefox/browse/type:1/cat:12
It’s true that NoScript requires some management… and that bothered me too at first. But you can have Noscript remember your choices for sites you decide to trust and after a while you only have to do it for websites you visit infrequently. You get used to it after a while. At least I did.
If you are really ‘paranoid’, I guess that the safest browser would be one that does not do any scripts, images or cookies. Something like lynx/links or w3m on Linux/BSD.
Edited 2009-09-01 09:19 UTC
Running each tab (web page) in a separate process and having it sandboxed is a great security model to build upon. It’s not only potentially secure, it’s also good design and engineering. I use Chrome (Linux) almost exclusively now.
Edited 2009-08-28 15:00 UTC
I pick:
lynx
links
elinks
I agree. I have an old Pentium 233 laptop with 64 MB of RAM. I run OpenBSD, boot into a light-weight desktop (openbox, blackbox, etc) and run “links -g &” from a terminal. Very fast, stable, secure and mouse-friendly with pretty pictures! It is my late-night, falling asleep computer. Of course, during the day I run 64-bit Ubuntu with Firefox and all my favorite extensions!
The Mosaic browser does not have any Javascript vulnerabilities, not even Java Applet flaws, nor CSS insecurities, or cross site issues.
It might not be on par with modern browser or usable at all in todays world, but the code base is small enough to be much more inherently secure than any other modern browser.
Though it have support for PNG and Jpeg, so vulnerabilities found in those libraries are most likely exploitable even in Mosaic.
I must be getting old. I can’t remember the last time I used Mosaic – maybe 15 years ago?
That sounds a bit paranoid. How many firefox users scan through the source code looking for ‘weirdnesses’? In fact, how many FF users have even glanced at the source code? **
Anyway, I use Opera for most browsing and research, firefox for porn.
**[I am not bashing firefox, opensource, Dick Stallman, puppies or your mom, so don’t take offense to that statement]
The user was clearly worried about both security and privacy. When it comes to privacy, an open source browser is a better choice because it is pretty much guaranteed that Firefox or Chromium does not send usage statistics or something – because if they did, it would get out in the open instantly. This does not go for closed source browsers like Opera and Safari.
I’m NOT saying that they actually collect data – just that if they did, there’s no guaranteed way for us to know about it.
Edited 2009-08-28 15:34 UTC
No offense taken, but I have looked at the code. It’s pretty And there is a lot of it, though, I have not worked on Mozilla/Firefox since v2.x
That is why firefox is my porn browser of choice.
…NetPositive (which, incidentally, worked quite nicely with OSAlert until V4).
Joining the common opinion about the closeness of Opera/Safary (and also due to their relatively low market share), I can only comment about Firefox/Chrom/ium.
There are two aspects to consider:
Privacy:
While both projects are OSS, I’d say Firefox has a better chance to keep your privacy since Mozilla has no inherent interest in collecting user info/data, at least not to the same extent that Google has, almost by definition. It’s not an accusation of Chrome, merely a Google interest to collect data.
One can also turn off the geo-location services on Firefox, turn off pishing detection (double edged sword since it undermines the security aspect) because it send every page one visits to Google (on both Firefox and Chrome), and disable search term completion (again, it sends Google every character you type into the search box even without executing the search).
Other than that, both have good privacy modes (“Porn mode”), which is easier to invoke on Chrome IMHO, and both allow the user to clear private data pretty easily and with good resolution.
Bottom line, I’d go with Firefox on the privacy front, but it only wins for my by a small margin.
Security:
I’d say that Chrome’s process isolation is currently the leader in generic preventive measures within browsers. One can also turn on the NX-flag at the OS level (DEP on Windows) which further helps preventing execution of code that resides on non-code segments.
Both projects seem to respond pretty fast with security updates, so that front is covered nicely.
An interesting aspect to consider, both from Browser and OS perspective, is that the larger the market share of the product, the more attractive it is as a target for malicious software. From this perspective, BSD/Linux/OSX/Win32 is probably the order of attack chance, in increasing probability order. From a browser perspective it’s probably Opera/Safari/Chrom/Firefox/IE, again, in increasing order of chance to be attacked. As for guest OS, go with what you feel comfortable.
Bottom line on security: Chrom/ium on windows should do pretty good IMHO. If you’re on *nix, just make sure to use the browser as a non-root account.
Another option to consider if one is really concerned about security, is to run the browser inside a virtual machine, possibly while re-installing the OS once in a while or just boot a VM of a Live-CD (many of them can save user data/bookmarks/etc between reboots to HD/Disk-on-key/etc). Current VMs are pretty effective on modern computers, and the performance penalty is reasonable (read: pretty small on a modern PC).
The most common solutions today are probably VirtualBox which is Freeware (including a good enough OSS variant) and the commercial VMWare. Some solutions include desktop integration which can be pretty useful on our scenario.
If one’s concerned about resource usage of the host, there are many small Linux distros to choose from which require little memory allocation for the VM. Puppy Linux is one such options, although there are many.
Personally I use Firefox on XP/SP3 with geolocation/pishing/search-completion turned off but without automatic script blocking. It’s not perfect, but thus far I’ve managed to keep my PC 100% clean during many years of extensive usage and browsing.
YMMV.
Edited 2009-08-28 16:15 UTC
I don’t think it’s a good idea to recommend “Hardened Foo” stuff. There are several reasons:
The biggest vulnerability is the user. Many people think they are secure, if they use secure software, but this is simply not true. You are only secure, if you know the difference between secure and insecure and if you know how to make insecure software/configurations/systems secure. No user should be told “XY is secure”. You can use even the most secure software in a bad way and therefore have a very vulnerable system.
Hardened doesn’t mean the non-hardened software is insecure and it doesn’t always mean “without special configuration”. In many cases hardened means it comes with properly configured software, with ACL, SELinux, SSP, …
OpenBSD is a good example for an OS which doesn’t include hardened in its name and is considered as even more secure than many hardened Linux distros (okay, you can discuss this, but I wrote “…it is considered…”). This doesn’t mean, it’s magically secure if you add anything to the system, change the configuration or do anything else.
Fedora also doesn’t say its hardened, but it come with many stuff which is considered as hardened, like SELinux.
Security is a hard to define. You could also say your system is very secure, because you disabled internet and that’s true in most cases. If you don’t allow XY, XY can’t be used to compromise your system and indeed shrinking a system is a good way to enhance the security of your system. Things that are disabled are pretty secure.
But even security features can be used. Say, you have a background virus scanner running as windows service (or *nix daemon). If you have a properly secured/configured system this virus scanner – if it has a bug or is configured wrong – can be used as a way to compromise your system, because it is running with special rights.
So what is secure?
There are plenty of things. Secure software systems should be small, well documented (inside and outside of the code), offer a good default configuration (most things should be disabled), simple and easy to use and inform you about every risk. It should also inform you about updates or if its targeted at inexperienced users update itself (of course the user should know this). It should also do automatic checks and verify everything.
All in all good software shouldn’t need hardening.
I understand the reason for hardening guides, because many things depend on how the software is used later on. But in many cases there should be a good configuration or even templates of good configurations for specific cases. Software should be able to find out the needs of a software on its own and disable everything that isn’t needed.
The best way to have a secure system is to know as much as possible about it and think about how you or anybody can intrude your system.
A good post. I’ll pick two quotes.
Now, based on these quite reasonable metrics, could we conclude that (a) browsers are not good software, and (b) it is close to impossible to secure a browser (instead of a system)?
I don’t understand how you come to this conclusion, but it will most likely depends on the browser.
I don’t think this is true.
When we come to browsers there are two things that can be done to make it secure (besides doing everything in separate VMs and validating everything).
The first is shrinking: Browsers are viewers/parsers. For this reason one should really only care for these things (Do one thing and do it good!). A lot of attacks/bugs are based on problems with parsing bad/invalid stuff.
Come with secure default settings. A secure browser shouldn’t trust a site it doesn’t know. For this reason it should limit it as much as possible. A lot of attacks/bugs are also based on javascript (or even plugins). Most of them don’t cause problem if you enable javascript only on pages you know and trust.
This is also related to privacy. You could also disable cookies by default and add privacy and maybe even security. You can of course extend this to things like referrer, language or other things which shouldn’t be sent if you want maximum privacy.
Modern browsers are doing well by offering a private browsing modus. I think something like Firefox NoScript and CookieSafe should be part of all browsers, visible and with all scripts/cookies diabled by default. This will make people aware.
To make it easier for people, who are not tech-savy one could add templates with non-technical descriptions or maybe a wizard. A lot of people don’t know about referrer, locales, cookies, etc. and how this could affect their privacy and what they are good for.
So, if you have a wizard, a template or options telling you about them could help to make people aware.
As I said people need to be informed. If people are not informed about something they can defend them self against it. So I’m for disabling most things by default and if a website wants to do something it should first inform about risks and whether you want to allow XY or not.
First, you missed the smiley face at the end.
But wouldn’t the existence of this article sort-of prove the point that browsers are hardly optimal (“good”). If good software does not need hardening by definition, then various techniques and plugins people have proposed in this thread kind of speaks about bad software.
No disagreements here.
Although I would emphasize that “securing” would probably imply a throughout audit of the software, which is kind of moot with few hundred megabytes of C++ that furthermore change quite rapidly.
Fully agreed. A lightweight browser could even be audited by people who are not working full-time in infosec. (See also my comment further below.)
Agreed. Quite ironic that “secure by default” has never been a catch-phrase of browsers. Instead we see hype about things that are highly complex, obscure, and hard to validate. These “sandboxes” are a good example.
Sure. But be careful with contradictions: the more you add these security features, the more the risk surface will grow. As someone noted already, these plugins pose a risk themselves. Ditto for possible privacy risks.
Just turn off networking.
I have gotten use to browsing via a Virtual Machine. I use virtualbox, and a Windows XP image (yes, licensed…) so i can run all the plugins needed for browsing these days. You can back out of plugin installations, javascript bombs, etc. I can use IE without looking over my shoulder. I dont keep anything important on the VM. All bookmarks are either sync’d from an external source or cut and pasted from my desktop.
On my actual desktop (OS isnt relevant), i use firefox with NoScript and Adblocker (though from previous discussions on osnews i am considering replacing adblocker with just flashblocking) and only really browse sites I trust and never download any extra plugins (with flash being the exception…unfortunately).
If you are looking for security in both the browser and platform then lets get serious. OpenBSD and lynx would be the way to go. Ok, I wasn’t serious but it would be pretty secure, if a bit less functional then other setups.
Thom, you left IE out of your article. I’m not going to say its the best browser or the most secure, but I wouldn’t be too quick to dismiss it either. IE can be secure IF you know how. Microsoft actually has security measures in place in the control panel, go to internet options. You can find the security zones tab in there and place certain sites in a zone. There are a few more ways to secure it with different options as well. Although that might be getting out of the scope of this article because the user would need to know where to go and which options to select.
A lot of people here are missing the point, I believe.
In general, platform security is rather irrelevant in the “modern browser vulnerabilities”. We do not see may buffer overflows or privilege escalations where something like Hardened Gentoo or OpenBSD would matter. Instead, we have a whole new class of vulnerabilitieus; URL and certificate spoofings, different scripting vulnerabilities, and whatnot.
Likely even the aim of browser exploits is not to control the host computer, but instead the data transactions that the browser carries. If you own the browser, you own things like online banking, web e-mail, et. cetera.
As for the browsers themselves, I wouldn’t put my money on Firefox. I’ve been watching quite closely the vulnerability trends in this browser and I must say that things have gone worse, to say at least. This is probably true in all major browsers, the main reason being the overwhelming complexity that these entities carry. This is one reason why I have long waited for some simple and lightweight open source browser with support to (and only to) CSS and possibly some Javascript.
Virtualization does not generally improve security, but in this case it may be a good and simple solution, as someone noted. I’ve been following a simple practice that involves doing all banking etc. in a trusted, isolated, and generally hardened computer that is not used for “normal browsing”.
Finally, I do understand the questions; scary times ahead as the cloud moves closer.
EDIT: typos.
Edited 2009-08-28 20:15 UTC
Have been monitoring Dillo with interest though it isn’t quite there yet!
My temptation is to run it OpenBSD or similar. A secure browser is great but it does need to sit on a secure foundation!
This is a great opportunity to ask about the (supposedly very secure) “OP web browser”. Anyone got an idea what happened to this browser? Does it even exist?
http://code.google.com/p/op-web-browser/
This page says: “A new web browser that is designed to support web-based applications securely, called the OP web browser. This browser is based off of research from the University of Illinois and we plan to post our code here in early ’09.”
http://www.cs.uiuc.edu/homes/kingst/Research_files/grier08.pdf
This paper explains the technical details of the OP web browser.
Excuse me for saying the pimping of Firefox so far goes above/beyond it’s track record. Given the repeated touting of open source as somehow being magically superior from a security standpoint I suspect rampant fanboyism is at the heart of it being listed over others than common sense or any form of actual research.
Let’s do some research shall we? Let’s look at secunia advisories and the patch record. To be fair let’s look at 2007 through 2009 – and we’ll compare the browser ‘dismissed’ JUST becuase it’s closed source – Opera. We should list FF 2.x, 3.0 and 3.5 together since secunia does not list 9.0 and 9.5/newer separately. Really sad part is, from a features standpoint all those FF releases are little more than bugfixes.
Firefox 2.0.x
2007 – 15
2008 – 10
Firefox 3.0.x
2008 – 8
2009 – 10
Firefox 3.5.x
2009 – 2
Opera 7.x
2007 – 2
Opera 8.x
2007 – 2
2008 – 9
Opera 9.x
2007 – 8
2008 – 10
2009 – 2
33 Opera security advisories vs. 45 for Firefox…
We can make that uglier. Exactly how much more ‘out of the box’ does Opera do? Oh, just about everything people use extensions for in Firefox. Open up ANY of the software pages on Secunia’s “advisory by product” page:
http://secunia.com/advisories/product/
and you’ll find page after page after page of Firefox plugins. Most EVERY plugin opens up gaping security holes… Many of them remaining unaddressed.
So… Opera is more secure than Firefox, and if you want to even have a passing semblance of secure in Firefox, you can’t actually make it as useful.
Have fun with that. Open source is only as secure as the efforts of those working on it, and given that often means that bugs only get fixed when a coder ‘feels like it’ that leads to bugs being unaddressed. It’s just like Firefox’s so called standards compliance – go look at bugzilla 915 if you want a laugh as that’s proof enough if a bug isn’t “stylish” it will never get fixed.
As to Safari and Chrome, well…
Safari 2.x
2008 – 1
Safari 3.x
2008 – 6
2009 – 3
Chrome 1.x
2009 – 6
Chrome 2.x
2009 – 4
Chrome 3.x
none yet.
It’s worth noting that since it’s release chrome has had more advisories than any other browser during the same time period, and has garnered the same number of advisories the past year that Safari took three years to compile.
While there may be overlap in those numbers between browser versions (bugs that did not get fixed across releases) it’s a pretty good indicator of ‘security’… and proves that the whole “Open source vs. closed” arguement is more naive idealism than reality.
Which kind of goes with the whole dirty hippy aspect of the open source movement and zealous fanboyism.
Edited 2009-08-28 21:51 UTC
“Proves” seems a bit of a long shot to me.
For one thing, the closed sector include bugs that are publicly found; whereas the open sector includes both the publicly found bugs AND the privately found ones.
Least ways it’s just plain hard to know for certain how comparable things really are.
There are aspects of browsers that are inherently messy (3+ languages in a single HTML source file) and militate against engineered security.
One thing that is a litmus test is the persistent focus on the subject in hand by the authors. OpenBSD has it – but not for browsers. MicroSoft went to sleep for far too long with IE6 and have still have grubby credentials.
It may seem harsh on MS but there are many web developers HAVING to retain IE6 compatibility – even now!!
It’s a modern equivalent to Keynes idea of digging a hole to make work. Damn – shouldn’t have said that – Keynes is back in fashion!!!
Are you counting _advisories_ or _vulnerabilities_? I think your stats are off. Chrome tends to release lots of advisories with small numbers of bugs fixed; this model permits fixes to be rapidly rolled out to users rather than the more common alternate model of batching lots of security fixes into larger, less frequent updates.
Also, note that Safari 4.0 was a security patch for Safari 3.x that fixed something along the lines of 50 distinct vulnerabilities — over double Chrome’s lifetime total.
Finally, note that the “average” severity of vulnerabilities for Chrome is lower than many other browsers thanks to the sandboxing.
Chris Evans, Chrome Security Team
While I do think that OSS peer review is a net plus, and can be helpful, particularly for large, well known OSS projects… there is no silver bullet for code security. I, myself, bought pretty heavily into the “many eyeballs” view, until this:
http://tinyurl.com/43dm8
Here we have probably the highest profile OSS project in the history of the world. Even more well known than the Linux kernel. And yet after literally years of hearing about how its open source nature makes it more secure, we discover that they are not even doing the most basic input validation on input coming straight from the big bad untrusted Internet. And the Bugzilla entry, which included the initial flood of problems found by the the Mangler code, took months and months to be resolved. The problem (lack of proper input validation) absolutely permeated the Firefox code base. And yet for years, only blind eyes had been turned to this massive, gaping, security problem.
It’s hard to have a lot of faith in the “many eyes” view after that demonstration.
Edited 2009-08-29 03:04 UTC
I think simply counting the number of advisories an application has had isn’t a very good way of determining how secure it is. Surely the two obvious metrics are 1) how long was each vulnerability unpatched for (I could say “exploited for”, but black hats wouldn’t announce to the world they’d exploited an app – that’s up to white hats who may find it much later) and 2) how severe was each vulnerability?
You probably need to provide some formula for this – e.g. the sum of (the number of days unpatched multiplied by 3 for high severity, 2 for medium severity and 1 for low severity). I bet the answer will look quite different for Opera vs. Firefox if you did that. IE would probably fare even worse – remember that “the number of days unpatched” can be in the dozens thanks to the monthly Windows patch cycle. Plus Microsoft deliberately avoids labelling some of its patches “critical” in case someone does a metric like the one I suggested, so they know how to game the system already.
…offer good basic security options, but never be fooled into thinking you have true privacy and security. It really depends on who you are trying to protect yourself from. Anyone with the right resources available to them and the necessary contacts can get any information they like about your web browsing habits and history. Those same entities can gain access to your computer system or network too and you’d never know they were there.
But for basic security one of the easiest methods for keeping your computer secure and free of nasties is to use a thing called common sense. If you had a chook pen and someone told you they saw a fox in there you’d first check for the fox then check the fence for holes and that the gate was latched properly, you wouldn’t go out and whack up another fence right away, yet it never ceases to amaze me how many people get sucked in by this “You have 146 trillion viruses on your computer! Click here to fix it!” crap. And just because a plug-in exists for telling you the optimum temperature for your bath water based on what planet is currently pathing through Aquarius it doesn’t mean you should install it!
Keep your firewall and anti-malware crud up-to-date, use the “Private Browsing” type features of your browser, install only what you NEED and don’t visit sites that are high up the list of probable sources of nasties…
Thom – nothing to add! that was a very wise and well-thought summary. You completely omitted the “I like X or Y” things in favor of good and objective standpoint.
When we talk about secure browser we just can’t afford of not mentioning it’s openess, because it means we are also missing the privacy matters.
lynx/e/links
http://blogs.zdnet.com/security/?p=2941
security seems to be a big focus with all the current browsers. after having seen all the problems with previous internet explorers i am still wary about using internet explorer.
i use google chrome. it’s fast. it updates fast. and it’s user friendly.
Thom Holwerda, let me make a little note. Technically source code means absolutely nothing when speaking about security. There were precedents in IT history, but even if we forget about the past, then let’s see some recent events. Critical kernel bug was detected in Linux which can not be easily tracked in source code (source code says absolutely nothing about resulting binary) and leads to code injections into kernel space. In other news a virus was recently found that infects Delphi IDE and adds itself to every compiled binary thus making open source irrelevant.
Checking software for security issues SHOULD ONLY be done on actual binary, so being Open Source is TOTALLY irrelevant.
It looks like we will see more such issues in the future because:
1. open source software gains popularity;
2. users are fed by myths that OSS is totally safe and secure;
3. many OSS “develeopers” are not qualified enough to detect such issues on their own.
So my advice is to stop supporting myth that open source software in any way is more safe, secure and checked by “millions of guys everywhere”. It is NOT true! And will eventually lead to open source malware.
I never claimed such a thing. You should read more carefully.
The open source aspect is a benefit when it comes to PRIVACY. THAT’s what the article said.
For privacy, I recomment GNU IceCat. It’s mainly Firefox, but without trademarks and enhanced privacy. It’s compatible with Firefox’s plugins and addons, so it’s the best of both worlds.
http://www.dillo.org/
helz ya! and Lynx, don’t forget Lynx http://lynx.browser.org/
(Lynx is actually very secure)