Slashdot Mirror

← Back to Stories (view on slashdot.org)

There Is No Safe Web Browser

Posted by Zonk on from the internet-is-a-scary-place dept.

Michael writes "David Sheets has up an interesting article on browser security, and I have to agree with his conclusion: no web browser is safe. The article details the recent Netscape fiasco, and touches on the whole Firefox/Internet Explorer debate. From the article: 'So if it sounds as if we're all at the mercy of hackers just looking for some new challenge, that's partially true. As law enforcement officers will tell you, crime finds you if it wants you bad enough, no matter what preventative measures you take. But the vast majority of criminals have an Achilles' heel: They prefer convenience to challenge. For now, it's more convenient for them to pick on Internet Explorer.'"

5 of 444 comments (clear)

  1. Re:Dictionary Security Definition by Winckle · · Score: 3, Informative

    59 million downloads actually :-)

  2. Re:No browser is safe? by slavemowgli · · Score: 5, Informative

    Lynx has had vulnerabilities in the past, too - this one, for example. The only *really* safe way to browse is probably to use telnet, but I'm not sure you can even call that "browsing" anymore.

    --
    quidquid latine dictum sit altum videtur.
  3. Re:I want you to meet my little friend by macaulay805 · · Score: 4, Informative

    Lynx had its fair share of vunerabilities also ....

  4. Re:Lynx is safe by Anonymous Coward · · Score: 3, Informative

    This "Lynx" you speak of intruiges me. Before I switch from current browser, could you post some screenshots of Lynx in action?

    Here you go!

    http://img184.echo.cx/img184/7750/lynx026bk.jpg
    http://img184.echo.cx/img184/3108/lynx013je.jpg

  5. How to make a safe web browser... by Temporal · · Score: 3, Informative

    It's really rather sad that we've given in to the idea that writing secure large-scale software is essentially impossible. It's not. It's only impossible in the paradigm we use.

    Here is how security works on every major OS and in every major programming language today:

    1. Tell the program about all of the features of the OS by exposing them all through an API.
    2. Let the program make any request it wants.
    3. When a request is made, check it against various lists to see if the program is allowed to do it.

    Here's how it should work:

    1. Tell the program only about the features it is allowed to use, by giving the program references to objects implementing these features (i.e. file descriptors, handles, implementations of abstract interfaces, or the like).
    2. Let the program to whatever it wants with them, because you have not even given it the ability to express a dangerous operation.

    This is called Capability-Based Security. Hopefully it is easy to see why the latter would make security much easier to manage. If not, you can read this discussion of the concept.

    CBS allows you to execute code without trusting it. In Unix, you'd have to create a new user with no permissions to run your code, which is way too much work for most purposes. In CBS, you can set up every single program to have a different set of permissions based on that program's needs. Furthermore, the program can internally manage those capabilities to insure that only a small amount of the program's own code has access to them. Then, as long as that code is secure, the program is secure, but even if it isn't, the worst it can do is abuse the capabilities you explicitly gave it.

    How does this relate to web browsers? Well, a web browser really only needs the capability to render to its GUI window, read its install files, and read/write its config and cache. So don't give it any capabilities beyond that. Voila, now it does not matter what malicious program takes over your web browser, because it can't do a thing to your system.