Slashdot Mirror
There Is No Safe Web Browser
Michael writes "David Sheets has up an interesting article on browser security, and I have to agree with his conclusion: no web browser is safe. The article details the recent Netscape fiasco, and touches on the whole Firefox/Internet Explorer debate. From the article: 'So if it sounds as if we're all at the mercy of hackers just looking for some new challenge, that's partially true. As law enforcement officers will tell you, crime finds you if it wants you bad enough, no matter what preventative measures you take. But the vast majority of criminals have an Achilles' heel: They prefer convenience to challenge. For now, it's more convenient for them to pick on Internet Explorer.'"
And IE was last updated when?
MS are sinking for sitting back in the way they have \o/
David Sheets has up an interesting article on browser security, and I have to agree with his conclusion: no web browser is safe
No program that accepts input is safe. Even some programs that don't accept input aren't safe either. It is the nature of how complex software really is and how little of it we understand.
...at least not one you'd want to use. Sorry people, Linux is not "safe." Mac OS/anything is not "safe." There are a very few OSs that are pretty safe, but the only reason Mac and Linux fans can brag right now is that they're ignoring all the patches, hacks, etc that already exist for their OS of choice.
TW
I think you could easily transfer these findings into the OS world. Mac's and Linux are generally safe because they are a much smaller target. It wouldn't make the news as quickly, or as widespread as it does when they hammer Windows with viruses. It is not only more convenient, but more damaging to flood Windows with viruses.
I would be willing to wager a very large bet that if Mac OS X was the industry leader there would be the same difficulties with viruses, and other criminal activities that are currently associated with Microsoft's products.
It also definitely comes down to how adept the user is too, and how knowledgeable they are in internet/computer security (such as not opening email attachments unless you know how sent it, or using up-to-date virus protection).
I think that this author has finally gotten it right. Note the increasing instances of popup ads that are tailored for firefox users etc.
As firefox gains in popularity, expect that the number of exploits aimed towards it will continue to rise.
That being said, the nice thing about firefox (and OSS), is that lots of eyeballs can look at, and fix, the code in a timely manner.
I'd give this article an Obvious -1 simply because it is axiomatic, and everybody should have realized by now that There is no 'safe' web browser. Especially how after it was demonstrated that a Firefox exploit allowed infection of IE when IE itself would have blocked the malware site. Cute!
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
When a webbrowser is integrated with the OS, this greatly increases the ways a hacker can damage the system. Hence, while no browser is secure, one can is MORE secure simply because it is NOT woven into the OS. Of course, having updates frequently and being in more active development are good things as well.
=-=-=-=-=-=-=-= - The Celtic - =-=-=-=-=-=-=-=
I'll bet my browser on OSS anyday of the week. This is personal choice, but for security sake, OSS has the benifit of being open source. It's free and open for all to see, and while that might make it easier to exploit, in my book it also makes it easier to fix. We all know there are no intentional back doors, and no malicious code segments(those of us that still trudge through the code for fun anyway).
It's firefox all the way for me.
Every had a user download a rootkit and mess with the system?
Browsers can be totaly safe, as much as I hate to say it, IE can be pretty safe too. just follow these rules:
1:USE A FIREWALL
2: update your browser
3:disable ActiveX, any site that uses it is a site you should learn to live without.
4: (the one most often broken) DONT CLICK YES ALL THE TIME, warnings are there for a reason.
5: Dont DL and run STUPID executables
Most Browsers do a decent job of protecting you fron the bad stuff, but NOTHING can protect you from yourself, short of cutting the cable, and if you do that, dont run with scisors
There's no safe browser? Wow, the next thing this guy will discover is that secure software doesn't exists and that all software has bugs. Welcome to the world of software development, dude.
AFAIK, Firefox has quite good security track and fixes things fast. That's what matters. Firefox is a "secure" browser by any measurements, and unlike other browsers, they deserve the reputation they have.
And one of the reasons why Firefox has security bugs is because it's a evolving product. Internet explorer however is a 3-years-old code base which has not changed almost nothing. Mozilla and firefox have been being updated for years to support modern standards etc, Internet explorer has done nothing.
(Actually, it's suprising that after so many time people still finds bugs in internet explorer. It shouldn't have so many bugs left - look at sendmail, bind etc, they're crappy software from a security POV, but their code base is _so_ old that it's very hard to find more security problems. Internet explorer must be really buggy to keep such bad security track)
Another bozo who sees security only in absolutes. Saying that there is no "safe web browser" is like saying there's pick-proof lock. Technically true, but should you secure your valuable with a $2 lock? Security is not about absolute guarantees, it's about making life as hard for the bad guys as you can manage. Mozilla-based browser have security holes, but at least their designers attempt to design them with security in mind. Internet Explorer, by contrast, does not have security designed in, and has cruddy QA to boot. Which is reflected in the dozen or so reported security problems in Mozilla, and the hundreds of reported security problems in IE.
While I understand the point that Mr. Sheets is making, however, I disagree with his definition of safe.
I have Firefox on a computer, and it's 100% safe. I have IE loaded on that machine, heck it's unpatched Win2K, and even that's 100% safe. The reason it's "safe" is because the power supply died a few months ago and I haven't been able to turn it on.
So in this case, 100% safe = 0% usability. Which doesn't help me much, there has to be some acceptable level of "safe" that corresponds to a high level of usability, and that's where Firefox wins over IE.
-- If god wanted me to have a sig, he'd have given me a sense of humor.
> IE, netscape, and mozilla/firefox. that's 3 browssers.
hmm, only 2 engines, IE and Gecko.
Well, if you're moderating posts based on the content within the story thread, it seems illogical. However, if you're moderating based on the attitudes prevalent in the community, then it's perfectly reasonable to mod redundant a comment that is so common-place and uninsightful that it is a predictable response, bound to turn up more than 10 times in the thread. I would classify "use lynx!!1!!1one!1" as such a comment. This place is full of parrots, so i'm down with the community-centric moderation model. Plus it's fun to watch people bitch about moderation.
Sure lynx is safe, but let get serious for a moment. Does anyone think that your average user is going to switch to an all text browser that is no where near user friendly, loose their ability to view pictures, flash, and all the webs multimedia goodness for the sake of being safe? Don't get me wrong I have used lynx quite a bit but you won't find me on lynx when I just want to mindlessly surf and entertain myself. I want graphics, DHTML, JavaScript, CSS, and pretty layouts just as much as the next person. Call me not as hard-core but then, the whole point is trying to get your average users to use a "safer" browser right?
Perhaps the article should have concluded: There is no safe PRACTICAL browser.
0.5 percent of all web browser market share agree!
...
Plus, by turning off all those nasty things and having a non-standard browser, it's a lot harder to become infected - unless you actually click that link and save the file
-- Tigger warning: This post may contain tiggers! --
So.... I guess i should just change my browser identification string to say FireFox 1.04
[Fuck Beta]
o0t!
A large number of browser exploits seemed to be based on buffer overflow issues, which is a result of manual memory allocation in lower-high-level languages such as C/C++. Perhaps if a web browser would be written in a language with automatic memory allocation and management, like Java, Perl, Tcl, and the like, we would see fewer security problems. C/C++ is good for systems programming, like low level graphics and OS libraries, but I dont think it is the ideal choice in many cases for applications.
"Market forces of the sheer user base would dictate that if this were not so, more spyware would have been ported to Firefox by now. 25 million downloads, right? That's a sizable chunk for any malware vendor, or aspiring intruder, to infiltrate."
If 1 hack hits 90% of the market, spending more money to get a hack for the rest may not be worth the effort even if Firefox has as many holes as IE. Simple economics.
Vote for Pedro
just plugging a network cable into your computer suddenly makes it "unsafe". But Mac and Linux are significantly safer, which is an important distinction.
I've been managing Macs on the network for almost a decade, and have yet to deal with spyware. Viruses, I think I've had 5 or 6 incidents, and most of those were Word macro viruses, which are relatively benign on the Mac because of the different file system structure.
Konqueror mostly, Mozilla on ocassion, Firefox on lesser occasions. I tend to like the swiss army knife abilities of konqueror (ftp, fish, far better tab control than Firefox without installing extensions, overall integration with kde, etc) over Mozilla and Firefox. I guess I pick Mozilla over Firefox because of composer and I'm just used to Mozilla a lot more than Firefox simply due to familiarity and length of use.
What I can state is that since I've been using Konqueror (khtml, like Apple's browser) on Linux, I've never had an issue with spyware or adware. Never. I've never had a problem with security, even though there have been security alerts for konqueror as well as the other browsers. Konqueror makes it simple to surf without images turned on (one button click on top of window without going into drop down boxes to turn images on), makes it simple to surf without javascript turned on (simple and fast two step process to turn it on for a web site, can specify in settings which web sites to turn on javascript by default if needed regularly), and makes it a satisfying all-around experience in using the web.
I help adjust/maintain/bugfix windows for another user and I just can't understand how windows users can possibly put up with the spyware/adware. Taking a look at server logs, I can't believe how many people's browsers are infected with FunWeb, something else "Fun", and other spyware.
If you are a windows user, do yourself a favor and visit a friend's website (after alerting them) and ask them to send you a copy of the log entry from your visit. If your browser is infected with spyware, it just may show up as part of the browser identifier.
The ability of spyware/adware to infect a windows computer is a serious security problem. If you've been infected, you are running a system that is insecure. Please re-read that last sentence. If you've been infected with spyware/adware, you are running a system that is insecure.
there is such thing as perfect security (and it lies in simplciity)
>echo "hello world";
and also such thing as perfect stupidity
>run $code-from-the-net; #as privileged
As said earlier lynx is perfectly secure. This is because it has minimum sufficient functionality for browsing the web (minus images). You DO NOT need flash, java, javascript or activex. Sure some sites require them. But they don't need to! Why use window.open to do (badly) what the target attribute of the anchor tag was intended for? Only window.open can be executed automatically to launch popups. What a dumb idea.
We have to break the cycle! Currently plenty of sites use Flash (without a text-only alternative) because they know most browsers support it. And most browsers support Flash, because they need to display those sites.
Seriously, disable Java, Flash and Javascript, and if there are any sites you can't get to. Fuck them. Sue them for bad accessibility. Or use that regex extension.
Ways to browse safely:
1) Use a browser that has no design or implimentation bugs. Not gonna happen with any modern full-featured browser.
2) Browse in a "disposable" sandbox environment - possible with adequate firewalls, but not going to happen on most home PCs any time soon.
3) Browse in a read-only environment, with output limited to the screen, legitimate requests for web pages, and temporary disk space. A firewall will need to reject any illegitimate port-80 outbound traffic. This is the best solution for kiosks.
Even these conditions aren't immune from server- or DNS-level compromises to hostile fake web pages that trick users into revealing personal information.
#2 is the most realistic medium-term home-user solution - the OS should put the web browser in a "jail," restirct its network permissions, and only let it and its helper programs read and write to certain directories while browsing, limit CPU utilization, and otherwise protect the machine. Configuration changes and other "out of jail" activities can be done by an auxilliary special-purpose (less code = less change of bugs and general weirdness) process in a separate memory space. Jails is they should be easy to "terminate with extreme prejudice" should the need arise.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
If I'm reading it right, the vulnerability you linked to is one where the command that runs lynx causes it to send false information to the web server. I don't think that "user can trick browser into sending false data to server" belongs in the same category as "server can own machine running browser."
Of course nothing is perfectly safe, but that's why being safer is a big deal. (But I don't use lynx.)
-- . . ramblin' . . .
The FIRST aspect of "security" is limiting the avenues of attack. You sort of touched on that, but I'll say it explicitly.
If FireFox doesn't run ActiveX, then that is one avenue that is NOT available for an attack.
As others have pointed out, lynx is very secure and that is because it completely blocks so many avenues of attack.
Exactly. Now, from TFA:
If they say that, then they are wrong.
Look at the typical junkie on the street. He's be happy to rob a bank. But the bank's security system is beyond his capabilities to SUCCESSFULLY attack.
So he picks easier targets with LOWER payoffs (mugging pedestrians).
Which brings me to the SECOND aspect of security: Build the defenses on the available avenues to defeat the attacks.
Sure, there are criminals out there who can pick any lock and defeat any alarm system. But they are very few and very far between. The odds that you, specifically, will be targetted by one of them is less than the odds of you winning the lottery.
So, contrary to what TFA says, crime will NOT find you if it wants you bad enough. It has to want you bad enough AND be intelligent enough AND be skilled enough.
Sort of. More accurately, they're lazy. The "vast majority" will NOT spend time and effort to learn how to bypass alarm systems. If there's an easier target, they'll go for it.
If your (and your neighbor's) defenses are more than they can bypass, they'll leave the area.
No. While it is more "convenient", that is NOT the reason that IE is subject to all the attacks.
The reason is that the level of skill/intelligence required to successfully attack IE is SO VERY LOW. ANYONE with a bit of programming skill can write an exploit for IE.
Sure, any junkie can get a knife, and a knife is good enough for a mugging. But that knife isn't going to get you very far in a bank robbery.
Again, it isn't about the POTENTIAL targets.
It's all about the AVAILABLE targets in your SKILL RANGE.
Which is why Open Source has such a great security rep. There aren't any market forces or deadlines to deal with. It's ready when it is ready.
This gets back to your statement on statistics and "the absolutes of security".
Sure, my system is vulnerable.
An attacker has to get to Seattle.
And into the office building.
And disable the cameras.
And disable the alarm system.
And break into the office.
And blow the server room door.
And then steal the server.
I'm not losing any sleep.
(No browser) is safe.
No (browser is safe).
The former is probably true. Well, unless you have outlook.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
The safest web browser is the one nobody else is using.
which, at a safe estimate of at least 4 downloads per person (since 1.0), is almost 15 million people!
They prefer convenience to challenge. For now, it's more convenient for them to pick on Internet Explorer.
It's not really a question of convenience, it's that Internet Explorer is on a majority of Windows systems. If you're a criminal trying to exploit a browser vulnerability, wouldn't you pick the most-used browser? It's a better return on investment.
There is such a thing as safe programming.
There are safe languages.
There exists formal methods.
There are best practices in programming.
There exists tools for source code verification.
If you program and don't care about any of these things, hey, guess what - you're 20 years behind in your programming practices and your reading list. Even if you program in C, you can adopt better practices (*).
90% or more of the problems related to software security spring from C/C++ hacking without any method of program verification for correctness. Just read a security site vulnerabilities list.
If only people were to program: medical; military; aerospace software like Firefox or IE programmers, the we'd all be dead one way or another by now.
(*) see OpenBSD for instance and compare their security advisories with Linux or Microsoft.
PS: Just one such example of a little used tool: CIL - Infrastructure for C Program Analysis and Transformation
Main difference between the BSD license and the GPL license: one is from California and the other is from Massachusetts
For one thing "offtopic" becomes a bit of a nebulous concept if it's defined in terms of all of slashdot since forever.
Oooo you mean rules aren't universal?! Whoa! You see, the term "topic" is a moving target. It changes from thread to thread and thus it is logical to mod things offtopic relative to the topic at hand. At the same time, though, I think the off-topic mod is bunk. Slashdot discussion threads evolve over time, topics change, and most off topic posts are more intriguing and insightful than the parrotting that usually goes on, if you ignore the trolls. Apples, oranges, compared.
Redundancy between posts, however, has now become so pervasive here on slashdot that I see no problem with moderating down lame-ass "Free-as-in-Freedom, not Free-as-in-Beer" posts and "lynx makes you l337" posts and so forth - even if they ARE first posts. Most are posted by slashdot newbs simply trying to gain respect in the so-called "community", rather than actually bringing an original idea of value into a discussion. That's all I'm saying.
Oh, and no hyphen[1] in commonplace.
Awww cute, you attacked my syntax! Because, you know, syntax is statically defined in living languages, and all. By the way, that's a setence fragment. You're lacking a verb.
Are you arrogant or just autistic?
Meh, a little of both.
Just because you or some other random apology for a spunkwipe has seen it before doesn't mean everybody has.
Moving from generalities to the actual topic at hand, count how many "Lynx is secure!" posts there were. How informative or interesting were any of them to you? Anyone who even scrolled down through the comments could have seen that lynx is "secure" (which is arguable). And...being in the open source community, how long does it take to know about lynx? And..how much use to get actually get out of lynx functionally? Furthermore, the topic of the original article was security as it relates to the entire web-surfing populace, not just pseudo console jokeys who get both ego and penile size compensation by using lynx on a daily basis. Most people want to use a web browser that takes advantage of things like java, flash, and other embedded media. Lynx is not a viable alternative for most people. Not only are the lynx posts, first and later, redundant, but they bring absolutely nothing to the table.
not everyone has time to read every comment of every thread. Some of us have like jobs and stuff.
So what? People exist in everyday life without reading slashdot at all. Big deal if you miss one out of who-knows-how-many posts about lynx being secure. YOU WILL STILL EXIST TOMORROW! YOUR TIME IS NOT THAT VALUABLE!
Insightful my fat hairy arse.
Fat? Oh...well...maybe you won't exist tomorrow. Disregard everything I wrote. Seize the moment and browse at -1!!! Before you die of congestive heart failure! Unless it's glandular, that is.