Slashdot Mirror
'Extreme Security' Web Browsing
Sarah S writes "The application security researcher Jeremiah Grossman described to CSO magazine how he takes extreme measure to stay safe online. The simplest tip he uses: two separate browsers: 'One, which he calls the 'promiscuous' browser, is the one he uses for ordinary browsing. A second browser is used only for security-critical tasks such as online banking. When Grossman wants to do online banking, he closes his promiscous browser, opens the more prudish one, and does only what he has to do before closing it and going back to his insecure browser.'"
How exactly is this strategy going to protect you from a keylogger?
____
~ |rip/\/\aster /\/\onkey
While I do understand what is being said about using two browsers, me personally, I would find that annoying... I only use FireFox... And opening and closing it to open say Opera or IE... that would get annoying after awhile when I know there are products out there that can help protect your data while doing online banking. Speaking of which, I have been doing that since 2000 when I graduated from highschool and ventured into the real world without any issues... How many of you actually use two separate browsers as described here, I am just wondering...
-- Josh
"Whoopie! Man, that may have been a small one for Neil, but that's a long one for me!" - Pete Conrad
It is just common sense. Doesn't everyone do that?
Find Japanese addresses in English on Google Maps Japan: http://diddlefinger.com/
For more secure browsing and ebanking(at our house), we keep knoppix cd and dvd's beside our computers and boot with that.
Another way to get the same effect would be use the multiple profiles feature of Firefox. Have one 'promiscuous' profile and one 'safe' profile.
My blog
The article is silly. I mean most exploits are going to have a trojan running on your machine via exploits, usually with keylogging and other nasty tricks. The only thing you can stop with two browsers is the spread of cookies or activex plugins tied to your browser. The rest are going to be active regardless and will be collecting information no matter what program you are using.
The only way to be safe is to use an up-to-date browser, (and lets say anything not-IE). And if you have Firefox, look into AdblockPlus, and NoScript. If you don't want cookies to bother you, set them to this-session-only. And lastly, Firefox has a lovely "Clear private data when closing Firefox" option if you want it.
Firefox with noscript and such is my promiscious browser. I do a lot of work stuff and read some news sites (msnbc.com) with IE. I have done this for a long time and it works great. I'm not sure how much more secure it is but I do like the setup.
That only works under the promiscuous browser brings home a little key logger and shares it with the rest of the apps on the system. Then your little "secure browser" isn't really that secure, now is it?
Of course, there are ways to protect your machine from such things, like one of those anti-virus / internet security suite... but then using such a thing would also get rid of that requirement of having to use two separate browsers. And we certainly don't want our friends to think we're uncool by only using one browser!
Hell, mine's a slut.
But then, so am I.
What?
The best way to protect oneself without using multiple computers is using a Virtual Machine for "promiscuous browsing" I would think.
If you have an 'exteramly secure' browser, why would you want to use an unsecure one? I think a better idea is to find a balance between security and functionality. I know I've heard that somewhere a few million times.
There are no loopholes. It's either legal or it's not.
I know it doesn't fit the average guy out there but I do my "random" browsing in a Virtual PC, then I got very few sites like my bank in my host machine which I use.
I browse the web via correspondence.
That's right. I snail mail the institutions for the answers I seek and they write me back after looking it up on the web.
Even this post was done via correspondence. I mailed this letter to CmdrTaco a couple of days back and let him know to post my thoughts on the matter when the article hit the front page.
Dedicated Cthulhu Cultist since 4523 BC.
Only use a separate computer for banking, shouldn't be connected to any network. Preferably all I/O ports should be fit with epoxy, especially the keyboard.. A large faraday cage over the monitor to prevent Van Eck as well.
But I might be paranoid.
I've got two profiles for Firefox: one for everyday stuff, and one for banking. Originally I'd done this because the banks all seemed to require Javascript, and I simply don't leave that on (I hate dancing baloney on websites, and a lot of the time it's just used to serve ads anyhow). Nowadays I use NoScript to turn on JavaScript when I want to, but I still do all the banking stuff in a separate profile.
I did read an interview with a security researcher recently (sorry, can't dig up the link) who said that he used a separate browser in a separate VM for his banking. I suppose you could be even more safe by using a Knoppix CD and avoiding your usual OS altogether.
Carousel is a lie!
Not much content there...
Am I living under a rock because I have never heard of Cross Site Request Forgery?
Is it known by a different name?
they are called "zones" put sites you trust in "trusted sites" and once you dont in "restricted" you can configure each of the zones (there are 5 but only 4 visible) security settings to however paranoid or trusting you are of the sites you visit, each setting is independent eg turn off script on normal internet surfing but only allowing certain sites to use
Boot up a live CD (with the MD5 sum confirmed on 2 separate PCs) and only use the live CD's Firefox browser.
Just hope that no one injected a keylogger onto the live CD and remembered to change the MD5 sum as well...
Help! I'm a slashdot refugee.
Well the news is not well reported. This tip aims to protect against "Cross Site Request Forgery (CSRF)--considered one of the most insidious but least appreciated threats in application security". So clearly it does not pretend to address key-logger issues
For sure, in this context, the tip is quite effective.
all security measures are incomplete. because it doesn't protect against everything doesn't mean it doesn't have value as a wise modus operandi
i have a credit card with a limit of $300 i make online purchases with and small change/ restaurant purchases. that doesn't protect me from someone who gets my driver's license number and my ssn and opens a new card in my name. but it still is a simple easy form of limited protection, just like using this guy using 2 browsers
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
i use Firefox with NoScript for general purpose browsing, and Seamonkey for only trusted websites where i make financial transactions on a Linux powered PC...
no windows for me thanks, they break too easy...
Politics is Treachery, Religion is Brainwashing
This is akin to putting a 5 inch thick steel door on the front of your house and unlocked screen door on the back. Once the "weaker" browser is compromised, generally at the very least it's going to allow user-level execution, so an attacker could modify the settings on the "secure" browser or insert a keystroke logger.
If you want *secure*, you can boot the anonym.os LiveCD, which, while a bit out-of-date, has some good anonymization tools as well.
Or, as others have suggested, a dedicated virtual machine which can revert its state at shutdown, so you know there won't be any nasties lurking even in the sandbox.
Hail Eris, full of mischief...
E pluribus sanguinem
Questions that pop up in my mind at this point are:
- Does using multiple browsers as described actually do anything for security?
- Why?
- Is it supposed to be that way?
- Shouldn't we be secure using just one browser?
Please correct me if I got my facts wrong.
Just in case?
"Better safe than sorry," — murmured the abbess rolling a condom over a candle.
In Soviet Washington the swamp drains you.
Interesting countermeasure against CSRFs. I can just imagine Mr. Grossman not quite referring to IE (the promiscuous one) vs. Firefox (the safe one).
Given the above and operating conditions being equal (with use of solid anti-virus and firewall measures), it seems to me that if a well-designed browser was used in the first place, then there would not be a need for a "promiscuous" browser. In fact, wouldn't the use of a "promiscuous" browser increase a user's risk when conducting, uh, questionable activities? End result (cue alarming music here): the box gets compromised, and it doesn't matter if a safe browser was used for banking, etc., something nasty now lives in the box.
Continuing the FF vs IE model, if FF was designated for promiscuous activity, then the user is arguably better protected. So that leaves us with IE as the "safe" browser? The mind reels.
I know there are alternatives (Opera, Konq, etc.), but presumably Mr. Grossman is addressing mostly Windows users.
Science never settles, never rests.
The fool is using the same computer to go to both important and random web sites! And he's probably using Windows, too!
If you care at all about security, you create a separate virtual machine for every web site you visit, and you only go to your banking site with an up-to-the-second-patched copy of lynx running on an obscure OS and platform, like OpenVMS running on DEC Alpha hardware, for example.
If you *really* care about security, you use telnet on an OS you wrote yourself. And you carefully scrutinize every line of the telnet code and TCP stack for security flaws.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Once upon a time I wanted to run my browsers in chroot jails but it was a pain and perhaps not all that secure. So now I have multiple 'anon' user accounts to run various browser versions. My primary browser has javascript (and of course java) disabled. My java and javascript enabled browsers run on a separate machine. Lots of adblocking and (in some cases) cookie denying. Simple scripts start/kill those browsers and purge user data, etc.
Not great security but it should be a benefit. As for 'extreme', please........
So how many folks run their browser under their primary UID?
I do the same thing when I have to go somewhere. I have two cars, one that's reliable, and one rusty piece of crap that's ready to fall apart any minute. When I need to go somewhere important, I take my reliable car so I know I won't die before I get there. When I just need to take a quick trip to the grocery store, I take my junk car and just cross my fingers.
I use Camino - set to the highest security and to dump history and cache for just two uses: business banking and court filing. As a lawyer I take reasonable steps to protect my clients - nobody can predict every potential criminal act. I use the Mac's Filevault protection on all of my computers and every systems' password is greater than 20 characters.
It isn't absolute security - but it is a hell of a lot more than most of my colleagues use.
This guy is a "Security Researcher"? Let me get this straight. You have 2 browsers, one insecure, one secure. On the insecure you do your daily stuff, on the secure you do your banking. Ok. Say your insecure browser gets compromised due to a vulnerability that is not yet patched or there is no patch for. Some of the browser vulnerabilites allow for full system control. Then what? Your whole system is now FUBAR. So there goes your "secure" browser. 15 year olds have more security sense then this guy.
Really.. we can bubble gum and tape this thing, open 5 browsers and set up firewalls till the cows come home, but when you have no control over the network, you are always at the mercy of the first hop.
IMHO, anyone who thinks there is Internet Security is deluding themselves. If its that important, walk away from the computer man..
If you want to be safe online do away with your hard disk and run a LiveCD.
Why not just call them IE and Firefox? Why beat around the bush?
to simply have a spare computer to do all things secure. A cheap, old computer should do it. Just do format then fresh install of your OS, and only use it for banking, paying bills, etc.
I do exactly the opposite.
I use my paranoid-secure browser when I visit random sites (like clicking on Google results), which constitutes the vast majority of my browsing.
I use my "insecure" browser to give me more functionality when I visit sites that I trust the most. (Actually, I am sometimes forced to use my "insecure" browser in this case because the site might require me to enable JavaScript (or whatever) in order to log in.)
I think it's fascinating that he does just the opposite of me, and he somehow thinks that it's "more secure".
Personally I keep a secure virtual machine in a suspended state, running Firefox, for when I need to do some online banking or other security critical/high paranoia tasks. It takes only a few seconds to unfreeze the VM and with modern software like Xen, there is very little cost (performance wise or $$$) associated with this method.
AG
What he's describing is not a way of keeping your computer safe, it's a way of hiding porn from your girlfriend. You use some browser that she's never heard of for all your illicit surfing. Then, she fires up your computer and starts running IE, she looks in your history and sees slashdot and CNN or whatever and doesn't think you're a pervert (which you are).
It's also a good idea to have "honeypot porn" which is basically, a few very innocuous sites that you vist in IE that you intentionally want her to find - because once she starts looking, she's going to keep looking until she finds something. Best to give her something to find. Let her think you go to maxim.com or something.
Use Opera. Most secure, fastest, and best features.
Raises hand.. guilty.. (thank you Opera)
I do it the other way around, and with just one browser. When browsing "promiscous" material, I start Firefox with the "-profilemanager" attribute, and use another FF profile (named "prn", for no particular reason). In this profile, JavaScript, Java and cookies are disabled. Besides protecting me from the dangers of the Internet, this has the advantage of my promiscous browsing staying a secret from curious family members.
If you have a truly secure browser, that tends to break most modern web coding. Try surfing without flash for a while, for example. You'll find much of the web out of reach, and some major commercial sites entirely inaccessible.
Is it just my observation, or are there way too many stupid people in the world?
"they are called "zones" .. there are 5 but only 4 visible) .."
.."
..
...the numbers all go to eleven. Look...right across the
board.
..
Why don't you just make four more secure and make four be the top number and make that a little more secure
Quote
Nigel:
Marty: Ahh...oh, I see....
Marty: Why don't you just make ten louder and make ten be the top... number... and make that a little louder?
Nigel: These go to eleven.
davecb5620@gmail.com
Lynx - The only way to browse!
One ring to bind them - should probably have more fiber and less rings in their diet.
Just run all internet-facing software under a restricted set of user rights. Two years ago I changed all my browser and messenger shortcuts to launch using the handy little DropMyRights utility. Result? I haven't caught anything from a malformed web page or IM attack in all that time -- even with running everything else under my normal administrator-class account. (This is on WinXP Pro SP2).
Moderator hint: a comment is neither "Flamebait" nor "Troll" if it is true.
The article doesn't mention what the "promiscuous" and "safe" browsers are. IE and Firefox? Firefox and Torpark? Opera? What are your suggestions for a "safe" browser?
foo, the promiscuous browser will pick up a rat .
and the rat takes up residence in your computer and waits till you open yer prude browser and log onto your bank
and then he pays his rat account
the only way to prevent rats from conducting their mischief is to PREVENT ALL UNAUTHORIZED PROGRAMMING
NO SIGNATURE? NO EXECUTE.
all programming will have to have PGP signatures, every fragment, no matter how samll. If it's executable it has to be signed oir else it goes in the garbage.
Wow. Sounds like you put a lot of personal perspective into your post. My wife goes for more porn online than I do by a long-shot, so I don't worry about my browser history too much.
Since the OP made a bad summary, ommitting the 'Cross Site Request Forgery' (CSRF) part, everyone is jumping on it. CSRF can be avoided by using two seperate browser sessions that are used independend and share no resources. It does not protect against mallware on the computer. It's no rocket science and I would not consider it extreme security browsing.
Why not using a virtual machine ? For example, you can undo the disks after a browsing session, this way, your virtual computer is always clean. Or you can browse insecure sites in the virtual machine, and the secure on your computer. Let's take an AIDS analogy: - when you sleep with somebody you don't trust, you wear a condom - when you sleep with someone you trust, you don't need a protection
The question for me is:
Why do online banking?
My bank had a poster in the lobby stating that they used "state of the art" security measures to protect their online banking customers. I reflected on the state of the art and wondered why anyone would trust their money with online banking. For me the risk / convenience just doesn't work out. My electronic banking is limited to checking balances and cleared checks by phone. I know my account number and password are transmitted in cleartext (clearbeeps), but access to the phone network is reasonably limited and the phone access system doesn't allow transfers to anywhere but my other accounts. I'm curious what benefit other people feel they get from online banking.
I'm a little troubled by the security researcher's online banking ritual. Its not that it doesn't make sense technically and help protect against a class of attacks. It just feels wrong. It feels like he is performing a ritual to reassure himself before doing his online banking, which he clearly has reservations about. He does not discuss any other measures he takes to secure his system.
Those who talk about booting off a live CD such as Knoppix sound a little more sensible to me, as the integrity of the system is pretty well ensured. This isn't an approach that scales well to the general public, though, for reasons of convenience and knowledge. It involves education about the risks, downloading and burning and ISO and sometimes fiddling with BIOS settings - not something that the bank is likely to ask users to do. A bootable read-only flash drive might simplify things, though. Maybe a security minded bank would distribute bootable read-only flash drives with built-in password-generating fob. Plug in, boot, see browser window already pointing to your bank's site with secure connection. Type in account number from a card, password from memory and number from fob. Now I want to know how you would break this system. Let the replies begin...
-Jon
I'm a FreeBSD user myself, but my children's machines are dual-boot Windows XP/Linux. The house rule for Internet banking is "use Linux". Actually, that's not quite true. The rule is, if you're not playing games, use Linux.
As a side-note, the children's machines were exclusively XP until this year. Neither machine has anti-virus programs installed, so I rely on my children to practice sensible Internet practices. They've been sensible/fortunate for four to five years, but both contracted viruses this year so their "punishment" is to use Linux. Both have told me they prefer it to XP (I suspect Amarok and Compiz have a lot to do with that judgement).
This is not a general technique for protecting against all possible vulnerabilities, it's for protection against cross-site request forgery.
/. from treating it as a url]
If a banking site does not use some kind of nonce in each request (or check referrers, or request confirmation, otherwise attempt to prevent this class of attack), then someone could stick <img src="http//bankingsite.example.com/account_management?req=transfer_funds&amt=5.00&target=badguy"> in a web page (say, as the avatar image for some throwaway account on some naive web forum) and bob's your uncle... a salami attack. I'm sure you can think of other possibilities.
[url deliberately broken to keep
If all code has to be signed, then it has to be easy to get a certificate to sign code. This makes it a very small hurdle for an attacker.
In addition, the attack this is attempting to deflect does not require local execution privileges. It doesn't even require sandboxed Javascript. There's no executable code involved at all.
.... Or you can just use Linux and not be bothered having to hide from all these nasties. :p
RebateFX.com - Spread rebates for Forex traders
Also raises hand :) Thanks again Opera. The ability to ensure that all the open sites are within one browser window so with one very quick alt+f4 bound to the middle mouse button everything vanishes in an instant is also very useful :)
I would be interested to know if opera actually has a higher marketshare for porn sites than it does for normal sites.
Nothing is as secure as your own memory..
Let us understand the flaws of this guys "grand" idea:-
1 - There is no as such a absolutely secure browser, there is no stealth mode even if you are on it how are you going to log into an account?.(Every one has holes too;)
2 - Browse without "Anonymous" proxy and your IP is advertised, i.e.. your system is out in the open..(Like someone mentioned - Keyloggers,trojan.. many many others can evade)
3 - There are always SBS(Some Bloody Software) trying to open ports for pirates.
4 - In an era of high bandwidth internet where is the wait to guess what's wrong with a computer.( scan it all )
Now..
Think, why do you have brains?
Can it keep secrets?
Can you trust it?
1- Remember and Type all your passwords & user id's- its tough if you are used to someone else remembering the password for you, its proven good for your brain..
2- Accept cookies from sites you trust ( avoid inter-site tracking cookies )
3- Keep no cache memory
4- Use ssl login whenever possible. (https://mail.google.com/mail/)
5- Use a browser without susceptible addons
6- Hide your WAN IP. ( google "anonymous browsing" )
7- Try to even remember your account numbers ( After a while it dissolves )
Give it a thought.
#3 pencils and quadrille pads.
How is this going to protect you from sharks with fricken' lasers on their heads? Or even ill-tempered sea bass with lasers on their heads. Oh, wait, this scheme isn't designed with sea bass in mind. Or sharks. Or keyloggers. It's designed to protect against cross site scripting.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
No chance in hell... I have my own account and she doesn't know the password. Unless I get caught red-handed, she won't know.
The main reason for securing the browsers is to protect the users from malicious software coming from the server side. I'm not sure your online banking site is going to inject an adware or a trojan through a vulnerability in your browser. I'm pretty sure that the SSL/TLS implementation is secure enough on all the popular browsers - IE, Firefox, Opera, Safari - which is OK for online banking. If you're using an insecure browser for "ordinary" browsing expect to have your PC filled with adware, trojans, trojan downloaders, keyloggers and the rest of the family. Then you switch to your "more prudish" browser and feed your banking data to the keyloggers & trojans downloaded with the insecure browser.
I still maintain the best security feature of Firefox is the bookmarks toolbar. Oh look, my bank wants me to log into my account! *click on known good link in toolbar* Go figure, no message from the bank in my secure messaging center on their site. Aw shucks. (Second place goes to noscript however. Love that little guy)
It sounds like the basic attack is surreptitiously having a web page hit a bank and hoping that you are currently logged in. So why wouldn't simply logging in, doing whatever you need to do, and logging out work just as well as firing up a separate browser? If an attacker convinces my browser to hit my bank, but I'm not logged in, it's a "no harm no foul" situation.
VMware player is open source:
http://www.vmware.com/products/player/
It also has a secure browsing "virtual appliance," or virtual machine with software pre-installed:
http://www.vmware.com/appliances/directory/browserapp.html
The software is open-source.
technical writing / development
I have a dual boot machine (Windows XP, OpenSuse) and the usage goes like this: - Windows XP: everybody uses, firewall+anti-virus+patches+anti-spyware. NO BANKING, NO E-SHOPPING. - OpenSuse: me and my wife, iptables+patches. BANKING and e-Shopping. What do you think, /.ers ?
I've been doing this for 3 years. Prior art. One has Flash and Java turned off, while the other has them on. I started it primarily because some Flash was just too annoying and took too long to load. My high-speed ISP is flakey, so sometimes I have to use dialup, and most flash content is a slug under dialup. I only use the "promiscuous" browser when I want the fancy dancy content, which is about 5% of the time. (Firefox now has a manual-Flash activation pluggin, which is useful for say Youtube.)
Table-ized A.I.
Exactly.
I've been doing the CD-boot browsing for 5 years. It is the only way that I know to be secure after the fact. If there is no hard drive to right to, they can't compromise your system.
Period. Add Vidalia/TOR/Privoxy to the boot CD and you can be anonymous too, for those times when the nasty part of the internet demands viewing.
Extreme is using two computers on two different ISPs with the secure one running on as locked-down a platform as humanly possible.
Extremely extreme web browsing is dialing into the bank's isolated computer network using a computer booted from CD.
Very extremely extreme web browsing is walking into the bank's office and using their computer that's hardwired into their network. Their computer reboots to CD between customers and customers cannot access anything until the system is fully booted.
On nevermind. If you want to be completely safe, just use a teller window. I hope you don't show up at the same time as the local bank-robber.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
This article was pretty vague, but the idea does have merit depending on how you interpret it. You definitely shouldn't advocate using an insecure browser for normal day-to-day use. But I'll give the security researcher the benefit of the doubt and assume he was advocating using a normal secure browser (like firefox) for normal use, and then having a second browser configured with all the extra security features that no one will tolerate for day-to-day use when doing more dangerous or more private things.
For example when browsing porn sites, or warez sites (I only do the former), which are known to have more malware than your average website, using a more secure browser is a good thing - and having no record of this visit stored (ie cookie or url history) is also a good thing, especially for the later. Furthermore, when using tor (for all the reasons people use it) it is a good idea to use a browser with all tracking turned off, for obvious reasons. Again these are setting that I refuse to have enabled on my normal browser.
That said, I don't normally bother with using my locked down browser for my bank. If their site has cross-site scripting vulnerabilities, then I think I need to find another bank that values security over Web 2.0 fads.
Everyone here knows that 2 browsers in the same box is only secure if both are restrictive...
A better solution without buying more hardware is use a Linux or FreeBSD live CD for the "secure" browsing.
A compromise without physically rebooting would be to do your "insecure" browsing under virtualization.
A further step down is to do your "secure" browsing under virtualization with encrypted volume.
Any one of the above is a lot more secure than TFA.
For personal reasons, I don't browse the web on my computer. So when I want to view a website, I send am e-mail over to a machine running a daemon which wgets the page, and e-mails it back to me.
Know your system, if you see any suspicious process/names google it. Install a adware/virus shield and make sure the option to alert you to any startup/service/system changes.
One area where I'd have to object having worked in technical support by trade, and as a developer on the side for so long, is that most browser modifications by definition "modify" the browsers behavior, for good or bad, but that developers can't code for every possible browser nuance.
I think the ease (and encouragement) of add-ons is one reason many banks and other entities don't offically support FireFox. (also that support can say "close that, find the Big Blue E or the Compass looking thing and try it with that" in almost every case). IE gets just as jacked up (usually unintentionally), but many users today have anti-spyware which "tries" to keep IE in a standard configuration. I think for the most part Safari is the only browser that all installations across the board are highly uniform. When I worked for a university, one particular version of AIM added a browser toolbar that totally jacked up our webmail client (iPlanet), and I bet for a couple of months, I had 200 support calls about that. No anti-spyware tool was going to flag that, just like the argument I had with someone who had FireFox installed with stuff like NoScript by a friend started cursing me out over the phone when WebMail didn't work, that it was "our fault" and his browser was "fine."
I have friends that are a little paranoid (which is a good thing), but they have so much non-standard security software on there, nothing works right, the computer is dog slow and it just seems like they've done more harm than a lot of malware does.
There is a reason condoms are made of latex. Sure, titanium would be a lot more secure, but a lot less functional (and fun!)
Forgive my spelling from time to time. I'm often posting during short breaks.
"Extreme" is an inaccurate title for TFA. The article is about as extreme as a Ferris wheel compared to HALO sky diving.
Using the same PC to run these two browsers provides little overall security benefit. The promiscuous browser will likely result in compromise of the PC operating system (e.g. MS IE exploits that result in spyware/malware/rootkit installs are common, not to mention users who click "OK" to install rogue ActiveX and other plug-ins downloaded via the web).
If one physical PC is to be used, best to run the promiscuous browser inside a virtual machine (e.g. VMware guest). Better to run the promiscuous browser on a server through Citrix, Terminal Services, X-Windows, VNC, etc. so that no HTTP traffic from the promiscuous browser actually affects the PC, but is stopped at the server where it's converted to RDP, ICA, VNC, X, or another protocol that defeats any exploits aimed directly at the PC. The server may, and likely will, be compromised. Have the server refreshed on a recurring (daily) basis (e.g. VMware snapshots) so that any compromise to the server is wiped back to known-good state. Educate the end-user that all access through the promiscuous browser is assumed compromised and subject to hostile key-stroke logging and other attacks.
Finally, restrict access for the trusted browser to a whitelist of risk-acceptable sites (e.g. Intranet URL's, business partners, etc.).
...we wouldn't have all of these security problems. What? Why are you looking at me like that?
"Freedom Through Vigilance"
Considering the somewhat recent remote code execution exploit using IE to send poisoned url requests(wrong term, I'm sure) to firefox, wouldn't this possibly make your browsing less secure? While that bug was patched, similar problems could be found down the road. In addition, you have twice as many potential issues, and personally I have a hard enough time keeping track of holes in one browser's security.
Combined with obvious problems with things like Trojans getting past the unsecured browser effecting things at a more fundamental level than just the browser, this doesn't seem like all the much added security. I could see it being effective for privacy protection(it would make things like tracking cookies less effective), but there are certainly better ways of managing such issues.
Just seems silly.
Obviously you'd need 2 computers.
Lol...only on the pr0n hungry, male dominated, slashdot would the parent post be modded "5 - insightful" instead of "5 - funny". :)
If you're girlfriend doesn't know you're a pervert then you're doing it wrong.
1 yes: it will be easy to get a certificate: signed by joe dokes. signed by a trusted software developer, -- not so easy. and that is exactly what we want.
2 now as far as executables go, I'm not sure of your definition of 'executable'. any script, even if only interpreted like a 'command list' has to be regarded as executable as these type of command lists might direct a computer to download and install un-authorized programming. and un-authorized programming might be 'maleware'
3 remember that an important part of security is RESPONSE. if all executable code has to be signed it will be easier to IDENTIFY who is responsible and to make an appropriate response.
4 some maleware is apparently directed client/server style by codes hidden in FLASH. it should be easy to see that if the FLASH has the ability to direct a remote binary to act on the target computer then the FLASH has to be regarded as executable and as such must be itself considered executable
5 the certificate system in use for web sites at this time is not adequate as was recently illustrated by the distribution of maleware via FLASH across what should be trustable sites e.g. MLB. this got by because the certificate only approves the web site generally. approval of every code fragment on the site is required.
6 this is NOT an issue that will go away. the internet is needed for business purposes and for personal use by honest people. mis-use of this resource can not be tolerated if business use of the net is to continue and to grow. all that remains is to determine what remedies are going to be applied.
a number of different remedies are possible including but not limited to (a) de-certifying Ms. windows for use as a business tool (b) re-building the internet as Internet II using IP(6) and with accountability built in (c) requiring signatures for everything executable (d) all of the above -- possibly more
If he's using his 'secure' browser to visit trusted sites, and his insecure browser for un-trusted/casual browsing, isn't that backwards?
...to protect against almost all vulnerabilities is to run the promiscuous browser under another user specifically setup for risky activity:
$ ssh -X risky@localhost firefox &
Then setup this other firefox with a different theme and keep it on a seperate desktop space so as to avoid confusion.
Using 'xhost' is another way to do this, but less secure. If the 'risky' user falls to a code exploit, then it can theoretically gain access to your main user account through direct X11 access.
It should be noted that when using Tor for anonymity, you should always assume that the exit nodes will try to inject hostile code into web pages from even the most trusted sites. For this reason I also recommend Noscript, along with some others like SafeCache, SafeHistory, ImgLikeOpera (defaulting to load images from originating site only) and CookieSafe. You can forego those last 4 extensions if you use Clear Private Data frequently.
Does... umm... she have a sister?
Since every web page you visit that contains Javascript will need to be signed, it needs to be easy for Joe Dokes to be able to sign his web pages. Every PDF document, Flash document, many movie formats, the list is endless. ALL need to be signed. In addition, there needs to be a mechanism to revoke certificates on a document by document basis, so that a document containing a flawed script can be blocked without blocking every document published by the signer. To make this workable, it must be so easy to get a certificate that anyone who wants an untraceable (or deceptive) one will be able to get one.
This attack does not involve even a "command list". All it requires is the ability to get the browser to fetch a URL, for any purpose, from an untrusted web page. The browser doesn't even need to have any exploitable vulnerabilities related to the URL, and the attack will work using the most perfectly secure browser... all that is required is that it perform a "fetch" operation as documented.
Perfect security is impossible. Restricting yourself to the use of tools that are secure by design is the best you can do. If the security model is based on protecting certificates then it will actually be weaker than one based on maintaining a secure sandbox. In fact, it's arguable that this is one of the fundamental flaws in ActiveX.
If you wanted to be really secure, do like I do. VM it! Run your regular os and do all of your surfing etc... Then if you need to check a bank account or do a secure transaction use your VM. For me I fire up vmplayer and use a live cd like ubuntu, check my bank account or do my transaction and boom, power off the vm and everything is gone.
Classic! I wish I still had mod points...
"Be grateful for what you have. You may never know when you may lose it."
If you want this person to be the mother of your children, you might want to also mask that you visit slashdot.
.. paranoid crackpot leftover from the days of Amiga.
I'm surprised that no other browser has features similar to Safari's Private Browsing. Allows you to do a session that doesn't appear in your history, cookies or saved passwords. And you don't have to empty your cache, delete the other saved passwords or browsing history to make sure your secure session is not saved.
Starbucks, Harbuckle of Breath.
Easiest way to avoid trouble is just to use a VMware OS for everything. Use 1 for daily stuff, and then use a clean freshly installed one for online banking etc. As soon as your done, erase it. Simply keep a clean one which you can copy to another directory to use when ever needed. That way if a key logger gets installed on your normal VM it won't affect the clean vm.
Of course if you don't use a vm for daily tasks but use your normal PC OS instead, then a key logger wouldn't protect you when you use your clean vm..
My friends wife is ofcourse nice and lovely girl all in all but she has a very quick and bad temper. Some time my friend forgot to erase his browsing history, nothing weird or freaky stuff just the usual man-woman stuff (some lesbians too). Of course the wife found it and got angry. She took the nearest object she could find (a hammer) and hit it through the monitor.
You can with TUDOS, both OS instances controlled by a common microkernel that doesn't allow communication between instances