Slashdot Mirror

← Back to Stories (view on slashdot.org)

Is There Room For a Secure Web Browser?

Posted by Soulskill on from the you-can-have-ie's-spot dept.

An anonymous reader points out an eWeek story about researchers from the University of Illinois at Urbana-Champaign who are designing a new web browser based on security. The new software, code-named OP for Opus Palladianum, will separate various components of the browser into subsystems which are monitored and managed by the browser kernel. Quoting: "'We believe Web browsers are the most important network-facing application, but the current browsers are fundamentally flawed from security perspective,' King said in an interview with eWEEK. 'If you look at how the Web was originally designed, it was an application with static Web pages as data. Now, it has become a platform for hosting all kinds of important data and businesses, but unfortunately, [existing] browsers haven't evolved to deal with this change and that's why we have a big malware problem.' The idea behind the OP security browser is to partition the browser into smaller subsystems and make all communication between subsystems simple and explicit."

5 of 222 comments (clear)

  1. Somewhat pointless? by Izabael_DaJinn · · Score: 5, Interesting
    I'm not sure if I get this. The key feature seems this:

    "Our policy removes the burden of security from plug-in writers, and gives plug-ins the flexibility to use innovative network architectures to deliver content while still maintaining the confidentiality and integrity of our browser, even if attackers compromise the plug-in," he said.

    Great! :)

    But even if it works as planned...this new browser is going to enter the market and who is going to download it? A tiny percentage of internet users--those would be part of the same minority who would also know how to use Firefox (and other browsers) quite safely *right now*.

    So who is this product for? Seems interesting from a design point of view, but unelss one of the big browsers adopts it, could it really make even a tiny dent on the security of the internet?

    I predict no. The internet's main problem is between the monitor and keyboard ;-)

    *iza

    --
    Careful What You Wish For....
    1. Re:Somewhat pointless? by Deanalator · · Score: 4, Interesting

      If I was offered a browser that was able to contain flash or quicktime 0day, I would switch to it in a heartbeat. For all the security in firefox, 0day still exists, and is used frequently in the environments that I work in. These threats can be mitigated, and we really should be moving towards properly designed software.

      link to the paper:
      http://www.cs.uiuc.edu/homes/kingst/Research_files/grier08.pdf

    2. Re:Somewhat pointless? by Bacon+Bits · · Score: 5, Interesting

      And why was ActiveX bad? Not just because it was platform specific, but because it was insecure and prone to malware abuse. The model behind ActiveX was inherently flawed because it had too much trust for remote code to be automatically executed. Firefox and Opera are both billed as more secure because they are not subject to the kinds of broad attacks that IE 5 and 6 were.

      Mozilla, Safari, and Opera gained market traction by having features that users or developers wanted that were not otherwise available. Security is a feature that many users, developers, and particularly network administrators desire. Say you have a choice between deploying your workstations with Firefox or with Secure Firefox, which one do you pick?

      We're nearly to the stage where interface features (bookmarks, tabs, toolbars, javascript, flash, java) are reasonably complete and rendering speed and quality (Acid2, Acid3) is reasonably complete. So we can assume that any modern browser (including this new one) will be fully-featured and acid-compliant when released. It would be inane to do otherwise. So how do you improve browsers from here? Security *is* still an issue with browsers because they are *the* platform of the decade. Why not improve that?

      Prove to me that security in IE, Firefox, Opera, and Safari is "good enough".

      --
      The road to tyranny has always been paved with claims of necessity.
    3. Re:Somewhat pointless? by denton420 · · Score: 4, Interesting

      What is the point in bashing their project? Do you not realize that even if no one uses this particular browser, it sets a precedent that others are likely to follow? Sometimes, you have to create just for the sake of creating. Beyond that, who really knows, this browser could be the next big hit with a little bit of mainstream media exposure. A product that delivers on all of its promises (more so in the IT genre) will have its day.

    4. Re:Somewhat pointless? by Alsee · · Score: 4, Interesting

      Replying to myself, I just got a look at the technical paper.

      On a browse through I don't see anything directly tied to Trusted Computing in there. So maybe I jumped the gun, but this group *is* deep into the Trusted Computing stuff, and the Palladium-esque name sure seems like more than a coincidence, and looking the paper it is exactly the sort of design you'd want to adapt into a Trusted Computing browser.

      So I'm still rather suspicious of the intent and connections behind it, but I will retract my positive tagging that it *does* explicitly intend to involve Trusted Computing.

      -

      --
      - - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.