Slashdot Mirror

← Back to Stories (view on slashdot.org)

Is There Room For a Secure Web Browser?

Posted by Soulskill on from the you-can-have-ie's-spot dept.

An anonymous reader points out an eWeek story about researchers from the University of Illinois at Urbana-Champaign who are designing a new web browser based on security. The new software, code-named OP for Opus Palladianum, will separate various components of the browser into subsystems which are monitored and managed by the browser kernel. Quoting: "'We believe Web browsers are the most important network-facing application, but the current browsers are fundamentally flawed from security perspective,' King said in an interview with eWEEK. 'If you look at how the Web was originally designed, it was an application with static Web pages as data. Now, it has become a platform for hosting all kinds of important data and businesses, but unfortunately, [existing] browsers haven't evolved to deal with this change and that's why we have a big malware problem.' The idea behind the OP security browser is to partition the browser into smaller subsystems and make all communication between subsystems simple and explicit."

2 of 222 comments (clear)

  1. Somewhat pointless? by Izabael_DaJinn · · Score: 5, Interesting
    I'm not sure if I get this. The key feature seems this:

    "Our policy removes the burden of security from plug-in writers, and gives plug-ins the flexibility to use innovative network architectures to deliver content while still maintaining the confidentiality and integrity of our browser, even if attackers compromise the plug-in," he said.

    Great! :)

    But even if it works as planned...this new browser is going to enter the market and who is going to download it? A tiny percentage of internet users--those would be part of the same minority who would also know how to use Firefox (and other browsers) quite safely *right now*.

    So who is this product for? Seems interesting from a design point of view, but unelss one of the big browsers adopts it, could it really make even a tiny dent on the security of the internet?

    I predict no. The internet's main problem is between the monitor and keyboard ;-)

    *iza

    --
    Careful What You Wish For....
    1. Re:Somewhat pointless? by Bacon+Bits · · Score: 5, Interesting

      And why was ActiveX bad? Not just because it was platform specific, but because it was insecure and prone to malware abuse. The model behind ActiveX was inherently flawed because it had too much trust for remote code to be automatically executed. Firefox and Opera are both billed as more secure because they are not subject to the kinds of broad attacks that IE 5 and 6 were.

      Mozilla, Safari, and Opera gained market traction by having features that users or developers wanted that were not otherwise available. Security is a feature that many users, developers, and particularly network administrators desire. Say you have a choice between deploying your workstations with Firefox or with Secure Firefox, which one do you pick?

      We're nearly to the stage where interface features (bookmarks, tabs, toolbars, javascript, flash, java) are reasonably complete and rendering speed and quality (Acid2, Acid3) is reasonably complete. So we can assume that any modern browser (including this new one) will be fully-featured and acid-compliant when released. It would be inane to do otherwise. So how do you improve browsers from here? Security *is* still an issue with browsers because they are *the* platform of the decade. Why not improve that?

      Prove to me that security in IE, Firefox, Opera, and Safari is "good enough".

      --
      The road to tyranny has always been paved with claims of necessity.