Linked by David Adams on Tue 11th Oct 2011 20:08 UTC, submitted by lucas_maximus
Internet Explorer Microsoft has unveiled a website aimed at raising awareness of browser security by comparing the ability of Internet Explorer, Mozilla Firefox, and Google Chrome to withstand attacks from malware, phishing, and other types of threats. Your Browser Matters gives the latest versions of Firefox and Chrome a paltry 2 and 2.5 points respectively out of a possible score of 4. Visit the site using the IE 9, however, and the browser gets a perfect score. IE 7 gets only 1 point, and IE 6 receives no points at all. The site refused to rate Apple's Safari browser in tests run by The Register.
Permalink for comment 492855
To read all comments associated with this story, please click here.
RE[4]: Comment by Gone fishing
by Alfman on Thu 13th Oct 2011 08:23 UTC in reply to "RE[3]: Comment by Gone fishing"
Member since:


(Re application sandboxing)

"Tell me about it.."

Well most of what I propose has already been done, it just never made inroads in the market. If you were familiar with Java Web Start, then you should understand what I mean.

Most security we see in operating systems has gone towards protecting the OS files from malware (Win Vista makes this clear, Unix has always had this). However very little security has gone towards protecting the user's own files/apps from malware, which could be even more devestating to end users.

Consider: An early browser (can't remember if it was IE/NS) used to have a trivial vulnerability whereby a webpage could cause the browser to open up arbitrary user files (say in a frame), and then read the contents dynamically using javascript and communicate it back to the server. Now clearly this kind of vulnerability needs to be fixed, however the point is that a browser shouldn't have transpearent access to all user files in the first place. An app, even if successfully exploited, shouldn't compromise user data, and it would not be able to if it were run in a sandbox.

Sandboxing security is conceptually equivalent to running each app under it's own "user account", where instead of only isolating users, the OS isolates individual applications as well.

user->security context

Sandbox model:
user->appgroup->security context

This way, I could download and run a game from an untrusted source and run it with high confidence that it would not do harm to the rest of my system/files, even if it contained malware.

Doing this today manually for each and every application by default is unmanagable - imagine the burden of new user accounts for each user*app combination. Even things like selinux/apparmor are very difficult to use and don't offer the new security primitives that would make this integrate more naturally into user workflow.

A genuine app sandbox model has other benefits too: It would be available to users without any root access, which would address my prior gripe about my univerity account. Also, my shared hosting web sites could be isolated from one another such that a script vulnerability on one would not threaten the integrity of all my other web sites.

Reply Parent Score: 2