Submitted by Microsoft has unveiled a website aimed at raising awareness of browser security by comparing the ability of Internet Explorer, Mozilla Firefox, and Google Chrome to withstand attacks from malware, phishing, and other types of threats. Your Browser Matters gives the latest versions of Firefox and Chrome a paltry 2 and 2.5 points respectively out of a possible score of 4. Visit the site using the IE 9, however, and the browser gets a perfect score. IE 7 gets only 1 point, and IE 6 receives no points at all. The site refused to rate Apple’s Safari browser in tests run by The Register.
This is known as advertising. Pick the items that your product is good at, and then show a chart of how the competitors stand up against your selected items.
Sheeple…Sheeple who need Sheeple…are the luckiest Sheeple…in the world…
TBH I find it a bit suspect as well the soore but anything that gets people thinking about what they are downloading etc is a good thing IMO.
I agree, and it did show how bad older versions of I.E. are. The same would probably also be true for older versions of the other browsers. It’s just important that people understand the advertising technique being used.
I agree
BC that’s the main message “IE is not that bad *any more*”
because it isn’t.
TBH I am a webdev .. and IE8 and IE9 is fine … there is nothing wrong with it.
I really get fed up with ragging on IE and since IE8 has been released it has been solid. I am the sort of guy that can look at markup and render a web page in my head. And I am getting fed up with Chrome and Firefox with their rapid release cycle. Things are breaking … Chrome doesn’t even make a reliable HTTP request anymore (WTF?)
While there isn’t any whizz bang support for things like canvas and other crap that aren’t going to be used by big websites for at least a few years in IE8.
But I work in an IT department for a charity and everyone except for the “Web Applications Team” use IE8. (And anyone can download any browser they like and install it … and we have people that are Oracle Admins, Cisco Admins … and they just IE8 at work).
There is a huge amount of noise about web standards and HTML 5 etc etc … but really people just want info and want to view it with as little hassle as possible … if it looks right that is all they care about.
We should code for users at the end of the day … and like it or not they use IE in a lot of cases .. It depends on your audience. I think a lot of people forget that the audience of this website is vastly different to other places.
Edited 2011-10-12 22:33 UTC
Maybe you just miss the good old days, when it would take, like, six years for a new version of Internet Explorer to be released.
I’m a web developer too and IE8 and 9, while better than their predecessors, are still ugly.
Complex CSS markup that follows W3C standards and works in every other browser doesn’t work right in IE. Some jQuery plugins that work fine everywhere else render incorrectly in IE. It’s getting better, but it still isn’t standards compliant.
Yeah, but this isn’t doing that – this is leading people to believe that all they have to do is upgrade to IE9 and they’re safe online.
The worst thing is, the kind of people this is aimed at will blindly believe it because it’s from a reputable source: Microsoft. So potentially, this kind of propaganda could cause considerably more harm than good.
I visited the site using Opera 12 on Linux. This is what I got:
“We can’t give you a score for your browser.”
Does that mean that I am in danger? Should I keep surfing the web using the current configuration? Or maybe I should install Windows and use Internet Explorer?
Man, what a dilemma!
Firefox 7.0.1 on Ubuntu gets a 2 out of 4. I’m not worried though because this combination benefits from “Windows Operating System features that protect against arbitrary data execution” and “Windows Operating System features that randomize the memory layout to make it harder for attackers to find their target”.
It randomized your memory layout so thoroughly that it looks like Linux, that’s a nice trick
And linux got that feature inspired by *BSD
uh…that was a joke…who cares who had it first?
Same result for konqueror.
It says the same with Rekonq 🙂
“We can’t give you a score for your browser.”
Scores higher than 4 produce a bounds error and can’t be displayed.
I find it funny that MS is doing version string sniffing to identify security rather than actually testing things. I thought this practice had been stamped out!
Marked as No, despite the fact that I run both NoScript and RequestPolicy. I’ll take my own carefully constructed whitelists over Microsoft’s heuristics and blacklists any day.
Tried it with Firefox Beta 8 on XP (don’t kill me for using XP, it’s work 😀 ) and got the same result.
Edited 2011-10-13 17:27 UTC
Advertising indeed, but here is what will most likely come of this:
In a few days, the website will be hacked to serve malware, infecting those visiting it using Internet Explorer. The user receives a perfect security score, thinks everything is good, and moves on with life.
What basis do you have for that?
Edited 2011-10-11 23:12 UTC
Because hackers prefer facts above marketing BS.
funny most of the Web sites running Open Source Software have been hacked …
I’m sorry but please cite some sources if you’re going to make a grossly generalized comment like that.
Because last I checked, around 63% of web servers use Apache, i.e. open source[1], and if your claim is correct (depending on one’s interpretation of your use of the word “most”) then about half of the web sites in existence, or roughly 500 billion[2], have been hacked.
[1] http://news.netcraft.com/archives/2011/05/02/may-2011-web-server-su…
[2] http://googleblog.blogspot.com/2008/07/we-knew-web-was-big.html
Now see how easy that is?
all the big ones have been hacked .. kernel.org … Linux foundation etc, MySQL.com …
I am sorry if you haven’t been paying attention.
If X% of servers haven’t been hacked and they aren’t high profile IMO … they don’t count .. hackers are going to go for high profile targets.
Excuse me, how is a handful of tech websites possibly equivalent to “most of the Web sites running Open Source Software”?
I think we’re misunderstanding each other here.
weren’t most of those hacked due to weak user passwords or something similar? At least I think that was the case with kernel.org.
This was the case with all of them. Remote exploits were not involved in any of the recent attacks that I’ve read about (but please correct me if I’m wrong).
That’s probably a bit too strong, a bit too definite statement.
Hackers are among people who most strongly like to convince themselves of that, that’s for sure (while not being particularly immune from marketing, it’s they are its target group; especially of viral, and such, kind)
* Does the browser benefit from Windows Operating System features that protect against arbitrary data execution?
* Does the browser benefit from Windows Operating System features that randomize the memory layout to make it harder for attackers to find their target?
I didn’t know “Windows Operating System features” were available on linux! Good thing it’s enabled by default
Opera gives no score, opera masked as IE gives 4 out of 4, opera masked as Firefox, 2 out of 4.
Pretty trustworthy…
ha! that’s awesome
Good catch!
Firefox 7 gives a 2, but Firefox 7 masked as IE 8 gives a 3.
LOL, I don’t know who they are trying to convince with this, since pretty much the only people still using IE are the ones who don’t know about the alternatives, and anyone who does know about and use one of the alternatives would never be dumb enough to switch back to IE.
I mean, when it comes to security and standards compliance, I’m sure IE isn’t quite the train wreck that it once was. But when it comes to features, it’s way behind the curve.
I’ve actually found IE to be very useful in one particular situation: After a fresh install of Windows and I’ve forgotten my flash drive containing the latest Firefox and Chrome installers.
Other than that, it doesn’t see any use by me.
IE8 is actually smoother at scrolling text than any other browser in WinXP.
Chrome has a nasty bug where it will max out the processor in Windows.
Mozilla was leaking memory til recently.
IE9 and IE8 are quite consistent and they are “Ronsil” browsers.
I cannot comment on IE9, having not yet had extensive experience, but IE8 with more than 20 tabs becomes quickly unusable. IE8 plus a couple sites with broken JS chewing cycles and you’re at a standstill. It’s a bit like Chrome in this regard but recovers less gracefully. Firefox behaves much more pleasantly even if you don’t block scripts by default (which you should!)
lol
That site is barely any better than the fake security websites
What site you visited? yourbrowsermatters.org?
Here is my version of the site:
https://plus.google.com/112212012808666485463/posts/KcoBQ34BEZk
Good Ol’ Microsoft is back to their old tricks. It would be nice for a change for them get punished for false advertising. If someone would attack their piece of sh*t Internet Explorer browser, they would react violently with a lawsuit or two. Just my 2 cents.
Wow, this is incredible lame!
I got a score “2”.. This is bull$hit. Im on rebranded firefox 7.0.1
This is a cheap trick.
Im more secure on debian (without any antivirus, antispyware ++)than Id ever be on windows 7, no matter the browser
lame advertising.. If you cant beat them, spread FUD
The site doesn’t do any actual testing or feature probing. It just checks your user agent string and spits out pre-written results. It doesn’t matter what OS you are running, and it only has entries for IE, Firefox and Chrome.
The scores, of course, should be taken with a grain of salt because it is meant as a marketing tool.
The public education part could be useful though. The three clips that I watched were clearly explained and should be accessible to people who aren’t computer obsessive. And if it takes Microsoft’s branding to get people there, well, we shouldn’t complain about that.
Unfortunately we have kids here who are more interested in stroking their anti-Microsoft boners than acknowledge the truth in your point.
I didn’t see anyone disagreeing with him. He makes a very good point.
MacTO’s comment: no dissenting replies, comment score of +2.
Curse those anti-MS zealots!
As funny (and awful) as this is I tend to agree that this site is a net positive. MS continues to recommend their own browser (what else is new?) and lies about how bad the competition is (again, nothing new) but does so in away which will only seem convincing to a few. If this gets people off of IE6/7/8 then it’s a win and if it educates people on XP about alternatives, that’s a win too.
Yes, some people using Chrome or Firefox or whatever will be scared, in their ignorance, into switching to IE9, but I expect that this will not be an extensive thing. The worst case scenario is some CEO type getting scared and ordering his IT people to do something stupid, like ban Firefox, but it’s not a great concern for me.
If it persuades a few people to upgrade their IE, then it’s probably a good thing – but it probably won’t, they won’t be visiting the site.
Some of the security features are really annoying – do I need to be warned every time I download an application? It might make changes to my system – yep that’s the point. If you warn people all the time you might as well not bother as they will ignore it when it’s needed.
Well, if the current Windows security model was not so badly broken, this wouldn’t be needed…
Running an arbitrary unsigned executable file as root just to install random software, with no trustworthy information on what this executable is going to do exactly, is insane in our century. I hope this “Windows Store” thing will fix that, but I fear that giving Microsoft a way to control the Windows software ecosystem will also bring its whole lot of problems…
Edited 2011-10-12 05:40 UTC
Sorry, but is this not exactly the same in all OSs?
You always need root access to install software, usually.
moondevil,
“Sorry, but is this not exactly the same in all OSs? You always need root access to install software, usually.”
I think neolander was talking about the ability to run software under local user accounts, without compromising the system at large.
I’ve not kept up on the windows end, but I think today windows and linux are on par with regards to being able to support this. However most windows installers demand root access whether or not it’s needed, whereas linux software generally doesn’t care.
I don’t think either linux nor windows support transparent application sandboxing very well. For instance, when I was at university running solaris, it annoyed me that all the mechanisms needed to run programs security under *nix required root privileges that I did not have (for chroot/adduser/suid). Therefor, a bug in the browser or any other program could compromise my whole account, as an end user I had no defense.
I don’t think it is the case on OSX.
On Linux and other BSDs, you have a package and repository system, which I believe is what Microsoft want in Windows 8. Packages are more trustworthy than binaries, because they have a well-defined behaviour (checking dependencies, copying files…). A package which runs a binary as part of its installation is uncommon, and highly suspicious. Repositories are a good thing too, because they reduce the amount of entities that users must trust, can perform sanity checks (like the one above) on a package and sign it becore publication, and can take packages down or update them if a problem is found after publication.
I do not think that this is perfect. In my opinion, software should not be allowed to touch user files without explicit permission. But this is more secure than Windows’ binary-based software installation practices.
Neolander,
“On Linux and other BSDs, you have a package and repository system, which I believe is what Microsoft want in Windows 8.”
Oh, and here I thought you were talking about manually installed software…oops.
“Repositories are a good thing too, because they reduce the amount of entities that users must trust”
I’m not sure that the repository model actually reduces the entities we need to trust, it simply delegates the trust decisions to the maintainers.
Even in the context of repository software, I’d still wish for app sandboxing to become standard. Applications like firefox are the most vulnerable and would be ideal to have sandboxed.
Repositories are more than just a delegation of trust, its a delegation of trust to a professional truster. Presumably, the repo maintainers are better at trusting the right people because its there job to trust the right people. So it can reduce risk for the end user.
Sorry if I have made it confusing, I was talking about the main software installation method on each platform. On Windows it is binary installers, on OS X it is “application bundles” (although the Mac App Store thing is growing quickly and could replace .apps in this role at some point in the future), and on most Linux and BSDs it is a system software repositories.
By putting a package in a repository, maintainers say “okay, I have examined this package and I have found nothing obviously dangerous in what it does”.
This removes the need for users to perform such sanity checks on every downloaded package, provided that they trust the repository maintainers, so I believe there’s a gain there.
Again, we agree. I’d add that repositories require huge technical and human resources to maintain and do not necessarily scale very well to a large amount of packages (common problems being outdated package versions, dog slow package managers…). I personally prefer decentralized approaches to software distribution, and I believe better sandboxing would make those more practical.
Edited 2011-10-12 17:19 UTC
It actually depends on how you install the software. My experience has been that most software for that platform can be installed without superuser access because the method of installing is to drag the app (actually just a special folder containing the executable and all files necessary to use the app) to the user accessible Applications folder. This comes from the NeXT underpinnings of the OS; fire up a GNUStep CD and it’s the same way.
The other, less common way involves a wizard-style installer that does require elevated permissions. This method is used with larger, more complicated apps from major vendors, or in some cases smaller apps that require access to the lower level parts of the OS. Until the Mac App Store, most if not all Apple-branded software like iLife and Logic required the installer too. I have no idea if buying from the App Store still requires the installer; I haven’t had a chance to use Lion yet.
Edit: And you can tell it’s been a while since I’ve used a Mac…now I seem to recall having to supply my password (i.e. elevate permissions) even when dragging to the Applications folder. Can someone with a better memory than me, or a Mac at hand, corroborate this?
Edited 2011-10-12 18:34 UTC
+1 informative
It is not the case with the default OS X user account setup, at least on the version of OS X which I regularly deal with (10.5), but perhaps you used a user account with more limited privileges ?
Edited 2011-10-12 18:56 UTC
I think you are confusing the security model of the OS with application distribution, which are 2 different things.
Windows can install apps as a normal user, to the users appdata directory. All my apps are distributed that way. It’s not the OS that forces you to be admin, it’s the installer.
When I run apt or synaptics under Debian and Ubuntu, I also have to be root. Regardless where the apps come from, they are still installed as an admin. If the repository is hacked, you’re screwed. On Windows, if your app is from a non trustworthy source, you’re screwed.
The only real difference is that the apps are in one place in a linux distro, and even this is changing, with ppas in Ubuntu, and 3rd party repositories in fedora, you have lots of people installing apps from untrusted sources.
Really, if i didn’t know better, I would think you are trolling.
Don’t mistake convenience for security.
I think he just let others to cut one little snippet out of its context, and to carry it further. When seen as a whole multi-stage system (of the kind implemented in repositories), the approach works decently.
It’s not only about root access, also certificates and trustworthy entities higher in the chain.
Edited 2011-10-19 00:17 UTC
I can install software (including libraries) into my home directory, and the GNU toolchain will let me specify ~/bin at the head of $PATH and ~/lib in $LD_LIBRARY_PATH. If the sysadmin hasn’t mounted /home with “noexec”, I’m good to go.
Side benefit: if filesystem accounting is turned on, I can install custom programs and libraries to my heart’s content, without risking others’ access to storage, thanks to quotas.
Neolander,
“Well, if the current Windows security model was not so badly broken, this wouldn’t be needed…”
Unfortunately, it’s not just windows, but I agree in principal.
“Running an arbitrary unsigned executable file as root just to install random software, with no trustworthy information on what this executable is going to do exactly, is insane in our century.”
My grip is that too many security solutions focus on identity rather than inoculating harmful instructions. Digital signatures are rather pointless if I’m downloading arbitrary software/games where the author may as well be anonymous.
Now we could say “Well, if you don’t know who ID Software are, you have no business installing their software”, but IMHO this mentality misses the point that security <> identity.
There are many legitimate authors out there who have something to offer even though they lack a widely recognizable identity. Another problem with identity based security is that even correctly signed packages can do harm (deliberately or not).
The technical solution is obvious: sandbox all applications by default and require them to declare security profiles (like midlets) but I think we may have already talked about this. Companies have an anti-incentive to make secure app sandboxes – look at how apple used security as an excuse to tether users to their store instead of actually making apps secure.
“I hope this ‘Windows Store’ thing will fix that, but I fear that giving Microsoft a way to control the Windows software ecosystem will also bring its whole lot of problems… ”
I don’t care if they have a store, but I worry whether it will be 100% optional or if they’ll try to reduce the compatibility/functionality of windows artificially for users/devs who want to sideload apps.
I share your opinion that all future OSs should use sandboxes as their primary security system. It is much better than letting untrusted software do whatever it wants with user files, let alone let it touch the system drive enough to install itself.
However, even within the realm of current software installation methods, I believe that the Windows way of setup.exe binary black boxes with root access is especially awful, and far behind what other desktop OSs have come up with as their main installation method since.
This is because there are many stupid developers out there.
Windows supports packages (*.msi) since Windows 2000.
It is not Microsoft blame if software houses still make use of Setup.exe installers.
Heck, I also know some Software houses that provide similar installers for UNIX systems!
While reading my comment, please keep in mind that I’m not a “Windows” person, so it’s possible that my limited opinion may not be applicable everywhere and everytime.
Either developers ignore the concepts that an OS provides, or they simply don’t know that those do exist. In conclusion, they violate them.
(You can see similar things when it’s about the “Windows” GUI. In the past, there were people continuously complaining about “inconsistency”. Today, this inconsistency is included in “Windows” itself, and many application developers also do their own thing.)
While “Windows” doesn’t have a full concept of system-based application installation, updating, deinstallation and security audit, many other systems have. Instead of moving that functionality into the application program itself (“Hey! Look! I’m available in version 1.23! Install me now and reboot!” – or worse, “Go to some arbitrary webpage and download my newest version!”), such things should be done by the OS, and presented to the user by a usable frontend that – depending on requirements – may have different appearances and default actions (automated updates, updates with confirmation, just security notification and so on).
I think it basically is. MICROS~1 should educate the developers to use the infrastructures that are expected to be used for that purpose, instead of re-inventing the wheel in oval, square or triangular forms over and over. They could even include options at system level that prohibits the use of the SETUP.EXE mechanisms, so the “native” installation method will have to be used.
But basically I agree with your option: It’s up to the developers to actually do it.
Sadly, developers do what they expect the user wants. The user does whatever he’s told.
For most desktop users in “Windows” land, installing software means: Opening the web browser, using google to wade through web pages, finally download sone SETUP.EXE file and then keep clicking “yes”, “yes”, “yes”, “yes”, “reboot” until the desired piece of software is installed. Security considerations do not matter here. You can even see this attitude in corporate environments… and then, people get confused why their networks are infected with malware…
The modern approach of application installation is a means provided by the OS that lets you search applications, install them, update them if desired, or limit what they can do in a manner you define. There are many approaches to do so. The most common ones are the package managers known from Linux and UNIX. But also smartphone providers do use means like AppStore to provide that functionality. Does this limit freedom? Maybe. Does it benefit security? Hopefully. Does this sound like managed systems? A bit, yes. But after all, maybe that’s what users want, they just don’t know it? Hmmm…
Scary!
There’s no reason package/software management & updating has to be complex. I tend to agree that a single uniform method is best assuming it’s been implemented properly. But of course, the second Microsoft attempts anything like that you will get hoards of childish nonsense about how Microsoft is overreaching, shoving an installation/update system down everyone’s throat, and acting nazi-ish.
I usually look at the driver signing model when this issue comes up.
If Microsoft charges a fee for vetting and hosting software in the MS download center or refuses to host competitive software (no office suites or web browsers) or blocks third party repositories then we should be looking at a legal action.
If Microsoft waives the fee for free licensed software but charges a reasonable flat rate or percentage for retail software hosting it’s probably OK. If they host software for Windows even when that software competes directly with there own products then fair again. Ideally, they also include a method of adding additional repositories so that third party entities can maintain there own repositories when it makes sense. You could verify and add the Adobe repository to your Windows software installer or similar.
Either way, Microsoft is going to take heat from the baseless haters but overall, they could implement a proper repository system in a rational manner without abusing monopoly possition and resulting in a net gain overall for Windows system security.
In all due respects these software programmers know about MSI – it is hardly some secret formula that has been kept hidden from programmers for decades. The cold hard reality is that you have marketing wonks who see the installer (as well as the GUI hence the rise of bloated ‘skinning’ when they’ve failed to actually add features want they change the GUI into some fisher price abomination) as one of the many ways to ‘brand’ their product – a custom installer with custom logos and other crap. This branding serves no positive purpose for the end user but that won’t stop a company from doing so – to them its a way of selling their other products, “It seems you’ve bought a HP printer!” (no sh-t sherlock) “would you like to buy some printer ink! here is a link directly to our store” (that only works in the US!).
Case in point, Adobe Creative Suite installer has a wrapper installer around the standard way of doing things – why don’t they just use the standard installer provided with Mac OS X? they also do the same thing with Windows too! one can’t honestly believe that these programmers have never heard of MSI in their life.
You know all Microsoft has to do? have a ‘Windows Excellence’ programme which has one of the requirements to be that the vendor has to use a bog standard MSI installer (along with other requirements). Start a campaign that pushes the idea, “if you want quality look for the ‘Windows Excellence’ logo” and then let the end user do the rest – “Oh, I’m not buying that because it doesn’t have the logo on” in very much the same way that Intel had the ‘ding, dong, ding’ Intel Inside marketing campaign.
It is true that people can do very stupid things in the name of “branding” or “differentiation”, but I don’t think this explains everything.
As an example, many multiplatform projects (gimp, inkscape, ghostscript…) use unmodified NSIS, which is pretty close to MSI in look and feel, so we don’t have a case of marketisis here. Perhaps MSI is missing an important feature of other solutions for multiplatform, like the ability to build packages on non-windows platforms (could be a problem if the MSI package format, like other Microsoft “standards”, is not publicly documented or wildly changes without warning)
As for this “Windows excellence” idea, this could be something, but somehow I doubt that Microsoft could do it well. It is likely that good partners of Microsoft would get the logo for free (like Intel for Vista Capable), whereas anything competing with Microsoft products (like, say, OpenOffice) would have a very hard time getting it.
Neolander,
“Perhaps MSI is missing an important feature of other solutions for multiplatform, like the ability to build packages on non-windows platforms (could be a problem if the MSI package format, like other Microsoft ‘standards’, is not publicly documented or wildly changes without warning) ”
Not sure if this is significant, but I recently encountered the following MSI conundrum:
MSI applications will not install without first installing the appropriate MSI installer. Ok, I already had MSI installed, but it was asking for version 3. I try to install MSIv3, but MSIv3 refuses to be installed on WinXP SP2. Solution: download the zip version, extract, run…no problems.
I know, XP is officially “unsupported” by MS, however considering that XP is still the dominant OS, that could be a problem. As a developer, I don’t want my software to be a part of MS’s planned obselecense strategy.
If a very large number of persons do something in a specific way, stupidity is not necessarily the best explanation…
Can those be examined in details and checked for suspicious behaviours by a user or repository maintainer, like .deb, .rpm, and other *nix package formats can ? If .msis end up being a black box too, then they are only a tool for software developers, and have no security benefit for the user…
Well, I’d say maybe. Why are many developers still using binary installers if MSI offers a good package system ? Do Microsoft push MSI enough ? Have they tried to make it significantly more attractive than other solutions to developers ? Does it meet the needs of developers as well as other solutions ? Do you have to use Visual Studio or another arbitrary piece of software to create MSI packages ?
Me too. NVidia and ATI drivers do this, and I believe Borland Kylix did it too. Thankfully, this remains infrequent. It seems we agree that this sucks as a default installation method, since it is very dangerous as soon as you cannot trust the software’s author.
Tell me about it..
Well, imagine a desktop OS where software would be confined in a tiny part of the hard drive and couldn’t touch any other file. It would have its binaries and data, system-wide and per-user config files, and that’s it. It couldn’t access anything else on the hard drive, including the user’s home folder, without explicit user permission.
Said explicit permission could take the form of a command line parameter, double clicking a file with the proper association, a standard system “file open” GUI dialog… Or, for software which legitimately needs to access user files behind his back, like a backup service, an elevated privilege request for such access, that is displayed once, through a controlled system dialog, during installation.
We can imagine applying a similar philosophy to every other system service which has a “dangerous” side to it : real time process priorities, altering network configuration, power management features which turn hardware on and off, more generally direct hardware access…
Most of today’s applications only have limited needs and could work very well with this much reduced level of security permission. But it would strongly reduce the amount of stuff which malware can do silently. Wiping your home folder ? Not possible anymore. Sending your private data to a third party without you knowing ? Not possible anymore. Putting a rootkit in your OS kernel during installation ? Not possible anymore, as software does not require dedicated installers anymore. Making a hidden trojan binary run silently on each user login ? Not possible anymore.
Sandboxing would not eliminate malware, but it would significantly higher the effort necessary to engineer it. Now, malware would have to do stuff in plain sight of the user. Privilege elevation dialogs would explain clearly what it is up to. So said malware would have to come up with a good justification for what it’s doing, facing a cautious user who is not used to seeing meaningless “a program wants to make changes to your system” dialogs all the time.
Edited 2011-10-12 18:59 UTC
I know that, and I agree with it. When I read a book or two about OS design years ago I realized the extreme shortcomings of contemporary user based “security” design. In a Windows IRC channel I mentioned the illogical absence of application privileges in addition to user ones, and got into a discussion with an op.
That op didn’t like the “idea”, and to make the story short, he’d rather not have such a thing than having to, as user, manually grant apps permission for various resources !
I found myself mysteriously “disconnected” from that channel after I explained this view of mine, which is that inside an OS (and only there
) this is my ideal social hierarchy:
1. Admins are gods.
2. Users are kings.
3. processes are people, to be controlled, assigned duties, used, abused, and thrown away.
Edited 2011-10-12 19:59 UTC
Basically my social hierarchy too
Long live the pope!
oinet,
(Re application sandboxing)
“Tell me about it..”
Well most of what I propose has already been done, it just never made inroads in the market. If you were familiar with Java Web Start, then you should understand what I mean.
Most security we see in operating systems has gone towards protecting the OS files from malware (Win Vista makes this clear, Unix has always had this). However very little security has gone towards protecting the user’s own files/apps from malware, which could be even more devestating to end users.
Consider: An early browser (can’t remember if it was IE/NS) used to have a trivial vulnerability whereby a webpage could cause the browser to open up arbitrary user files (say in a frame), and then read the contents dynamically using javascript and communicate it back to the server. Now clearly this kind of vulnerability needs to be fixed, however the point is that a browser shouldn’t have transpearent access to all user files in the first place. An app, even if successfully exploited, shouldn’t compromise user data, and it would not be able to if it were run in a sandbox.
Sandboxing security is conceptually equivalent to running each app under it’s own “user account”, where instead of only isolating users, the OS isolates individual applications as well.
Today:
user->security context
Sandbox model:
user->appgroup->security context
This way, I could download and run a game from an untrusted source and run it with high confidence that it would not do harm to the rest of my system/files, even if it contained malware.
Doing this today manually for each and every application by default is unmanagable – imagine the burden of new user accounts for each user*app combination. Even things like selinux/apparmor are very difficult to use and don’t offer the new security primitives that would make this integrate more naturally into user workflow.
A genuine app sandbox model has other benefits too: It would be available to users without any root access, which would address my prior gripe about my univerity account. Also, my shared hosting web sites could be isolated from one another such that a script vulnerability on one would not threaten the integrity of all my other web sites.
I was using the expression “tell me about it”, with stress on “me”. But it’s nice to see that more people are aware of the pain and “evil” of contemporary security system(s) in mainstream OSs. One such “evil” being the inability to safely:
Sorry for the off-topic grave digging but you had a question the other day that is worth answering and timed out with the holiday weekend.
http://www.osnews.com/thread?492147
When suggesting a minimum level of due diligence in setting up or selling wireless networking you had two interesting questions:
Q: Was I aware that the use of minimum acceptable security mechanisms was contrary to those intentionally setting up open wireless networks.
A: Yes. I read the topic of the thread as focusing on private home and business networks which should normally want to keep strangers out. I think there is a blatant difference between SSIDs “myhome, dlink, bell###, linksys” and “openWifi, coffeeSpot and freeinternet”. In the first case the owners may not be aware they are open to anyone, in the second case the network has clearly been named as an invitation to anyone. Even with an intentionally open network; there is due diligence though it may not come down to blocking MACS and running a WIDS.
(Granted, the invitational naming of a network should be a clear warning sign for any security conscious folks. I’d sure have fun with snort, dsniff, an applicable warning page and a spare router with inviting network name.)
Q: Did I have any solutions to these problems.
A: Yes.
– make open networks an “opt-in” by selling hardware with secure settings in place or initial setup wizards which harden the router properly. The current “opt-out” of being open and exploitable is unacceptable. Oh boo hoo, the hardware vendor gets more support calls with initial setups; suck it up and/or write a better setup wizard and educate your customers.
– make intentionally open networks obvious with clear SSID names like “freeinternet” or “BobsCoffeeWifi”.
– use encryption to mitigate sniffing attacks now rampant again thanks to shared and unencrypted wireless network bubbles.
– use authentication. This can be a webpage wall like those favored in hotels and holiday resorts. Provide a unique or shared passphrase on the receipt. Your still providing network access to your third party customers but without leaving your network wide open.
– use scheduling for when the wireless network is available. If the coffee shop is closed, you probably don’t need to be allowing access into the hotspot bubble.
– monitor network traffic; what MAC had what IP during what times, what network traffic is being facilitated and so on.
A closed network should be the retail default not the “opt-in” option. An open network still has a minimum level of due diligence. Neither option should be “plug in wifi router and believe all is right with the world”.
There are only a few topics I’d grave dig over but security and wifi security are both among them.
Okay, now I have a real computer at hand so I can post more detailed replies !
{Re : Security != identity}
I believe that digital signing does improve security a bit, although we agree that it is not a vital mechanism : people can use them to make sure that an application has not been altered by its distributor from the version which the author has distributed, simply by checking its signature against the author’s key. This can in turn be used to make mirrors safer (not every developer has enough bandwidth to distribute his software by himself).
We agree, however, that identity is not security. You know that software has not been altered since the author packaged it, but if the package itself was malicious to begin with, something better is needed. Hence the need for sandboxing
This is one of my worries too. Apple have opened up Pandora’s box by introducing unavoidable software repositories on iOS, now other OS manufacturers might be tempted to introduce a similar system.
Edited 2011-10-12 17:06 UTC
Microsoft is envious of other browsers mind share, which leaves IE in the dust as the times goes.
Geez, these guys…
… most of the commenters here should skip over TFA and go to http://yourbrowsermatters.org and check out how they performed the testing. They actually have their test methodology properly documented, including why only the 3 main browsers are scored etc. http://yourbrowsermatters.org/docs/methodology.pdf
I trust Microsoft on this matter.
There is NO ONE on the planet that knows more about insecure browsers and software than Microsoft.
The features they are scoring based on are certainly based on the IE9 feature-set, on the other hand a lot of them really are good stuff that Firefox and Chrome really should implement. I have no real problem with Microsoft pointing this stuff out, will only improve overall security over time.
I’m thrilled to know that I benefit from Windows even when I’m running Firefox on Arch Linux:
“Does the browser benefit from Windows Operating System features that randomize the memory layout to make it harder for attackers to find their target? yes”
Edited 2011-10-12 20:19 UTC
“We can’t give you a score for your browser.”
Makes me feel good about using Opera 11 when even Microsoft can’t pick on them. Security by obscurity… never fails!
No, it’s aimed at raising IE market share. Raising awareness is a side-effect.
All MS is doing it reading the Browser ID String. Like was said above, go there with Safari, Opera, Chrome, FF and set the Browser ID to IE9 and all browsers get a 4 out of 4!
As a harcore IE9 user, I feel safer now.