most secure graphical browser

I use Seamonkey. You can turn off Javascript. Java and Flash won't run
if they are not configured. Seamonkey has been very solid for me for
many years. I usually have it open and running for 2-4 weeks at a time
and I have only experienced about 2 crashes in over 5 years. BTW,
Seamonkey is derived from the the old Mozilla code base. It hasn't
changed much over the years as far as features go. It does get security
updates regularly though. Check out the fixes:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#SeaMonkey

One drawback is that the version of Seamonkey in the OpenBSD packages is
usually a minor version or two behind the latest Seamonkey. I have never
let this bother me and it has never been a problem.

-pachl

Henri Salo

2008-01-17 21:58:48 UTC

On Thu, 17 Jan 2008 15:42:38 -0500

Post by Douglas A. Tutty
I have a box that I want to keep as secure as I can but I also need to
be able to use a graphical browser from it (I know that this is a
trade-off).
There is no graphical browser in base. I don't need or want this
browser to do javascript or flash (I have a different box for
entertainment). Of the browsers in packages, which browser would
people think is likely the most secure?
Firefox development is focused on new features to keep up with the
latest web sites and technology. I don't know if they have time for
super security in the midst of that.
Konqueror seems to have fewer security updates but still seems to
handle any sites I need (from my other box). I don't know if the
fewer number of security updates is because it is better written or
it doesn't get looked at as much. This is my normal browser, except
for one site that doesn't work (due to invalid html on the site).
elinks or links are lightweight and work fine (no tabs though). Get
few updates. Don't know the security quality.
dillo. Also works fine, but I haven't seen an update in quite a
while. Don't know if it continues to get security audits up-stream.
Any suggestions?
Doug.

For your information dillo2 is in development-phase. As far as I know
there isn't any open security problems with dillo and that mostly comes
from simplicity. If there is security holes dillo's development
sure will patch all of those right away. They are pretty
active nowadays. Dillo-project has been mentioned ( as in adverticed )
as fast and secure www-browser. I'm using it daily i.e. in my
email-client.

I'll bet dillo is a very good choise for you.

--
Henri Salo <fgeek at hack.fi> +358407705733
GPG ID: 2EA46E4F fp: 14D0 7803 BFF6 EFA0 9998 8C4B 5DFE A106 2EA4 6E4F

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

STeve Andre'

2008-01-17 22:11:53 UTC

[snip]

Why not create an OpenBSD live CD with the stuff you want on it?

--STeve Andre'

Douglas A. Tutty

2008-01-17 23:17:54 UTC

[snip]
Why not create an OpenBSD live CD with the stuff you want on it?

Because this box will also be my main server. For details, see a
previous thread (I forget the title) where I'm splitting things between
a "secure" box where anything confidential will be kept, and an
"entertainment" box for regular browsing with javascript and, where
required, flash. Also for watching DVDs and listening to music.

Doug.

Rico Secada

2008-01-18 00:03:07 UTC

On Thu, 17 Jan 2008 18:17:54 -0500

[snip]
Why not create an OpenBSD live CD with the stuff you want on it?

Because this box will also be my main server. For details, see a
previous thread (I forget the title) where I'm splitting things
between a "secure" box where anything confidential will be kept, and
an "entertainment" box for regular browsing with javascript and, where
required, flash. Also for watching DVDs and listening to music.

A main server where you need a graphical browser? I am sorry, but why
don't you just use your entertainment box rather than browsing graphics
from your server?

Post by Douglas A. Tutty
Doug.

ropers

2008-01-18 01:02:37 UTC

Post by Rico Secada
A main server where you need a graphical browser?

It can be useful for (esp. junior) sysadmins who've hooked up a
monitor and keyboard to a server and are sitting in front of it to
administer it, and who may not be confident enough of their choices
without googling and reading through a number of pages on the web (and
this list of course -- brownie points please ;). Due to bad web design
decisions by others, googling for answers can be more comfortable from
a graphical browser than from plain vanilla lynx(1).

Of course a point could be made that there is an inverse relationship
between the "graphical sophistication" of a website
(=lynx-incompatible bad design) and the quality of the site's content.
However, sometimes even horribly designed sites host quality content,
and being able to read that content can be useful.

--ropers

johan beisser

2008-01-18 01:31:25 UTC

Post by ropers
It can be useful for (esp. junior) sysadmins who've hooked up a
monitor and keyboard to a server and are sitting in front of it to
administer it, and who may not be confident enough of their choices
without googling and reading through a number of pages on the web (and
this list of course -- brownie points please ;). Due to bad web design
decisions by others, googling for answers can be more comfortable from
a graphical browser than from plain vanilla lynx(1).

Funny, I usually have them bring a laptop with them. Y'know, wireless,
or even a port on the switch, is not entirely out of the question here.

Post by ropers
Of course a point could be made that there is an inverse relationship
between the "graphical sophistication" of a website
(=lynx-incompatible bad design) and the quality of the site's content.
However, sometimes even horribly designed sites host quality content,
and being able to read that content can be useful.

I still don't want a browser, let alone X11, on most of my servers. I
tolerate Lynx on OpenBSD, but I'd rather not have it there at all.

Clint Pachl

2008-01-18 01:24:16 UTC

Post by Rico Secada
On Thu, 17 Jan 2008 18:17:54 -0500

[snip]
Why not create an OpenBSD live CD with the stuff you want on it?

Because this box will also be my main server. For details, see a
previous thread (I forget the title) where I'm splitting things
between a "secure" box where anything confidential will be kept, and
an "entertainment" box for regular browsing with javascript and, where
required, flash. Also for watching DVDs and listening to music.

A main server where you need a graphical browser? I am sorry, but why
don't you just use your entertainment box rather than browsing graphics
from your server?

No kidding. Having X installed on a main server is a bad idea. What does
this main server do? If you need a GUI on your server you should
probably use Linux or Windows.

If you just need a browser to view documentation on the Internet use
lynx; it's in the base.

If you want security, get rid of X.

Douglas A. Tutty

2008-01-18 03:17:36 UTC

Post by Clint Pachl
No kidding. Having X installed on a main server is a bad idea. What does
this main server do? If you need a GUI on your server you should
probably use Linux or Windows.
If you just need a browser to view documentation on the Internet use
lynx; it's in the base.
If you want security, get rid of X.

Even if it's OpenBSD's X? The one that you need should you need to
build any ports (including if you follow current and need security fixes
to any ports)?

Doug.

Alexey Vatchenko

2008-01-18 14:29:20 UTC

Post by Clint Pachl
If you want security, get rid of X.

Even if it's OpenBSD's X? The one that you need should you need to
build any ports (including if you follow current and need security fixes
to any ports)?

http://marc.info/?l=openbsd-misc&m=114738577123893&w=2

--
Alexey Vatchenko
http://www.bsdua.org

Tony Abernethy

2008-01-18 14:39:57 UTC

Post by Clint Pachl
If you want security, get rid of X.

Even if it's OpenBSD's X? The one that you need should you need to
build any ports (including if you follow current and need

security fixes

Post by Douglas A. Tutty
to any ports)?

http://marc.info/?l=openbsd-misc&m=114738577123893&w=2
--
Alexey Vatchenko
http://www.bsdua.org

Flames invited if I've got this wrong.
Include the X tarballs.
Answer NO to Do you intend to run X?

Making X and no-X versions of everything has gotta be a pain.
The security problem with X is that the (blobby?) video
card has got better access to memory than the OS.

Dusty

2008-01-18 15:10:58 UTC

Lynx is secure ;)

There are no insecure browsers, just insecure sites.

Post by Clint Pachl
If you want security, get rid of X.

Even if it's OpenBSD's X? The one that you need should you need to
build any ports (including if you follow current and need

security fixes

Post by Douglas A. Tutty
to any ports)?

http://marc.info/?l=openbsd-misc&m=114738577123893&w=2
--
Alexey Vatchenko
http://www.bsdua.org

Flames invited if I've got this wrong.
Include the X tarballs.
Answer NO to Do you intend to run X?
Making X and no-X versions of everything has gotta be a pain.
The security problem with X is that the (blobby?) video
card has got better access to memory than the OS.

Douglas A. Tutty

2008-01-18 17:05:03 UTC

Post by Dusty
There are no insecure browsers, just insecure sites.

OK, but how do you tell a secure site from an insecure site? If a site
turns out to be insecure, if the browser isn't vulnerable to the attacks
that the insecure site can exploit, then the browser is "secure" for
that insecure site.

Assuming that, except for the short time between a security bug's
discovery and its fix, all browsers are secure for known exploits, which
browser is most likely to have the fewest unknown security bugs?

Isn't that the same thing as asking which is the most secure browser?

Other than reading local documentation, the "secure" browser would be
used for visiting websites that I don't want to visit with a browser or
from a box who's browser may have been compromised (unknowningly) from
an insecure site.

The example on a previous thread was doing internet banking. Is it wise
to do one's banking from the same browser as one does general web
surfing?

Doug.

Joel Wiramu Pauling

2008-01-18 19:41:18 UTC

dude, from what your saying, then run a browser, in chroot via ssh. To your
remote X server. You may also want to rub a scrubbing proxy in that environ,
(i.e dans guardian or somesuch). While a chroot is not ideal, it is a step
up from running just plain ol unprivileged. And it's not like chroots are
difficult or anything. As for browser choice. In the end I would just choose
one with the least amount of lib deps to keep your chroot clean.

While chroots are not ideal, they do two things which are going to increase
your security, 1) they keep the underlying file system out of the way of
your real filesystem, so things that might lead to filesystem exploits can't
do shit, and 2) keep standard system crap hidden away and minimise the
chances of someone on being able to do anything should they be able to
exploit a vulnerability in the browser.

but to me sounds like your making a non-issue into a mole hill. Even the
most limited of hardware can run decent browsers. Why you are insisting on
using your access box, when you have another machine is beyond me. Ideally
just run a browser on your shit hardware, it's not that big of a deal
really, yes mike take ages to load, but meh.... who cares.

Joel Wiramu Pauling

2008-01-18 19:47:56 UTC

One other note, if your planning on doing any internet banking, your pretty
much stuck with Firefox or Opera (using binary emulation). Haven't tried ie
under wine on openbsd, it may work also.

Why? Because a lot of the internet banking sites are useless and while
things like konqueror load them, badly hacked together js, and other bits
fail a lot, things you won't notice until you go to do something like a
funds transfer etc. You might be lucky and your banks website isn't ass. But
I would be checking it thoroughly before making a browser decision.

As for security, browser settings in such a way as to flush cookies at the
end of sessions, clear cache etc and not store passwords is not a difficult
thing, but in the end a scrubbing proxy would be a good idea if your uber
paranoid.

Stuart Henderson

2008-01-18 20:22:27 UTC

Post by Joel Wiramu Pauling
One other note, if your planning on doing any internet banking, your pretty
much stuck with Firefox or Opera (using binary emulation).

lynx works fine for me. with some of the things that are being
suggested, isn't it easier to just change bank?

Post by Joel Wiramu Pauling
in the end a scrubbing proxy would be a good idea if your uber paranoid.

does your bank not use SSL? or do you have some scrubbing proxy
that you trust enough to MITM connections to your bank?

Joel Wiramu Pauling

2008-01-18 20:35:05 UTC

Post by Henri Salo

Post by Joel Wiramu Pauling
One other note, if your planning on doing any internet banking, your

pretty

Post by Joel Wiramu Pauling
much stuck with Firefox or Opera (using binary emulation).

lynx works fine for me. with some of the things that are being
suggested, isn't it easier to just change bank?

Sure that would be great. But then again, I might be more inclined to go
with who has the best rates.

Post by Henri Salo
in the end a scrubbing proxy would be a good idea if your uber paranoid.
does your bank not use SSL? or do you have some scrubbing proxy
that you trust enough to MITM connections to your bank?

No but having a scrubbing proxy reduces the chances of the browser picking
up anything nasty on the stream of consciousness browsing sessions that are
sure to ensue. You could of course also have the proxy restrict access to
anything but your banking sites, but then again there are simpler ways to do
this. All in scrubbing proxies, for ad's malware, and just for ACL controls
are good ideas. Of course when combined with sane firewall policies etc as
well.

J.C. Roberts

2008-01-19 10:04:00 UTC

Post by Joel Wiramu Pauling

Post by Joel Wiramu Pauling
in the end a scrubbing proxy would be a good idea if your uber paranoid.
does your bank not use SSL? or do you have some scrubbing proxy
that you trust enough to MITM connections to your bank?

No but having a scrubbing proxy reduces the chances of the browser
picking up anything nasty on the stream of consciousness browsing
sessions that are sure to ensue. You could of course also have the
proxy restrict access to anything but your banking sites, but then
again there are simpler ways to do this. All in scrubbing proxies,
for ad's malware, and just for ACL controls are good ideas. Of course
when combined with sane firewall policies etc as well.

Stuart,

Whether or not your bank uses SSL is (unfortunately) irrelevant. Banks
do get hacked and banks do distribute malware to their customers. This
exact thing happened to the Bank of India last year.

http://www.malwarehelp.org/news/View.php?ArticleID=6199

You don't need to be uber-paranoid to use a scrubbing proxy, yet as you
mentioned, it is a MITM, and should be vetted before use.

kind regards,
jcr

Jona Joachim

2008-01-19 00:54:46 UTC

Post by Joel Wiramu Pauling
One other note, if your planning on doing any internet banking, your pretty
much stuck with Firefox or Opera (using binary emulation). Haven't tried ie
under wine on openbsd, it may work also.
Why? Because a lot of the internet banking sites are useless and while
things like konqueror load them, badly hacked together js, and other bits
fail a lot, things you won't notice until you go to do something like a
funds transfer etc. You might be lucky and your banks website isn't ass. But
I would be checking it thoroughly before making a browser decision.

Talking about brainfucked bank sites...
My bank checks for the browser's user-agent: Firefox on win32 an Linux
passes, Firefox on *BSD is denied access, unless you change the
user-agent string...
I sent them a mail explaining them why this utter nonsense and I just
got a standard reply.

Jona

--
"I am chaos. I am the substance from which your artists and scientists
build rhythms. I am the spirit with which your children and clowns
laugh in happy anarchy. I am chaos. I am alive, and tell you that you
are free." Eris, Goddess Of Chaos, Discord & Confusion"

L. V. Lammert

2008-01-19 17:56:16 UTC

Post by Jona Joachim
Talking about brainfucked bank sites...
My bank checks for the browser's user-agent: Firefox on win32 an Linux
passes, Firefox on *BSD is denied access, unless you change the
user-agent string...
I sent them a mail explaining them why this utter nonsense and I just
got a standard reply.
Jona

Just change the user agent string, .. UserPrefs is great for that. There's
absolutly no way you could get through to anyone that gives a damn anyway,
so don't wast your time

Post by Jona Joachim
--
"I am chaos. I am the substance from which your artists and scientists
build rhythms. I am the spirit with which your children and clowns
laugh in happy anarchy. I am chaos. I am alive, and tell you that you
are free." Eris, Goddess Of Chaos, Discord & Confusion"

================================================
Leland V. Lammert ***@omnitec.net
Chief Scientist Omnitec Corporation
Network/Internet Consultants www.omnitec.net
================================================

Rico Secada

2008-01-18 21:50:40 UTC

On Sat, 19 Jan 2008 08:41:18 +1300

Post by Joel Wiramu Pauling
but to me sounds like your making a non-issue into a mole hill. Even
the most limited of hardware can run decent browsers. Why you are
insisting on using your access box, when you have another machine is
beyond me. Ideally just run a browser on your shit hardware, it's not
that big of a deal really, yes mike take ages to load, but meh....
who cares.

Right on the point!

Alexey Vatchenko

2008-01-18 15:14:05 UTC

Post by Clint Pachl
If you want security, get rid of X.

Even if it's OpenBSD's X? The one that you need should you need to
build any ports (including if you follow current and need

security fixes

Post by Douglas A. Tutty
to any ports)?

http://marc.info/?l=openbsd-misc&m=114738577123893&w=2

Making X and no-X versions of everything has gotta be a pain.
The security problem with X is that the (blobby?) video
card has got better access to memory than the OS.

The problem is not in blobbyness (all drivers that come with OpenBSD are open
sourced), the problem is that the userland program (X server) has access to the
things that must be allowed only to kernel.

--
Alexey Vatchenko
http://www.bsdua.org

Otto Moerbeek

2008-01-18 15:52:11 UTC

Post by Alexey Vatchenko

Post by Clint Pachl
If you want security, get rid of X.

Even if it's OpenBSD's X? The one that you need should you need to
build any ports (including if you follow current and need

security fixes

Post by Douglas A. Tutty
to any ports)?

http://marc.info/?l=openbsd-misc&m=114738577123893&w=2

Making X and no-X versions of everything has gotta be a pain.
The security problem with X is that the (blobby?) video
card has got better access to memory than the OS.

To build ports, you need to have X installed. But there's no need to run it.

-Otto

Ted Unangst

2008-01-18 19:59:47 UTC

Post by Alexey Vatchenko
The problem is not in blobbyness (all drivers that come with OpenBSD are open
sourced), the problem is that the userland program (X server) has access to the
things that must be allowed only to kernel.

and if you don't run X, it doesn't need any access at all.

Duncan Patton a Campbell

2008-01-21 18:56:06 UTC

On Fri, 18 Jan 2008 15:14:05 +0000 (UTC)

Post by Alexey Vatchenko

Post by Clint Pachl
If you want security, get rid of X.

Even if it's OpenBSD's X? The one that you need should you need to
build any ports (including if you follow current and need

security fixes

Post by Douglas A. Tutty
to any ports)?

http://marc.info/?l=openbsd-misc&m=114738577123893&w=2

Making X and no-X versions of everything has gotta be a pain.
The security problem with X is that the (blobby?) video
card has got better access to memory than the OS.

I assume that anything I run X on is "insecure". In fact, I don't believe
you can keep anything meaningful secret. Just the same, I use OpenBSD
because it offers a more stable platform, not because I've got dirty
underwear to hide.

Dhu

Douglas A. Tutty

2008-01-18 15:35:40 UTC

Post by Clint Pachl
If you want security, get rid of X.

Even if it's OpenBSD's X? The one that you need should you need to
build any ports (including if you follow current and need

security fixes

Post by Douglas A. Tutty
to any ports)?

http://marc.info/?l=openbsd-misc&m=114738577123893&w=2
--
Alexey Vatchenko
http://www.bsdua.org

Flames invited if I've got this wrong.
Include the X tarballs.
Answer NO to Do you intend to run X?
Making X and no-X versions of everything has gotta be a pain.
The security problem with X is that the (blobby?) video
card has got better access to memory than the OS.

I said nothing about running an x server on the box, just having a
graphical browser installed. It will be run via ssh from a trusted
access box (not the "entertainment" box). My little access box doesn't
have much memory so can't run anything more than e.g. dillo. This isn't
an issue unless the concensus here is that a large browser (e.g.
Konqueror or Seamonkey) is the most secure.

I'm only focusing on the choice of browser for the secure section of
the setup. Browsing is the only thing where there is a choice of app
which will affect the performance of my boxes. Everything else I do I
can do just fine on my 486.

Doug.

Douglas A. Tutty

2008-01-18 01:15:15 UTC

Post by Rico Secada
On Thu, 17 Jan 2008 18:17:54 -0500

[snip]
Why not create an OpenBSD live CD with the stuff you want on it?

Because this box will also be my main server. For details, see a
previous thread (I forget the title) where I'm splitting things
between a "secure" box where anything confidential will be kept, and
an "entertainment" box for regular browsing with javascript and, where
required, flash. Also for watching DVDs and listening to music.

A main server where you need a graphical browser? I am sorry, but why
don't you just use your entertainment box rather than browsing graphics
from your server?

Because the entertainment box is downstairs whereas my other box (a
P-II right now) is accessible from upstairs. If the results of this
thread are that a big browser e.g. Konqueror is most likely to be the
most secure, then that doesn't run directly on my P-II (not enough
memory). I could have it installed on the server and run it via ssh
from my P-II access box.

Also, I would want to do any online banking with a secure browser from a
secure box (see previous threads related to this).

Doug.

Joachim Schipper

2008-01-18 03:33:11 UTC

[snip]
Why not create an OpenBSD live CD with the stuff you want on it?

Have you considered that
a) you need to be very careful to properly separate these environments?
(No SSH, no shared passwords, no direct access to 'confidential' data,
etc.)
b) the barrier between different users is pretty strong? Outside of some
annoying symlink race conditions, there is very little mischief one
account can do to another account that does not require gaining root in
the first place. And most insecure software, at least on OpenBSD, will
allow you to crack an account but not root
c) graphical environments don't really belong on servers?

Anyway, good luck. I can't think of any good suggestion except
re-iterating what was said above, and noting that w3m can display
graphics in an xterm.

Joachim

--
PotD: x11/gnome/audio - audio files for Gnome

Joel Wiramu Pauling

2008-01-18 05:25:41 UTC

chroot ;-).

It is a pity that the is nothing like linux vservers for openbsd as yet ;-)

Post by Douglas A. Tutty
I have a box that I want to keep as secure as I can but I also need

Post by Douglas A. Tutty
be able to use a graphical browser from it (I know that this is a
trade-off).
There is no graphical browser in base. I don't need or want this
browser to do javascript or flash (I have a different box for
entertainment). Of the browsers in packages, which browser would

people

Post by Douglas A. Tutty
think is likely the most secure?

[snip]
Why not create an OpenBSD live CD with the stuff you want on it?

Have you considered that
a) you need to be very careful to properly separate these environments?
(No SSH, no shared passwords, no direct access to 'confidential' data,
etc.)
b) the barrier between different users is pretty strong? Outside of some
annoying symlink race conditions, there is very little mischief one
account can do to another account that does not require gaining root in
the first place. And most insecure software, at least on OpenBSD, will
allow you to crack an account but not root
c) graphical environments don't really belong on servers?
Anyway, good luck. I can't think of any good suggestion except
re-iterating what was said above, and noting that w3m can display
graphics in an xterm.
Joachim
--
PotD: x11/gnome/audio - audio files for Gnome

Douglas A. Tutty

2008-01-18 15:12:02 UTC

Post by Joel Wiramu Pauling
chroot ;-).

See the previous threads on this list about the false sense of security
with virtualization and chroots in this context.

Also see the previous thread for how I'm separating things between
"secure", "entertainment" and the access boxes and terminals.

Doug.

Post by Joel Wiramu Pauling
It is a pity that the is nothing like linux vservers for openbsd as yet ;-)

Post by Douglas A. Tutty
I have a box that I want to keep as secure as I can but I also need

people

Post by Douglas A. Tutty
think is likely the most secure?

[snip]
Why not create an OpenBSD live CD with the stuff you want on it?

Have you considered that
a) you need to be very careful to properly separate these environments?
(No SSH, no shared passwords, no direct access to 'confidential' data,
etc.)
b) the barrier between different users is pretty strong? Outside of some
annoying symlink race conditions, there is very little mischief one
account can do to another account that does not require gaining root in
the first place. And most insecure software, at least on OpenBSD, will
allow you to crack an account but not root
c) graphical environments don't really belong on servers?
Anyway, good luck. I can't think of any good suggestion except
re-iterating what was said above, and noting that w3m can display
graphics in an xterm.
Joachim
--
PotD: x11/gnome/audio - audio files for Gnome

Frank Bax

2008-01-17 23:36:27 UTC

Have you considered running the browser in a virtual environment?

Marco Peereboom

2008-01-17 23:16:46 UTC

what are you referring to?

are we restarting the VM are more secure flame fest?

Post by Frank Bax

Have you considered running the browser in a virtual environment?

johan beisser

2008-01-18 00:00:37 UTC

Post by Frank Bax
Have you considered running the browser in a virtual environment?

Outside of virtualization providing snapshots, it doesn't do anything
to truly improve security.

Douglas A. Tutty

2008-01-18 01:17:09 UTC

Post by Frank Bax

Post by Douglas A. Tutty
I have a box that I want to keep as secure as I can but I also need to
be able to use a graphical browser from it (I know that this is a
trade-off).

Have you considered running the browser in a virtual environment?

Sure, but there have been many threads on here about how there is no
virtualization system that adds security on i386/amd64 (as opposed to
hardware with virtualizatio built-in).

Doug.

Edd Barrett

2008-01-18 00:06:15 UTC

links -g ?

--
Best Regards

Edd

http://students.dec.bournemouth.ac.uk/ebarrett

Steve Shockley

2008-01-18 03:11:47 UTC

Post by Douglas A. Tutty
I have a box that I want to keep as secure as I can but I also need to
be able to use a graphical browser from it (I know that this is a
trade-off).

Assuming you've already decided to run X, then why not just run the
browser on your other machine and set the display to your server? Or
use rdesktop to connect to a Windows machine or vnc client or whatever.
That way any attacks would be an order of magnitude more difficult, an
attacker would have to exploit a bug both in the browser and a bug in X.

Douglas A. Tutty

2008-01-18 15:13:44 UTC

Post by Steve Shockley

Post by Douglas A. Tutty
I have a box that I want to keep as secure as I can but I also need to
be able to use a graphical browser from it (I know that this is a
trade-off).

See the previous thread "adivce requested on security issue" where
someone wanted to keep normal browsing separate from on-line banking
browsing.

Doug.

Han Boetes

2008-01-18 13:33:30 UTC

Most secure goes a long way. I run firefox on a sepperate user
account. I doubt it's the most secure solution but it sure is
quite a bit more secure, and I'm quite sure you really don't want
to the most secure solution. :-)

http://www.xs4all.nl/~hanb/documents/firefox_for_paranoid_people

# Han

Raimo Niskanen

2008-01-18 14:04:30 UTC

Post by Han Boetes
Most secure goes a long way. I run firefox on a sepperate user
account. I doubt it's the most secure solution but it sure is
quite a bit more secure, and I'm quite sure you really don't want
to the most secure solution. :-)
http://www.xs4all.nl/~hanb/documents/firefox_for_paranoid_people

That was a nice solution. Gives firefox a sandbox to play in.
Perhaps the user 'firefox' can have an own disk partition for
its home directory too.

Post by Han Boetes
# Han

--
/ Raimo Niskanen, Erlang/OTP, Ericsson AB

Joachim Schipper

2008-01-21 01:49:58 UTC

That still leaves open a lot of possibilities for mischief [1]. Don't
run trusted and untrusted programs on the same X server!

Joachim

[1] Including, in an otherwise-unsecured X setup, 'sniffing' keystrokes,
taking 'screenshots', and the like. Not things that are acceptable for a
'secure' desktop.

--
TFMotD: flex (1) - fast lexical analyzer generator

Joel Wiramu Pauling

2008-01-21 03:16:48 UTC

Well short of building yourself into a faraday cage there is not much you
can do to avoid van Eck sniffing. Also while LCD's are immune, I hear that a
similar technique can be applied to LCD's. I am guessing sniffing LCD's is
probably an order of magnatude more difficult than CRT tho.

Post by Joachim Schipper

That still leaves open a lot of possibilities for mischief [1]. Don't
run trusted and untrusted programs on the same X server!
Joachim
[1] Including, in an otherwise-unsecured X setup, 'sniffing' keystrokes,
taking 'screenshots', and the like. Not things that are acceptable for a
'secure' desktop.
--
TFMotD: flex (1) - fast lexical analyzer generator

Jussi Peltola

2008-01-18 19:30:01 UTC

Most of the replies are missing the point. You do not only want to
protect the rest of your system from your browser. You also want to
avoid your browser doing anything an attacker wants when he finds an
exploit in it.

If you try to solve the problem with virtualization, different users or
another solution like that, you would have to run multiple browsers for
different sites to avoid browser exploits causing trouble. Of course, it
is always better to run network applications as a different user than
yourself, but browser exploits are somewhat hard to contain that way
since the things attackers want may be in the browser itself (cookies
or, hopefully not, saved passwords).

I have to restate what I wrote in another thread: looking at the
security record of the popular browsers it is scary we use them for
online banking and other security-critical functions so carelessly in
our everyday life.

--
Jussi Peltola

Douglas A. Tutty

2008-01-19 02:39:20 UTC

Post by Jussi Peltola
Most of the replies are missing the point. You do not only want to
protect the rest of your system from your browser. You also want to
avoid your browser doing anything an attacker wants when he finds an
exploit in it.
If you try to solve the problem with virtualization, different users or
another solution like that, you would have to run multiple browsers for
different sites to avoid browser exploits causing trouble. Of course, it
is always better to run network applications as a different user than
yourself, but browser exploits are somewhat hard to contain that way
since the things attackers want may be in the browser itself (cookies
or, hopefully not, saved passwords).
I have to restate what I wrote in another thread: looking at the
security record of the popular browsers it is scary we use them for
online banking and other security-critical functions so carelessly in
our everyday life.

Right, and I'm only using banking as an example. I'm going to separate
totally normal everyday browsing to an "entertainment" box that contains
no private data but that also is monitored by the "secure" box for file
alterations. As for having an attacker get my browser to do anyting he
wants, this is a risk shared by everyone who uses a browser for anything
at all.

Net browsing on the secure box will be limited to security concious
sites, such as internet banking where I wouldn't want anything I do on
the site to be monitored by a browser that I had ever visited a more
generic site, just to avoid cross-site issues.

We can save which box, "entertainment" or "secure", to use for eBay
transactions (as opposed to just eBay browsing), for another thread.

As for the security record of popular browsers, this is the question.
Is a browser with a long history of few security bugs more or less
secure than a browser with a long history of many security bugs?
Someone suggested that Dillo, with a long history of few bugs, with a
simple design, may be more secure.

Also note that I'm specficially looking at graphical browsers here and
"banking" may not be the best exemplar since hopefully the OBSD base
Lynx will work for that.

Thanks,

Doug.

Joel Wiramu Pauling

2008-01-19 03:18:24 UTC

Dude, you want a proxy with different user ACLs. This is not a browser thing
at all.
2 firefox profiles will do the same thing, each having a different proxy
user set. Hell have 2 user accounts on your entertainment box, and ssh -X
***@localhost when you want to bring up your secure account.

Keep the browser off the server box, instead put a filtering proxy of it.

But hey its your life, do what you want.

ropers

2008-01-19 07:24:27 UTC

Post by Douglas A. Tutty
As for the security record of popular browsers, this is the question.
Is a browser with a long history of few security bugs more or less
secure than a browser with a long history of many security bugs?
Someone suggested that Dillo, with a long history of few bugs, with a
simple design, may be more secure.
Also note that I'm specficially looking at graphical browsers here and
"banking" may not be the best exemplar since hopefully the OBSD base
Lynx will work for that.

You obviously can't generalise. Simply counting the number of
disclosed(!) vulnerabilities, and maybe the time till they're fixed,
can give you some indications, but even though it's frequently done,
and even though these numbers are frequently bandied about **cough**
Secunia **cough**, seriously or exclusively relying on them is
amazingly bad science.
You already observed that a larger number of disclosed bugs may be
indicative of more active and responsive development for a more
popular product (sometimes more popular for a reason), or the software
may just be very insecure. Which is it? You can't tell without looking
at the details, or asking somebody who has done so. Your specific
questions to this list about Dillo et al. are quite valid in that
regard, but your generalised question "Is a browser with a long
history of few security bugs more or less secure than a browser with a
long history of many security bugs?" really can't be answered. It
depends.

Thanks and regards,
--ropers

Douglas A. Tutty

2008-01-19 19:33:42 UTC

Post by ropers
may just be very insecure. Which is it? You can't tell without looking
at the details, or asking somebody who has done so. Your specific
questions to this list about Dillo et al. are quite valid in that
regard, but your generalised question "Is a browser with a long
history of few security bugs more or less secure than a browser with a
long history of many security bugs?" really can't be answered. It
depends.

I agree ropers. It seems that nobody has "looked at the details" and
nobody who has done so has said so in this thread. I may as well go
with Konqueror (for the feel I like) and Firefox (for sites that don't
work with Konq) and be done with it.

Thanks all.

Doug.

Mark Shroyer

2008-01-22 00:01:31 UTC