PDA

Просмотр полной версии : security & browsers



Ultima Weapon
18.11.2007, 02:11
IC, Is Opera still better than firefox with noscript? I thought they say Opera is the safest browser... Your opinion?

drongo
18.11.2007, 12:16
Any browser has bugs and security halls ;) As more as browser become popular- more security bugs will be find.
In opera you can easily allow on specific web page all scripts for all or no one - in explorer you can't doing even this so easily.But in noscript you can allow on specific site execution of the scrips, and others (mainly advertising systems ) will be still blocked.
For example, lets go to the site http://www.networkworld.com/topics/security.html
I want to allow scripts just for www.networkworld.com, and not for other advertising sites that may be appear on this page. (maby these advertising sites were been hacked (for example :http://www.wired.com/techbiz/media/news/2007/11/doubleclick ) or even www.networkworld.com itself was hacked (and 3th scripts was added) ;) )
You can see this on the pic: 22912
(Sorry that words like "allow " are in russian .)

I have heard, that NoScript can be used on netscape browser too ;)

XP user
18.11.2007, 15:27
IC, Is Opera still better than firefox with noscript? I thought they say Opera is the safest browser... Your opinion? Nothing beats NoScript; it's as simple as that. If that didn't exist, I would certainly opt for Opera as my default browser. Paul

Surfer
18.11.2007, 19:38
Firefox - best tweakable browser =)

Sjoeii
27.11.2007, 09:28
Still I really like Opera. But if I need to do any secure browsing I definately use Firefox with NoScript

Sjoeii
06.12.2007, 21:42
Someone posted this test over at the Kaspersky fan club forum.
http://www.webdevout.net/browser-security

Shadow[13]
08.12.2007, 07:19
Sjoeii Do you know is there anything like that thing for other browsers?
(BTW, there: http://en.wikipedia.org/wiki/List_of_web_browsers is some information about many browsers including timeline, but no information about security...)

Does anyone heard/seen/know anything bad about Amaya Browser?
(http://en.wikipedia.org/wiki/Amaya_(web_browser) http://www.w3.org/Amaya/)
I want to try using it... ^_^

Sjoeii
08.12.2007, 10:51
No sorry. I just picked it up somewhere.

never heard of amaya, but it sure looks like Maxthon

Shadow[13]
08.12.2007, 19:22
Hmm... Well... It doesn't realy looks like Maxton... I think...
And Maxton doesn't have it's own engine, but it can use IE or Firefox engine...
I'm trying to find compact and fast browser, what is not eating too much resources and doesn't support java and flash, with its own engine, maybe even something text based(w3m browser looks good: http://en.wikipedia.org/wiki/W3m)...

I want to try to install win2k3 on an old machine(Celeron 300, 520mb hdd, 128mb ram) and make it working there with all common features(Web Browser, File Manager, some archivator(s), some IM client(some icq client for me without all that useless things like sounds, animation, banners, games, avatars, advanced statuses, file transfer...), irc client(looking for something like 0irc(http://www.dev0.de/)), ftp client, some small network tools, some text editor and readers for word documents, pdf, djvu and others, some image viewer(i think about IrfanView), multimedia player, other common apps)... ^_^

Simple10
22.12.2007, 01:29
I read some posts at mozzillazine forums about IE being infected(or other) through firefox. The method does not apparently affect Firefox but only IE. I can't locate the thread currently, but if I find it I will post a link to it.

If this were possible, would it occur because of the trident layout engine which is a part of IE and Firefox or is it some other bug or vulnerability?

XP user
22.12.2007, 22:37
The problem is, of course, not in the browsers themselves, but in Windows. A malware installer capable of working on a range of browsers with native Java support (with the help of Sun Java Runtime Environment) can do very dirty tricks, yes, and I'm afraid this is not only limited to Firefox - it will work with Opera, Netscape and others as well.
Besides there is the URI vulnerability, which has still not been resolved completely. This affects especially the proud owners of IE7. It has to do with the way your browser launches arbitrary programs when special URLs containing the % character are clicked on. In doing so, they may allow spyware to be installed on the user's system, but the technical details go beyond the scope of this forum section. To give one example:
Entering

http:%xx../../../../../../../../../../../windows/system32/calc.exe".bat
under 'Start/Run' launches the calculator. Very scary. That's why, even while Firefox is my default browser, I locked IE down completely, and blocked it from Internet access (it's on a proxy to remote address 0.0.0.0, and I disabled the ability for most programs to launch others in the HKEY_CLASSES_ROOT section of the registry by deleting the Shell/Open/Command-parameter. This *is* risky if you don't know what you're doing, but it's the best defense you can imagine against spyware trying to silently run applications.
P.S.: I also removed Java support on my machine.

Paul

Sjoeii
28.12.2007, 11:09
just curious. Anyone using safari browser?

aintrust
28.12.2007, 13:06
@ Sjoeii

Sure... =)

Sjoeii
31.12.2007, 10:52
haha and what do you think?

aintrust
31.12.2007, 21:46
Safari is the best browser I've ever seen on my iPhone... =)))

Sjoeii
02.01.2008, 11:06
haha
I hope I can test that version later this week when I receive mine ;-)

Simple10
03.01.2008, 06:34
however, the most common avenue of exploitation is via Internet Explorer.
Internet Explorer 5.x, 6.x and 7 running on all versions of Windows are affected.

As plug-ins are generally used to enable access to third party file formats, many plug-in vulnerabilities apply to all compatible browsers on all operating systems. Any web browser running on any version of any operating system is potentially vulnerable.

- www.sans.org/top20/#c1

Could you be more specific on these procedures (would like to impliment them).

"That's why, even while Firefox is my default browser, I locked IE down completely, and blocked it from Internet access (it's on a proxy to remote address 0.0.0.0, and I disabled the ability for most programs to launch others in the HKEY_CLASSES_ROOT section of the registry by deleting the Shell/Open/Command-parameter. This *is* risky if you don't know what you're doing, but it's the best defense you can imagine against spyware trying to silently run applications.
P.S.: I also removed Java support on my machine." -Paul

Sjoeii
12.01.2008, 10:31
Safari is the best browser I've ever seen on my iPhone... =)))

I have my iPhone now for couple of days and must admit. safari works great :wink_3:

Simple10
16.02.2008, 09:54
That's why, even while Firefox is my default browser, I locked IE down completely, and blocked it from Internet access (it's on a proxy to remote address 0.0.0.0, and I disabled the ability for most programs to launch others in the HKEY_CLASSES_ROOT section of the registry by deleting the Shell/Open/Command-parameter. This *is* risky if you don't know what you're doing, but it's the best defense you can imagine against spyware trying to silently run applications.
P.S.: I also removed Java support on my machine.

Paul

I have vista. How do I do that with the registry? PM if you don't want to post. How do I get rid of java support, Add/Remove? I thought I needed IE for Windows Updates.

harrybro
21.04.2012, 07:36
It has to do with the way your browser launches arbitrary programs when special URLs containing the % character are clicked on.