Page 4 of 4

Re: Flash Player sandboxing is coming to Firefox

Posted: Mon May 28, 2012 11:23 am
by dhouwn
GµårÐïåñ wrote:However, even with boot capability some BIOS will treat thumb drives due to their file system and flags as removable and that's why they need to be formatted in a proper way to allow it to behave as it should.
The bit I was talking about is there no matter how the drive is formatted.
Tom T. wrote:
...Tom's strange BIOS....
Having been installed by a major OEM on all almost all of their laptops except for the most expensive, I don't see that it's "strange". IIUC, some other brands of laptops are like this also.
It would be strange because I don't see the value in looking for that bit just to refuse to boot from a drive. Note that I was just hypothesizing what could be the issue here.
Tom T. wrote:the issue is that these MOBOs are incompatible with booting from flash drive.
One thing I am certain is that it's not a hardware issue, so with the right BIOS you should be able to directly boot from flash drives just fine. Too bad BIOS hacking (in the sense of customising or writing your own) is quite a challenge. With EFI such things might get easier but on the other hand there you have to deal with signature checks etc. more often (e.g. with Intel mainboards like I heard).
Tom T. wrote:basically you'd need a different mobo, which in a laptop means a different CPU,
Not necessarily, unless the CPU is soldered on.

Re: Flash Player sandboxing is coming to Firefox

Posted: Tue May 29, 2012 4:12 am
by Tom T.
dhouwn wrote:
Tom T. wrote:the issue is that these MOBOs are incompatible with booting from flash drive.
One thing I am certain is that it's not a hardware issue, so with the right BIOS you should be able to directly boot from flash drives just fine...
dhouwn wrote:
Tom T. wrote:basically you'd need a different mobo, which in a laptop means a different CPU,
Not necessarily, unless the CPU is soldered on.
This has already came up. The first time this old laptop went into the (factory-authorized) shop, still under warranty, I asked how much it would cost to upgrade to a faster CPU, since they would already have the machine opened up and it seemed like what you said: Snap in a new one.

No, they said it was impossible. IDK how much of your work or experience is with laptops, but the gist of it was that due to the much more severe constraints on size, weight, battery consumption, cooling, etc., that virtually each model from a given OEM was designed as a "package deal", with all of the most critical hw components carefully chosen to interact with each other *only*, and the mobo would support only those. (and vice versa).

I can visualize how a desktop can afford to install components with greater flexibility in accommodating various ranges of components, and why that greater flexibility would come with greater size, weight, possibly power consumption, etc. For example, a faster CPU would probably use more power and generate more heat. Trivial in a desktop, but no good for a laptop, especially since cooling is barely adequate anyway (at least in the less-expensive models). Note the huge market for laptop coolers, on which you sit the machine. (And the OEM warns of possible burns from prolonged use on the bare skin of one's legs.)

Just relating what they told me. But it does make some sense.

Also, I think it's long past time to split this thread to Web Tech. :)

Re: Flash Player sandboxing is coming to Firefox

Posted: Tue May 29, 2012 7:44 pm
by GµårÐïåñ
Tom T. wrote:As said, it boots the Acronis emergency (Linux-based) OS just fine from a USB CD/DVD reader or read/writer.
Because my friends at Acronis are using a Linux bootloader to simulate an OS boot, even though the actual tool that finally loads is windows based (PE) and my trick uses similar without needing to rely on a cross platform loader which can get messy. This actually formats the SD/Thumb in windows boot format and therefore no need to use a Linux live bootloader to do it. I will send you the instructions but you need to be handy with using FDISK? Any problems with that? You can batch it, but I wouldn't suggest it.

Re: Flash Player sandboxing is coming to Firefox

Posted: Sun Jun 03, 2012 4:25 pm
by tlu
Tom T. wrote:
I understand your point about adding additional layers of defense, bypassable or otherwise. The flip side of that is that larger footprint = larger attack surface.
Tom, that's not necessarily true. It's true, e.g., if you're using more and more addons in your browser. It's not true, e.g., for a combination of a limited account + SRP which is still one of the most efficient measures to prevent malware, IMHO. It's simply a built-in functionality in Windows which, unfortunately, isn't used by most people, though. (The beauty of this approach is that the execution of "illegitimate" software - which isn't deliberately downloaded and installed by the user - is simply stopped cold. Period. No decision by the user needed.)
It's been estimated that on average, there is one flaw in every 1000 lines of code.
Some will be meaningless. Some will create bugs in functionality. Some will be exploitable.
Absolutely. But that doesn't militate against ASLR and SEHOP. They are making it much harder to break into a system even if some hackers find ways to bypass them. If I remember correctly, even Noscript had been bypassed in the past by new types of attacks - but you're still using it (and so am I, of course) ... :lol:

Re: Various safety measures, OS comparisons, multi-boot, Fla

Posted: Mon Jun 04, 2012 2:42 pm
by therube
a combination of a limited account + SRP
Limited accounts certainly do not mesh with me, & I've had run-ins with SRP too. (Maybe I'll have another look at SRP?)

Chrome mentioned here, http://www.dslreports.com/forum/r27192531-. (Start of thread, Google Chrome Now the No. 1 Browser in the World.)

Oh, and, Browser Security Comparison: A Quantitative Approach & http://www.accuvant.com/sites/default/f ... h_v1_0.pdf