Google Chrome vs. FX+NS; integral sandboxing vs. 3rd-party

Talk about internet security, computer security, personal security, your social security number...
Hungry Man
Junior Member
Posts: 43
Joined: Wed Oct 19, 2011 9:42 pm

Re: Google Chrome vs. FX+NS; integral sandboxing vs. 3rd-par

Post by Hungry Man » Thu Dec 01, 2011 8:41 pm

Agreed. It's not the CA system, it's that *Comodo itself* was breached by a hacker in a foreign country who was able to log in as a privileged Comodo exec with the authority to issue certs. That's not confidence-inspiring, especially for a company in the business of firewalls and overall security.

Happens a lot. I mean, it's definitely not making me feel confident but I don't think it matters much.

I wasn't referring to the write.exe program. (nice to meet someone who remembers that!) I knew you meant MS Word. But I think you typo'd by saying you could tell Word not to READ from s32, where probably you meant, tell it not to WRITE to s32. Which is why I said i thought that Word *must* have READ permissions to s32, as some of the libraries it calls are in s32. Clearer?

Could be read or write. It might break Word, it was purely an example. I could say to block read/write to the downloads folder - the point is that you can add the most meaningless restriction to any program and it's still a sandbox.
Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/535.8 (KHTML, like Gecko) Chrome/17.0.942.0 Safari/535.8

Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Google Chrome vs. FX+NS; integral sandboxing vs. 3rd-par

Post by Tom T. » Thu Dec 01, 2011 10:04 pm

Hungry Man wrote:... I could say to block read/write to the downloads folder - the point is that you can add the most meaningless restriction to any program and it's still a sandbox.

I'd call that a simple permissions restriction, and not a sandbox in any sense of the word, but no point in quibbling over semantics, eh? ;)

(I have the Remote Desktop Protocol -- RDP service -- disabled, but I wouldn't say that I sandboxed RDP, or that the machine was sandboxed against RDP attacks. I just disabled the dang service, that's all. :D )
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.24) Gecko/20111103 Firefox/3.6.24

Hungry Man
Junior Member
Posts: 43
Joined: Wed Oct 19, 2011 9:42 pm

Re: Google Chrome vs. FX+NS; integral sandboxing vs. 3rd-par

Post by Hungry Man » Thu Dec 01, 2011 10:54 pm

Permission restrictions are definitely sandboxes =p before virtualization etc that's all sandboxes were. SELinux is a good example of this. Essentially a jail. Or Chrome, which uses MIAC - a sandbox.
Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/535.8 (KHTML, like Gecko) Chrome/17.0.942.0 Safari/535.8

Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Google Chrome vs. FX+NS; integral sandboxing vs. 3rd-par

Post by Tom T. » Thu Dec 01, 2011 11:07 pm

http://en.wikipedia.org/wiki/Sandbox_%2 ... ecurity%29
In computer security, a sandbox is a security mechanism for separating running programs. It is often used to execute untested code, or untrusted programs from unverified third-parties, suppliers, untrusted users and untrusted websites.....

The sandbox typically provides a tightly-controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted. In this sense, sandboxes are a specific example of virtualization.

I think this thread has about outlived its usefulness, as it's down to semantics. It's been interesting, but time to let it go -- unless there's any more actual, new material or ideas that haven't been discussed already. Any objection?

btw, if you want more interesting reading, go to http://www.schneier.com, and search for "Clive Robinson"+castle ....... and "NickP+jail".
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.24) Gecko/20111103 Firefox/3.6.24

Hungry Man
Junior Member
Posts: 43
Joined: Wed Oct 19, 2011 9:42 pm

Re: Google Chrome vs. FX+NS; integral sandboxing vs. 3rd-par

Post by Hungry Man » Thu Dec 01, 2011 11:20 pm

Alrighty.
Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/535.8 (KHTML, like Gecko) Chrome/17.0.942.0 Safari/535.8

Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Google Chrome vs. FX+NS; integral sandboxing vs. 3rd-par

Post by Tom T. » Wed Dec 28, 2011 3:59 am

This Just In:
Giorgio Maone wrote:Forbes - Best Read: Brand'ts Top 5 Malware Threats in 2012
David Coursey wrote:If you’re not running Firefox with NoScript installed, you need to do so right now. As far as I can tell, it’s the only surefire method of preventing an accidental infection of a Windows PC by exploit-kitted Web pages.

Res ipsa loquitur. 8-)
Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1

Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Google Chrome vs. FX+NS; integral sandboxing vs. 3rd-par

Post by Tom T. » Sun Jan 08, 2012 10:07 am

Apparently, only NoScript can prevent SVG scriptless keylogger attack, and has been doing so even before the attack was revealed.

Users of other (non-NS-supporing) browsers, beware.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.25) Gecko/20111212 Firefox/3.6.25

User avatar
Thrawn
Senior Member
Posts: 3106
Joined: Mon Jan 16, 2012 3:46 am
Location: Australia
Contact:

Re: Chrome, NoScript, and WebRequest API

Post by Thrawn » Thu Jun 07, 2012 6:14 am

Tom T. wrote:Who said anything about obfuscated Javascript? I'm talking about obfuscated developer. :P
I merely visited the ScriptNo web site, looked at some of the FAQ, etc., and found that one about his anonymity.

Looks like the author of ScriptNo is no longer anonymous. And he discussed the reasons for the lack of personal info on Wilders Security. He sounds like he's doing his best.

I still think that ScriptNo should be renamed, and probably needs more disclaimers, and I'm holding out for the real NoScript before I seriously consider Chromium migration. But it's true that the developer deserves more credit for his effort. Who knows, maybe getting momentum behind something like ScriptNo is the only way Google will end up supporting NoScript fully.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.

True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:12.0) Gecko/20100101 Firefox/12.0

Post Reply