The Naked Scientists

The Naked Scientists Forum

Author Topic: When will the first malware immune browser be developed?  (Read 4024 times)

Offline Geezer

  • Neilep Level Member
  • ******
  • Posts: 8328
  • "Vive la résistance!"
    • View Profile
Web browsers all seem to be about as resistant to malware as a brown paper bag. The entire web browser paradigm is one gigantic security nightmare.

When is the industry going to recognize this and produce a browser that can only be compromised as the result of deliberate actions by the user?

(BTW - I think the problem applies equally to all platforms, so if you believe otherwise, please present hard architectural evidence.)


 


 

Offline tommya300

  • Hero Member
  • *****
  • Posts: 655
    • View Profile
When will the first malware immune browser be developed?
« Reply #1 on: 07/07/2010 12:39:20 »
Web browsers all seem to be about as resistant to malware as a brown paper bag. The entire web browser paradigm is one gigantic security nightmare.

When is the industry going to recognize this and produce a browser that can only be compromised as the result of deliberate actions by the user?

(BTW - I think the problem applies equally to all platforms, so if you believe otherwise, please present hard architectural evidence.)

.
I think that total virus resistant environment is not an objective that will be possible!
 Unless initially sterile, then the system is in a self contained shell. Abstain from external exposure.

There has been no door made, that could not be opened.

 Once a mechanism's operation is understood and accessable anything is possible.
When will there be a cure for the common cold?

Adding a question is:

 Why do we hear lesser of some Operating Systems being attacted more of others?
.
 
 

Offline wolfekeeper

  • Neilep Level Member
  • ******
  • Posts: 1092
  • Thanked: 11 times
    • View Profile
When will the first malware immune browser be developed?
« Reply #2 on: 07/07/2010 16:09:22 »
Web browsers all seem to be about as resistant to malware as a brown paper bag. The entire web browser paradigm is one gigantic security nightmare.
Web browsers are very complicated and so the chances of there being a bug is very high.

Also, some of the heavy lifting by web browsers is done by other programs, that can also have bugs in them, flash, pdf files, word, etc. A bug in any of these often spell disaster.

Quote
When is the industry going to recognize this and produce a browser that can only be compromised as the result of deliberate actions by the user?
That wouldn't help, cos users can be tricked/are idiots!
 

Offline RD

  • Neilep Level Member
  • ******
  • Posts: 8134
  • Thanked: 53 times
    • View Profile
When will the first malware immune browser be developed?
« Reply #3 on: 07/07/2010 16:11:19 »
... produce a browser that can only be compromised as the result of deliberate actions by the user ?

The free "NoScript" add-on for the FireFox browser is helpful in this respect: it can be configured so the user must choose authorise everything: no script (geddit) runs without your permission. (blocks those annoying animated adverts which hog bandwidth and CPU, unless you choose to see them).

Like Tommya300 says the malware Vs anti-malware battle is an endless game of cat and mouse.
« Last Edit: 07/07/2010 16:14:35 by RD »
 

Offline wolfekeeper

  • Neilep Level Member
  • ******
  • Posts: 1092
  • Thanked: 11 times
    • View Profile
When will the first malware immune browser be developed?
« Reply #4 on: 07/07/2010 16:13:46 »
Why do we hear lesser of some Operating Systems being attacted more of others?
Well, OSs do vary a bit as to how easy they are to subvert, but pretty much they're all crackable.

The main thing is from the bad guy's point of view, if you've got two OSs and one is used by 90% of people and the other 10%, for about the same amount of effort you can attack 9x as many people if you attack the bigger target. That's probably the main point.
 

Offline Geezer

  • Neilep Level Member
  • ******
  • Posts: 8328
  • "Vive la résistance!"
    • View Profile
When will the first malware immune browser be developed?
« Reply #5 on: 07/07/2010 17:47:54 »
Thanks all, but I'm not buying it  ;D.

The current situation is clearly ridiculous. All the anti-malware stuff is simply reacting to a threat after (sometimes long after) a security breach has been detected. It's a house of cards.

I believe that failing to address this head on has very serious consequences for the future of the web.
 

Offline Bored chemist

  • Neilep Level Member
  • ******
  • Posts: 8670
  • Thanked: 42 times
    • View Profile
When will the first malware immune browser be developed?
« Reply #6 on: 07/07/2010 19:51:11 »
"When is the industry going to recognize this and produce a browser that can only be compromised as the result of deliberate actions by the user?"

Probably about the same time that we can disband the police and army because everyone has finally realised they should be nice to each-other. This will coincide with the end of the "war on terror" and the "war on drugs".
 

Offline SeanB

  • Neilep Level Member
  • ******
  • Posts: 1118
  • Thanked: 3 times
    • View Profile
When will the first malware immune browser be developed?
« Reply #7 on: 07/07/2010 21:12:00 »
The first browser was Lynx and is pretty much immune, as it only displays text, no fancy things like images or anything else. As it cannot run any scripting you are pretty much not going to get any of the more common exploits, and as it is such a small program it is possible to get almost every bug either known and fixed or unusable. Of course you do lose out on the flashier parts of the internet though.....

 

Offline Geezer

  • Neilep Level Member
  • ******
  • Posts: 8328
  • "Vive la résistance!"
    • View Profile
When will the first malware immune browser be developed?
« Reply #8 on: 07/07/2010 22:53:18 »
"When is the industry going to recognize this and produce a browser that can only be compromised as the result of deliberate actions by the user?"

Probably about the same time that we can disband the police and army because everyone has finally realised they should be nice to each-other. This will coincide with the end of the "war on terror" and the "war on drugs".

Perhaps. The purveyors of browsers seem to be far more interested in selling new features and pandering to the advertising community than they are about protecting their customers. I suppose this will continue until the customers start screaming blue murder.

This is not a very difficult problem to solve. The technology exists. It's just a case of putting enough pressure on the companies that depend on the Internet to generate their vast profits so that they are forced to do something about it.

 

Offline RD

  • Neilep Level Member
  • ******
  • Posts: 8134
  • Thanked: 53 times
    • View Profile
When will the first malware immune browser be developed?
« Reply #9 on: 08/07/2010 02:11:31 »
You could use virtualizaton Geezer, essentially a disposable OS ...
http://m.zdnet.com/blog/security/rutkowskas-qubes-os-to-implement-disposable-vms/6588

[Programmes do run noticeably slower on a virtual machine, you'd need a high performance PC not to notice the delay]
« Last Edit: 08/07/2010 02:19:35 by RD »
 

Offline Geezer

  • Neilep Level Member
  • ******
  • Posts: 8328
  • "Vive la résistance!"
    • View Profile
When will the first malware immune browser be developed?
« Reply #10 on: 08/07/2010 03:14:44 »
You could use virtualizaton Geezer, essentially a disposable OS ...
http://m.zdnet.com/blog/security/rutkowskas-qubes-os-to-implement-disposable-vms/6588

[Programmes do run noticeably slower on a virtual machine, you'd need a high performance PC not to notice the delay]


I think you are right on the money RD. That might be the best solution for a large percentage of the users.

When you boil it all down, there is no particular reason why I should allow unknown software to execute on my PC (but that's what the current browser model requires).

All we really need is a terminal that allows us to view and enter data into web pages. We might also use it to download data from time-to-time, with our permission. Why should we ever have to allow unknown programs to run on our computers?

(I believe the answer is not technical, it's commercial.)
 

Offline Shanidar

  • First timers
  • *
  • Posts: 2
    • View Profile
When will the first malware immune browser be developed?
« Reply #11 on: 09/07/2010 02:56:37 »
Buy a mac, I haven't had any malware in years.
 

The Naked Scientists Forum

When will the first malware immune browser be developed?
« Reply #11 on: 09/07/2010 02:56:37 »

 

SMF 2.0.10 | SMF © 2015, Simple Machines
SMFAds for Free Forums