Best Internet Browser

Now that you have a clean system (right?), it’s time to build a better defense system starting with the internet browser.

The “best internet browser” is really a subjective opinion. Each browser emphasizes those features and benefits that will appeal to the user’s hot buttons – speed, layout, menu structure, etc.

Browser security is not often considered by the general public in deciding what the best internet browser is for them. It is assumed that security is handled by “those qualified to take care of it all” – the antivirus software, firewall, intrusion detection, etc.

Yet, more and more viruses are designed to exploit flaws in the internet browser and third-party applications (Acrobat, Reader, Quicktime) used by the browser.

Since the browser is the portal between your computer and the internet, it makes sense to spend a little time exploring the browser from a security perspective.

The internet browser has been used to host many different types of malware – toolbars, popups, drive by downloads, ActiveX, browser helper objects. Most of what is considered malware, simply takes advantage of the facilities of the browser designed to provide a benefit to the user.

Security Shoot Out

For the past three years, The TippingPoint Zero Day Initiative (ZDI) has held the annual Pwn2Own contest at the CanSecWest security conference held in Vancouver, BC.

Cash prizes are awarded to the first to hack a given browser/operating system.

Firefox, Safari, and Internet Explorer were all exploited during the Pwn2Own competition that took place at the conference.

Google’s Chrome browser, however, was the only one left standing—a victory that security researchers attribute to its innovative sandbox feature.

Reviewing the published work of the contest winners reveals a common feature in their success. The use of javascript. If you search deeper, you will find that the use of javascript is the single most powerful tool in the hacker’s toolbox. Almost every exploit uses javascript.

Javascript is a very powerful language and is used extensively on websites (Javascript is not Java).

Everything from menus, navigation bars, login boxes to formatting, displaying videos and advertising – most are driven by javascript.

Because all internet browsers execute javascipt, it is the hackers tool of choice. Javascript executes in the browser’s memory space in your computer. Simply put, when you click on a website, the javascript on that page runs in your computer through the browser. It never prompts you to allow it and it (javascript) never exists as a file that the antivirus can see (and even if it dropped a temporary file, it would be so new that the AV wouldn’t detect it immediately).

Not only does the javascript code on the page you’re visiting run, but also all of the javascripts that the page javascripts call. One script can call (execute) another from a completely different website.

Inserting javascript exploit code into websites is the single element responsible for generating over 55,000 new virus per day in 2009. From a website, javascript can generate unique virus delivery packages that are undetectable by security software.

Best Internet Browser

So, from a security perspective, the best internet browser is one that provides some ability to mitigate what hackers can do to your computer via the browser – block javascript!

 

Google Chrome

Google Chrome

Google developed Chrome in 2008 implementing “sandbox” technology to protect the operating system from browser exploits. A sandbox is simply an isolated portion of system memory used to run the browser and all it’s processes.

Programs running in the sandbox are prevented from accessing other portions of system memory thereby preventing browser exploits from taking control of the memory used by the operating system.

Google’s Chrome makes use of the existing Windows protection devices called access tokens. Each function of the browser that uses computer resources, must present a valid access token before being granted access to the function. Google engineers modify the access tokens by stripping out some of the privileges granted by the operating system in order to restrict the browsers ability to access system functions.

So far, this appears to be a successful security model. However, javascript is still allowed to execute without restriction other than the sandbox. Will the sandbox successfully stop the use of javascript to compromise the computer? Time will tell.

Private Browsing

Private browsing is a feature in most internet browsers today. It prevents the browser from saving any internet “residue” – cookies, temporary cache files, history – that are part of the design of the internet topology.

Is private browsing safer? Yes.

Some cookies hold session information that can be hijacked and used to present fake bank login pages. Temporary cache files are put in your computer as a part of the original internet design (pre-broadband) to speed up loading of images on websites. Hackers can do the same. History is history – private browsing is sometimes called “porn mode.”

 

Mozilla Firefox

Mozilla Firefox

Hovering at 46% of all browser traffic, Firefox has become the best internet browser when measured by usage.

The Mozilla development community is an impressive embodiment of the open source philosophy. Instead of being closed and secretive, Mozilla’s development efforts are in full view. Mozilla openly courts developers wanting to assist in the development of Firefox and all efforts are subject to peer review.

Their open source nature lets a world of security researchers get involved in fixing bugs and building stronger security features. Their community of testers also help find and fix security issues in record time.

Open source development gives independent software developers the opportunity to write add-ons or plug-ins for Firefox. With something over 160 million add-ons in use, the platform has become very popular.

However, with that many developers writing add-ons, there is an increased risk of browser add-ons being exploited. Misbehaving plug-ins can cause slow loading of Firefox and may even crash it. Keeping your installed plug-ins to a minimum is recommended.

If Firefox becomes unusable, there is a Safe Mode option from the the start menu. This will present a menu allowing you to disable/reset the startup configuration (addons, toolbars, etc.) of Firefox.

As with all browsers, javascript executes natively. Several of the plug-ins for Firefox, will effectively block javascript and advertisements. The Best Internet Security page has more information about the use of browser plug-ins to provide tighter internet security.

 

Internet Explorer Internet Explorer

IE contains two features, ActiveX and Brower Help Object (BHO), that were developed by Microsoft to enhance the web experience. Each has been abused extensively by hackers to infect computers; each has been abused by advertising companies to install toolbars and the like.

Microsoft has patched IE to prevent the automatic execution of ActiveX from websites. You’re now prompted with a message bar that a website wants to install something. But, due to the large installed base, IE is still a favorite of hackers. IE also has a privacy mode.

Because Internet Explorer is installed in EVERY computer running Microsoft Windows operating system, it is the target of choice for hackers.

A Google search for “IE exploits” returns over 10 million pages. “Firefox exploits” returns 716,00 pages.

Statistically speaking (Google speak, that is), Internet Explorer would not be the best internet browser from a security perspective.

 

OperaOpera

Opera has always been unique in their user interface features. However, javascript is still executed natively and, AFIK, there are no plug-ins available to restrict execution of javascript.

Opera does include Fraud Protection. Each time you contact to web page, Opera sends the domain name of the requested page to the server, which checks it against phishing blacklists compiled by Netcraft and PhishTank, and malware blacklists compiled by TRUSTe.

This is good though subject to one small consideration – the blacklists have to be updated to know about new rogue sites. Hackers have many tools for staying ahead of blacklists. They know they have only a few days before being discovered and moving on to the next website/domain. Not a very secure option.

 

SafariSafari

Safari is Apples’ internet browser installed on all Apple devices. Google finds over 5 million “Safari exploit” pages.

At the CanSecWest security conference, Safari (running on a Mac) was the first to be compromised in 2008.

The same researcher came back in 2009 with two of his own, unpublished exploits and took out Safari again.

Safari may be the best internet browser for Apple and it’s user interface and speed, but security hasn’t been one of it’s strong points.

As with any software developer, Apple took immediate steps to correct the issues…the ones they knew about.