Hi Everyone,

With today's multi-layered attacks like dropping a malware item in the browser's cache and then executing it (or maybe modifying it in cache), does it make sense (security wise) to disable the browser's cache?
Assuming you are on broadband of course. On dial up, you would probably need to leave the cache on to make surfing bearable.
The idea is if the malware is not on the disk and only in the browser's memory space, it would be harder for the malicious script, applet, or activeX to execute or modify the malware. I know some browsers (any but IE and IE shells) are less likely to have such a vulnerability, but it might be a good prevention against future exploits.
Would this idea be equally valid across browsers IE, Firefox, Opera, Mozilla?

What do you think?

I cache nothing. Browser, java, etc. Never have. That is, when I found out what cache was---- :)

Thanks Ronjor,

But was it because you didn't need it (broadband), or because of the possible security benefits of not having the "malware" able to land on the hard drive?

-{ Quote: "Thanks Ronjor,

But was it because you didn't need it (broadband), or because of the possible security benefits of not having the "malware" able to land on the hard drive?" }-

Actually, I didn't like the fact it was taking up space on my somewhat small hard drive. I still don't like "garbage files". If I can find them, they are gone! :D

I have my cache, cookies and history folder on a small 25MB RAM disk. I have plenty of memory, so I don't even notice it.

John
Luv2BSecure

Thanks Ronjor.
So it is worth it to disable the cache even if there is no security benefit. I remember on IE always having to go into Temporary Internet Files to delete the garbage just to browse better (it made it less sluggish).
If there is any security benefit, then it would be a bonus.

I am still curious, if anybody knows, if there is a positive security aspect to having no cache.

Hi John,

What is the benefit of having a cache in a RAM disk?
Is it just speedier access of cache items versus on a hard drive?
Or is there some other reason why?

I use NetCaptor as my browser (IE Shell), and it automatically deletes the Cache every time I close the browser.

Hi Dazed and Confused,

I like the secure wipe feature of the cache on your browser.
That would make it hard for snooping people to retrieve info from there.

-{ Quote: "Hi Dazed and Confused,

I like the secure wipe feature of the cache on your browser.
That would make it hard for snooping people to retrieve info from there." }-
Thanks, Devinco. :) You can configure that yourself, up to "35 Pass Gutmann Method". :o

-{ Quote: "Hi John,

What is the benefit of having a cache in a RAM disk?
Is it just speedier access of cache items versus on a hard drive?
Or is there some other reason why?" }-
Hi Devinco!

Nothing is ever written to a hard drive. It's all in the memory until I reboot or "optimize" (wipe) the memory. Once that happens, it's all gone as if it never were there in the first place. I just used the simple RAM Disk creator included with Tweak-XP Pro. I set it up and haven't thought about it in a long time - until I read this thread.

John
Luv2BSecure

-{ Quote: "Hi Devinco!

Nothing is ever written to a hard drive. It's all in the memory until I reboot or "optimize" (wipe) the memory. Once that happens, it's all gone as if it never were there in the first place. I just used the simple RAM Disk creator included with Tweak-XP Pro. I set it up and haven't thought about it in a long time - until I read this thread.

John
Luv2BSecure" }-
John,

This is another reason why I like this forum so much.
I get such diverse solutions to problems that I never would have thought of.
The RAM disk will allow much faster access to the cache than on HD.
From what I recall about RAM disks, they will survive a warm reboot, but not a cold reboot. They are also assigned a drive letter and operate like a HD only much faster and use up some of your RAM.

From a security standpoint, (if there is anything to my initial question) a browser cache on a RAM disk would be just as vulnerable as a browser cache on a HD.

-{ Quote: "From a security standpoint, (if there is anything to my initial question) a browser cache on a RAM disk would be just as vulnerable as a browser cache on a HD." }-
Huh? How do you figure that?

Oh, wait. I think I see what you mean. It's much more secure when talking about privacy. But you were worried about malware executing in the cache. From what I've read, you have several security tools that would stop any attack like that - or at the least alert you.

You are right about the speed. No question about that.

John
Luv2BSecure

-{ Quote: "Huh? How do you figure that?" }-
Well, let's say that having a browser cache would provide a place for malware to be dropped and perhaps executed or modified. I don't know if this is possible, but that is what I asked in the first post.

So, if it was a vulnerability or a potential vulnerability, then any cache whether on a HD or a RAM disk would provide a place for the malware to be dropped.

I see what you were saying - I replied above before you posted again. Sorry.

-{ Quote: "But you were worried about malware executing in the cache. From what I've read, you have several security tools that would stop any attack like that - or at the least alert you." }-
Yes, my primary concern was malware (privacy is just a bonus). :)
I have been reading a few things about exploits lately. Using an alternate browser will close A LOT of holes (even SP2 will help a great deal) and other security tools would help to catch them. But the browser seems to be the main point of contact from which most malware jumps out (except for email, P2P, and IM).
My thinking is, if it will put an extra hurdle in the way of malware authors and block them from even getting in the door, why not do it?
I just don't know if it would make it harder for them. In theory, they would not have a fixed file located on disk (or RAM disk), it would only exist in the browser's memory space in some form. They would have to do all their evil deeds while it is in this memory space and not the file system.

-{ Quote: "Hi Everyone,

With today's multi-layered attacks like dropping a malware item in the browser's cache and then executing it (or maybe modifying it in cache), does it make sense (security wise) to disable the browser's cache?" }-
Absolutely--IF the malware has no place to go but there. But that sounds like one of those things that's too good to be true. And if it was that easy to avoid getting malware from web sites, the concept would be known far and wide. It would be in magazines that publish tips on Internet security, etc.

-{ Quote: "The idea is if the malware is not on the disk and only in the browser's memory space, it would be harder for the malicious script, applet, or activeX to execute or modify the malware. I know some browsers (any but IE and IE shells) are less likely to have such a vulnerability, but it might be a good prevention against future exploits.
Would this idea be equally valid across browsers IE, Firefox, Opera, Mozilla?

What do you think?" }-
I think, assuming you have javascript enabled, the trojan will be programed to execute in your ram, and then infiltrate your system files from there. As it's difficult to believe that it HAS to use the cache as a jumping off point. And the browser being used would be irrelavant.

I would THINK a person would be more secure... out of the all the viruses i've got from visiting websites - 100% found by the AV in the cache... BUT... it dramatically slows down internet for dial-up...

You should weigh out the cost of the internet and the time you have wasted in your precious life... against another layer of security...

The above was ALL in my opinion, i may be right or wrong...

A seeming advantage to having the cache in a RAM disk would be that, if you notice the malware executing, a 'hard' shutdown (via the power button) would remove the source from your machine. Yes?

I agree with Tod.

If a exploit can force you to autoexecute a file, you are dead, whether it is dropped into the cache or not, it will happen.

On the other hand, if the exploit does not work, all you have is the file sitting in your cache. Which is harmless as long as it is not run. Kind of like how you can have lots of virus attachments sitting in secure email clients, and yet be unharmed.

-{ Quote: "Absolutely--IF the malware has no place to go but there. But that sounds like one of those things that's too good to be true. And if it was that easy to avoid getting malware from web sites, the concept would be known far and wide. It would be in magazines that publish tips on Internet security, etc.


I think, assuming you have javascript enabled, the trojan will be programed to execute in your ram, and then infiltrate your system files from there. As it's difficult to believe that it HAS to use the cache as a jumping off point. And the browser being used would be irrelavant." }-
Hi Tod A2,

Thank you for your answer. I am starting to understand it now.

-{ Quote: "I would THINK a person would be more secure... out of the all the viruses i've got from visiting websites - 100% found by the AV in the cache... BUT... it dramatically slows down internet for dial-up...

You should weigh out the cost of the internet and the time you have wasted in your precious life... against another layer of security...

The above was ALL in my opinion, i may be right or wrong..." }-
Hi squash,

If I was on dial up, then I would have the cache enabled no matter what. The performance boost is too great on dial up. I would probably try a RAM disk if I had memory to spare.
From what I understand now, enabling or disabling a browser cache does not affect your security at all. It is more a matter of garbage collection and removal. But now that you mentioned the AV finding things in the cache I have another question:

If you disable the browser cache, will it be more difficult for the AV to locate malware?

-{ Quote: "A seeming advantage to having the cache in a RAM disk would be that, if you notice the malware executing, a 'hard' shutdown (via the power button) would remove the source from your machine. Yes?" }-
Hi Dangitall,

Yes, but if you notice it executing, then it is either too late anyway or your AV or AT caught and stopped it. So a RAM disk cache wouldn't make a difference unless...

The malware depends on the item dropped in the cache to work. In that case, a cold boot would halt its progress. Or even having no cache would work.

But I would guess that most malware once executed (and not stopped by AV/AT) would be able to do its work very quickly and infect files beyond the cache. A cold boot would clear the cache with the initial dropped malware, but the system would already be compromised.

-{ Quote: "I agree with Tod.

If a exploit can force you to autoexecute a file, you are dead, whether it is dropped into the cache or not, it will happen.

On the other hand, if the exploit does not work, all you have is the file sitting in your cache. Which is harmless as long as it is not run. Kind of like how you can have lots of virus attachments sitting in secure email clients, and yet be unharmed." }-
Thanks for your answer Iagree.

Then does it hurt one's security to disable the browser cache?
AV/AT many times detect malware in the browser cache. If you remove that form of detection (by not having a cache), does it weaken your security?

I use a ramdisk but have found at least one website (forum) that will not navigate properly without memory cache device enabled in Firefox.

-{ Quote: "Thanks for your answer Iagree.

Then does it hurt one's security to disable the browser cache?
AV/AT many times detect malware in the browser cache. If you remove that form of detection (by not having a cache), does it weaken your security?" }-

You know, I'll be honest -- I have never heard of a virus executing from the browser cache. Have you? Someone, in a post above, wrote they had found all of their crap in the browser cache. I'm sorry - I just have never seen it.

John
Luv2BSecure

Thanks Lynchknot,

I will keep that in mind when surfing to sites that don't work for any apparent reason.

-{ Quote: "You know, I'll be honest -- I have never heard of a virus executing from the browser cache. Have you? Someone, in a post above, wrote they had found all of their crap in the browser cache. I'm sorry - I just have never seen it.

John
Luv2BSecure" }-
Neither have I in my experience. I seem to recall a long time ago something being detected in the IE browser cache. I am not sure what it was any more, but I think it was TDS-3 that took care of it. It probably was a trojan dropper of some kind not a virus. I have read about some people who have detected one form of trojan or another in their browser cache. Sometimes the AV is able to detect it. But I don't see why a virus couldn't be delivered over a web page just as well as a trojan or spyware.

As far as malware executing from the cache, I think it happens all the time. You visit a web page and a malware component is downloaded into the browser cache and executed via some form of mobile code (Javascript, Java, ActiveX). If you had no cache, then I guess the malware component would be executed from within the browser's memory space.
Whether the mobile code is executed or not I think depends on if you enable mobile code in the browser, filter out the worst parts of the mobile code, or have a browser that doesn't permit any autoexecution or other funny business.

-{ Quote: "As far as malware executing from the cache, I think it happens all the time. You visit a web page and a malware component is downloaded into the browser cache and executed via some form of mobile code (Javascript, Java, ActiveX). If you had no cache, then I guess the malware component would be executed from within the browser's memory space. Whether the mobile code is executed or not I think depends on if you enable mobile code in the browser, filter out the worst parts of the mobile code, or have a browser that doesn't permit any autoexecution or other funny business." }-
I think you're worrying too much about the TIF or "browser cache"......I honestly don't know of any malware that executes from the browser cache. Some of the other forums here at Wilders would be better able to detail the mechanics of droppers, ActiveX, Javascript, etc. Utilizing the TIF is not how it works. There are a lot of pros up in the DCS forums that can help.

All the best,

John
Luv2BSecure

.

-{ Quote: "I think you're worrying too much about the TIF or "browser cache"......I honestly don't know of any malware that executes from the browser cache. Some of the other forums here at Wilders would be better able to detail the mechanics of droppers, ActiveX, Javascript, etc. Utilizing the TIF is not how it works. There are a lot of pros up in the DCS forums that can help." }-
Maybe I am. It could be that the malware actually executes in memory when the web page loads and that what is left in the cache is merely a trail left by what executed. My question has been answered. There are no real security benefits to disabling the browser cache. By disabling it you do gain a little in privacy and prevent accumulation of left over internet garbage. Disabling it may also affect the browser cache file scanning techniques used by some AV/AT. This last point is more appropriate for the AV/AT forums, so I will ask there.

Thank you very much Everyone for your answers and ideas!! :)

-{ Quote: "Thanks Lynchknot,

I will keep that in mind when surfing to sites that don't work for any apparent reason." }-

hehe, here - you can add this to the list: http://www.hardwaregeeks.com