Hardening/Securing the Opera Web Browser

For those who use Opera as their primary web browser, I have originally provided the link below as a hardening guide.

https://www.wilderssecurity.com/showpost.php?p=1207602&postcount=6

To provide an update to the above link, I have since installed three additional specific Opera User JavaScript files which include:

Delete Useless Cookies (cookieblockrBETA.js; second script from the top);(http://my.opera.com/shoust/blog/2007/06/28/my-userjs-modified-userjs)
Block External Userjs (http://my.opera.com/shoust/blog/2008/04/05/block-external-userjs-updated-to-version-2-5);(*Note: This script is noticeably more usable and supersedes the original which is located at http://userjs.org/scripts/site/enhancements/block-external, but may still break "some" web site functionality on a site-by-site basis. In my case, the tradeoffs are both acceptable and tolerable.)
Block Javascript Pop-Ups (block-external-scripts.js);(http://my.opera.com/Lex1/blog/block-javascript-pop-ups);(*Note: This script enhances Opera's existing ability to block pop-ups.)

(*Note: The installation of any flash removal or blocker scripts are redundant and unnecessary if flash is disabled.)

(*Note: While it remains to be seen, the physical integration of Haute Secure into the latest Opera 9.5 beta 2 builds(starting with build 10048 ) may or may not make some of the above mentioned scripts redundant and unnecessary.)

(*Note: The anti-phishing and Haute Secure functionality are enabled by default with a check beside "Enable Fraud Protection" within Opera 9.5 beta 2. In my case, I have decided to leave this feature enabled.)

For those who are interested, the latest Opera 9.5 beta 2 builds can be downloaded from the following link below.(*Note: WinXP SP3/Vista SP1 users should install the regular Windows installer version and "avoid" the Windows Classic version for best installation results.)

http://my.opera.com/desktopteam/blog/

In conclusion, the application of all of the above will go a long way towards making Opera "less" vulnerable to cross-site scripting(XSS), drive-by-downloads and malicious exploit targeted scripts and redirects even "without" the use of Haute Secure, LinkScanner Pro, Proxomitron, a host blocklist file or a dedicated ad-blocker such as Ad Muncher.


Peace & Gratitude,

CogitoErgoSum

 

What does it mean?

 

You can't just select a sentence fragment and then expect to understand it. Read the whole thing.

Opera 9.5 now includes Haute Secure services.

 

Hello aigle,

If you have not yet done so, please take a look at the following link below.

https://www.wilderssecurity.com/showpost.php?p=1256506&postcount=3

FYI, Haute Secure(HS);(http://hautesecure.com/) which is similar to LinkScanner Pro is only available as an optional downloadable plug-in for both Internet Explorer and FireFox while it(HS) is a physical("built-in") integral component of Opera 9.5 beta 2 starting with build 10048.

Hope this answers your question.


Peace & Gratitude,

CogitoErgoSum

 

Opera sings anti-malware tune

Looking forward to reading up on how benificial this might be as an added layer of protection.

 

Thanks for all applies. I was just wondering whether CogitoErgoSum is suggesting to use HS with Opera or Opera people have added it as a built in feature. It,s clear now.

Thanks

 

For those who are interested,

I have updated the original post with some new information.


Peace & Gratitude,

CogitoErgoSum

 

I had about a thousand requests to make a secure verison of Opera that could run on regular internet, Tor and XB at the same time. OperaTor has been trying to fill that hole for a while. I think we may have solved how to do it, and do it better and faster. Thanks for the posts here. They will be helpful if I decide to pursue it.

 

Hello XeroBank,

You are very welcome. In any case, it would be great if you seriously considered making a secure version of Opera that incorporated all of the functionality I mentioned in post #1 and/or a less intrusive, but equally comprehensive counterpart to FireFox's NoScript plug-in. I would very much applaud and appreciate your efforts if such a product was realized.


Peace & Gratitude,

CogitoErgoSum

 

Ok, i have installed latest Opera beta 9.5. Nice interface. Working OK but I don,t see haute secure working in Opera so far? Am i missing some thing?

Thanks

 

Go here: http://my.opera.com/desktopteam/blog/2008/06/06/malware-protection

And down the page a bit there is a link to a test page. Go there and you will see what's displayed when you encounter a bad site...

 

Useing Opera 9.27 and the Haute Security works great.

 

But no google search results ranking I think. Also as I know haute secure is more than just a bad site blocker.

 

I went there with Firefox and got the same result. I was wondering if one of my security programs could have achieved or caused the same page to be displayed? Usually security programs like to take credit but none did.

 

I tried as well with IE7 and Opera 9.27 and got same results. Seems the page just displays what Opera 9.5 would show if Haute Secure was enabled and flagged a webpage.

 

For those who are interested,

I have posted the following question in the official Haute Secure forum.

"Out of curiosity, how does the Haute Secure(HS) implementation within Opera 9.5 beta 2 compare with those of Internet Explorer and FireFox? Complete or partial functionality(soft sandbox, behavioral heuristics, behavior/process monitors)?"

I will update this thread when I get a response.


Peace & Gratitude,

CogitoErgoSum

 

It seems like that. Not a good way to do it.

 

Thanks for that.

 

For those who are interested,

Here are more security/privacy hardening settings that I personally use in Opera 9.5.

Tools>Preferences>History
- Put a check beside "Empty on exit"(*Note: Empties disk cache on exit; located just below "Disk cache".)

>Cookies
- Tick or select "Accept only cookies from the site I visit".
- Put a check beside "Delete new cookies when exiting Opera".

>Security
- Put a check beside "Enable Fraud Protection".

>Network
- Uncheck "Send referrer information".


Peace & Gratitude,

CogitoErgoSum

 

But always read the Help if you are not sure what you are doing.

Gerard

 

For those who are interested,

I got a response from Matt of Haute Secure(HS) on 6/11 from the question that I originally posted on 6/10 at the link below.

http://community.hautesecure.com/forums/t/340.aspx

The most notable comment in the above link is "Opera not provide active (behavioral) protection as does our client installation."

On the other hand, the most questionable comment from the above link is "If you would like further active protection, try installing our software. Although you won't get the toolbar in Opera as you would with IE or Firefox, you will get active protection." The reason that this is false and misleading is because, to the best of my knowledge, other than the HS implementation within Opera 9.5, such software does not yet exist. Additionally, I have not been able to find any such software for Opera on HS's main web site.

Lastly, I have yet to receive any response from the additional questions that I posed on 6/11.


Peace & Gratitude,

CogitoErgoSum

 

For those who are interested,

Here are more security/privacy hardening settings that I personally use in Opera 9.51.

Tools>Preferences>History
- Set "Addresses" to "0".
- Uncheck "Remember content on visited pages".(*Note: Located just below "Addresses".)
- Set "Memory cache" to "Off".
- Set "Disk cache" to "Off".


Peace & Gratitude,

CogitoErgoSum

 

For those who are interested,

Although, I do not use the following Opera user script because I disable plug-ins, one may find it to be a more flexible and convenient way to block "flash" by replacing flash objects with a button you can click to view them.

http://my.opera.com/Lex1/blog/flashblock-for-opera-9


Peace & Gratitude,

CogitoErgoSum

 

I love Flashblock - I've used it since user.js started. On several sites I use Flash for their multimedia content.

Can someone check to see if this user.js (attached) from Opera8 will work on Opera9?

Change .txt to .js


thanks,


----
rich

 

For those who are interested,

I would like to take this opportunity to clarify and list the privacy/security settings that I personally use in Opera 9.51 regarding my original post(#1).

Tools>Preferences>Content
- Uncheck "Enable animated images".
- Leave "Enable JavaScript" checked.
- "JavaScript Options" button(*Note: I have unchecked all of the options and have specified the location of my user script folder.)
- Uncheck "Enable Java".(*Note: I have physically uninstalled Java Runtime Environment(JRE) from my computer.)
- Uncheck "Enable plug-ins".
- "Style Options" button>"Display" tab>uncheck "Enable inline frames".


Peace & Gratitude,

CogitoErgoSum