Opera's security scheme?

I know that Chrome an IE9 use LI and sandboxing as well as OOP/ patches. Firefox at least has OPP... what does Opera do to secure the user?

 

Please what means LI, OOP and OPP ?

 

Low integrity = LI
OPP = Out of Process Plugin
OOP was me typoing. I meant OPP.

 

Ok thanks. No OPP for opera. For LI i don't know

 

I think the most secure thing about Opera is that such a small percentage of folks are using it as their browser; no one wants to bother hacking it (sort of like Linux). I no longer use Opera but when I did I liked using a browser that hardly any one else uses. I know a bunch of folks here at Wilders use Opera but that is only because Wilders is so concentrated full of knowledgeable folks and therefore has a higher percentage of Opera users but earth wide we all know that the percentage is quite small.

Acadia

 

After a short research it seems that opera don't use LI.
So i don't know which security systems opera uses.

 

Security by obscurity doesn't work, just ask the Mac crowd.

 

So opera is weak on security ?

Is there any tests about exploit on differents browsers ?

 

I always thought it was one of the safest 'out of the box' (I may be wrong about this). See what Opera say themselves

 

We have some informations about privacy but nothing about a malwares' protection.

 

Ermmm this?

& this?

& maybe this?

Oh, some of those links may be about Linux.

Sorry ... I forgot this.

 

You guys forgot about malicious website blocking, which all 3 support, and malicious downloads blocking which Chrome (and IE) has. Firefox can scan downloads with your default AV, but that's usually redundant.

 

I knew I'd forgotten something.

 

Hi,

Opera does not have any security features besides that blacklist. Also... they do not participate in most public security events such as Pwn2Own. They have also sent legal letters in the past to security firms mentioning Opera weaknesses in blogs/articles.

In a nutshell... Opera has very low user numbers so therefore could be considered a lower value target. However I would personally recommend using another browser.

-MessageBoxA

 

Haute... is more like What... It's gone. lol

I think Opera now gets data from AVG. But... is that it? No prevention or mitigation... sandbox... No?

 

What I see in Opera is a myriad of settings along the security lines. I haven't seen anything so easy to setup in IE or Firefox.

In addition to blocking unsafe sites with a big red alert, there's a ton of things one can set in Tools>preferences for overall behavior of content, security, fraud protection, certificates, what can download ... and even more in opera:config url.

And then there's the easy, F12, access to quickly setup few permissions for specific sites - scripts, iframes, whatever would normally be blocked by the global settings above.
Finally there are ways to write/add your own urls to be watched in urlfilter.ini.

I would think that malicious programs are better watched by antivirus. Download something, Opera asks where to save it, then scan if AV didn't scream right away. Not sure really what the issue is here discussed, so if I'm totally out of line, I apologize in advance.

 

What you mention is all good... but do you really believe that most of those using IE or Google Chrome, due to the security by design, would know how tweak anything? They don't know they can, nor how to do it in IE and Chrome.

Without those tweakings, which I can also have in Chromium... what does it offer?

 

I think people look at if differently today than years ago. These days, with scripting/flash/etc, opera can be considered safe if you manage what websites are allowed scripts. Rmus uses this to great success.

I think many of us are used to the old days when browsers, especially IE, had holes that were exploited. Those still exist, but I would say they are not as common now as other types of attacks. And if they are not as common, then security by obscurity becomes even stronger.

At least, thats my take on it. Conclusion - any browser will have an exploit in code - but too most any browser can be secured against todays common threats by handling content properly.

Sul.

 

I think that the object of the topic is : which protection for opera against exploit ?
If you exclude the av it would be nice that the browser prevent a risk. For me the browser could be the frst line against malwares.
I say that, i'm using opera since 3 years.

 

All I know about Haute is from http://Wikipedia. I think that you are right & it doesn't exist any more.

It's probably best to ask about sandboxing & the like on their forums.

Remember that Opera has a good adblocker extension now, plus NotScripts, External Scripts extension & even Flag Button (a bit like Flagfox).

 

Sidetracking a bit, one of the pretty rare missing feature with Opera, for me, is that when I want to highlight a word or a phrase: usually, in some other browser, I can simply key "MAJ + ->" and the word highlightning would enlarge to the right until I quit the "->" key. (Sorry for my english french mixin'...)

edit: oops, I see now that I was not in the right tread for my little opéra's keys annoyances. And, trying to read again my post this morning, I am almost not sure of what actually my technical problem was !! And, more, being that this was the "la fête nationale de la St-Jean"'s weekend by here, simply probable that I lost the little bit of anglish that I 'm used to own, or I think...

 

Opera is safe, as a good browser can be. Real security is from fw, HIPS, sandboxing software... The reasons to choice Opera are his features and options, his speed, his graphics...

 

Agree

 

That's not true at all. From what I can see all Opera does is patch up holes. That's a stupid security scheme.

"Real security" what the hell does that even mean? Applications should be designed with security in mind... especially your most used web facing application.

Sandboxing is not a catch-all. Especially not Sandboxie.

 

Maybe I miss something somewhere along the way.

Every piece of code created will have an exploit, and when an exploit is found, a fix must be made. To apply the fix, you need to patch the hole. No patch, no fix.

How is that stupid? Isn't it simply the only way to fix the situation? Are you suggesting that code be done "correct" the first time so there is no exploit available? If so, you should be a very wealthy man if you know how to do that

Sul.