Chrome second year in a row strongest browser

Discussion in 'other software & services' started by Kees1958, Mar 27, 2010.

Thread Status:
Not open for further replies.
  1. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
  2. linuxforall

    linuxforall Registered Member

    Joined:
    Feb 6, 2010
    Posts:
    2,136
    Opera wasn't even tested so can't say all browsers but good show by chrome nonetheless. FF's hype of being secure browser went up the sky. Sad part was that my favorite line of defense, DEP was bypassed which makes it quite risky in a sense.
     
  3. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Okay stand corrected.

    FF security is overrated:, it runs by default with medium level integrity (Chrome tabs and IE8 run with Low integrity), it offers several ways of creating plug-ins (from low level programming to high level scripting) which do not have a signing mechanisme like Active X with IE (as far as I know), it stores it plug-ins in the admin space.

    FF should have taken an example to Opera when they redesigned/overhauled their browser from version two to three.

    Regards Kees
     
  4. linuxforall

    linuxforall Registered Member

    Joined:
    Feb 6, 2010
    Posts:
    2,136

    Thats why even at cost of user base, Opera is so resilient to the idea of plugins, the Widget is far safer in that sense but limited nonetheless.
     
  5. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I just wish Opera was capable of providing at least CLOSE to the functionality of Noscript and AdBlockPlus. I might be willing to finally break down and use Opera for more than a day and ignore my other mostly cosmetic issues with it. FF is really starting to lose quality, however, I am very curious to know if NoScript was installed during this attack. It COULD make a difference. DEP and ASLR being circumvented is rough news. When the supposed toughest measures out there fail, and, now, with a 64bit rootkit rumor going around, things aren't looking pleasant whether you believe, as one person put it "the malware card is overplayed".
     
  6. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    New Chrome let's you control content: cookies, pop-ups, images, javascript and plug-ins, so why stay with FF? (see pic)

    In stead of crippling your FAT browser use the LEANEST browser in the world Lynx (a text browser), no need to control content, there is only text ::D

    With NOscript it is impossible for you to :oops: me :argh:
     

    Attached Files:

    Last edited: Mar 27, 2010
  7. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I'm too much into the internet for a text only browser I'm afraid :D

    I can't say I still trust Google very much, in fact, I have a lot of issues with their business. But, the fact can't be ignored that, at least so far, they have the better security model out of all the well-known browsers. *twitches as he visits the Chrome download page....can he do it? Will he finally take the splash? Stay tuned!*
     
  8. CogitoTesting

    CogitoTesting Registered Member

    Joined:
    Jul 4, 2009
    Posts:
    901
    Location:
    Sea of Tranquility, Luna
    For the security paranoid Lynx could be the perfect browser since it is text based. However, the Internet has evolved from a text based environment. Lynx could have been quite popular in the 90s and gives Netscape and IE a good run for their money :D. In the 21st century web interaction rules and there is no way that Lynx could have a concrete foothold in the browser market.

    Thanks.
     
  9. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    So why does "cripple FF Noscript" has so many fans? Why not go for the real thing text based security. Or . . . go for a fully functioning web browser wiith a decent well designed software architecture like Chrome or Opera.

    The egg heads from Berkeley, Washington and Stanford, predicted in 2008 that the well designed architecture of Chrome would make it 60 to 70 more secure than monoliths like IE8 and FF , see http://seclab.stanford.edu/websec/chromium/chromium-security-architecture.pdf guess what the Pwn2Own competition indicates it was an accurate guestimate. Two years in a row is not bad luck, which makes the difference: it is good design.
     
    Last edited: Mar 27, 2010
  10. linuxforall

    linuxforall Registered Member

    Joined:
    Feb 6, 2010
    Posts:
    2,136
    Actually fanboyz adblock filters do a great job of blocking ads, as for noscript, Opera lets you turn off javascript selectively for particular site or you can turn off javascript totally as I do. As for noscript equivalent, take a look here http://my.opera.com/community/forums/topic.dml?id=241208
     
  11. SafetyFirst

    SafetyFirst Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    462
    Does SRWare Iron have all the good sides of Chrome without the bad ones?

    If I go Iron, will I have the same functionality like with regular Chrome?
     
  12. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    Does Chrome still collect user data for Google from its users?
     
  13. linuxforall

    linuxforall Registered Member

    Joined:
    Feb 6, 2010
    Posts:
    2,136
    Maybe this will fit your bill better but I hear that Google has done away with the unique id.

    http://www.comodo.com/home/internet-security/browser.php
     
  14. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Fanboy looks just fine, so thanks for that. As far as that Noscript replacement, I see a few issues. There's no cross-site or XSS protection? No click-jacking either? Also, it seems as if he has begun to incorporate Unite into his scripting program. Call me silly, but by personal preference I can't really get behind that.
     
  15. mvario

    mvario Registered Member

    Joined:
    Sep 16, 2008
    Posts:
    339
    Location:
    Haddonfield, IL
  16. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Thanks for the info. I have java script disabled by default and am currently creating a white list. You can select per site which to add to the white list, then just hit refresh and you are good to go. The site will show up automatically in the exceptions list.
     

    Attached Files:

    Last edited: Mar 27, 2010
  17. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,650
    Location:
    Hawaii
    FF may be overrated on integral security, but I believe it is nonpareil as to *securability*.

    Perhaps FF standing alone can be crashed, but it readily lends itself to being configured/augmented so as to present major obstacles to malware. IMO, the ability to crash a browser does NOT necessarily connote its securability against admitting malware.

    With NoScript & DropMyRights & HIPS in place, FF is very well shielded against admission of malware.

    Actually I like Chrome (but I prefer Chrome+ for those rare occasions when I want to go chroming around the internet).

    By the way -- does Chrome offer anything equivalent to the full-spectrum of defenses provided by Noscript? (Honest question - not a challenge.) Here are a few examples of the MANY possible configs/coverages by NS over & above merely blocking JS. . .

    +Turn cross-site POST requests into data-less GET requests
    +Enable Application Boundaries Enforcer
    +Block JAR remote resources being loaded as documents

    ScrHunt01 27-Mar-10.gif
     
    Last edited: Mar 27, 2010
  18. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,007
    the problem with iron is that its not as up to date as chrome.
    is there anyothers that are as up to date as chrome?

    i do try the daily builds but want a stable version of chrome that is regularly updated.
     
  19. codylucas16

    codylucas16 Registered Member

    Joined:
    Nov 17, 2009
    Posts:
    267
    Chrome may be more secure than the rest but out of every time I've tried to use it, I've had nothing but stability issues. I think I'll stick to my Firefox.
     
  20. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Nice Google :D
     
  21. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Yep Google has an issue with privacy matters, but then again the DNS server I use also knows where I loom around on the internet.

    For the Google tracking, just run Chrome Privacy Protector, make the Local State file read only and privacy issue is gone.

    Add Trusteer Rapport Free or Free Facebook PrevX safe online to Chrome and you really have a strong worry/hassle free browser. With the free facebook PrevX you get extra phising protection to deal with social engineering. For people using Trusteer I recommend ad the Site Advisor Free extention for chrome. The combo PrevX, Google search, Open DNS or (with Trusteer) SiteAdvisor, Google Search and Open DNS are nearly as effective as IE's smartscreen (only differs 2 to 3 percent maximum).

    @IODORE, try the chrome portable versions
     
    Last edited: Mar 27, 2010
  22. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,856
  23. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    all this aside. the customization of FF is what keeps me hooked and no browser is even close to matching it. (even chromes attempt at addons is half assed IMO and doesnt allow the customization and control i want)
     
  24. acuariano

    acuariano Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    786
    i have the same question,even gmail had to add more secuity lately...
     
  25. Sputnik

    Sputnik Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    1,198
    Location:
    Москва
    Agreed. As I pointed out some months ago Iron really lacks behind in terms of security updates. With the unique-/user-id removed since Chrome 4.1 I don't see any reason to use Iron any longer.
     
Loading...
Thread Status:
Not open for further replies.