Hardening/Securing the Opera Web Browser

Discussion in 'other software & services' started by CogitoErgoSum, Jun 8, 2008.

Thread Status:
Not open for further replies.
  1. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    For those who use Opera as their primary web browser, I have originally provided the link below as a hardening guide.

    https://www.wilderssecurity.com/showpost.php?p=1207602&postcount=6

    To provide an update to the above link, I have since installed three additional specific Opera User JavaScript files which include:

    Delete Useless Cookies (cookieblockrBETA.js; second script from the top);(http://my.opera.com/shoust/blog/2007/06/28/my-userjs-modified-userjs)
    Block External Userjs (http://my.opera.com/shoust/blog/2008/04/05/block-external-userjs-updated-to-version-2-5);(*Note: This script is noticeably more usable and supersedes the original which is located at http://userjs.org/scripts/site/enhancements/block-external, but may still break "some" web site functionality on a site-by-site basis. In my case, the tradeoffs are both acceptable and tolerable.)
    Block Javascript Pop-Ups (block-external-scripts.js);(http://my.opera.com/Lex1/blog/block-javascript-pop-ups);(*Note: This script enhances Opera's existing ability to block pop-ups.)

    (*Note: The installation of any flash removal or blocker scripts are redundant and unnecessary if flash is disabled.)

    (*Note: While it remains to be seen, the physical integration of Haute Secure into the latest Opera 9.5 beta 2 builds(starting with build 10048 ) may or may not make some of the above mentioned scripts redundant and unnecessary.)

    (*Note: The anti-phishing and Haute Secure functionality are enabled by default with a check beside "Enable Fraud Protection" within Opera 9.5 beta 2. In my case, I have decided to leave this feature enabled.)

    For those who are interested, the latest Opera 9.5 beta 2 builds can be downloaded from the following link below.(*Note: WinXP SP3/Vista SP1 users should install the regular Windows installer version and "avoid" the Windows Classic version for best installation results.)

    http://my.opera.com/desktopteam/blog/

    In conclusion, the application of all of the above will go a long way towards making Opera "less" vulnerable to cross-site scripting(XSS), drive-by-downloads and malicious exploit targeted scripts and redirects even "without" the use of Haute Secure, LinkScanner Pro, Proxomitron, a host blocklist file or a dedicated ad-blocker such as Ad Muncher.


    Peace & Gratitude,

    CogitoErgoSum
     
    Last edited: Jun 8, 2008
  2. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    What does it mean? o_O
     
  3. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,302
    Location:
    Location Unknown
    You can't just select a sentence fragment and then expect to understand it. Read the whole thing.

    Opera 9.5 now includes Haute Secure services.
     
  4. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    Hello aigle,

    If you have not yet done so, please take a look at the following link below.

    https://www.wilderssecurity.com/showpost.php?p=1256506&postcount=3

    FYI, Haute Secure(HS);(http://hautesecure.com/) which is similar to LinkScanner Pro is only available as an optional downloadable plug-in for both Internet Explorer and FireFox while it(HS) is a physical("built-in") integral component of Opera 9.5 beta 2 starting with build 10048.

    Hope this answers your question.


    Peace & Gratitude,

    CogitoErgoSum
     
    Last edited: Jun 8, 2008
  5. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Opera sings anti-malware tune
    Looking forward to reading up on how benificial this might be as an added layer of protection.
     
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Thanks for all applies. I was just wondering whether CogitoErgoSum is suggesting to use HS with Opera or Opera people have added it as a built in feature. It,s clear now.

    Thanks
     
  7. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    For those who are interested,

    I have updated the original post with some new information.


    Peace & Gratitude,

    CogitoErgoSum
     
  8. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    I had about a thousand requests to make a secure verison of Opera that could run on regular internet, Tor and XB at the same time. OperaTor has been trying to fill that hole for a while. I think we may have solved how to do it, and do it better and faster. Thanks for the posts here. They will be helpful if I decide to pursue it.
     
  9. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    Hello XeroBank,

    You are very welcome. In any case, it would be great if you seriously considered making a secure version of Opera that incorporated all of the functionality I mentioned in post #1 and/or a less intrusive, but equally comprehensive counterpart to FireFox's NoScript plug-in. I would very much applaud and appreciate your efforts if such a product was realized.


    Peace & Gratitude,

    CogitoErgoSum
     
  10. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Ok, i have installed latest Opera beta 9.5. Nice interface. Working OK but I don,t see haute secure working in Opera so far? Am i missing some thing?

    Thanks
     
    Last edited: Jun 9, 2008
  11. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
  12. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Useing Opera 9.27 and the Haute Security works great.
     
    Last edited: Jun 9, 2008
  13. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    But no google search results ranking I think. Also as I know haute secure is more than just a bad site blocker.
     
  14. munckman

    munckman Registered Member

    Joined:
    May 2, 2002
    Posts:
    100
    I went there with Firefox and got the same result. I was wondering if one of my security programs could have achieved or caused the same page to be displayed? Usually security programs like to take credit but none did.
     
  15. bman412

    bman412 Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    261
    I tried as well with IE7 and Opera 9.27 and got same results. Seems the page just displays what Opera 9.5 would show if Haute Secure was enabled and flagged a webpage.
     
  16. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    For those who are interested,

    I have posted the following question in the official Haute Secure forum.

    "Out of curiosity, how does the Haute Secure(HS) implementation within Opera 9.5 beta 2 compare with those of Internet Explorer and FireFox? Complete or partial functionality(soft sandbox, behavioral heuristics, behavior/process monitors)?"

    I will update this thread when I get a response.


    Peace & Gratitude,

    CogitoErgoSum
     
  17. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    It seems like that. Not a good way to do it.:thumbd:
     
  18. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Thanks for that.
     
  19. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    For those who are interested,

    Here are more security/privacy hardening settings that I personally use in Opera 9.5.

    Tools>Preferences>History
    - Put a check beside "Empty on exit"(*Note: Empties disk cache on exit; located just below "Disk cache".)

    >Cookies
    - Tick or select "Accept only cookies from the site I visit".
    - Put a check beside "Delete new cookies when exiting Opera".

    >Security
    - Put a check beside "Enable Fraud Protection".

    >Network
    - Uncheck "Send referrer information".


    Peace & Gratitude,

    CogitoErgoSum
     
  20. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    But always read the Help if you are not sure what you are doing.

    Gerard
     
  21. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    For those who are interested,

    I got a response from Matt of Haute Secure(HS) on 6/11 from the question that I originally posted on 6/10 at the link below.

    http://community.hautesecure.com/forums/t/340.aspx

    The most notable comment in the above link is "Opera not provide active (behavioral) protection as does our client installation."

    On the other hand, the most questionable comment from the above link is "If you would like further active protection, try installing our software. Although you won't get the toolbar in Opera as you would with IE or Firefox, you will get active protection." The reason that this is false and misleading is because, to the best of my knowledge, other than the HS implementation within Opera 9.5, such software does not yet exist. Additionally, I have not been able to find any such software for Opera on HS's main web site.

    Lastly, I have yet to receive any response from the additional questions that I posed on 6/11.


    Peace & Gratitude,

    CogitoErgoSum
     
  22. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    For those who are interested,

    Here are more security/privacy hardening settings that I personally use in Opera 9.51.

    Tools>Preferences>History
    - Set "Addresses" to "0".
    - Uncheck "Remember content on visited pages".(*Note: Located just below "Addresses".)
    - Set "Memory cache" to "Off".
    - Set "Disk cache" to "Off".


    Peace & Gratitude,

    CogitoErgoSum
     
  23. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    For those who are interested,

    Although, I do not use the following Opera user script because I disable plug-ins, one may find it to be a more flexible and convenient way to block "flash" by replacing flash objects with a button you can click to view them.

    http://my.opera.com/Lex1/blog/flashblock-for-opera-9


    Peace & Gratitude,

    CogitoErgoSum
     
  24. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I love Flashblock - I've used it since user.js started. On several sites I use Flash for their multimedia content.

    Can someone check to see if this user.js (attached) from Opera8 will work on Opera9?

    Change .txt to .js


    thanks,


    ----
    rich
     

    Attached Files:

    • user.txt
      File size:
      478 bytes
      Views:
      7
  25. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    For those who are interested,

    I would like to take this opportunity to clarify and list the privacy/security settings that I personally use in Opera 9.51 regarding my original post(#1).

    Tools>Preferences>Content
    - Uncheck "Enable animated images".
    - Leave "Enable JavaScript" checked.
    - "JavaScript Options" button(*Note: I have unchecked all of the options and have specified the location of my user script folder.)
    - Uncheck "Enable Java".(*Note: I have physically uninstalled Java Runtime Environment(JRE) from my computer.)
    - Uncheck "Enable plug-ins".
    - "Style Options" button>"Display" tab>uncheck "Enable inline frames".


    Peace & Gratitude,

    CogitoErgoSum
     
Loading...
Thread Status:
Not open for further replies.