How to make Chrome a even safer browser?

Discussion in 'other software & services' started by AlexC, Jun 9, 2011.

Thread Status:
Not open for further replies.
  1. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,280
    Since i have Shadow Defender installed, I’m thinking in drop IE9, Sandboxie and KeyScrambler and, instead, use Chrome as main browser together with Trusteer or PrevxSOL.

    (I´m too lazy to keep Sandboxie start and internet restrictions updated; and i want to make internet access faster, simpler and not much less safe, it seems a little "bloated" with sandboxie and keyscrambler)

    So, Trusteer or PrevxSOL should help protect against keyloggers and screenloggers, and chrome already have a internal sandbox.

    Bottom line: How to make Chrome even safer? (in order to compensate the absence of Sandboxie)Thanks:thumb:
     
    Last edited: Jun 10, 2011
  2. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    At a very basic level, Chrome starts its parent process at Medium or High Integrity, and all tabs at a Low Integrity. This means that each web page is restricted to a Low IL while the main process is not. The sandboxed portion of Chrome is such that the web page or tab at Low IL cannot tamper with the parent program that runs at Medium or High IL. It makes for an out of the box robustness not found in any other browser, with the exception of IE if you are using UAC.

    If you so choose to set the parent process to Low Integrity as well, then you effectively create a situation where Chrome can only write/modify to directories or files that are themselves at Low Integrity, and that in a default installation is not very much at all.

    You might be interested in some of the command line switches for chrome that others here use, but I don't use them so cannot guide you in that direction.

    Another thing you might do if so inclined is to use the Flashblock extension. I use it, and all flash content is blank until I click on it to activate it. I like it like this, even if some websites require me to click on something in order to be able to navigate the menus etc.

    Sul.
     
  3. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Take a look here as well -http://www.wilderssecurity.com/showthread.php?&t=296391
     
  4. ExtremeGamerBR

    ExtremeGamerBR Registered Member

    Joined:
    Aug 3, 2010
    Posts:
    1,115
    Remember that the Prevx Safe-Online does not offer full protection to Chrome. :(
     
  5. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,280
    Very informative thread. But i decided to simply stick with Sandboxie, never let me down, is safe, and simple to use.

    I was just trying to figure a way to remove protection layers and still remain safe... but honestly i dont need it:thumb:

    Thanks!
     
  6. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Make it whitelist Javascript or use NotScripts.
     
  7. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Without considering how UAC or LUA/User stuff applies, and just looking at how Chrome works, by coupling SBIE with it, you have achieved as much security as you need for that browser. Concern yourself with keeping keyloggers etc out of the sandbox and paying attention to what you execute that came from the internet (that is, what you execute outside of the sandbox that came from the internet).

    Sul.
     
  8. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    NotScripts isn't really all too helpful. I prefer to whitelist javascript.

    From Wladimir Palant --

    "It doesn't stop script execution - full stop. There isn't anything in HTML5 or otherwise that would let you do that. Instead it prevents external scripts from loading (using "beforeload" event, just like Adblock Plus) and tries some lame tricks to prevent internal scripts from executing (these tricks are trivial to bypass)."
     
  9. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    If you're under Chrome, you're fairly safe as it is, if you're under Chrome+Sandboxie or some other "static" environment, whitelisting is just an extra hassle that isn't worth bothering with, imho.
     
  10. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    +1. :thumb:
     
  11. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,633
    Location:
    UK
    The other thing to bear in mind with whitelisting sites is that it doesn't protect you if the site becomes compromised. You allow the scripts to run, and, bingo, there is scope for malware infection. This means add-ons like NoScript/NotScript aren't the panacea they claim to be in those circumstances.
     
  12. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    dw426, I agree. I was simply commenting on NotScript.

    Yes, TonyW, this is true. This is just pretty rare and thankfully there are other very simple methods of protection.

    Want to really secure your Chrome? Just make it so it doesn't automatically start downloads. At that point, why even bother whitelisting javascript?
     
  13. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Or set your downloads directory to deny executions. Or set dowload directory to Low Integrity Level. Or set downloads directory to denied via SRP. Or force downloads directory into a sandbox.

    Sul.
     
  14. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    All decent ways.
     
  15. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    :thumb: There are a bunch of things you can do without resorting to white-lists and such nuisances. And Tony is right as well, "evil" websites are no longer the big threat. Now any website can fall victim and turn into a malware/data theft nightmare
     
  16. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    I got Chromium set to Low Integrity Level through icalcs.

    it's pretty transparent in operation, the way i like it.
    Sully wrote quite a few helpful tips if you search the forums for "icalcs".
     
  17. hpmnick

    hpmnick Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    186
    I like Shadow Defender, but considering support is non-existent for the product, I don't think it can be relied upon for much longer. Eventually, a windows update or some other issue is going to come along, and render the software problematic for use. I myself used it, and noticed some very weird behavior... for instance my chrome user directory was once wiped for no apparent reason (while in shadow mode!)...

    Not sure why, but I just didn't really trust the software enough to continue using it without a developer to fix odd problems like this...

    To compensate, I put in the effort to secure things down using other tools. I use Sandboxie, along with Applocker, and I'm pretty sure it is as secure as it gets like this. Basically, I use Applocker to prohibit everything in the Sandbox folder (C:\Sandbox\ by default), and allow everything else. This way, I don't have to bother with any of that internet rights restriction crap. I turn off WEBGL in chrome (you can use their group policy templates to do this most easily), and throw everything else I use into forced programs.

    Its minimally invasive, and it works pretty well for me..
     
  18. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    if you search icalcs you see moontan's posts lol
    if you search icacls you see Sully's

    :D
     
  19. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    that's because Sully told me every thing i needed to know about that arcane knowledge. ;)
     
  20. korben

    korben Registered Member

    Joined:
    Nov 5, 2009
    Posts:
    740
    A few days ago I spotted googleclean/ chromeclean or sth I can't recall its name.. plus I haven't been able to find it on our forum...

    anyways today I made some queries which resulted in gaining further knowledge as follows

    Click&Clean is available as an addon both for Chrome and for FF
    --https://chrome.google.com/webstore/detail/ghgabhipcejejjmhhchfonmamedcbeod#--

    Some companies are even trying to capitalize on the notoriety of the browser in question, e.g. here:

    --http://www.abelssoft.net/gc.php--

    Does it make sense to use any?

    Click&Clean has the clear advantage of being totally free, but other than that... anyone?
     
  21. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,824
    Is Click and Clean the only game in town for Chrome? I've tried it but meh. Seemed a bit too bloated for my liking.
     
Loading...
Thread Status:
Not open for further replies.