How to make Chrome a even safer browser?

Since i have Shadow Defender installed, I’m thinking in drop IE9, Sandboxie and KeyScrambler and, instead, use Chrome as main browser together with Trusteer or PrevxSOL.

(I´m too lazy to keep Sandboxie start and internet restrictions updated; and i want to make internet access faster, simpler and not much less safe, it seems a little "bloated" with sandboxie and keyscrambler)

So, Trusteer or PrevxSOL should help protect against keyloggers and screenloggers, and chrome already have a internal sandbox.

Bottom line: How to make Chrome even safer? (in order to compensate the absence of Sandboxie)Thanks

 

At a very basic level, Chrome starts its parent process at Medium or High Integrity, and all tabs at a Low Integrity. This means that each web page is restricted to a Low IL while the main process is not. The sandboxed portion of Chrome is such that the web page or tab at Low IL cannot tamper with the parent program that runs at Medium or High IL. It makes for an out of the box robustness not found in any other browser, with the exception of IE if you are using UAC.

If you so choose to set the parent process to Low Integrity as well, then you effectively create a situation where Chrome can only write/modify to directories or files that are themselves at Low Integrity, and that in a default installation is not very much at all.

You might be interested in some of the command line switches for chrome that others here use, but I don't use them so cannot guide you in that direction.

Another thing you might do if so inclined is to use the Flashblock extension. I use it, and all flash content is blank until I click on it to activate it. I like it like this, even if some websites require me to click on something in order to be able to navigate the menus etc.

Sul.

 

Take a look here as well -http://www.wilderssecurity.com/showthread.php?&t=296391

 

Remember that the Prevx Safe-Online does not offer full protection to Chrome.

 

Very informative thread. But i decided to simply stick with Sandboxie, never let me down, is safe, and simple to use.

I was just trying to figure a way to remove protection layers and still remain safe... but honestly i dont need it

Thanks!

 

Make it whitelist Javascript or use NotScripts.

 

Without considering how UAC or LUA/User stuff applies, and just looking at how Chrome works, by coupling SBIE with it, you have achieved as much security as you need for that browser. Concern yourself with keeping keyloggers etc out of the sandbox and paying attention to what you execute that came from the internet (that is, what you execute outside of the sandbox that came from the internet).

Sul.

 

NotScripts isn't really all too helpful. I prefer to whitelist javascript.

From Wladimir Palant --

"It doesn't stop script execution - full stop. There isn't anything in HTML5 or otherwise that would let you do that. Instead it prevents external scripts from loading (using "beforeload" event, just like Adblock Plus) and tries some lame tricks to prevent internal scripts from executing (these tricks are trivial to bypass)."

 

If you're under Chrome, you're fairly safe as it is, if you're under Chrome+Sandboxie or some other "static" environment, whitelisting is just an extra hassle that isn't worth bothering with, imho.

 

+1.

 

The other thing to bear in mind with whitelisting sites is that it doesn't protect you if the site becomes compromised. You allow the scripts to run, and, bingo, there is scope for malware infection. This means add-ons like NoScript/NotScript aren't the panacea they claim to be in those circumstances.

 

dw426, I agree. I was simply commenting on NotScript.

Yes, TonyW, this is true. This is just pretty rare and thankfully there are other very simple methods of protection.

Want to really secure your Chrome? Just make it so it doesn't automatically start downloads. At that point, why even bother whitelisting javascript?

 

Or set your downloads directory to deny executions. Or set dowload directory to Low Integrity Level. Or set downloads directory to denied via SRP. Or force downloads directory into a sandbox.

Sul.

 

All decent ways.

 

There are a bunch of things you can do without resorting to white-lists and such nuisances. And Tony is right as well, "evil" websites are no longer the big threat. Now any website can fall victim and turn into a malware/data theft nightmare

 

I got Chromium set to Low Integrity Level through icalcs.

it's pretty transparent in operation, the way i like it.
Sully wrote quite a few helpful tips if you search the forums for "icalcs".

 

I like Shadow Defender, but considering support is non-existent for the product, I don't think it can be relied upon for much longer. Eventually, a windows update or some other issue is going to come along, and render the software problematic for use. I myself used it, and noticed some very weird behavior... for instance my chrome user directory was once wiped for no apparent reason (while in shadow mode!)...

Not sure why, but I just didn't really trust the software enough to continue using it without a developer to fix odd problems like this...

To compensate, I put in the effort to secure things down using other tools. I use Sandboxie, along with Applocker, and I'm pretty sure it is as secure as it gets like this. Basically, I use Applocker to prohibit everything in the Sandbox folder (C:\Sandbox\ by default), and allow everything else. This way, I don't have to bother with any of that internet rights restriction crap. I turn off WEBGL in chrome (you can use their group policy templates to do this most easily), and throw everything else I use into forced programs.

Its minimally invasive, and it works pretty well for me..

 

if you search icalcs you see moontan's posts lol
if you search icacls you see Sully's

 

that's because Sully told me every thing i needed to know about that arcane knowledge.

 

A few days ago I spotted googleclean/ chromeclean or sth I can't recall its name.. plus I haven't been able to find it on our forum...

anyways today I made some queries which resulted in gaining further knowledge as follows

Click&Clean is available as an addon both for Chrome and for FF
--https://chrome.google.com/webstore/detail/ghgabhipcejejjmhhchfonmamedcbeod#--

Some companies are even trying to capitalize on the notoriety of the browser in question, e.g. here:

--http://www.abelssoft.net/gc.php--

Does it make sense to use any?

Click&Clean has the clear advantage of being totally free, but other than that... anyone?

 

Is Click and Clean the only game in town for Chrome? I've tried it but meh. Seemed a bit too bloated for my liking.