Most Secure Browser: FF, Chrome, Edge?

Discussion in 'sandboxing & virtualization' started by HempOil, Dec 15, 2017.

  1. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,197
    So does Firefox. I'm not sure what you're trying to suggest :doubt:
     
  2. netbook0tr

    netbook0tr Registered Member

    Joined:
    Nov 7, 2010
    Posts:
    24
    Location:
    england
    I used Chrome for two weeks but without NoScript I don't feel safe. I switched back to Firefox 57 Quantum + NoScript 10.
     
  3. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,197
    There is uMatrix for both browsers.
     
  4. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    208
    Location:
    Some country in the European Union
    I know that Firefox isn't sandboxed to the degree Chrome is. Chrome is designed from the ground up to be sandboxed. Firefox isn't. I mean Firefox has sandbox, but it is a weak sandbox.
     
  5. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,197
    That's no longer true. This was true for the "old" Firefox - but Electrolysis laid the ground for sandboxing in the past years, and they are basically using the Chrome model.

    Did you really compare in detail the ruleset used in the Linux version of Firefox with the one used in Chrome? Unless you did, your claim is, at least, questionable. Besides, I'm sandboxing both Firefox and Chrome with Firejail anyhow which improves security in both cases considerably. This has been discussed in this thread at large.
     
  6. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    3,410
    Firefox doesn't spawn one process for each tab. According to the settings it can be set to the maximum of 7 which leads to much less used RAM (in comparison with Chrome and if a lot of tabs are opened)
    The default sandbox level ("security.sandbox.content.level") seems to be "3". I'm sure the default was lower (lower = less restrictive) in previous versions :doubt: But ok, the higher the better :)
    Firefox - sandbox level 3:
    Firefox - sandbox level 3.png
    Firefox - sandbox level 4 (maximum level):
    Firefox - sandbox level 4.png
    Chrome:
    Chrome - process - mitigations.png

    Soon Google will block third-party module injections (with some exceptions) into the chrome.exe process, which will harden it more.
    Google Chrome Plans To Block AV Module Process Injection
    https://www.wilderssecurity.com/thr...-to-block-av-module-process-injection.394120/

    Edit: small correction and addition
     
    Last edited: Jan 12, 2018
  7. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    208
    Location:
    Some country in the European Union
    But also lossens the sandbox isolation.

    Linux kernel has features such as RAM deduplication (Kernel same-page merging) and other that can decrease RAM used by Chrome.
     
  8. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,197
    Yes, in the settings menu. But in about:config you can set dom.ipc.processCount as high as you want. I've set it to 16 as I never have more tabs open.

    Hm, I wonder how useful that is if I block all 3rd-party scripts in uMatrix anyhow.
     
  9. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    2,378
    >> Soon Google will block third-party injections

    this will mean dll injections (eg antiexploit and similar)
     
  10. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    3,410
    I mean dll/module injections into chrome.exe, edited post:
     
  11. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    5,124
    Location:
    Among the gum trees
    ScriptSafe
     
  12. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    4,599
    Location:
    Nicaragua
  13. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    808
    Location:
    India
    Yes. However, i am interested if offers any benefit to uBO, if one configures it to block (Inline Script block + Medium Blocking mode), and selectively enable them.

    As far as i know, in my past experience

    ABE - Can be configured in uBO/uMatrix. See this post.
    XSS - This is an interesting aspect. How, i am not sure if uBO/uMartix are susceptible, with above configuration. The only way, it is exploitable i believe, is if one allows target scripts/frames to be allowed..
    CSRF - No Idea. Any insight is appreciated. I will read about it.
    Any insights on real world scenario or any test site, that demonstrates, if uBO/uMatrix users susceptible, i am interested to know..

    Thanks, Harsha.
     
    Last edited: Jan 13, 2018
  14. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    4,599
    Location:
    Nicaragua
    Hi Harsha, in your quote from Wikipedia, you left this out, written inmediatedly below what you quoted:

    "The NoScript extension for Firefox mitigates CSRF threats by distinguishing trusted from untrusted sites, and removing authentication & payloads from POST requests sent by untrusted sites to trusted ones. The Application Boundary Enforcer module in NoScript also blocks requests sent from internet pages to local sites (e.g. localhost), preventing CSRF attacks on local services (such as uTorrent) or routers."
    https://en.wikipedia.org/wiki/Cross-site_request_forgery#Client-side_safeguards

    By the way, FWIW, in the 9 years using NoScript, in my personal case, none of NoScript security features has interfered with normal operations on any site that is of any importance to me. So, that part that you blacked in your quote, perhaps applies to UBO but it doesn't to NoScript.

    Let me add something else, Harsha. Please read very carefully every word written by Giorgio in this sentence taken from the link I posted earlier: "The main (most visible, but not the only) features of NoScript, beside script blocking, which are not present in any other security product are:".

    See where he says, "The main (most visible, but not the only) features of NoScript...", I seen the list of security features that NoScript enforces silently in the background. Its huge.

    Bo
     
  15. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    808
    Location:
    India
    Ok, Thanks. However, i have covered that potential loop hole in my reply already. :) However, please do note that ABE can be configured in uBO. So, i am not worried on that point. Only area, where i am interested (not worried though), is what if scripts/frames are whitelisted. I wanted any real-word examples.
    Yes, with UBO, you would have to configure it once. And there is nothing after that.Also, as i take back-up. When switching the browser or re-install your existing browser, is no-hassle.;)
    I used to be NoScript & ABP user, before uBO. And to my usage, i used to get many XSS popups, if i remember correctly.

    That's what i am puzzled, and was reason i wrote my post above. Any real world scenarios, which it would have prevented, even after uBO with Medium blocking (+inline script) mode..

    With that said, i will install Noscript 10, with Global Allow all for a month, and will see if it peeps on anything..:) (Update: Have enabled Noscript, with global Allow all, let's see how it goes).
     
    Last edited: Jan 13, 2018
  16. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,197
    I see - thanks! Isn't that comparable with what Mozilla explains here?

    Okay, we can probably discuss till eternity about browser security. In any case Firefox - after its overhaul - uses basically the same security architecture as Chrome. Yes, there are subtle differences as you showed in your post above. And there is, e.g., Site Isolation as a new feature in Chrome.

    On the other hand, many critical parts in the new Firefox have been written in the Rust language with the result that whole classes of coding errors resulting in vulnerabilities (like the infamous buffer overflows) should no longer be possible in those parts of the code. This is an advantage which is not really "visible" at a glance but makes the browser inherently safer.

    How to weight all those aspects? It's difficult. In the end I would say that for users with an adblocker and/or a script blocker it doesn't make a big difference security-wise if Chrome or the new Firefox is used.

    However, one big advantage of Firefox is still its many options which improve your privacy particularly via the options introduced from the Tor Uplift Project like First-Party Isolation and fingerprinting protection. Add Containers and all those many options available, e.g., in the gHacks user.js. Most of them are not available in Chrome - and never will as Google is not interested in them at all, of course.
     
  17. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    4,599
    Location:
    Nicaragua
    I guess you installed NoScript for the Antii XSS filter. In my personal case use, I never gotten many warnings. With version 10, other than a well known and reported false positive with google search in earlier version 10, I only gotten one warning, very likely a good detection as the site I was visiting should be considered dangerous. I treat all sites with same respect and avoid prequalifying sites but by any criteria, it was a nasty site. So, very likely I was protected by the filter that time.

    Bo
     
  18. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    5,124
    Location:
    Among the gum trees
    Last edited: Jan 13, 2018
  19. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    3,410
    Not really comparable but the motivation of Mozilla/Chrome is similar (they want less crashes, less stability problems and no degradation of browser builtin security features)
    Mozilla doesn't want specific third-party applications (AV browser plugins, niche software, ...) to interact with webpages through the Accessibility Service because it might lead to degraded security or even crashes. Mozilla recommends to disable the third-party application but isn't blocking them.
    Google also wants to achieve less crashes and less stability problems, and it is doing it by preventing third-party applications (AV software, ...) from injecting its dll into chrome.exe
     
  20. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    4,599
    Location:
    Nicaragua
    Hi Krusty, right, there is no NoScript for Chrome. He sounded to me like he wants to use NoScript not just any other similar extension. I can understand that.

    By the way, this are some of the things NoScript does in the background to protect users. I dont know if any has been ported yet in NoScript 10 or what will be ported if any. Most likely if any get ported will be when Firefox 58 comes out and after.
    https://forums.informaction.com/viewtopic.php?f=10&t=5920

    Bo
     
  21. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    2,378
    tie to prove these overwhelming******
    if NS were that good why did uB and uM had such earth falling success in the past? and why took it authors so much time to re-create?
    noscript for chrome need some excellent merchandising to make users change.
     
    Last edited by a moderator: Jan 14, 2018
  22. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,978
    Location:
    The Netherlands
    Cool, didn't know about that, sounds good. But overall, I think it's safe to say that Chrome's sandbox is currently more advanced than the ones from Edge and Firefox, which makes it harder to exploit. But like I said, you pay a hefty price for it when it comes to resource usage and features, not worth it for me. Especially since I have never been hacked via Firefox, ad-blockers + third party security tools will do the job.

    Yes, very good decision by the Mozilla development team. There has to be a balance between security and usability.

    Depends on how you browse, I normally make a selection of articles that I want to read, and this may result up to 30 to 50 tabs. Chrome and Vivaldi would drain all of my RAM, and I'm not willing to buy more RAM just for a freaking browser.
     
  23. daman1

    daman1 Registered Member

    Joined:
    Mar 27, 2009
    Posts:
    1,178
    Location:
    USA, MICHIGAN
    Same here my goodness who would have 50 tabs open:rolleyes: I don't have any problems slowdowns with chrome.
     
  24. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,978
    Location:
    The Netherlands
    Actually, I think it's a bit overkill. I don't believe you need to sandbox every browser tab, I wonder what resource usage is like if you use micro-virtualization. Probably ridiculous high, and I think you can achieve the same amount of security with tools like Invincea/Sandboxie. Only for the truly paranoid ones Bromium is the best choice.
     
  25. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,197
    Yes, they are but optionally.