Most Secure Browser: FF, Chrome, Edge?

Discussion in 'sandboxing & virtualization' started by HempOil, Dec 15, 2017.

  1. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    6,022
    my highest was ~250 tabs and quantum (v57) performed very well. while chrome start struggeling with 10 (!) because each tab = new process = lot of memory. chrome idd is a memory hog.
     
  2. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,060
    Location:
    Member state of European Union
    10 tabs and slowdown? WTF? I don't have much RAM (6 GB), but I never experienced anything like that with 10 tabs. Even on Windows.
    As I said: On Linux kernel you have Kernel same-page merging and other features (some are disabled by default) to decrease RAM usage by multi-process programs such as Chromium.
     
  3. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,563
    So currently which one at default setting has the strongest sandbox? Chrome, Edge or Firefox?
     
  4. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,060
    Location:
    Member state of European Union
    Both Edge and Chrome have quite good sandboxes. Despite the fact that in spreadsheet Edge has more positive ticks, Chrome developers have far more experience in building successful sandbox, so I still believe that Chrome's sandbox is stronger.
    That said I think that using up-to-date version of Firefox with Javascript control (uMatrix or NoScript) and sandboxie can also be really secure.
     
  5. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    225
    Location:
    Canada
    Another browser security whitepaper payed for by Google: https://cure53.de/browser-security-whitepaper.pdf
     
  6. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,541
    Chrome.
     
  7. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    225
    Location:
    Canada
    I would be willing to pay for the hardware requirements in a heartbeat. It's the software that I could never afford. I don't remember the numbers, but I spoke to a colleague who got a quote from them to install it on his organization's PC's, and it was very pricey.
     
  8. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    225
    Location:
    Canada
    On the topic of browser plugins, I recently switched browsers from FF to Chrome. I have been able to find all security/privacy-related plugins that I had on FF except for NoScript. I have substituted it with ScriptSafe and I really like it! It has the same vibe as the WebExtension version of Noscript, but also has a bunch of fingerprint and privacy protection features that I used to get separately under FF (many of which did not get converted to WebExtensions versions). So, in addition to ScriptSafe, I also run:
    • SSL Grade
    • uBlock Origin
    • VTchromizer
    • Cookie AutoDelete
    • Bitdefender TrafficLight
    • Privacy Badger
    • HTTPS Everywhere
    • Decentraleyes
    • Google search link fix
    • Ghostery
    I'm a happy camper!
     
  9. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,563
    You could enable advance mode on uBO, and use it as a replacement for NoScript
     
  10. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    225
    Location:
    Canada
    I entertained that for about a minute until I reviewed the interface. I prefer the simplicity (and added features) of ScriptSafe.
     
  11. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,289
    Location:
    Among the gum trees
    @HempOil ,
    How did you get Ghostery to work with uBO installed? I've never been able to get Ghostery to block anything.
     
  12. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    225
    Location:
    Canada
    It's probably overkill, but I figure that they don't overlap completely so I run them both. As for how, I've always run both on FF and now Chrome and never noticed any real issues. I suspect one usually acts first and takes care of most things leaving the other to sit idly by. Since moving to Chrome, I notice that it gives me some messages when one extension supersedes another. I frequently see messages of this nature from ScriptSafe, HTTPS Everywhere and Privacy Badger.
     
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,740
    Location:
    The Netherlands
    Well, you will now get micro-virtualization for free in Win 10, so that's good news.
     
  14. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    225
    Location:
    Canada
    True, but only with Pro. I have Home. :'(

    Plus, AFAIK MS is only planning on enabling Windows Defender Application Guard for Edge. I believe that Chrome has better security within the browser. However, in terms of preventing things from escaping from the browser and into the OS, I would give Edge the edge (pun intended) once MS enables WDAG (hardware-based virtualization). Of course, in a Meltdown/Spectre world, all bets are off. :mad:
     
  15. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,740
    Location:
    The Netherlands
    Good point, didn't know about that. And yes, would be cool if other browsers could also make use of Application Guard. Let's wait for Pwn2Own 2018, they will try to hack Chrome, Edge and Firefox.
     
  16. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    225
    Location:
    Canada
    It looks like MS is all-in this year with respect to Edge and WDAG (assuming someone is up to the challenge):

    Windows Defender Application Guard (WDAG) for Edge
    This target has multiple levels of success. An RCE in the Edge process within the WDAG contain earns up to $15,000. A sandbox escape from Edge within the WDAG container also earns up to $10,000. A WDAG specific escape from the WDAG container to the host OS could net up to $30,000. Finally, a general Hyper-V exploit used to escape the WDAG container to the host operating system could get the contestant up to $250,000. If someone manages to do all four of these in the same entry, the maximum payout would be $305,000.

    https://www.zerodayinitiative.com/b...rtners-with-microsoft-and-sponsored-by-vmware
     
  17. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    545
    WDAG sounds great, too bad it's currently Enterprise only and later it will be Professional/Enterprise only. What about the 95% that runs vanilla Windows 10?
     
  18. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    225
    Location:
    Canada
    BlueHat IL 2018 - Jordan Rabet - Browser Security Beyond Sandboxing
    https://www.youtube.com/watch?v=sheeWKC6CuM

     
    Last edited by a moderator: Apr 2, 2018
  19. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,209
    Location:
    U.S.A. (South)
    Never thought we would be forced to resort to a swirling collection and array of add-ons not to mention a variety of alternative browsers like Opera etc.

    Currently am watching progress to the releases of (and using) Chrome + Firefox while Edge tries to evolve. Palemoon is another alternative but for the time being FF and/or Chrome appear to be lesser targets given the right balance of add-on's security and performance is improved as well IMO in comparison.

    Can't honestly make no present determination though in offering an opinion which browser is "most" secure but that will surface from intensive testing's and results will speak for themselves. But is as usual, everyone's configuration and machine is different.
     
  20. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,101
    I have chrome installed on my linux system and it is rock solid and stable and merges with my desktop the best it can.Not certain which flags to disable though.Chrome takes advantage of the linux sandbox which is nice.
     
  21. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,162
    Location:
    Nicaragua
    That has been my security setup for the past 9 years. It works. The sharks of the internet become sardines. Regarding Sandboxe, if sandboxing the browser becomes the introduction to SBIE, and eventually the user start to sandbox other programs and activities, malware becomes part of your past. Thats my experience.

    Bo
     
  22. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,209
    Location:
    U.S.A. (South)
    Awesome reference. :D

    With FF at 59 version and having only been running it barely a week, it's fairly settled i think that this one is earned daily driver status on this end.

    Also stuffed w/ various customized extensions Umatrix/NoScript/uBlockOrigin etc. and of course Sandboxie is solid.

    Like many others enjoy, the latest modernized extensions/lists/tweaks are impressive reminders that whatever the preferred/popular Browser, there are some excellent security/privacy measures users can put right to the sharks.

    Edge is in my opinion still evolving? and it is made to be tethered into the O/S-Telemetry etc.

    Untethered independence in tandem with security-privacy is always favored priority and so ALL previous and present preferred browsers are still strictly Portable.

    Chrome is onboard but so far with my systems there is no comparison so far. But the intent is to run BOTH as a preferred choices.
     
  23. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,162
    Location:
    Nicaragua
    Really is. Let me post some examples. This pictures are from sites I visit regularly. This are bad sites but can be tamed by the power of NoScript. To be able to visit them, you have to disable Phishing and Malware Protection in Firefox, otherwise the sites get blocked. Without doing that, you ll get one of this.

    1.jpg


    On this site site, this is what I get if I disable NoScript.

    8.jpg

    All the sharks above disappear after enabling NoScript. Everyone of those ads in the picture above is malicious.

    7.jpg

    Look at this site. Horrendous.

    3.jpg

    But saddle broken by NoScript alone (I got no adblocker).

    5.jpg

    6.jpg

    Sandboxie is really just for the ride. Like a safety net, just in case.

    Bo
     
  24. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,209
    Location:
    U.S.A. (South)
    Happy camping.

    Rarely been at liberty to explore in much detail the way of Browsers like Chrome/FF until recently and am stunned at the progress!

    Very 0n Fire! those developers taking the heat/feedback from users and other resources and going full steam at putting on the clamps. Just wow.

    Thanks for those awesome screenies. Good stuff indeed NoScript etc. Am doing full browser transitions all across my own units.
     
  25. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,101
    I was having issues with firefox cookie extensions not functioning correctly and not clearing cookies when i browse away from a domain rather than a tab,other than that it is an excellent browser.
    On my system i have found chrome and palemoon to be the lightest in terms of cpu and ram usage.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.