Opera's security scheme?

Patching isn't stupid. Relying on patching is stupid.

Like you said, every piece of code created will have an exploit. And with each update and addon there are more and more introduced. You can NEVER hope to have a product without exploits so you need to have some kinda security scheme that accounts for this.

Chrome and IE9 have LI and sandboxing. They also patch.

All Opera does is patch. It plays cleanup with its code, but as we both agree that all software has bugs and exploits that's really a pretty trivial pursuit. It's an arms race against hackers but they only ever need one exploit.

 

Not trying to be inflammatory here, but I'm genuinely curious.

In the context of Opera's security vulnerabilities as discussed in this thread, how would Sandboxing (even with Sandboxie) not be sufficient to pick up the supposed slack on Opera's end of things?

Even if there were a huge exploit in Opera that was attacked, I can't see how Sandboxing wouldn't prevent it from delivering the payload.

Are you implying that something could escape the sandbox? Or talking more about nasties doing their thing within the sandbox?

 

In an ideal world all the applications and the OS would be safe and we would not need of security softwares. Real world is not so.

 

Are you implying that Sandboxie is one of the poorer sandboxing programs, if so, that runs contrary to almost everything that I have ever read hear at Wilders.

Acadia

 

No. I'm saying that people put far too much stock into sandboxie -- especially for browser security.

Browsers have multiple tabs so a sandbox for all of them means they can still access each other. IE9/ Chrome don't have to worry about this. Opera does.

Sandboxing isn't a catch-all.

 

yes, but since everything is sandboxed you can delete the content of the sandbox on exiting the browser and everything is gone, no?

unless we are talking about "man in the browser" attack.

i'd appreciate if you could expand a little more on the subject.

tnx m8!

 

I've never heard of man-in-the-browser attack but I can assume it's just a play on man-in-the-middle attack.

The idea between sandboxing individual tabs (purely in terms of security, not going to get into performance/ stability) is that if one browser tab is compromised the others won't be.

If all of my tabs reside in a single process then they aren't separated and a single attack is enough to gain access to every tabs information.

So if I have tab A and tab B where tab A is sensitive information and tab B is malicious code... sandboxing the two is one proven way to prevent them from intermingling. Sandboxie would not do this -- it would just put them both in the same sandbox.

This is why programs/ operating systems need to be built around security and not rely on third parties to secure them.

 

Sorry to sidetrack slightly, but what conclusion are we coming to about Opera's security overall, especially compared to Chrome & Firefox?

 

Seems like it suck...but I like the browser and use it anyway

 

I would agree with that for the most part. However, this assumes that the user is a neophyte and does not understand anything about how they might become compromised. I would never have one tab open in any browser that had sensitive infos on it, while at the same time surfing to a less than trustful site in another tab. It is asking for problems.

Including the ability of one tab in a job object to stay segregated from another is a very valid point. But isn't comparing a sandboxie to sandboxed tabs like apples and oranges? SBIE creates an environment that is segregated from the real OS, and that is its purpose. It is not meant to segregate components of an application within its environment. I agree SBIE isn't a catch all, but that isn't the point here, is it. The point is, if you are not advanced enough to know not to have a tab open with your bank infos and surfing pr0n at the same time, then nothing, including SBIE is going to help you out. Using a browser that segregates tabs would be the best choise, but if you are going to "bank and spank" at the same time (LOL), maybe you should get what you deserve

Sul.

 

Yeap!

 

Sully,

I agree that he user should be smarter than that. The fact is that you can have legit sites get attacked in another tab. How likely is this? It doesn't really matter -- it's a situation that the user should be protected from.

Yes, sandboxie and sandboxed tabs are two separate things -- if anything, that's my point. People hear "sandboxing" and think it doesn't have any subdivisions, when of course it absolutely does. There are multiple types of sandboxes.

========================

Daveski,

It seems that Opera's security is on-par with firefox's. It relies on a blacklist to prevent malicious websites. Something Chrome and IE9 both offer.

Other than that I can't really see what features it provides security-wise.

 

Yep, all too true. The term "sandbox" is used universally, and while the general definition might be something like

"an area kept separate that can be raked clean"

there are multiple technical version, for sure.

Sul.

 

LOL! Yeah, when I use Opera I can always have the extensions: WOT, NotScripts, External Scripts, VirusTotal & a good adblocker. So, it can't be that bad.

 

OK, there are some security extensions available for Opera though.

 

Not really interested in security extensions, honestly. Security is one of the few things I think needs to be built into a program -- especially a browser.