Security benefits of disabling the browser cache?

Discussion in 'other security issues & news' started by Devinco, Aug 31, 2004.

Thread Status:
Not open for further replies.
  1. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi Everyone,

    With today's multi-layered attacks like dropping a malware item in the browser's cache and then executing it (or maybe modifying it in cache), does it make sense (security wise) to disable the browser's cache?
    Assuming you are on broadband of course. On dial up, you would probably need to leave the cache on to make surfing bearable.
    The idea is if the malware is not on the disk and only in the browser's memory space, it would be harder for the malicious script, applet, or activeX to execute or modify the malware. I know some browsers (any but IE and IE shells) are less likely to have such a vulnerability, but it might be a good prevention against future exploits.
    Would this idea be equally valid across browsers IE, Firefox, Opera, Mozilla?

    What do you think?
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,727
    Location:
    Texas
    I cache nothing. Browser, java, etc. Never have. That is, when I found out what cache was---- :)
     
  3. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Thanks Ronjor,

    But was it because you didn't need it (broadband), or because of the possible security benefits of not having the "malware" able to land on the hard drive?
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,727
    Location:
    Texas
    Actually, I didn't like the fact it was taking up space on my somewhat small hard drive. I still don't like "garbage files". If I can find them, they are gone! :D
     
  5. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    I have my cache, cookies and history folder on a small 25MB RAM disk. I have plenty of memory, so I don't even notice it.

    John
    Luv2BSecure
     
  6. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Thanks Ronjor.
    So it is worth it to disable the cache even if there is no security benefit. I remember on IE always having to go into Temporary Internet Files to delete the garbage just to browse better (it made it less sluggish).
    If there is any security benefit, then it would be a bonus.

    I am still curious, if anybody knows, if there is a positive security aspect to having no cache.
     
  7. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi John,

    What is the benefit of having a cache in a RAM disk?
    Is it just speedier access of cache items versus on a hard drive?
    Or is there some other reason why?
     
  8. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    I use NetCaptor as my browser (IE Shell), and it automatically deletes the Cache every time I close the browser.
     

    Attached Files:

  9. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi Dazed and Confused,

    I like the secure wipe feature of the cache on your browser.
    That would make it hard for snooping people to retrieve info from there.
     
  10. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Thanks, Devinco. :) You can configure that yourself, up to "35 Pass Gutmann Method". :eek:
     
  11. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    Hi Devinco!

    Nothing is ever written to a hard drive. It's all in the memory until I reboot or "optimize" (wipe) the memory. Once that happens, it's all gone as if it never were there in the first place. I just used the simple RAM Disk creator included with Tweak-XP Pro. I set it up and haven't thought about it in a long time - until I read this thread.

    John
    Luv2BSecure
     
  12. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    John,

    This is another reason why I like this forum so much.
    I get such diverse solutions to problems that I never would have thought of.
    The RAM disk will allow much faster access to the cache than on HD.
    From what I recall about RAM disks, they will survive a warm reboot, but not a cold reboot. They are also assigned a drive letter and operate like a HD only much faster and use up some of your RAM.

    From a security standpoint, (if there is anything to my initial question) a browser cache on a RAM disk would be just as vulnerable as a browser cache on a HD.
     
  13. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    Huh? How do you figure that?
     
  14. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    Oh, wait. I think I see what you mean. It's much more secure when talking about privacy. But you were worried about malware executing in the cache. From what I've read, you have several security tools that would stop any attack like that - or at the least alert you.

    You are right about the speed. No question about that.

    John
    Luv2BSecure
     
  15. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Well, let's say that having a browser cache would provide a place for malware to be dropped and perhaps executed or modified. I don't know if this is possible, but that is what I asked in the first post.

    So, if it was a vulnerability or a potential vulnerability, then any cache whether on a HD or a RAM disk would provide a place for the malware to be dropped.
     
  16. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    I see what you were saying - I replied above before you posted again. Sorry.
     
  17. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Yes, my primary concern was malware (privacy is just a bonus). :)
    I have been reading a few things about exploits lately. Using an alternate browser will close A LOT of holes (even SP2 will help a great deal) and other security tools would help to catch them. But the browser seems to be the main point of contact from which most malware jumps out (except for email, P2P, and IM).
    My thinking is, if it will put an extra hurdle in the way of malware authors and block them from even getting in the door, why not do it?
    I just don't know if it would make it harder for them. In theory, they would not have a fixed file located on disk (or RAM disk), it would only exist in the browser's memory space in some form. They would have to do all their evil deeds while it is in this memory space and not the file system.
     
    Last edited: Sep 1, 2004
  18. Tod A2

    Tod A2 Guest

    Absolutely--IF the malware has no place to go but there. But that sounds like one of those things that's too good to be true. And if it was that easy to avoid getting malware from web sites, the concept would be known far and wide. It would be in magazines that publish tips on Internet security, etc.

    I think, assuming you have javascript enabled, the trojan will be programed to execute in your ram, and then infiltrate your system files from there. As it's difficult to believe that it HAS to use the cache as a jumping off point. And the browser being used would be irrelavant.
     
  19. squash

    squash Guest

    I would THINK a person would be more secure... out of the all the viruses i've got from visiting websites - 100% found by the AV in the cache... BUT... it dramatically slows down internet for dial-up...

    You should weigh out the cost of the internet and the time you have wasted in your precious life... against another layer of security...

    The above was ALL in my opinion, i may be right or wrong...
     
  20. dangitall

    dangitall Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    430
    Location:
    New Hamster, USA
    A seeming advantage to having the cache in a RAM disk would be that, if you notice the malware executing, a 'hard' shutdown (via the power button) would remove the source from your machine. Yes?
     
  21. Iagree

    Iagree Guest

    I agree with Tod.

    If a exploit can force you to autoexecute a file, you are dead, whether it is dropped into the cache or not, it will happen.

    On the other hand, if the exploit does not work, all you have is the file sitting in your cache. Which is harmless as long as it is not run. Kind of like how you can have lots of virus attachments sitting in secure email clients, and yet be unharmed.
     
  22. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi Tod A2,

    Thank you for your answer. I am starting to understand it now.
     
  23. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi squash,

    If I was on dial up, then I would have the cache enabled no matter what. The performance boost is too great on dial up. I would probably try a RAM disk if I had memory to spare.
    From what I understand now, enabling or disabling a browser cache does not affect your security at all. It is more a matter of garbage collection and removal. But now that you mentioned the AV finding things in the cache I have another question:

    If you disable the browser cache, will it be more difficult for the AV to locate malware?
     
  24. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi Dangitall,

    Yes, but if you notice it executing, then it is either too late anyway or your AV or AT caught and stopped it. So a RAM disk cache wouldn't make a difference unless...

    The malware depends on the item dropped in the cache to work. In that case, a cold boot would halt its progress. Or even having no cache would work.

    But I would guess that most malware once executed (and not stopped by AV/AT) would be able to do its work very quickly and infect files beyond the cache. A cold boot would clear the cache with the initial dropped malware, but the system would already be compromised.
     
  25. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Thanks for your answer Iagree.

    Then does it hurt one's security to disable the browser cache?
    AV/AT many times detect malware in the browser cache. If you remove that form of detection (by not having a cache), does it weaken your security?
     
Loading...
Thread Status:
Not open for further replies.