Security benefits of disabling the browser cache?

Hi Everyone,

With today's multi-layered attacks like dropping a malware item in the browser's cache and then executing it (or maybe modifying it in cache), does it make sense (security wise) to disable the browser's cache?
Assuming you are on broadband of course. On dial up, you would probably need to leave the cache on to make surfing bearable.
The idea is if the malware is not on the disk and only in the browser's memory space, it would be harder for the malicious script, applet, or activeX to execute or modify the malware. I know some browsers (any but IE and IE shells) are less likely to have such a vulnerability, but it might be a good prevention against future exploits.
Would this idea be equally valid across browsers IE, Firefox, Opera, Mozilla?

What do you think?

 

Thanks Ronjor,

But was it because you didn't need it (broadband), or because of the possible security benefits of not having the "malware" able to land on the hard drive?

 

I have my cache, cookies and history folder on a small 25MB RAM disk. I have plenty of memory, so I don't even notice it.

John
Luv2BSecure

 

Thanks Ronjor.
So it is worth it to disable the cache even if there is no security benefit. I remember on IE always having to go into Temporary Internet Files to delete the garbage just to browse better (it made it less sluggish).
If there is any security benefit, then it would be a bonus.

I am still curious, if anybody knows, if there is a positive security aspect to having no cache.

 

Hi John,

What is the benefit of having a cache in a RAM disk?
Is it just speedier access of cache items versus on a hard drive?
Or is there some other reason why?

 

I use NetCaptor as my browser (IE Shell), and it automatically deletes the Cache every time I close the browser.

 

Hi Dazed and Confused,

I like the secure wipe feature of the cache on your browser.
That would make it hard for snooping people to retrieve info from there.

 

Thanks, Devinco. You can configure that yourself, up to "35 Pass Gutmann Method".

 

Hi Devinco!

Nothing is ever written to a hard drive. It's all in the memory until I reboot or "optimize" (wipe) the memory. Once that happens, it's all gone as if it never were there in the first place. I just used the simple RAM Disk creator included with Tweak-XP Pro. I set it up and haven't thought about it in a long time - until I read this thread.

John
Luv2BSecure

 

John,

This is another reason why I like this forum so much.
I get such diverse solutions to problems that I never would have thought of.
The RAM disk will allow much faster access to the cache than on HD.
From what I recall about RAM disks, they will survive a warm reboot, but not a cold reboot. They are also assigned a drive letter and operate like a HD only much faster and use up some of your RAM.

From a security standpoint, (if there is anything to my initial question) a browser cache on a RAM disk would be just as vulnerable as a browser cache on a HD.

 

Huh? How do you figure that?

 

Oh, wait. I think I see what you mean. It's much more secure when talking about privacy. But you were worried about malware executing in the cache. From what I've read, you have several security tools that would stop any attack like that - or at the least alert you.

You are right about the speed. No question about that.

John
Luv2BSecure

 

Well, let's say that having a browser cache would provide a place for malware to be dropped and perhaps executed or modified. I don't know if this is possible, but that is what I asked in the first post.

So, if it was a vulnerability or a potential vulnerability, then any cache whether on a HD or a RAM disk would provide a place for the malware to be dropped.

 

I see what you were saying - I replied above before you posted again. Sorry.

 

Yes, my primary concern was malware (privacy is just a bonus).
I have been reading a few things about exploits lately. Using an alternate browser will close A LOT of holes (even SP2 will help a great deal) and other security tools would help to catch them. But the browser seems to be the main point of contact from which most malware jumps out (except for email, P2P, and IM).
My thinking is, if it will put an extra hurdle in the way of malware authors and block them from even getting in the door, why not do it?
I just don't know if it would make it harder for them. In theory, they would not have a fixed file located on disk (or RAM disk), it would only exist in the browser's memory space in some form. They would have to do all their evil deeds while it is in this memory space and not the file system.

 

Absolutely--IF the malware has no place to go but there. But that sounds like one of those things that's too good to be true. And if it was that easy to avoid getting malware from web sites, the concept would be known far and wide. It would be in magazines that publish tips on Internet security, etc.

I think, assuming you have javascript enabled, the trojan will be programed to execute in your ram, and then infiltrate your system files from there. As it's difficult to believe that it HAS to use the cache as a jumping off point. And the browser being used would be irrelavant.

 

I would THINK a person would be more secure... out of the all the viruses i've got from visiting websites - 100% found by the AV in the cache... BUT... it dramatically slows down internet for dial-up...

You should weigh out the cost of the internet and the time you have wasted in your precious life... against another layer of security...

The above was ALL in my opinion, i may be right or wrong...

 

A seeming advantage to having the cache in a RAM disk would be that, if you notice the malware executing, a 'hard' shutdown (via the power button) would remove the source from your machine. Yes?

 

I agree with Tod.

If a exploit can force you to autoexecute a file, you are dead, whether it is dropped into the cache or not, it will happen.

On the other hand, if the exploit does not work, all you have is the file sitting in your cache. Which is harmless as long as it is not run. Kind of like how you can have lots of virus attachments sitting in secure email clients, and yet be unharmed.

 

Hi Tod A2,

Thank you for your answer. I am starting to understand it now.

 

Hi squash,

If I was on dial up, then I would have the cache enabled no matter what. The performance boost is too great on dial up. I would probably try a RAM disk if I had memory to spare.
From what I understand now, enabling or disabling a browser cache does not affect your security at all. It is more a matter of garbage collection and removal. But now that you mentioned the AV finding things in the cache I have another question:

If you disable the browser cache, will it be more difficult for the AV to locate malware?

 

Hi Dangitall,

Yes, but if you notice it executing, then it is either too late anyway or your AV or AT caught and stopped it. So a RAM disk cache wouldn't make a difference unless...

The malware depends on the item dropped in the cache to work. In that case, a cold boot would halt its progress. Or even having no cache would work.

But I would guess that most malware once executed (and not stopped by AV/AT) would be able to do its work very quickly and infect files beyond the cache. A cold boot would clear the cache with the initial dropped malware, but the system would already be compromised.

 

Thanks for your answer Iagree.

Then does it hurt one's security to disable the browser cache?
AV/AT many times detect malware in the browser cache. If you remove that form of detection (by not having a cache), does it weaken your security?