Security benefits of disabling the browser cache?

I use a ramdisk but have found at least one website (forum) that will not navigate properly without memory cache device enabled in Firefox.

 

You know, I'll be honest -- I have never heard of a virus executing from the browser cache. Have you? Someone, in a post above, wrote they had found all of their crap in the browser cache. I'm sorry - I just have never seen it.

John
Luv2BSecure

 

Thanks Lynchknot,

I will keep that in mind when surfing to sites that don't work for any apparent reason.

 

Neither have I in my experience. I seem to recall a long time ago something being detected in the IE browser cache. I am not sure what it was any more, but I think it was TDS-3 that took care of it. It probably was a trojan dropper of some kind not a virus. I have read about some people who have detected one form of trojan or another in their browser cache. Sometimes the AV is able to detect it. But I don't see why a virus couldn't be delivered over a web page just as well as a trojan or spyware.

As far as malware executing from the cache, I think it happens all the time. You visit a web page and a malware component is downloaded into the browser cache and executed via some form of mobile code (Javascript, Java, ActiveX). If you had no cache, then I guess the malware component would be executed from within the browser's memory space.
Whether the mobile code is executed or not I think depends on if you enable mobile code in the browser, filter out the worst parts of the mobile code, or have a browser that doesn't permit any autoexecution or other funny business.

 

I think you're worrying too much about the TIF or "browser cache"......I honestly don't know of any malware that executes from the browser cache. Some of the other forums here at Wilders would be better able to detail the mechanics of droppers, ActiveX, Javascript, etc. Utilizing the TIF is not how it works. There are a lot of pros up in the DCS forums that can help.

All the best,

John
Luv2BSecure

.

 

Maybe I am. It could be that the malware actually executes in memory when the web page loads and that what is left in the cache is merely a trail left by what executed. My question has been answered. There are no real security benefits to disabling the browser cache. By disabling it you do gain a little in privacy and prevent accumulation of left over internet garbage. Disabling it may also affect the browser cache file scanning techniques used by some AV/AT. This last point is more appropriate for the AV/AT forums, so I will ask there.

Thank you very much Everyone for your answers and ideas!!

 

hehe, here - you can add this to the list: http://www.hardwaregeeks.com