On Sat, 25 Mar 2006, Dinis Cruz wrote: > 2) Given that Firefox is also build on unmanaged code, isn't Firefox as > insecure as IE and as dangerous
The use of "unmanaged code" (read: the programming language, and the style of programming prone to bugs making it possible to gain direct control over the underlying platform, i.e. the virtual CPU as implemented by the hardware and the OS running on it) is a shared weakness but there are many more aspects of the problem making it difficult to compare them. > 3) Since my assets as a user exist in user land, isn't the risk profile > of malicious unmanaged code (deployed via IE/Firefox) roughly the same > if I am running as a 'low privileged' user or as administrator? It depends. Do you run the browser under the same low-privs user you use for the rest of your business? (And do you trust your OS to enforce security restrictions among different users.) > 4) Finally, isn't the solution for the creation of secure and > trustworthy Internet Browsing environments the development of browsers > written in 100% managed and verifiable code, which execute on a secure > and very restricted Partially Trusted Environments? (under .Net, Mono or > Java). Are .Net, Mono, or Java themselves 100% managed and verifiable code? Can you create a secure environment when it is, using your own words, "impossible to create bug/vulnerability free code"? I know there have been vulns in the JRE making it possible to break out of the sandbox and similar vulns in the other environments would not suprise me. Chicken and eggs. (On the other hand, it is probably somewhat easier to fix one shared environment than to fix one million of applications. Nevertheless, we're talking about a single app here--about the web browser.) Moreover, do not forget the protection of your computer against malicious web sites is only one half of the problem. The other half is the protection of good web sites against malicious web sites. The browser itself is supposed to implement sandboxed virtual computers for "active web contents" and enforce their separation. You could compartmentalize the browser and have one sandbox for each site but I am afraid you would still need a trusted shared component to manage them. > And in my view, creating sandboxes for unmanaged code is very hard or > even impossible (at least in the current Windows Architecture), so the > only solution that I am seeing at the moment is to create sandboxes for > managed and verifiable code. I may be difficult on MS Windows. Been there, done that several times on other platforms. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation." _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
