On Sat, 25 Mar 2006, Dinis Cruz wrote:
2) Given that Firefox is also build on unmanaged code, isn't Firefox as
insecure as IE and as dangerous
The use of "unmanaged code" (read: the programming language, and the style
of programming prone to bugs making it possible to gain direct control
over the underlying platform, i.e. the virtual CPU as implemented by the
hardware and the OS running on it) is a shared weakness but there are many
more aspects of the problem making it difficult to compare them.
3) Since my assets as a user exist in user land, isn't the risk profile
of malicious unmanaged code (deployed via IE/Firefox) roughly the same
if I am running as a 'low privileged' user or as administrator?
It depends. Do you run the browser under the same low-privs user you use
for the rest of your business? (And do you trust your OS to enforce
security restrictions among different users.)
4) Finally, isn't the solution for the creation of secure and
trustworthy Internet Browsing environments the development of browsers
written in 100% managed and verifiable code, which execute on a secure
and very restricted Partially Trusted Environments? (under .Net, Mono or
Java).
Are .Net, Mono, or Java themselves 100% managed and verifiable code?
Can you create a secure environment when it is, using your own words,
"impossible to create bug/vulnerability free code"? I know there have been
vulns in the JRE making it possible to break out of the sandbox and
similar vulns in the other environments would not suprise me.
Chicken and eggs. (On the other hand, it is probably somewhat easier to
fix one shared environment than to fix one million of applications.
Nevertheless, we're talking about a single app here--about the web
browser.)
Moreover, do not forget the protection of your computer against malicious
web sites is only one half of the problem. The other half is the
protection of good web sites against malicious web sites. The browser
itself is supposed to implement sandboxed virtual computers for "active
web contents" and enforce their separation.
You could compartmentalize the browser and have one sandbox for each site
but I am afraid you would still need a trusted shared component to manage
them.
And in my view, creating sandboxes for unmanaged code is very hard or
even impossible (at least in the current Windows Architecture), so the
only solution that I am seeing at the moment is to create sandboxes for
managed and verifiable code.
I may be difficult on MS Windows. Been there, done that several times on
other platforms.
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
