Half a croissant, on a plate, with a sign in front of it saying '50c'
h a l f b a k e r y
Buy 1/4, get 1/4 free.

idea: add, search, annotate, link, view, overview, recent, by name, random

meta: news, help, about, links, report a problem

account: browse anonymously, or get an account and write.

user:
pass:
register,


                                                 

Web Browser in a Shell

Web browser that operates in a shell and is totally safe from viruses
  (+10, -3)
(+10, -3)
  [vote for,
against]

I'm surprised I haven't found this idea somewhere. I hope someone's already doing it!

Using existing technology, it should be possible to create a web browser application that sits in its own shell, completely separated from the underlying operating system and hardware. That'd be to prevent unwanted downloads and other exploits. It'd be like surfing the Internet wearing rubber gloves. Here's more detail:

When you launch the browser, it runs in its own memory space - its own shell with limited (or no) access to the vital functions of the OS underneath it. Think of how a user in *nix has no access to "root" functions when he's logged into a shell. The user can type as many root commands as he wants, but they'll never work.

Also, the browser creates a virtual hard drive to store things like cookies, history, cache, etc. The fact that this is a "virtual" hard drive (ramdisk, etc) is invisible to the browser and to the websites it visits.

When a website tries to download a virus / unwanted plugin into the person's computer, the virus gets written to a subdirectory of the VIRTUAL hard drive, or into its cache / temporary files folder. (Remember, the fact that the hard drive isn't real isn't known to the browser software or anyone/anything on the other side of the connection.)

This virtual hard drive is NOT accessible by the OS or by any other program. Think along the lines of PGP drive, etc. where the files of the drive are encrypted. And the browser program isn't cabable of writing anything to the REAL hard drive. NOTHING - updates, drivers, etc. (Could have a separate utility to process downloads after the fact, but that'd be another issue.) This completely eliminates hijacks, viruses, spyware, etc. from being secretly downloaded into people's computers. You'd have to totally re-install to update, but that's not such an unfamiliar concept with some software.

When the browser program is closed, the virtual "hard drive" is either encrypted or shredded and destroyed. So when a person logs back in to the program, they'll be starting with a clean slate. No tracking cookies, no invasions of privacy, no spyware, no viruses!

No faulty plug-in hijacks are possible either - Updates would have to be done from outside of the browser.

Basically this would be Lynx (http://lynx.browser.org/) but with the ability to show pictures, use a mouse, etc. Lynx is 100% safe since it can't download anything automatically, and runs in a shell (as far as I know).

If we wanted something more robust, we could take a step back and create a whole virtual desktop to emulate the hardware, and do ALL of our computing with Rubber Gloves.

So am I half-baked or will the idea fail to "rise?"

Valterra, May 29 2005

Lynx http://lynx.browser.org/
[zen_tom, May 30 2005]

Run Contiki in an Emulated C64? http://www.sics.se/...pps/webbrowser.html
Extreme 8-bit measures. [zen_tom, May 30 2005]

(?) Browsing the web SAFER (Michael Howard) http://msdn.microso.../secure01182005.asp
A method of configuring Internet Explorer so that it has fewer rights than you do when running on XP. This keeps most browser-based malware from actually accomplishing anything, while still allowing you to run other programs with full rights. [krelnik, Jun 01 2005]

Links, an alternative to Lynx http://artax.karlin....cz/~mikulas/links/
Actually, I prefer this one to Lynx. [zen_tom, Jan 05 2006]

[link]






       I've had similar ideas for virus protection (all new programs go into a protected folder), but I didn't think about applying it to the web, and I neglected to post it. :(   

       The idea seems sound. Java applets use a similar technique; everything runs on a virtual machine, but the virtual machine makes sure that the applet doesn't try to write to any disk, virtual or physical. It seems like your idea would be similar, except that you would allow writes to a virtual disk, and the security would apply to all elements on a web page, not just Java applets.   

       Recommendation: Why not have a disk image stored on the physical disk that is used to initialize the virtual disk at startup? The browser would only be allowed to modify the virtual disk, but the user (after password authentication) could copy certain items, such as an installation of a desired plugin, to the disk image. That way, the desired items (and nothing else!) could be on the virtual disk at startup.   

       The virtual desktop idea reminds me of the "Fritz-chip," a micrpchip that would make sure that the computer boots up the same way it did last time. However, it would also allow Big Brother to make sure certain programs were always running, programs that could restrict the user's freedoms. I don't think that Fritz is the way to go, but personally, I'd like to have a virtual desktop; I just don't want B.B. giving it to me.   

       Croissants to you, by the way!
Quantum_P, May 30 2005
  

       If you could create a java applet that was able to browse http - that should give you all the safety you need.   

       So, create a local page that contains the applet - open it in your regular browser, let the applet load up, and then navigate the web via the applet. All perfectly safe and sandboxed in.
zen_tom, May 30 2005
  

       Nice. Short of a virus that "recompiles" the browser, you'd be waving goodbye at the end of a session. That's only one type of virus, admittedly, but the implications of file-based virus activity that could subvert the user's normal browsing would be considerably reduced as well.
reensure, May 30 2005
  

       ** What problem does all this complication actually address? I've never had a 'virus' through a web browser, and I've used quite a few - Safari, Camino and of course Firefox **   

       It wouldn't be complicated to the user - just running a web browser!   

       I got the idea when I did a search for song lyrics and not nailed. All of those lyrics sites are riddled with popups that trip my virus scanner - VIRUS Detected! They're usually classified as a "downloader" and they're executible files (.exe) downloaded to my Temporary Internet Files.   

       What I wonder is WHY Internet Explorer allows executible files to be downloaded automatically. I know there are probably steps I could take (over and above what I've already done) to prevent it. But my idea would prevent "mainstream America" from these malicious downloads.   

       I'm kind of the unofficial resident computer geek at my office. I've cleaned up SO MUCH spyware from people's computers. We need something that prevents it in the first place.   

       I said I'm surprised this hasn't been done. I LOVE lynx because there aren't any popups, downloads, etc. But it's text only, and I needs me my pictures. ;-)
Valterra, May 30 2005
  

       *** Recommendation: Why not have a disk image stored on the physical disk that is used to initialize the virtual disk at startup? ****   

       That's an excellent idea. Also Ramdisk is a good idea, too.   

       I just followed a link to a seemingly innocuous site (I am pretty careful), and got nailed. When my Virus Scan says that it can't clean the file because it can't be moved / deleted, I feel SO confident that it's gone!   

       I'm about to move to a more expensive solution like a Thin Client (http://www.wyse.com) and completely forgo the internet on my "regular" computer.   

       We have so much to lose these days, even with backups - digital pictures, music, etc. And now these new worms go through and encrypt your files and hold them hostage. Thanks!
Valterra, May 30 2005
  

       //What I wonder is WHY Internet Explorer allows executible files to be downloaded automatically.//   

       You wonder this, you note that it's responsible for your woes, and you continue to use it...   

       If you really want to //prevent unwanted downloads and other exploits//, find a browser that doesn't do stupid things without asking and learn to use your operating system.   

       I understand if it's a work/site standard thing, but then your solution won't help anyway - you'd still have to get them to change it. If you're doing that, you might as well go with the alternatives already available.   

       This just seems like a ridiculously complicated solution. Normally, this earns a vote from me, but this isn't quite ridiculous enough.
Detly, May 30 2005
  

       I guess you misunderstand. :-) I'm suggesting that someone create a web browser that, as you said, "doesn't do stupid things without asking."   

       IS there one? If there is, I'd use it! That's my whole point! If there ISN'T one, there SHOULD BE!   

       As far as the contradiction between my complaining and my continued usage - I don't believe there's an alternative. Nobody in here has said, "Use Firefox (Opera, etc) - it's virus-proof!" So, until I hear that, I (like you) will have to continue to use "silly" weak browsers.
Valterra, May 30 2005
  

       Firefox has security exploits (apparently), but I find it infinitely better than IE. Safari has a few limitations but is also good. I haven't used Opera or Mozilla.   

       The problem is as much with an operating system that allows a single programs vulnerability to be that of the entire system. If your new browser still downloads and executes things, it doesn't matter whether the program is stored on the normal areas of the disc, or some virtual drive, or on wax paper imprinted with bumps.
Detly, May 30 2005
  

       The fly in the ointment here is that people want an easily extensible browser. A browser that won't open flash, play streaming videos or do that next thing that's around the corner will soon end up abondoned for less secure alternatives.   

       To allow a secure browser to be easily extensible either there needs to be a certification process so that new code is allowed globally as soon as it is deemed safe, or operating systems need another layer to allow untrusted code to be run safely, quickly and easily. I was hoping that Java was going to provide this layer but, as much as I like it it doesn't yet seem to have been implemenented in a way that allows it to be used quickly and easily. Not that I've seen anyway.
st3f, May 30 2005
  

       I'm in awe. I'm just going to bun...
froglet, May 30 2005
  

       You could call it "Pearl."
bristolz, May 30 2005
  

       Not sure if it does exacly what your asking of it but I have from time to time browsed the internet using using a virtual OS installed over Microsoft Virtual Machine ( I think its called that anyway, I actually forget..) just messing about but essentially I can install updates, anti-virus software, spyware, malware anything I like onto it. And (if I remember correctly) when I'm finished and close it it gives the option to save my changes to the image file it uses to boot the virtual OS in the first place. This system has many limitations, the main one being your graphics card will hate you for using it. But I'm "pretty sure" its secure. I believe a similar/ more advanced virtual OS thingy is available for linux
Cubical_View, May 30 2005
  

       Usually I just speedread the ideas about computers because it is a bit more polite then skipping them alltogether. The thing is, I don't understand them. I get a rush of pride every time I succesfully send an email to a friend. Imagine my victory dance when I manage to include an "attachment"! But I bun this one, it sounds good to me.
zeno, May 30 2005
  

       I, for one, would take a cut in features to have higher security. After all, I've used Lynx!
Valterra, May 31 2005
  

       I want Internet browsing with no network connection.
bristolz, May 31 2005
  

       You want the moon on a stick!. Possibly with jam on it.
gnomethang, May 31 2005
  

       There's a way to configure Windows XP and 2003 so that IE and Outlook have fewer rights than you do. This helps limit what browser-based malware can do. See link.
krelnik, Jun 01 2005
  

       The reason browsers have so many rights is that users want to do a lot with them and do it quickly.   

       It's pretty hard to solve this in a way that balances speed and security and provides backward compatibility.   

       Java is way to slow for this and uses too much memory (not to mention that it is "unsecure" whatever "secure" means).   

       To run fast, browsers integrate closely with the OS, for example making many system calls.   

       Note that this problem in general is getting better across the industry over time, especially in Vista/IE7. Of course, we can't say that Vista is a huge improvement wrt web security.
seriousconsult, Dec 30 2007
  

       When it comes to web browsers, 80% of people use Internet Explorer. Period. The best way to do this would be to make a kind of add-on or Internet Explorer Virtual Machine application that forces all instances of IE on a given computer to be run in said virtual space. I like your idea!
hooande, Dec 30 2007
  

       //To run fast, browsers integrate closely with the OS// Are you sure about this, [seriousconsult], or did you just read it in a press release? It doesn't square with my experience of different OS/browser combinations.   

       //80% of people use Internet Explorer. Period// Erm, I think you mean '80% and falling'. Even the 80% figure sounds a bit suspect to me. My site may not be typical, but according to my hit log, MSIE accounts for well under 50% of the traffic. Most of it comes from Mozilla/Firefox on Windows, with Mozilla/Firefox on Linux in second place.
pertinax, Jan 02 2008
  
      
[annotate]
  


 

back: main index

business  computer  culture  fashion  food  halfbakery  home  other  product  public  science  sport  vehicle