h a l f b a k e r yThe Out-of-Focus Group.
add, search, annotate, link, view, overview, recent, by name, random
news, help, about, links, report a problem
browse anonymously,
or get an account
and write.
register,
|
|
|
Please log in.
Before you can vote, you need to register.
Please log in or create an account.
|
I'm surprised I haven't found this idea somewhere. I hope someone's already doing it!
Using existing technology, it should be possible to create a web browser application that sits in its own shell, completely separated from the underlying operating system and hardware. That'd be to prevent unwanted
downloads and other exploits. It'd be like surfing the Internet wearing rubber gloves. Here's more detail:
When you launch the browser, it runs in its own memory space - its own shell with limited (or no) access to the vital functions of the OS underneath it. Think of how a user in *nix has no access to "root" functions when he's logged into a shell. The user can type as many root commands as he wants, but they'll never work.
Also, the browser creates a virtual hard drive to store things like cookies, history, cache, etc. The fact that this is a "virtual" hard drive (ramdisk, etc) is invisible to the browser and to the websites it visits.
When a website tries to download a virus / unwanted plugin into the person's computer, the virus gets written to a subdirectory of the VIRTUAL hard drive, or into its cache / temporary files folder. (Remember, the fact that the hard drive isn't real isn't known to the browser software or anyone/anything on the other side of the connection.)
This virtual hard drive is NOT accessible by the OS or by any other program. Think along the lines of PGP drive, etc. where the files of the drive are encrypted. And the browser program isn't cabable of writing anything to the REAL hard drive. NOTHING - updates, drivers, etc. (Could have a separate utility to process downloads after the fact, but that'd be another issue.) This completely eliminates hijacks, viruses, spyware, etc. from being secretly downloaded into people's computers. You'd have to totally re-install to update, but that's not such an unfamiliar concept with some software.
When the browser program is closed, the virtual "hard drive" is either encrypted or shredded and destroyed. So when a person logs back in to the program, they'll be starting with a clean slate. No tracking cookies, no invasions of privacy, no spyware, no viruses!
No faulty plug-in hijacks are possible either - Updates would have to be done from outside of the browser.
Basically this would be Lynx (http://lynx.browser.org/) but with the ability to show pictures, use a mouse, etc. Lynx is 100% safe since it can't download anything automatically, and runs in a shell (as far as I know).
If we wanted something more robust, we could take a step back and create a whole virtual desktop to emulate the hardware, and do ALL of our computing with Rubber Gloves.
So am I half-baked or will the idea fail to "rise?"
Lynx
http://lynx.browser.org/ [zen_tom, May 30 2005]
Run Contiki in an Emulated C64?
http://www.sics.se/...pps/webbrowser.html Extreme 8-bit measures. [zen_tom, May 30 2005]
(?) Browsing the web SAFER (Michael Howard)
http://msdn.microso.../secure01182005.asp A method of configuring Internet Explorer so that it has fewer rights than you do when running on XP. This keeps most browser-based malware from actually accomplishing anything, while still allowing you to run other programs with full rights. [krelnik, Jun 01 2005]
Links, an alternative to Lynx
http://artax.karlin....cz/~mikulas/links/ Actually, I prefer this one to Lynx. [zen_tom, Jan 05 2006]
[link]
|
|
I've had similar ideas for virus
protection (all new programs go
into a protected folder), but I
didn't think about applying it to
the web, and I neglected to post it.
:( |
|
|
The idea seems sound. Java
applets use a similar technique;
everything runs on a virtual
machine, but the virtual machine
makes sure that the applet doesn't
try to write to any disk, virtual or
physical. It seems like your idea
would be similar, except that you
would allow writes to a virtual
disk, and the security would apply
to all elements on a web page, not
just Java applets. |
|
|
Recommendation: Why not have a
disk image stored on the physical
disk that is used to initialize the
virtual disk at startup? The
browser would only be allowed to
modify the virtual disk, but the
user (after password
authentication) could copy certain
items, such as an installation of a
desired plugin, to the disk image.
That way, the desired items (and
nothing else!) could be on the
virtual disk at startup. |
|
|
The virtual desktop idea reminds
me of the "Fritz-chip," a micrpchip
that would make sure that the
computer boots up the same way
it did last time. However, it would
also allow Big Brother to make
sure certain programs were always
running, programs that could
restrict the user's freedoms. I don't
think that Fritz is the way to go,
but personally, I'd like to have a
virtual desktop; I just don't want
B.B. giving it to me. |
|
|
Croissants to you, by the way! |
|
|
If you could create a java applet that was able to browse http - that should give you all the safety you need. |
|
|
So, create a local page that contains the applet - open it in your regular browser, let the applet load up, and then navigate the web via the applet. All perfectly safe and sandboxed in. |
|
|
Nice. Short of a virus that "recompiles" the browser, you'd be waving goodbye at the end of a session. That's only one type of virus, admittedly, but the implications of file-based virus activity that could subvert the user's normal browsing would be considerably reduced as well. |
|
|
** What problem does all this complication actually address? I've never had a 'virus' through a web browser, and I've used quite a few - Safari, Camino and of course Firefox ** |
|
|
It wouldn't be complicated to the user - just running a web browser! |
|
|
I got the idea when I did a search for song lyrics and not nailed. All of those lyrics sites are riddled with popups that trip my virus scanner - VIRUS Detected! They're usually classified as a "downloader" and they're executible files (.exe) downloaded to my Temporary Internet Files. |
|
|
What I wonder is WHY Internet Explorer allows executible files to be downloaded automatically. I know there are probably steps I could take (over and above what I've already done) to prevent it. But my idea would prevent "mainstream America" from these malicious downloads. |
|
|
I'm kind of the unofficial resident computer geek at my office. I've cleaned up SO MUCH spyware from people's computers. We need something that prevents it in the first place. |
|
|
I said I'm surprised this hasn't been done. I LOVE lynx because there aren't any popups, downloads, etc. But it's text only, and I needs me my pictures. ;-) |
|
|
*** Recommendation: Why not have a disk image stored on the physical disk that is used to initialize the virtual disk at startup? **** |
|
|
That's an excellent idea. Also Ramdisk is a good idea, too. |
|
|
I just followed a link to a seemingly innocuous site (I am pretty careful), and got nailed. When my Virus Scan says that it can't clean the file because it can't be moved / deleted, I feel SO confident that it's gone! |
|
|
I'm about to move to a more expensive solution like a Thin Client (http://www.wyse.com) and completely forgo the internet on my "regular" computer. |
|
|
We have so much to lose these days, even with backups - digital pictures, music, etc. And now these new worms go through and encrypt your files and hold them hostage. Thanks! |
|
|
//What I wonder is WHY Internet Explorer allows executible files to be downloaded automatically.// |
|
|
You wonder this, you note that it's responsible for your woes, and you continue to use it... |
|
|
If you really want to //prevent unwanted downloads and other exploits//, find a browser that doesn't do stupid things without asking and learn to use your operating system. |
|
|
I understand if it's a work/site standard thing, but then your solution won't help anyway - you'd still have to get them to change it. If you're doing that, you might as well go with the alternatives already available. |
|
|
This just seems like a ridiculously complicated solution. Normally, this earns a vote from me, but this isn't quite ridiculous enough. |
|
|
I guess you misunderstand. :-) I'm suggesting that someone create a web browser that, as you said, "doesn't do stupid things without asking." |
|
|
IS there one? If there is, I'd use it! That's my whole point! If there ISN'T one, there SHOULD BE! |
|
|
As far as the contradiction between my complaining and my continued usage - I don't believe there's an alternative. Nobody in here has said, "Use Firefox (Opera, etc) - it's virus-proof!" So, until I hear that, I (like you) will have to continue to use "silly" weak browsers. |
|
|
Firefox has security exploits (apparently), but I find it infinitely better than IE. Safari has a few limitations but is also good. I haven't used Opera or Mozilla. |
|
|
The problem is as much with an operating system that allows a single programs vulnerability to be that of the entire system. If your new browser still downloads and executes things, it doesn't matter whether the program is stored on the normal areas of the disc, or some virtual drive, or on wax paper imprinted with bumps. |
|
|
The fly in the ointment here is that
people want an easily extensible
browser. A browser that won't open
flash, play streaming videos or do that
next thing that's around the corner will
soon end up abondoned for less secure
alternatives. |
|
|
To allow a secure browser to be easily
extensible either there needs to be a
certification process so that new code is
allowed globally as soon as it is deemed
safe, or operating systems need another
layer to allow untrusted code to be run
safely, quickly and easily. I was hoping
that Java was going to provide this layer
but, as much as I like it it doesn't yet
seem to have been implemenented in a
way that allows it to be used quickly
and easily. Not that I've seen anyway. |
|
|
I'm in awe. I'm just going to bun... |
|
|
You could call it "Pearl." |
|
|
Not sure if it does exacly what your asking of it but I have from time to time browsed the internet using using a virtual OS installed over Microsoft Virtual Machine ( I think its called that anyway, I actually forget..) just messing about but essentially I can install updates, anti-virus software, spyware, malware anything I like onto it. And (if I remember correctly) when I'm finished and close it it gives the option to save my changes to the image file it uses to boot the virtual OS in the first place. This system has many limitations, the main one being your graphics card will hate you for using it. But I'm "pretty sure" its secure. I believe a similar/ more advanced virtual OS thingy is available for linux |
|
|
Usually I just speedread the ideas about computers because it is a bit more polite then skipping them alltogether. The thing is, I don't understand them. I get a rush of pride every time I succesfully send an email to a friend. Imagine my victory dance when I manage to include an "attachment"! But I bun this one, it sounds good to me. |
|
|
I, for one, would take a cut in features to have higher security. After all, I've used Lynx! |
|
|
I want Internet browsing with no network connection. |
|
|
You want the moon on a stick!. Possibly with jam on it. |
|
|
There's a way to configure Windows XP and 2003 so that IE and Outlook have fewer rights than you do. This helps limit what browser-based malware can do. See link. |
|
|
The reason browsers have so many rights is that users want to do a lot with them and do it quickly. |
|
|
It's pretty hard to solve this in a way that balances speed and security and provides backward compatibility. |
|
|
Java is way to slow for this and uses too much memory (not to mention that it is "unsecure" whatever "secure" means). |
|
|
To run fast, browsers integrate closely with the OS, for example making many system calls. |
|
|
Note that this problem in general is getting better across the industry over time, especially in Vista/IE7. Of course, we can't say that Vista is a huge improvement wrt web security. |
|
|
When it comes to web browsers, 80% of people use Internet Explorer. Period. The best way to do this would be to make a kind of add-on or Internet Explorer Virtual Machine application that forces all instances of IE on a given computer to be run in said virtual space. I like your idea! |
|
|
//To run fast, browsers integrate closely with the OS// Are you sure about this, [seriousconsult], or did you just read it in a press release? It doesn't square with my experience of different OS/browser combinations. |
|
|
//80% of people use Internet Explorer. Period// Erm, I think you mean '80% and falling'. Even the 80% figure sounds a bit suspect to me. My site may not be typical, but according to my hit log, MSIE accounts for well under 50% of the traffic. Most of it comes from Mozilla/Firefox on Windows, with Mozilla/Firefox on Linux in second place. |
|
| |