I wasn't questioning their creditionals. The fact they supply a comprehensive report and make the data behind it available puts them leagues ahead of most. As you say it's just good to know where studies come from.
Yes, it does matter, since successfully sandboxing the processes that execute the malicious Java and Flash programs will prevent them from being able to do any damage.
That said, it does seem to acknowledge that "Does the browser extend the sandbox such that it cannot read data from parts of the system that it doesn’t have access to?" is a Chrome feature that is not in IE (of Firefox).
Accuvant focused only on Chrome, IE and Firefox, leaving out Safari and others for the sake of time. It also tested the browsers only on Windows 7, 32-bit edition.
Safari's market share is notably lower than the big 3, even if they included that then why not Opera? Why not Android's browser? Why not GNU Icecat? You could play this game all day.
It's not just that Safari is excluded, but that it was only tested on Windows 7 32-bit. Why not test on at least Windows 7 64-bit? Aren't most of Intel's chips 64-bit by now (Core 2 Duo, Core iX)?
And why not Android or iOS? A quick search shows that Microsoft sold 400 million licenses of Windows 7 (32 and 64-bit combined). Apple has sold 250 million iOS devices and there have been 200 million Android devices sold.
Firefox's plugin run in containers (who know what they mean by "plugin security" anyway, does that mean click to play on java?)
and Firefox manages its own memory and has different memory segments for each tab (some kind of sandboxing).
It's also hard to argue what's industry standard in this area, and whats not, because well, there's no real industry standard. Proof of it is that the 3 leaders with close enough market shares implement different things.
What you described is not sandboxing by any definition I've heard. For me to consider something "sandboxing," the thing being sandboxed must be executed with restricted privileges so that it cannot modify the surrounding system, and it cannot interact with other things being sandboxed.
[AnyBrowser] Sandboxing will make it a very secure browser.
There is a program on Windows, called "SandBoxie". You can tell it to run IE in a sandbox, and what it does is intercept any of the apps drive I/O and creates a cache containing the delta of changes, but never actually allowing write to the real files.
This way, if some kind of malware goes crazy in IE, simply shutting down IE is equiv to reverting to a snapshot in VMware/Virtualbox. Whatever changes were done, are definitely undone.
It's funny, if you try to download a file it's kinda tricky. You have to retrieve it from the sanboxie cache because the browser can't actually write to your filesystem with sandboxie intercepting all calls.
Sandboxie is also very good for those crack/keygen programs out there that turn out to be malware. If it works, you get your key... if it turns out it's malware, shutdown sandboxie and whatever it thinks it did to your machine... gone.
Kinda cool. My startup makes a sandboxing plugin for Firefox, but we plan to extend it to Chrome and IE later. Our sandbox works by doing all the browsing on a completely different computer - sort of a super sandbox.
Kinda cool. My startup makes a sandboxing plugin for Firefox, but we plan to extend it to Chrome and IE later. Our sandbox works by doing all the browsing on a completely different computer - sort of a super sandbox.
Kinda cool. My startup makes a sandboxing plugin for Firefox, but we plan to extend it to Chrome and IE later. Our sandbox works by doing all the browsing on a completely different computer - sort of a super sandbox.
16 comments
[ 2.8 ms ] story [ 44.6 ms ] threadWhile sandboxing is great, I judge my browser by other factors as well especially privacy protection and customisability. Edit: Spelling
They're as good a team of security researchers as you're going to find.
Internet Explorer: 4.0 Chrome and Firefox: 2.5
That said, it does seem to acknowledge that "Does the browser extend the sandbox such that it cannot read data from parts of the system that it doesn’t have access to?" is a Chrome feature that is not in IE (of Firefox).
Accuvant focused only on Chrome, IE and Firefox, leaving out Safari and others for the sake of time. It also tested the browsers only on Windows 7, 32-bit edition.
And why not Android or iOS? A quick search shows that Microsoft sold 400 million licenses of Windows 7 (32 and 64-bit combined). Apple has sold 250 million iOS devices and there have been 200 million Android devices sold.
and Firefox manages its own memory and has different memory segments for each tab (some kind of sandboxing).
It's also hard to argue what's industry standard in this area, and whats not, because well, there's no real industry standard. Proof of it is that the 3 leaders with close enough market shares implement different things.
Finally, where's Opera, as usual.