16 comments

[ 2.8 ms ] story [ 44.6 ms ] thread
... commissioned by Google.

While sandboxing is great, I judge my browser by other factors as well especially privacy protection and customisability. Edit: Spelling

While it's useful to be aware of where a study comes from, at least in this case, I more than trust Accuvant.

They're as good a team of security researchers as you're going to find.

I wasn't questioning their creditionals. The fact they supply a comprehensive report and make the data behind it available puts them leagues ahead of most. As you say it's just good to know where studies come from.
Doesn't really matter anyway, since the worst offender are always Flash & Java plugins. You should disable Java right away if you haven't done yet.
Yes, it does matter, since successfully sandboxing the processes that execute the malicious Java and Flash programs will prevent them from being able to do any damage.
This is obviously incorrect, as this study from another vendor points out the opposite: http://www.yourbrowsermatters.com/#browser-compare

Internet Explorer: 4.0 Chrome and Firefox: 2.5

That said, it does seem to acknowledge that "Does the browser extend the sandbox such that it cannot read data from parts of the system that it doesn’t have access to?" is a Chrome feature that is not in IE (of Firefox).

Seems like a thorough study:

Accuvant focused only on Chrome, IE and Firefox, leaving out Safari and others for the sake of time. It also tested the browsers only on Windows 7, 32-bit edition.

Safari's market share is notably lower than the big 3, even if they included that then why not Opera? Why not Android's browser? Why not GNU Icecat? You could play this game all day.
It's not just that Safari is excluded, but that it was only tested on Windows 7 32-bit. Why not test on at least Windows 7 64-bit? Aren't most of Intel's chips 64-bit by now (Core 2 Duo, Core iX)?

And why not Android or iOS? A quick search shows that Microsoft sold 400 million licenses of Windows 7 (32 and 64-bit combined). Apple has sold 250 million iOS devices and there have been 200 million Android devices sold.

Firefox's plugin run in containers (who know what they mean by "plugin security" anyway, does that mean click to play on java?)

and Firefox manages its own memory and has different memory segments for each tab (some kind of sandboxing).

It's also hard to argue what's industry standard in this area, and whats not, because well, there's no real industry standard. Proof of it is that the 3 leaders with close enough market shares implement different things.

Finally, where's Opera, as usual.

What you described is not sandboxing by any definition I've heard. For me to consider something "sandboxing," the thing being sandboxed must be executed with restricted privileges so that it cannot modify the surrounding system, and it cannot interact with other things being sandboxed.
[AnyBrowser] Sandboxing will make it a very secure browser. There is a program on Windows, called "SandBoxie". You can tell it to run IE in a sandbox, and what it does is intercept any of the apps drive I/O and creates a cache containing the delta of changes, but never actually allowing write to the real files. This way, if some kind of malware goes crazy in IE, simply shutting down IE is equiv to reverting to a snapshot in VMware/Virtualbox. Whatever changes were done, are definitely undone. It's funny, if you try to download a file it's kinda tricky. You have to retrieve it from the sanboxie cache because the browser can't actually write to your filesystem with sandboxie intercepting all calls. Sandboxie is also very good for those crack/keygen programs out there that turn out to be malware. If it works, you get your key... if it turns out it's malware, shutdown sandboxie and whatever it thinks it did to your machine... gone.
Kinda cool. My startup makes a sandboxing plugin for Firefox, but we plan to extend it to Chrome and IE later. Our sandbox works by doing all the browsing on a completely different computer - sort of a super sandbox.
Kinda cool. My startup makes a sandboxing plugin for Firefox, but we plan to extend it to Chrome and IE later. Our sandbox works by doing all the browsing on a completely different computer - sort of a super sandbox.
Kinda cool. My startup makes a sandboxing plugin for Firefox, but we plan to extend it to Chrome and IE later. Our sandbox works by doing all the browsing on a completely different computer - sort of a super sandbox.