Attack code in the wild targets new (sort of) Adobe Flash vuln Security researchers from Symantec have clarified an earlier report of attack code in the wild that targets a previously unknown vulnerability in the latest version of Adobe Flash. They now say current versions of Adobe's stand-alone Flash application are vulnerable, but that updated browser plug-ins are not. At least 20,000 …
Jach's right in that those extensions to Firefox (the safer browser alternative) are good ... and they're available for Linux too, for the day when the common exploits become multi-platform. But some sites *require* scripts to work and there's increasing incidence of sites you'd expect to be trustworthy in fact harbouring malicious code.
So, I now use virtual machines (VMs) as browser appliances, i.e. I browse only within the confines of a virtual machine. The advantage, for those not across the benfits of VMs, is that I reset the VM to its original image on every use, therefore *any* changes, incuding malware infection, are blown away each session. Furthermore, I don't use extensions that might permit malware to penetrate the VM environment. If there's a realistic weakness in this strategy, I've not yet discovered it. (BTW, I import and export bookmarks via shell scripts each session and can manually transfer downloads, if any, so I do have full browsing functionality. For those that don't mind the privacy implications, you could combine a VM browser appliance with "online" bookmark storage to make things easier).
Many will be aware that if you create a VM without extensions (i.e. the safest approach), it's applications will run considerably slower than native speed. However, if you build a VM "appliance", i.e. strip the VM environment down to the absolute minimum to support say, just a web browser, then speed and resource use is quite acceptable, IMHO.
At least one VM provider makes available a ready-made "browser appliance", though I prefer to build my own ... in fact using a different VM package altogether.
For those looking for the safest browsing experience, I commend the VM browser appliance method.
@Frank, AC
I'm right with AC on this. I run VM's for all browsing and development work. It's great to test software / web pages in multiple browsers / OS's as well as protecting yourself against malware.
Start at www.vmware.com and download their (free) VM Server application. You'll be amazed at what you can do on an Intel (or indeed just about any other processor) box.
That's just starting to become a viable strategy now that multi-core machines are common. You shouldn't notice much performance impact on an up to date machine. For my work I run a huge client/server financial application, a 30 GB Oracle 11i instance and lots of little helper servers in a VMWare image on a dual core laptop; all works fine and it's not that slow so I think a little browser would be fine.
Only real concern is the disk space used by the image, with that extra copy of Windows needed to host the browser: it might be a worthwhile approach to run up a Linux VM instead as you could trim that down. No licensing issues either which I think you would have with Windows-on-VM.
why waste time, processor use and disk space for a slower experience? just use a sandbox app
hell just look for sandboxie (its free which is also a plus)
(black helicopter because i know im gonna get taken away for suggesting a simple and effective solution over a bloated unnecessary one - anathema to most IT folks)
That is about the three levels of protection you can put in to protect yourself.
In the unix world, you will often hear people warble on about the protection offered by having to use an admin account, and how by having this separation Linux is far more secure. And whilst there is some truth to this, it rather disregards the fact that user data is perhaps more precious, than the OS, to the user.
So, keeping your net applications far away from your data is a good idea, one net user of a user per net appliance, will mean that any compromise is initially contained, and it doesn't expose the crown jewels in one shot. That should give you time to detect the compromise, but of course it is not going to stop all methods.
The counter argument to the VM is compromise of the VM itself, so what you have done by using a VM is add an extra point of attack. The chroot has this problem as well to a degree, if you bust out of the chroot you have root in many cases. The browser user whilst offering the least amount of obvious protection suffers the least in increased exposure by adding security.
So, a bit swings and roundabouts here, if you have a lot of time, and you are going to monitor than the VM probably is the most secure for you. But, if you want a quick fix, then a separate user is worth considering.
I've been down that path and, though I won't claim absolute mastery of the subject matter, I've looked into those and associated areas over the last couple of years.
The Browser User is simple and permits native speed and full functionality. It offers reasonable defence against some malware (in that user processes are usually terminated on log out) but is unfortunately vulnerable to privilege escalation attack and offers no greater protection in this regard than any other user account. There is currently malware in the wild that can gain root (or administrator) privileges against an unpatched system and there have been some 'zero day' vulnerabilities along those lines.
The chroot 'jail', relevant to *nix systems, offers isolation of confined processes, but, from my own experience, is harder to setup than a VM and (according to Garfinkel, Spafford and Schwartz in 'Practical Unix and Internet Security') is easily circumvented and offers little protection against sophisticated malware. I don't have the resources to test for vulnerabilities myself.
If we were to delve deeply into the subject of virtualisation, we'd find some VM approaches offer more isolation than others, but AFAIK, pretty much all offer at least as much isolation as a chroot 'jail'.
There was also the comment above about 'bloated' VMs. They can be bloated if you make them that way, but if stripped down to the minimum, I've found them to work quite quickly. For example, my newest browser appliance uses 256M RAM and 4G disk image, loads in less than 60 seconds, has all the popular plug-ins and operates as fast (as far as the naked eye can tell) as a regular browser (I frequently forget I'm in the VM!). I run it in a Linux host on an three-year old single-core AMD64 2600+ machine with physical 1G RAM - specs that are not all that demanding in this day and age. I have read of VMs that need only 64M RAM assigned and can run entirely from RAM once booted which gives near native speed. I'm still perfecting my VMs and I think there's plenty of room for improvement.
To recap, the main advantages of the VM method, are that (without extensions, as mentioned previously) malware does not know it's in a VM, *AND*, unlike other methods mentioned above, the VM can be reset to its original image each session, thus providing a clean browser each time. Because of the 'reset to original image' approach, one does not have to do any particular monitoring - I don't.
All the talk about the plugin, when this issue affects 'only' the standalone player ("projector") version of Flash. But does this include the Flex/RIA version?
I don't suppose the issue affects older versions of the player either, rather maliciously constructed or hacked players.
Or..?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
