dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
5202
share rss forum feed

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to GlennAllen

Re: Google Chrome Now the No. 1 Browser in the World

said by GlennAllen:

or just use the PortableApps.com version

? Never heard of that. But then I am a desktop person.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


GlennAllen
Sunny with highs in the 80s
Premium
join:2002-11-17
Richmond, VA
Reviews:
·Comcast
·Verizon FiOS
Not sure what you mean--all of the applications at PortableApps.com are for Windows desktop/notebook installs; they're just "portable". As such, Google Update is not part of the Chrome Portable install since it would have to be installed locally as a service.

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
Yeah, those are for using on other computers not on your own computer.


GlennAllen
Sunny with highs in the 80s
Premium
join:2002-11-17
Richmond, VA

1 recommendation

Portable apps are all I use on my own--or any--computer whenever possible, which is almost all the time.


lordpuffer
RIP lil
Premium
join:2004-09-19
Rio Rancho, NM
kudos:2
Reviews:
·CableOne
reply to ashrc4
I run Chrome on 2 Macs and a PC. Fx crashes constantly on my Macs, so I trashed it. I do though have Fx installed on my PC as my secondary browser.

But then, I'm not paranoid about Chrome like some. I think that some people are too worried about things in depth that are not worth worrying about.
--
"Panama Red Is Back In Town" - The New Riders of the Purple Sage


EGeezer
zichrona livracha
Premium
join:2002-08-04
Midwest
kudos:8
Reviews:
·Callcentric

1 edit
reply to Mele20
Portableapps.com has been around for years, but seem to be a niche product for people who want basic function and/or portable applications.

There's nothing to stop a user from using them on his own system rather than limiting them for public or guest PC use. I use portable apps on my home system.

I like the fact that I don't have update or other services for them running on my system. I can remove the USB and the app is gone.

However, cache data may still be stored on the PC for some applications. I believe that's a complaint against Iron browser..

From what I can tell from reading and experience, portable Firefox does not leave any cache data on the system.

If one wishes, one can install and run portable apps in a folder on the system rather than from a flash drive or other external device.

q.v »en.wikipedia.org/wiki/PortableApps.com


GlennAllen
Sunny with highs in the 80s
Premium
join:2002-11-17
Richmond, VA

1 recommendation

You can also enhance an application's security by installing it to a TrueCrypt drive (mount as needed)--for example, encrypted email using Thunderbird with Enigmail or using Firefox for banking etc.


DrDrew
That others may surf
Premium
join:2009-01-28
SoCal
kudos:16
reply to Mele20
said by Mele20:

Yeah, those are for using on other computers not on your own computer.

I use it on my own computer (actually multiple computers of mine since it's on a SpiderOak cloud drive) for browser testing. Makes it nice to have multiple versions can all work from a single browser folder that only had to be installed once.
--
If it's important, back it up... twice. Even 99.999% availability isn't enough sometimes.

OZO
Premium
join:2003-01-17
kudos:2
reply to Mele20
said by Mele20:

Yeah, those are for using on other computers not on your own computer.

Portable applications are for use on your own computer. Majority of applications, I use on my computers, are portable.

My definition of portable applications is simple. Portable applications don't use registry for keeping their configuration settings (they use configuration file/s in local folder) and don't dump files (logs, caches) spreading them whenever they want (e.g. in %TMP%, or APPDATA folders). Therefore, you may move them to any location on your computer or to another computer and still be able to use them as you wish. And that's why folks call them "portable", not because they're designed specifically for portable computers.

Portable applications don't need any installation procedure. Usually all you need to do is to unzip its package into a folder and start using them right away.

There are applications, that are designed to be portable from the beginning (and I like those very much) and those, that can't do it and require special environment to run in the portable mode. One of the environments that could be used to run any application in portable mode is SandboxIE (or any similar tools). Another approach is to use API, developed by developers of PortableApps.com. It does similar thing (from point of view, defined in my 2nd paragraph above). You run a launcher, that starts the actual program and program runs within that environment, which allows to keep settings in local folder(s)...

Now, you may want to know, that Chromium can be used in portable mode without running any launchers or sandboxes. The simple trick is to start it with -user-data-dir="Path" option in its command line. Then all configuration settings will be used from that folder. For example, make a shortcut like this one:
C:\Chromium\chrome.exe -user-data-dir=".\chrm" -single-process
When you click on it, shortcut will run Chromium in a single process mode and use chrm sub-folder for its configuration and caches. In registry it will make only record about its last rum time. But configuration will be kept in that folder. Then you may move C:\Chromium folder to any other place on your computer (just fix shortcut at the same time) and it will run without any changes.
--
Keep it simple, it'll become complex by itself...

55711579

join:2010-07-23
reply to ashrc4
Google Chrome is my fav browser, because it's the fastest browser I ever used.

PrivacyExprt

join:2010-09-29
Longwood, FL
reply to ashrc4
Wow, a lot of suckers out there, eh? Chrome? Scary.. Google is the Borg.


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to ashrc4
Many browsers are fighting for market share, and therefore paying more attention to their security, but popularity and security are not always equal.
A recent Accuvant study revealed that Chrome (the second most popular browser) ranks as the most secure web browser when compared to Internet Explorer (the most popular) and Firefox. Interestingly, this month the German government named Chrome the most secure browser, perhaps lending weight to the study. However, critics have pointed out that the study was commissioned by Google (creator of Chrome), and the findings may therefore be skewed.
Still, according to the study, Chrome ranks the highest in creating and putting into use new safety measures to boost its security, with Internet Explorer only slightly behind Chrome. Firefox was deemed the least secure in the study.

»blog.zonealarm.com/2012/02/which···ure.html
--
Gladiator Security Forum
»www.gladiator-antivirus.com/


therube

join:2004-11-11
Randallstown, MD
Reviews:
·Comcast
·Verizon Online DSL

3 edits
> safety measures to boost its security

What are "safety measures"?
Define "security".

> Firefox was deemed the least secure

Define "secure".

(no I'm not looking for the answer from you)

> Anti-exploitation technology

quote:
Conclusion
The URL blacklisting services offered by all three browsers will stop fewer attacks than will go
undetected. Both Google Chrome and Microsoft Internet Explorer implement state-of-the-art anti-exploitation technologies, but Mozilla Firefox lags behind without JIT hardening. While both Google
Chrome and Microsoft Internet Explorer implement the same set of anti-exploitation technologies,
Google Chrome’s plug-in security and sandboxing architectures are implemented in a more thorough
and comprehensive manner. Therefore, we believe Google Chrome is the browser that is most secured
against attack.

Well that's clear as mud. (I'm sure its explained further on & or in the additional documents.) So because of one set of criteria, "plug-in security and sandboxing architectures" Google is declared the "most secured against attack".

> We concluded the research for this paper in July 2011. Changes and updates may occur after this paper
> is released.

> Google Chrome versions 12 & 13
> Internet Explorer 9
> Firefox 5

I'll assume these were all the current versions at the time of the tests. (Why did they test both Chrome 12 & 13?)

> All targets were analyzed while running on Microsoft Windows 7 (32-bit)
(no Mac or Linux or anything else)

Seem to recall that W7 x64 may provide some "perks" not available on x32 systems (so that could be to IE's benefit)?

"Chrome uses a medium integrity broker process that manages the UI, creates low integrity processes
and further restricts capabilities by using a limited token for a more comprehensive sandbox than the
standard Windows low integrity mechanism. These processes are created for rendering tabs, hosting
plug-ins and extensions out of process and GPU acceleration. The broker process creates named pipes
for inter-process communication."

"The extensive use of sandboxing limits both the available attack surface and potential severity of
exploitation. A compromised renderer process would only have access to the current process and what
is made available through the broker process IPC mechanism. The compromised process would need a
method of privilege escalation from low integrity with a limited token in order to persist beyond the
process."

Whatever that means in the real world?

"Internet Explorer uses the “loosely coupled IE” [MSDN_LCIE] model where the UI frame and tabs are
largely independent of each other, which allows for the browser tab processes to function at low
integrity. A medium integrity broker process creates the low integrity tabs used for browsing, hosting
ActiveX controls, GPU acceleration and manages activity independent of tabs such as downloads and
toolbars."

"In the event of a crash, the tab is automatically reloaded the first time, allowing malicious content
multiple attempts to succeed, or have an unsuccessful exploit attempt go unnoticed. A tab
compromised by an exploit would have read access to the file system and any low integrity process,
including other browser tabs. The compromised process would need a method of privilege escalation
from low integrity to persist beyond the browser session."

Interesting.

"Firefox uses a single process medium integrity browser process which contains the entire browsing
session including all tabs, add-ons, GPU acceleration and more in a single address space, with the
exception of plug-ins like Flash and Silverlight. Plug-ins are hosted out of process and independent of
each other at medium integrity. A crash in the browser process would take down the entire browser and
all plug-in processes. Alternatively, a crash in a plug-in process would be isolated to that single process."

So? So the browser crashes, so what.

"A compromised browser or plug-in process would not require privilege escalation to persist beyond the
browser process."

That does sound ominous.

"A process with
a higher integrity level represents a greater value for an attacker to compromise; however; with most of
the higher integrity processes, an attacker can only interact with a very small attack surface."

"Merely compromising the browser, in some cases, is not enough
for a compromise to persist past the life of the browser process."

"URL Blacklist Services ... storing a local copy of hashed URLs in the blacklist,
and sending the hash value of a URL to a public web service for validation"

Yet they (MS) does not do anything like that for its own executables (see ... »Re: Flame: Massive cyber-attack discovered, researchers say).

They do mention that FF uses Google's URL blacklist - in the text, but it is not noted in their chart (which you would think one would be more apt to review, giving a false connotation, by not noting, in regard to FF).

(Not that I place any value in blacklists anyhow.)

> ASLR ... DEP ... /GS ... SEHOP

Too much techno talk for me.

"Chrome prevents processes in the sandbox from
doing much of anything, and even if permission is granted, it is limited to the alternate desktop.
Microsoft Internet Explorer generally allows read access to most objects on the operating system, while
only preventing a hand full of system modification changes. Mozilla Firefox, on the other hand, is only
limited by the medium integrity under which it runs; permitting read, write and system change
capabilities associated with regular, non-administrator users."

"It is apparent that the Chrome sandbox prohibits the ability of the rendering process to do much of
anything. There aren’t any easily viable ways for malware to gain persistence or communicate with the
outside world. Any permissible actions, such as hooking windows messages, are mitigated by the fact
that an alternate Windows desktop is used for rendering content. Out of the three browsers examined, it is obvious that Google Chrome has the most stringent constraints when it comes to interacting with
the operating system from a sandboxed process."

Seems so.

> Browser Add-Ons
(extensions & plugins)

Have the potential to be or are far more dangerous then the browser itself.

"Plug-ins do not run in a sandbox or with any restrictions,
besides those imposed due to not being run as administrator."

Chrome includes PDF Viewer & Flash & (I wasn't too clear, but does provide some measure of sandboxing).

--

So there whole premiss seems to be based on "sandboxing", & in that respect, it seems they have come to the right conclusion, that Chrome is the most "secure".

With IE second, & FF in last.

That is all stats & technologies.

Now real world.

Raise your hand if you've been hit by malware while using IE?
And FF? And Chrome?

I don't know the answer to that, but would be more interested in that answer then in technologies.

My thought, IE would be a clear winner - for whatever reasons.

With FF & Chrome far behind, with no real difference between the two. So at this point Chrome's "technologies", while seemingly valuable, are they actually contributing to a more secure browser experience? Probably so, but even so I would think it to be immaterial, at this point, compared against FF.

And once you're done with "technologies", there is usability. IOW, extensions in my book. Does the browser work for you or against you. Can you make the browser work more to your liking, say with an extension - even if they may be dangerous.

And now that you have your browser, & it works how you want it to, & it works for you, you've added your wanted extensions, are you able to safely go where ever you want? Porn, warez, dslreports, you name it. Afraid to go? Or boldly go where no browser has dared go before?

Then who wins? (At least per my criteria.)

For an average joe, who is just out browsing around, who doesn't concern themselves with "security", perhaps Chrome could offer the most?

(Oh, & only a passing mention in there of NoScript. No NoScript for Chrome. One day, as it is anticipated, but not yet, waiting on backend architecture from Chrome, I believe.)

Are Accuvant & MS intertwined too? (They do look to be legit, Accuvant that is . Surprisingly found no reference to them at firefox.com nor mozillazine.org?)


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
It all means if you get whacked with a badboy using Google Chrome..just close out the browser and you will find your Microsoft OS was not compromised.

In fact..those relative and friends of mine who constantly got whacked with other browser..especially IE and even ran and AV used to ring my phone off the hook with pleas to help the clean up a PC or laptop. Now that they have started using Google Chrome..and many with no AV...the call have ceased.

To me that is real world. It is also reflected in in many of the Security Cleanup forums..seen any users who use google Chrome lately who are asking for help ?
--
Gladiator Security Forum
»www.gladiator-antivirus.com/


therube

join:2004-11-11
Randallstown, MD
Reviews:
·Comcast
·Verizon Online DSL
reply to therube
Since "integrity" was brought up ...

Opening a console window (CMD) also runs conhost.exe & that runs at Medium.
Opening a console window (CMD), run as Administrator, also runs conhost.exe & (both cmd.exe & conhost.exe) use (reserves?) about 8 times the amount of memory (Working Set, not Private Bytes) as non-Admin, & provides very little in the way of information - unless you run Process Explorer as Administrator .
(I thought that to be a bit ironic.)

Most everything "system", ie, MS, runs at System level (whatever that means). Most everything else I have running runs at Medium. With exceptions of anything run as Admin, High, & the only things I have running that are Low, are Chrome & IE. (Hah! For once its better to be low then high. Let me take a few more tokes & I'll argue that point!)


therube

join:2004-11-11
Randallstown, MD
Reviews:
·Comcast
·Verizon Online DSL
reply to Name Game
If that is the case, then that is a good argument for using Chrome, especially for the lay person.

Now if Chrome can do that, why can't IE?!
(Grumbles about IE being so tightly integrated, & version (fix) upon version (fix) archived for all eternity throughout the \Windows\ morass.)

Reimer

join:2006-08-14
Toronto, ON

1 recommendation

reply to ashrc4
Chromes sandbox is stronger than IEs as noted by one of the groups that was actually able to break out of it

quote:
"Unfortunately for Microsoft, it's easier to escape the sandbox in IE than escape the sandbox in Chrome," he said while within earshot of several senior Microsoft security managers. "The IE sandbox is less restrictive and has many memory corruptions, which is not the case with the Google chrome sandbox."
»arstechnica.com/business/2012/03···contest/

As for integrity levels, if you check the dev/canary versions of Chrome, they've actually gone another step forward and instead of the Low integrity, they're now at the Untrusted integrity, except of course for the broker process.


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to therube
What all this stuff about Lay person and Average Joe.
Guess you are trying to make out all the Security Gurus who love a multitude of security app and locked down tricks and plugin like to walk on the wild side with a browser that let's the crap out there infect the OS have nothing to learn since they are "safe" and I put big quotes on the word safe...and lets not forget they also have the CD for the OS so they can always reformat and reinstall.

Keep on tweaking...if the smoke ever clears.
--
Gladiator Security Forum
»www.gladiator-antivirus.com/


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to ashrc4
Here is some breaking news for Ya...Google as a Company cares about Security..

Google is fast: reCAPTCHA defeated by 'StiltWalker', but Google issues a fix just hours before the tool was released.

FOOTNOTE:

Note: In the hours before our presentation/release, Google pushed a new version of reCAPTCHA which fully nerfs our attack.

»www.dc949.org/projects/stiltwalker/

Backgroud:
reCAPTCHA is a system originally developed at Carnegie Mellon University's main Pittsburgh campus. It uses CAPTCHA to help digitize the text of books while protecting websites from bots attempting to access restricted areas.[1] On September 16, 2009, Google acquired reCAPTCHA.[2] reCAPTCHA is currently digitizing the archives of The New York Times and books from Google Books.[3] As of 2009, twenty years of The New York Times had been digitized and the project planned to have completed the remaining years by the end of 2010.[4]
reCAPTCHA supplies subscribing websites with images of words that optical character recognition (OCR) software has been unable to read. The subscribing websites (whose purposes are generally unrelated to the book digitization project) present these images for humans to decipher as CAPTCHA words, as part of their normal validation procedures. They then return the results to the reCAPTCHA service, which sends the results to the digitization projects.
»en.wikipedia.org/wiki/ReCAPTCHA

Note :reCAPTCHA is also used in Google Maps
--
Gladiator Security Forum
»www.gladiator-antivirus.com/

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to therube
said by therube:

If that is the case, then that is a good argument for using Chrome, especially for the lay person.

Now if Chrome can do that, why can't IE?!
(Grumbles about IE being so tightly integrated, & version (fix) upon version (fix) archived for all eternity throughout the \Windows\ morass.)

It doesn't in my book. Why tell some ignorant of computers user to use the worst browser out there? Chrome takes away all your privacy and is bare bones so you have a poor experience on the net. They should be told to use Opera (as long it doesn't get sold to Facebook). Or, set up a virtual machine for them.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


Dude111
An Awesome Dude
Premium
join:2003-08-04
USA
kudos:12
reply to PrivacyExprt

 

Yes its amazing people dont care.... They have been so dumbed down its scary!!

PrivacyExprt

join:2010-09-29
Longwood, FL
reply to Name Game

Re: Google Chrome Now the No. 1 Browser in the World

said by Name Game:

It all means if you get whacked with a badboy using Google Chrome..just close out the browser and you will find your Microsoft OS was not compromised.

In fact..those relative and friends of mine who constantly got whacked with other browser..especially IE and even ran and AV used to ring my phone off the hook with pleas to help the clean up a PC or laptop. Now that they have started using Google Chrome..and many with no AV...the call have ceased.

To me that is real world. It is also reflected in in many of the Security Cleanup forums..seen any users who use google Chrome lately who are asking for help ?

I'm sure they have.. You do realize, you sound like a blatant shill, right? I mean at least be subtle about it..


MeDuZa

join:2003-06-13
Austria

1 recommendation

reply to ashrc4
quote:
Tech-savvy Internet users tend to prefer Chrome, however, due to its minimal user interface and loading speed.
That's great news. Finally most Internet users are tech-savvy. The new generation of tech-savvy Internet users prefer minimal interfaces because they hate modifying the default settings or they do it only once after installation.
The only important thing they have a use for are the back and forward arrows. Very useful indeed as they show you in which direction to navigate. Can't tell about the loading speed since as a n00b I never dared to touch this browser but starting 30 processes for 30 opened tabs sounds promising.

quote:
While StatCounter’s numbers, which are based on page-view data on 3 million websites, are often seen as a reliable barometer on browser popularity,...

Those StatCounters must be very reliable since only a few n00bs like me are filtering them among other blessings in order to reduce the number of onerous connections.
--
Reality corrupted. Reboot universe? (Y/N)


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to PrivacyExprt
Yes..they planted me in this here forum as a mole back in 2001 before the cold war between IE and fireflux...in anticipation for the day they decided to enter the fray. They promised me all the images I could handle without redirects...and a guaranteed I would not be caught on the street cam when I was watering my lawn.


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2
said by Name Game:

...and a guaranteed I would not be caught on the street cam when I was watering my lawn.

And that maybe a good thing

»www.dailymail.co.uk/news/article···ome.html
--
Don't feed trolls--it only makes them grow!


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
Not to worry..she has a deadbolt on the chastity belt if the car stops.


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2
said by Name Game:

...she has a deadbolt on the chastity belt if the car stops.

Ahh, but can it be picked?
--
Don't feed trolls--it only makes them grow!


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
With a little patience and a steaming cup of Maxwell House...Bob's your uncle !


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to ashrc4
Wow...look at all them stars.

»internet-browser-review.toptenreviews.com/


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to PrivacyExprt
said by PrivacyExprt:

I'm sure they have..

Ok..so give me a link to one since you are so sure.