Sunbeltblog comments
keeping firefox up to date is of course a great idea to avoid exploits such as this, however an additional step some might want to consider taking is installing the noscript firefox extension so as to implement an a java/javascript/flash/etc whitelist...
Ahhh.... IE.. Firefox.. Is there any browsers which are 100% safe!!
Nothing is 100% safe. Ever. If people realized this then maybe this crap wouldn't be as widespread as it is. On the other hand, people still get conned by those Nigerian princes...
Nothing is 100% safe; then again, if the developers realized this and sandboxed the browser instead of letting it do whatever it wants, then maybe we would be all a little safer. But no, they can't do what a 300k application like Sandboxie does, because they can promise that THIS TIME, they REALLY fixed it. Or can they. 
sandboxes aren't 100% safe either...
A layered security appreach is not 100% safe (nothing is), but it is MUCH safer than a "no layers" approach. If the browser is exploited within the sandbox, it has to exploit the sandbox itself as well to break out. Duh.
Oh, great. The IE fans are going to have a field day with this one. -.-
yes we are 
I think an sandboxing application called Geswall is quite effective in isolating browser exploits.This program is free of charge at the time being.
You can download it at
http://www.gentlesecurity.com/
Just give it a try!
if you really want to isolate browser exploits from the rest of the system, why not simply use the vmware browser appliance vm?
Why would one want to run a whole operating system to use just a browser, kurt?
google "virtualization for security" and consider how big an attack vector the browser really is...
of course, most people will probably choose performance over security... i certainly do in this instance... simply applying a whitelist on active browser content cuts down the attack surface area of the browser a great deal all by itself...
I know what virtualization is, thanks. The question is, would I run a whole "virtualized" operating system instead of sandboxing a browser, if a browser is what I need? Or why would I want to apply a blacklist instead of sandboxing the browser?
Why does the browser have privileges that enable it to write/execute in areas THAT HAVE NOTHING TO DO WITH ITS BASIC FUNCTIONALITY?
Heh. What a wonderful thing is Least Privilege...
I spent some 6+ hours cleaning up a puter that was infected with HaxDoor and SpySheriff. The reason the computer got infected in the first place, was a mail containing a link from a friend which my wife's godson opened and followed.
If I ever get my hands on any of those punks...
"I know what virtualization is, thanks. The question is, would I run a whole "virtualized" operating system instead of sandboxing a browser, if a browser is what I need?"
the browser appliance vm is a vm dedicated to web browsing... it offers a greater degree of isolation than a sandbox does..
"Or why would I want to apply a blacklist instead of sandboxing the browser?"
blacklist? who said anything about a blacklist?
"Why does the browser have privileges that enable it to write/execute in areas THAT HAVE NOTHING TO DO WITH ITS BASIC FUNCTIONALITY?"
browsers don't have priviledges, users do... managing file system privileges on an application by application basis is next to unmanagable - there are far too many executable files alone, never mind alternative forms of programs like scripts and the macros inside office documents...
Yes, I know you said "whitelist", I mistakenly wrote "blacklist" when in fact I meant to say whitelist, sorry. 
As for "managing file system privileges on an application by application basis is next to unmanagable", yes. That's why you need to restrict filesystem (and registry) privileges only on "dangerous" and complex applications (and the modern browsers certainly are, especially based on their ridiculous security history). Sandboxing an application that doesn't even have the capability of connecting to the Internet makes very little sense.
Take OpenBSD. Did they put every single executable in a chroot environment? No. Did they put some of the dangerous ones? Yes. Do they provide "native" means of restricting system calls on applications that would never need them? Yes, systrace.
If you think an application's capabilities should always be "it should always be able to do whatever it wants at the privilege level of the user that runs it" I can't say I agree. Avoiding this is the reason why something like said chroot and systrace were invented in the first place.
By the way, I do often use the VMWare player application, but I just can't see how it should be the application of choice for one who just wants to browse the Internet. It's far too cumbersome to use for something this simple, not to mention that it provides NONE of the tools that would detect if something's been compromised inside the virtual OS in the first place. In the virtual OS, a vulnerable application has the same chances of being compromised as it has in the "real" OS. The only difference is that the malicious stuff won't expand in the real OS.
If you use the VMWare application and the browser has been exploited in the virtual OS, you are still going to lose your bank account data when you connect to your bank.
ok, recomposing the question:
'Or why would I want to apply a whitelist instead of sandboxing the browser?'
because a whitelist for active content reduces the over all attack surface area of the browser... maybe the sandbox prevents the java or javascript or whatever else is on the page from doing bad things, maybe it doesn't - but if the code doesn't get run at all then there's no opportunity for the sandbox to fail...
"As for "managing file system privileges on an application by application basis is next to unmanagable", yes. That's why you need to restrict filesystem (and registry) privileges only on "dangerous" and complex applications (and the modern browsers certainly are, especially based on their ridiculous security history). Sandboxing an application that doesn't even have the capability of connecting to the Internet makes very little sense."
then i suppose you have a solution for svchost.exe? also, although it's not true for firefox, microsoft's own browser is intimately tied to their update process - you can't limit it the way you're suggesting...
no doubt the OS could be reworked to make good advantage of this sort of technique though (i'd actually like to see it done such that no program can connect to the network unless it's in a sandbox of some kind)... but simply putting the browser and a few other apps in a sandbox isn't really going to cut it...
"By the way, I do often use the VMWare player application, but I just can't see how it should be the application of choice for one who just wants to browse the Internet."
if browsing the internet is the only thing the user wants to do then i would suggest a livecd rather than a vm... effectively setup a kiosk system that they can't screw up...
"It's far too cumbersome to use for something this simple, not to mention that it provides NONE of the tools that would detect if something's been compromised inside the virtual OS in the first place."
such tools can be installed... you aren't constrained to using just the software that the vm comes with...
"If you use the VMWare application and the browser has been exploited in the virtual OS, you are still going to lose your bank account data when you connect to your bank."
if you go back to where i originally introduced the idea you'll see i made no mention of it being able to protect against all the various attacks out there, only that it would further isolate browser exploits from the rest of the system... nothing solves all the problems, nothing is a panacea... leaking this kind of information doesn't even require the browser to be compromized, just a user who doesn't look closely enough at the tell-tale signs that s/he's not on the site s/he thinks s/he is...
"because a whitelist for active content reduces the over all attack surface area of the browser... maybe the sandbox prevents the java or javascript or whatever else is on the page from doing bad things, maybe it doesn't - but if the code doesn't get run at all then there's no opportunity for the sandbox to fail..."
There is no doubt that javascript (I'm not even considering java, most browsers don't even run that natively) is an attack vector. There is also no doubt that it's not the ONLY attack vector. The wmf vulnerability didn't use javascript, did it? Yet sandboxing would have stopped the infection (and by the way, I know this, because I've tried it with actual sandboxing software, and everything was stopped right in its tracks every time). Sandboxing is not an alternative to whitelisting, just an extra layer. Nothing is 100% safe, you said it yourself.
"then i suppose you have a solution for svchost.exe? also, although it's not true for firefox, microsoft's own browser is intimately tied to their update process - you can't limit it the way you're suggesting..."
Oh yes, Microsoft evidently doesn't know the concept of least privilege well, so... maybe that's the reason why they are indirectly responsible for 99% of the botnets around? Microsoft's Windows update is done in their browser, why shouldn't this be changed? Doesn't seem like a lot of work to me. It's not even the browser that does the actual update job, it's just a front-end. And by the way, if you still wanna do it with the browser, just turn off the sandboxing for the Windows Update site. Sheesh.
"[cut] leaking this kind of information doesn't even require the browser to be compromized, just a user who doesn't look closely enough at the tell-tale signs that s/he's not on the site s/he thinks s/he is..."
That's social engineering you're talking about. An invisible keylogger getting installed through an exploit has nothing to do with it. You can blame a user falling for a phishing scheme, you can't blame a user for not detecting an invisible keylogger that got installed because his software doesn't implement the right defense mechanisms.
They should just use Opera or IE7.
Firefox is a veeeeeeeeerry unsafe browser.
Commenting by HaloScan
