Re: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code

["Pavel Kankovsky" <peak () argo troja mff cuni cz>]

On Sat, 25 Mar 2006, Dinis Cruz wrote:

> 2) Given that Firefox is also build on unmanaged code, isn't Firefox as
> insecure as IE and as dangerous

The use of "unmanaged code" (read: the programming language, and the style
of programming prone to bugs making it possible to gain direct control
over the underlying platform, i.e. the virtual CPU as implemented by the
hardware and the OS running on it) is a shared weakness but there are many 
more aspects of the problem making it difficult to compare them.

> 3) Since my assets as a user exist in user land, isn't the risk profile
> of malicious unmanaged code (deployed via IE/Firefox) roughly the same
> if I am running as a 'low privileged' user or as administrator?

It depends. Do you run the browser under the same low-privs user you use 
for the rest of your business? (And do you trust your OS to enforce 
security restrictions among different users.)

> 4) Finally, isn't the solution for the creation of secure and
> trustworthy Internet Browsing environments the development of browsers
> written in 100% managed and verifiable code, which execute on a secure
> and very restricted Partially Trusted Environments? (under .Net, Mono or
> Java).

Are .Net, Mono, or Java themselves 100% managed and verifiable code?
Can you create a secure environment when it is, using your own words,
"impossible to create bug/vulnerability free code"? I know there have been
vulns in the JRE making it possible to break out of the sandbox and
similar vulns in the other environments would not suprise me.

Chicken and eggs. (On the other hand, it is probably somewhat easier to 
fix one shared environment than to fix one million of applications.
Nevertheless, we're talking about a single app here--about the web 
browser.)

Moreover, do not forget the protection of your computer against malicious
web sites is only one half of the problem. The other half is the
protection of good web sites against malicious web sites. The browser
itself is supposed to implement sandboxed virtual computers for "active 
web contents" and enforce their separation.

You could compartmentalize the browser and have one sandbox for each site
but I am afraid you would still need a trusted shared component to manage
them.

> And in my view, creating sandboxes for unmanaged code is very hard or
> even impossible (at least in the current Windows Architecture), so the
> only solution that I am seeing at the moment is to create sandboxes for
> managed and verifiable code.

I may be difficult on MS Windows. Been there, done that several times on
other platforms.

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/