Sign in to follow this  
David F. M.

Questions about Safe Browsing

Recommended Posts

 

 Questions about Safe Browser

 

First of all, hello everybody in Emsisoft. I hope you are all fine.

Introduction

  We all know that the dangerous threats coming from unsafe browsing are beyond description these days so there are some options to choose from given by companies other than Mozilla (Firefox), Microsoft (IE & Edge) and Google (Chrome) for the sake of using a safer browser. I have collected some information about them but I want to put my questions in safe hands to find a more trusted answer. The following ones are all respectable but I seek a definite answer to the best ones, two or three ones of all, not one because it may hard to prefer only one above all the rest.

My first question is about deciding the top browsers in the following ones:

Which browser is safer to use than the others from Commodo Browsers, Epic Privacy Browser, Yandex Browser, Tor Browser, Maxthon Cloud, Avira Scout or Firefox with Hardening extensions?

Browsers to Choose From

- Commodo Broswers [Two different versions]
 use Comodo’s SecureDNS servers for Dragon [secure surfing]
 maintains compatibility with  plug-ins, stored passwords, and favourites if desired
 incorporates a domain filtering system designed to limit exposure to problem domains of the sort used by malware

- Epic Privacy Broswer [Version 55 +]
Cookie Blocker. Cookies and trackers are eliminated after each session
Instant Proxy. proxies all searches through the firm’s own servers (no way to connect an IP address to a search), 
Secure Search. attempts to prioritise SSL connections wherever possible
useful for open Wi-Fi connections
Built-in ad blocking.
Do Not Track. does not collect data about its users and comes with excellent 
eschewing plug-ins , compatible with password manager LastPass.

- Yandex Browser [Version 17.4.1]
DNS Spoofing Protection
DNSCrypt technology = Encrypts DNS traffic
Ad blocking pornographic advertising
Protecting Wi-Fi

- Maxthon Cloud Browser [Version 5.0.3.4000]
- a totally new type of HTML5-compatible browser that wants to act as a straight replacement
- embeds claimed protection from AdBlock Plus including the (for some) contentious ‘Acceptable Ads’ technology,  
AES256 encrypted synchronisation of files to its cloud services, 
limits employee access at its end to customer data. 

- Avira Scout
integrates a no track functionality
uses Avira's database to let you know when you’re visiting dangerous web sites
make sure you’re connecting using secure connections, 
blocks unwanted scripts from running
blocks infected and phishing websites for you

- Hardened Firefox [Version 47 +] with Hardening Extensions (HTTP Everywhere + uBlock + No Script + Privacy Badger + Ghostery +  Avira Browser Safety + What Else?)

HTTP Everywhere = encryption of traffic 
uBlock = blocking all ads
No Script = prevents active scripts on websites unless you grant permission to them
Ghostery = blocks web trackers so that companies can’t track activity
Disconnect = blocks web trackers so that companies can’t track activity
Avira Browser Safety = blocks web trackers so that companies can’t track activity
Privacy Badger 

My second question is about uMatrix

Source: http://www.makeuseof.com/tag/completely-secure-11-must-have-firefox-addons-security/

uMatrix is a relative baby when compared to the rest of the addons on this list, but it’s one worth looking into if you want an edge in security. Simply put, it’s a dynamic firewall that allows you to toggle various defenses whenever you want. These firewall options show up as a colored red-and-green matrix and all you have to do is click on the features you want to toggle. It’s a bit more advanced than a straightforward blocker, but the steeper learning curve allows for more power and flexibility in the end.
 

Thank You

 

Share this post


Link to post
Share on other sites

Hello,

When it comes to surfing: keep it simple, a browser is only as safe as it's user. I'd advice against using any browser "security" that intercepts https traffic, for an explanation see here: http://blog.emsisoft.com/2017/02/09/https-interception-what-emsisoft-customers-need-to-know/

 

Choose the browser that suits you best en practice safe surfing (use an adblocker, use a password manager as alternative to using easy to guess or identical passwords), don't visit shady sites and if you're not sure about a site, scan the URL on http://www.virustotal.com

 

Personally I use Google Chrome with uBlock origin, Lastpass, and a few small add-ons that help facilitate certain routine tasks. never had any browser-related security issues.

  • Thanks 1
  • Upvote 1

Share this post


Link to post
Share on other sites
Just now, Elise said:

Hello,

When it comes to surfing: keep it simple, a browser is only as safe as it's user. I'd advice against using any browser "security" that intercepts https traffic, for an explanation see here: http://blog.emsisoft.com/2017/02/09/https-interception-what-emsisoft-customers-need-to-know/

 

Thank you for advice. The careful use and awareness play a significant role in the user's safety. However, my love to know and compare leads to me know the best. What can I do?! :(

   I was ransom-wared with Cerber in December so I dedicated tons of hours investigating the case, tech info on malware, security suites, products, safe browsers, etc. So when I investigated browsers I came to Safe Browser Comparisons and I found these and collected info from a few websites.

 

As for the article entitled  HTTPS interception: What Emsisoft customers need to know, I got the idea that HTTP interception tries to force this type of interception (= interference in connecting to websites) through detailed analysis of all user's web traffic leading to the encryption being not end-to-end (user-to-website)

         The local antivirus scan proxy has to simulate web servers perfectly down to the tiniest detail in order not to  

        weaken the encryption chain. Here is where implementation mistakes are easily made and the security

         problems described in the earlier mentioned study arise.

    As for the paper which is attached to the article, https://zakird.com/papers/https_interception.pdf, I admit that I may not be able to read it carefully to summarize it accurately. I searched the idea and found a summary here:

Study shows that poor HTTPS interception is compromising security and putting users’ data at risk

https://www.egress.com/blog/study-shows-that-poor-https-interception-is-compromising-security

Here are the findings of the same study you refereed to:

A new study has shown that HTTPS interception, the practice of decrypting and scanning HTTPS connections to monitor traffic for security vulnerabilities, is a much more common feature in security software processes than first thought.

The group of researchers behind the paper ‘The Security Impact of HTTPS Interception’ also showed that the devices and software that perform HTTPS interception also significantly reduce the protection offered by HTTPS. By terminating the existing Transport Layer Security (TLS) connection and replacing it with a weakened implementation, the overall safety of users’ data is put at risk – with potentially serious consequences.

Also here:

Alert (TA17-075A) - HTTPS Interception Weakens TLS Security

https://www.us-cert.gov/ncas/alerts/TA17-075A

I'll try to study the articles in a simple way.

 

Quote

 

Choose the browser that suits you best en practice safe surfing (use an adblocker, use a password manager as alternative to using easy to guess or identical passwords), don't visit shady sites and if you're not sure about a site, scan the URL on http://www.virustotal.com

Personally I use Google Chrome with uBlock origin, Lastpass, and a few small add-ons that help facilitate certain routine tasks. never had any browser-related security issues.


 

 

 I am a Mozilla Firefox fan so I included it at the end of the list of specially designed ones with the extensions on which I found multiple recommendations even in the Heimdal Security Blog. makeuseof, etc. 

uBlock origin is my favorite. I did not use Lastpass or other free PW Manager till now.   Unfortunately, some questions occurred to my mind:

1 - Does this apply to HTTPS Everywhere add-on? Does it spy and store / send on my web traffic?

2 - Does this apply to any or all of the above allegedly safe browsers? Which one is more authentic?

3 - Does HTTPS interception itself have a weak point in it without being targeted by security software or add-ons? 

4 - How can as an end-user with nearly zero expertise in the field of complicated securuity measures and software comparisons to test this myself?

Share this post


Link to post
Share on other sites

1) AFAIK this just will always try to use https (even if you click or type a http link), no interception is done. 

2) You'd have to check what each browser includes, but remember it is also possible to install a security solution that will install a browser add on. Any browser that allows the installation of add-ons/extensions (and thats basically any browser) can use a https filter of some sort if it is installed.

3) The following part of the article really explains this:

 

Quote

This is done by installing a traffic interception module between your browser and the target website server that proxies all traffic. As that would break the concept of HTTPS end-to-end encryption, antivirus software usually installs a new, so-called root certificate on your computer that basically helps to simulate the encrypted connection. Technically speaking, your browser only communicates with the local antivirus HTTPS proxy and its self-made certificate, and consequently all encrypted websites show up with the ‘safe’ lock symbol in the browser. The proxy then scans the decrypted traffic and connects to the actual web server encrypted again.

This concept generally works (otherwise those vendors wouldn’t have chosen it), but the main problem with that approach is that the traffic is no longer end-to-end encrypted. The local antivirus scan proxy has to simulate web servers perfectly down to the tiniest detail in order not to weaken the encryption chain. Here is where implementation mistakes are easily made and the security problems described in the earlier mentioned study arise.

4) You can't without understanding how this works, which is why it's recommended not to use any product that uses https interception unless you're sure it is safe.

  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.