![]() | This article is rated C-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||||||
|
This article appears to be a poorly disguished attempt to promote software like Noscript and take shots a Google Chrome for not making APIs available for Noscript to work. Weighting doees not mirror the various browers share of the market, nor reflect the other security options available to protect browsers. I've addressed some of the concerns, but there's more before that tag can be removed. Socrates2008 ( Talk) 10:25, 24 March 2012 (UTC)
[1] is an advertisement, and therefore fails WP:RELY. Socrates2008 ( Talk) 11:44, 24 March 2012 (UTC)
[2] is a vendor page that primarily exists to sell a particular product, and therefore fails WP:RELY. JoeIT ( talk) 14:19, 1 January 2019 (UTC)
Socrates2008 ( Talk) 12:37, 24 March 2012 (UTC)
Alxfarr ( Talk) 5 June 2013
I removed a number of external links to search engines. While I'm sure its useful for people to know about search engines that have good privacy policies, this is not the article where they should be linked, as whether a search engine records your searches has about zero to do with which browser you are using - Internet privacy would be more appropriate place for such links. I've kept for now the links to AdBlock/NoScript etc, but the section on these needs to be trimmed down, there is too much detail on why a particular developer of a particular piece of software isn't putting that software inside a particular browser. If you like, I could do this, but want to give MSK a chance first. Additionally, it would be great, as Socrates2008 suggests, to cover some of the other browser security issues, rather than focusing so much space on one or two scripts for Firefox. I think this is an important article, so glad there is attention being paid, but it should focus on the issues particular to browsers, and not to more generic internet exploits or generic privacy issues. -- Karl.brown ( talk) 23:53, 24 March 2012 (UTC)
This is my suggestion for a rewrite. Many of the points mentioned in the article presented a limited view of browser security. This should address most of the mentioned issues. You all will need to find additional supporting references.
Browser security is the application of Application security to web browsers to protect computer systems (and potentially networks) from harm or breaches of privacy. Browser security Browser exploit often use Mobile code technologies such as JavaScript, ActiveX, Java, or they may compromise the browser itself ref- http://www.cert.org/tech_tips/securing_browser/#features
Breaches of browser security are usually for the purpose of bypassing protections to install Malware. As computer operating systems security has been increased, attackers have had to resort to attacking the programs running on the PC's. Most often, the only service available to a remote attacker is the browser. In drive by download attacks, malicious code is uploaded to a compromised (but legitimate) website, or displayed via an advertisement. In addition, the attacker may host the code on a dedicated web server of their own. In some cases, malicious code on the webserver automatically runs and exploits a vulnerability in the web browser itself, or in plugins running within the browser. In other cases, a user is deceived into executing the code. After successful exploitation of the initial attack, the attacker may establish further, more permanent access to the system, generally by either pivoting services, or by downloading additional software to retain access.
Whilst many vulnerabilities are in the software itself and can only be prevented via keeping browser software updated with patches, ref- http://itsecurity.vermont.gov/threats/web_attacks some subcomponents of browsers such as scripting, add-ons and cookies are particularly vulnerable to attack and also need to be addressed. The US National Security Agency recommends using a web browser with sandboxing capabilities, which will contain most of the effects of exploitation to the browser itself. If using a web browser with a PDF plugin, either disable this component if not needed, or insure that the PDF runs in protected mode. The NSA also recommends disabling scripting within the browser (though this may limit functionality in many websites) by using add-ons such as NoScript(Firefox), NotScript(Chrome), or Internet Options(IE).ref- http://www.nsa.gov/ia/_files/factsheets/Best_Practices_Datasheets.pdf In addition, individuals may want to block advertisements to prevent malicious ads from being displayed. Most browsers have some form of adblocking technology or add in.
-- Sephiroth storm ( talk) 15:45, 27 March 2012 (UTC)
I rewrote hopefully broadening the scope of this article covering the issues above. It is a bit rough for now, and needs polishing. Widefox ( talk) 14:55, 11 April 2012 (UTC)
Hello fellow Wikipedians,
I have just modified one external link on Browser security. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at {{
Sourcecheck}}
).
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}}
(last update: 5 June 2024).
Cheers.— InternetArchiveBot ( Report bug) 14:16, 9 November 2016 (UTC)
Hello fellow Wikipedians,
I have just modified 2 external links on Browser security. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}}
(last update: 5 June 2024).
Cheers.— InternetArchiveBot ( Report bug) 16:26, 26 July 2017 (UTC)
![]() | This article is rated C-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||||||
|
This article appears to be a poorly disguished attempt to promote software like Noscript and take shots a Google Chrome for not making APIs available for Noscript to work. Weighting doees not mirror the various browers share of the market, nor reflect the other security options available to protect browsers. I've addressed some of the concerns, but there's more before that tag can be removed. Socrates2008 ( Talk) 10:25, 24 March 2012 (UTC)
[1] is an advertisement, and therefore fails WP:RELY. Socrates2008 ( Talk) 11:44, 24 March 2012 (UTC)
[2] is a vendor page that primarily exists to sell a particular product, and therefore fails WP:RELY. JoeIT ( talk) 14:19, 1 January 2019 (UTC)
Socrates2008 ( Talk) 12:37, 24 March 2012 (UTC)
Alxfarr ( Talk) 5 June 2013
I removed a number of external links to search engines. While I'm sure its useful for people to know about search engines that have good privacy policies, this is not the article where they should be linked, as whether a search engine records your searches has about zero to do with which browser you are using - Internet privacy would be more appropriate place for such links. I've kept for now the links to AdBlock/NoScript etc, but the section on these needs to be trimmed down, there is too much detail on why a particular developer of a particular piece of software isn't putting that software inside a particular browser. If you like, I could do this, but want to give MSK a chance first. Additionally, it would be great, as Socrates2008 suggests, to cover some of the other browser security issues, rather than focusing so much space on one or two scripts for Firefox. I think this is an important article, so glad there is attention being paid, but it should focus on the issues particular to browsers, and not to more generic internet exploits or generic privacy issues. -- Karl.brown ( talk) 23:53, 24 March 2012 (UTC)
This is my suggestion for a rewrite. Many of the points mentioned in the article presented a limited view of browser security. This should address most of the mentioned issues. You all will need to find additional supporting references.
Browser security is the application of Application security to web browsers to protect computer systems (and potentially networks) from harm or breaches of privacy. Browser security Browser exploit often use Mobile code technologies such as JavaScript, ActiveX, Java, or they may compromise the browser itself ref- http://www.cert.org/tech_tips/securing_browser/#features
Breaches of browser security are usually for the purpose of bypassing protections to install Malware. As computer operating systems security has been increased, attackers have had to resort to attacking the programs running on the PC's. Most often, the only service available to a remote attacker is the browser. In drive by download attacks, malicious code is uploaded to a compromised (but legitimate) website, or displayed via an advertisement. In addition, the attacker may host the code on a dedicated web server of their own. In some cases, malicious code on the webserver automatically runs and exploits a vulnerability in the web browser itself, or in plugins running within the browser. In other cases, a user is deceived into executing the code. After successful exploitation of the initial attack, the attacker may establish further, more permanent access to the system, generally by either pivoting services, or by downloading additional software to retain access.
Whilst many vulnerabilities are in the software itself and can only be prevented via keeping browser software updated with patches, ref- http://itsecurity.vermont.gov/threats/web_attacks some subcomponents of browsers such as scripting, add-ons and cookies are particularly vulnerable to attack and also need to be addressed. The US National Security Agency recommends using a web browser with sandboxing capabilities, which will contain most of the effects of exploitation to the browser itself. If using a web browser with a PDF plugin, either disable this component if not needed, or insure that the PDF runs in protected mode. The NSA also recommends disabling scripting within the browser (though this may limit functionality in many websites) by using add-ons such as NoScript(Firefox), NotScript(Chrome), or Internet Options(IE).ref- http://www.nsa.gov/ia/_files/factsheets/Best_Practices_Datasheets.pdf In addition, individuals may want to block advertisements to prevent malicious ads from being displayed. Most browsers have some form of adblocking technology or add in.
-- Sephiroth storm ( talk) 15:45, 27 March 2012 (UTC)
I rewrote hopefully broadening the scope of this article covering the issues above. It is a bit rough for now, and needs polishing. Widefox ( talk) 14:55, 11 April 2012 (UTC)
Hello fellow Wikipedians,
I have just modified one external link on Browser security. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at {{
Sourcecheck}}
).
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}}
(last update: 5 June 2024).
Cheers.— InternetArchiveBot ( Report bug) 14:16, 9 November 2016 (UTC)
Hello fellow Wikipedians,
I have just modified 2 external links on Browser security. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}}
(last update: 5 June 2024).
Cheers.— InternetArchiveBot ( Report bug) 16:26, 26 July 2017 (UTC)