

Google Chrome harder to hack than other browsers - yaakov
http://blogs.zdnet.com/Google/?p=1334

======
jgrahamc
Actually, if you read all the way to the end of the article it says that it
wasn't too challenging. The other browsers were just easier.

~~~
gwc
Yes, that is the jist of the last sentence. However that was clearly not the
message the bulk of the post was intending to express:

 _He_ [Charlie Miller] _did mention, in his interview with Ryan Naraine, that
Chrome was pretty much in another league. Their 'sandbox' makes it extremely
difficult to exploit_

~~~
stcredzero
Two hikers are running from a grizzly. One of them asks, "Do you really think
we can outrun the bear?" The other says, "No, but I think I can outrun you!"

~~~
PStamatiou
My CS professor told us that before our final exam. :-)

------
dryicerx
This is the trend with anything that comes out.

The Hack-ability tends to be directly proportional to it's popularity. Nothing
has been ever built that was 100% secure (if you did, more power to you). My
point is, the the more popular something gets, more minds will be focused on
it to break it, and more information be available publicly regarding possible
attack vectors, and eventually it will break.

Chrome is a new player, people haven't had much time to play with it, or the
motivation to since it doesn't have as much market share at the moment.

~~~
briansmith
I think Chrome and IE are both on track to become _proved-secure_. I think
they are both close to being able to use automatic tools to prove that malware
cannot get out of the sandbox without an operating-system exploit.

Microsoft seems to be working on a provably-secure micro-kernel for Windows.
In a few years they will be able to legitamately claim that privilege
escalation is literally impossible without the user's consent. That is such a
big and expensive task that I'm not sure their mainstream competitors will be
able to match that claim in any reasonable time frame (except maybe Symbian,
because it already has a micro-kernel architecture).

After that, security on Windows will be all about UI. How can we prevent
programs from tricking the user into letting them do something bad. How can we
prevent programs from doing bad things without the user knowing? How can the
user be sure that a program will not violate his privacy? How can the user be
sure that a program won't cause data loss?

~~~
stcredzero
_How can the user be sure that a program won't cause data loss?_

An easy way to do it: never delete anything. This isn't too different than my
OS X setup at home with Time Machine. I have exceptions set up for things like
my VirtualBox images and movies. A more advanced system that can keep deltas
of binary data would be even better. A solution designed for the clueless end-
user would have some sort of function that would automatically keep less
frequent backups for larger files.

Run out of room? The salesperson talks you into a hard-drive upgrade. HP,
Dell, and Apple would be happy about this!

More accurately, never _completely_ delete anything. The system would always
keep around at least one version of everything. Yes, this would mean that
secure delete is impossible, but this sort of system is for the casual home
user. If you need secure delete, use a different system. If you are doing
esoteric things with lots of large files, use a different system.

~~~
briansmith
That is very similar to what Windows Vista does with "Previous Versions",
except "Previous Versions" automatically gets rid of old versions when disk
space gets low.

------
briansmith
What makes the Google Chrome sandbox better than the IE7 sandbox or the IE8
sandbox? AFAICT, they are all using the same techniques.

~~~
tptacek
Chrome is process-per-tab; there's architecturally almost no shared state
between two different render contexts. Contrast that with Firefox, where
there's a application-layer permeable membrane connecting content-driven code
to browser core state.

~~~
briansmith
I understand how process-per-tab protects against cross-domain attacks. In
protecting against cross-domain attacks, Chrome's architecture is safer than
IE's since IE will often put multiple tabs in the same process. But, I don't
think the number of tabs per process has an effect in the ability to prevent
exploits of the local system.

The feature of Chrome and IE Protected Mode that protects against local
expoits is basically the same. There is a "main" process that has access to
the local system (files, registry, other processes). And, there are some
"sandboxed" processes that do not have access to the local system except for a
communication channel to the main process. Any time these browsers interpret
some input from the internet, they do so only in the sandboxed processes. The
only way a sandboxed process can access local resources is by asking the main
process to give it the local resource through the communication channel. The
main process asks the user to approve the request before accessing the local
resource on behalf of the sandboxed process. As long as the main process
implements its side of this communication channel correctly, there is no way
for malicious web content to break out of the sandbox. That is the case
whether there is one tab per process or more than one tab per process.

~~~
tptacek
They're different threat models.

Vista Protected Mode (IIRC, it only works on Vista, because of XP's session
security flaw) is like privsep SSH. It's primary job is to keep malware from
persisting.

On Windows, my understanding is that Chrome Sandboxes do the same thing. But
what the process-per-tab model is most notable for is defending against cross-
domain attacks. Which, if you ask me --- and I'm a Microsoft booster --- is
the more important threat model. Browser-resident malware is where we're
headed.

------
Kejistan
A linkbait headline and half of the article is quotes. Is this really news
material?

~~~
alecco
The original interview was news. <http://blogs.zdnet.com/security/?p=2941>

@ <http://news.ycombinator.com/item?id=524349>

