

Ask HN: time for an extra-secure browser? - mike47

A report on the BBC website about a new attack on internet banking (http://www.bbc.co.uk/news/technology-16812064) made me wonder if it is time for an enhanced security browser that could be used just for online banking? So for example, it would not run any Javascript, have a very strict same-origin policy, and could perhaps include some kind of built-in anti-virus. Any thoughts?
======
dsr_
Not running JS is, unfortunately, a death sentence. Too many sites
legitimately depend on it.

On the other hand, you could reasonably require a user to turn JS on for each
site that needed it.

On the gripping hand, users would complain, or automatically turn it on for
every site, or both.

~~~
mike47
Do you mean that many (most?) online banking sites use JS? Based on my bank's
online system, I don't think there is anything that could not be done without
scripts. And my suggestion (perhaps not well expressed) is that someone (e.g.
the banks themselves) develop a cut-down extra secure browser for use
exclusively with online banking websites. I am assuming that the majority of
online banking is done from customers' own home computer or tablet; obviously
this idea won't help people logging on via a shared public PC.

