Thursday, September 1, 2011

Google Chrome Browser Security Features

Chrome use a different technology from Internet explorer. They both built on open source code from other platforms. Chrome browser is based on the open-source Webkit engine, which is an open-source web browser layout engine developed by the WebKit Foundation. Firefox is based on the open source Gecko engine, which is a layout engine currently developed by Mozilla Corporation.

For now the most popular alternative to Internet explorer is Firefox. I have a lot of respect to Mozilla and the open source community, but when I have tried to use Firefox 3.5 I had a frustrating experience. It has kept crashing down on me, crashing my PC along with it.

As result of this experience I have decided to give Google Chrome a chance. Google Company has stated in many occasions that Chrome browser has innovative security features.

When investigating these announcements I have noticed four major security features in Google chrome.

1. Safe browsing software (it is also being used by Firefox browser) - Safe browsing features protect users against phishing and malware attacks. It uses a blacklist approach that gets downloaded to the user's PC on a regular basis. How does it work? Well Google is constantly crawling the web, finding new and changed websites. During this crawling if they encounter a suspicious site that seems to be a phishing site (designed to steal personal information of unsuspecting users), it is being added to a list of suspected phishing websites. If a site contains hints to potentially malicious activity, Google tracks this site for a while and if a clear evidence of malicious activity is discovered, such as, computer viruses being downloaded and installed, it is being added to a list of suspected malware-infected websites. If you use Chrome browser and you have safe browsing mode enable, then Google Chrome will contact servers at Google, approximately every half hour, to download updated lists of suspected phishing and malware websites. These lists are being stored on your PC so when you surf the Web each site you browse to is being checked against these black lists locally (This is designed to offer performance). If the requested site is in the black list a warning message will appear stating that the requested site is suspected to be a phishing site or a malicious site and the user can choose to go back to safety. This feature seems to help the fight against malware and phishing, but there is a disadvantage. A few bloggers have raise questions about privacy implications. Bloggers have notice that every few hours when an update of the black lists is being done, two parameters are being sent to Google servers - "machineid" and "userid" - both computed information based on machine/user information. This information is sent along with a bunch of other browser information to ask Google if they should download an update. This information can be used for tracking. Google is of course obligated to privacy agreement with Internet users stating it will not use any of the personal information being collected, but would this obligation stand against a court order? I really don't know. In short, safe browsing seems like a great security feature fighting phishing and malware attacks, but users who are passionate regarding their privacy should think twice before using it.
2. A privacy mode (Incognito) - this feature manages privacy settings and designed to suit users who use public computers, or otherwise wish to keep their browsing habits confidential. When enabled (Click the wrench menu -> Select New incognito window menu item) Chrome browser will not remember visited pages, form and search bar entries, passwords, download List entries, cookies and cached files. You can still create bookmarks, and these will be retained when exiting incognito window. A similar feature exists also in Internet Explorer 8 browser and Firefox 3.5 browser. These features probably make live easier for Internet users who want to keep their surfing habits to themselves, but in the same way it helps the adults in the group it also may allow children to surf unsupervised. Internet savvy kids can easily hide their Internet activities from their parents. So it is very important for parents to understand that monitoring of their children Internet activities by viewing the browser history on the child's PC might not work.
3. Clear Browsing Data - There is a feature in Google chrome which allow the user to clear browsing data, such as, browsing history, downloads history, cache, cookies, saved passwords and saved form data (Click the Wrench menu -> select Clear browsing data -> Select the checkboxes for the types of information you wish to remove). This feature allows you to keep your browsing habits to yourself even if you are not using the Incognito window. Parents should be aware that similar to the Incognito mode their kids can use this feature to delete their browsing history so parents should not rely on browsing history as something that can help them get involved in their children Internet activities.
4. Sandbox security mechanism - This feature, as I see it, is the most significant one. A sandbox is a security mechanism used to run an application in a restricted environment. Browsers are dealing with malicious attacks on a regular basis. The most popular vectors for browser attacks are HTML Rendering and JavaScript execution. The sandbox security mechanism is designed to protect the user's PC and files against these kinds of malicious attacks. If there is an attack that exploits the browser vulnerabilities and an arbitrary code is being executed on the machine, it will be executed in an isolated environment and the user's PC will not be harmed. This security mechanism will also prevent access to the user's files. The sandbox mechanism itself is not a new security model; It uses the security features of Windows extensively. You should be aware that since the sandbox mechanism relies on Windows to achieve its security, it is impossible for it to protect against a flaw in the OS security model itself.

Article Source:

No comments:

Traffic revenue