Announcement

Collapse
No announcement yet.

Most secure web browsing without sacrificing functionality?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    I did try the Chrome OS, but it looks as though google doesn't really make it available directly anymore. The image that's available through some European company is over a year old. It might be different if you're on an actual chromebox instead of just downloading the software.

    Anyhow, the boot-up time is a real impediment to use. Also, the chrome (in the Vanilla distro that I downloaded) doesn't seem to be upgradeable to current Chrome releases, so that's an unfavorable a security hole.

    Also tried puppy linux. Once booted it's very fast, but it was 40-50 seconds to boot it from a usb 3.0 flash drive. It's nonstandard linux using a non-standard browser. I could imagine using it, but I think my wife would probably dislike the unfamiliarity of it.

    I tried Mint, but I didn't see anything special about it.

    I'll try out Chrome on Ubuntu (should offer easier/better installation and I'm hoping updatability) too. If that doesn't click, then I'll probably look into the Virtual Machine solutions.

    Comment


    • #17
      I'm finding that with the advent of UEFI, there's a significant increase in hassle involved in switching between a boot USB drive and Windows 8.1. I have to toggle "legacy"mode to boot from the USB, and I have to toggle-on UEFI before booting Windows 8.1. It may actually tilt the balance in favor of doing virtual machines....

      Comment


      • #18
        After looking into it further, I decided I was going to try VirtualBox instead of Hyper-V, since Hyper-V requires running Windows 8 Pro (= $100 upgrade per computer). This article outlines the method I was going to try using VirtualBox:
        http://lightpointsecurity.com/conten...ruses-for-free

        Then I notice at the end of the article that the company offers a service where they let you use their virtual machines for this exact purpose at a cost of $6/month. If it works, it's a sensible model, as the cost of VM's could be amortized over a user base. They offer a free trial, so I'll probably try it. I don't know if that particular company will do a good job at it, but if not, maybe some other company does. If it turns out to be too laggy, though, it won't be worth it. In that case, having some kind of in-home "server of virtual machines" that could be shared among all the home's computers would perhaps make more sense than putting VM's on every computer, and it would likely minimize the lagginess. In theory, Microsoft wants an additional license for every virtual machine that runs Windows (even if the host computer already has a license for windows!), so the cost of spreading it around could be quite high, though lagginess close to nil.

        Anyone here tried doing that? I don't imagine it would be much different than connecting to a remote desktop using XVNC or the like.

        Comment


        • #19
          Here's yet another idea: utilize an "instant restore" backup, such as is allegedly offered by some of the "continuous data protection" backup software packages. For instance, Rollback Rx does require a reboot, but aside from that, it claims the time to rollback to whatever time you pick is instant. I can't vouch for that, as I haven't yet tried it, but the reviews on amazon are very high (so high that I'm wondering whether they were rigged): http://www.amazon.com/RollBack-Rx-PR...pr_product_top

          For present purposes, the problem with most backup/restore products is that restore is very lengthy, so it probably wouldn't get used as often as it should.

          However, doing an "instant restore" might be an acceptable alternative to running everything in a VM, as the results might be similar.

          Anyone here have experience with any high quality "instant restore" CDP software?

          Comment


          • #20
            As far as I know all versions of Windows have a built in functionality to wipe the user profile after log off. It's used in public places like libraries where they rent computer time by the hour and the like. Maybe it's only on the "pro" versions.
            Originally posted by rprade
            There is no rhyme or reason to the anarchy a defective Z-Wave device can cause

            Comment


            • #21
              Why not just protect your lan with another nat layer on a linux distro using an old pc and two lan cards.

              Freesco comes to mind.

              Use it as a secure caching DNS server, add a hosts file package, and configure it's rules based firewall your way.

              Has an http server, ftp server, DDNS server, everything.

              I rarely ever have any browsing malware, rarely scan with MWB.

              The bad url hosts file auto updates weekly from the package script.

              And no ads on my lan...
              HS2PRO - Ocelot, SecuIR, Secu16, Attendence Management Alarm Interface, X-10, LCD Studio VFD Display, 3 Apexis IP Cams, Custom Software Interfaces, GMQ Geiger Graphing
              HS3PRO - Testing

              Comment


              • #22
                Originally posted by Jebus View Post
                Why not just protect your lan with another nat layer on a linux distro using an old pc and two lan cards.

                Freesco comes to mind.

                Use it as a secure caching DNS server, add a hosts file package, and configure it's rules based firewall your way.

                Has an http server, ftp server, DDNS server, everything.

                I rarely ever have any browsing malware, rarely scan with MWB.

                The bad url hosts file auto updates weekly from the package script.

                And no ads on my lan...
                Interesting suggestion. I'm not sure if I understand what you're proposing though. Is it more than a NAT, or does it filter things as well? Perhaps inserting some kind of high speed filter into the network would yield faster browsing than bottlenecking browsers that run on less capable CPU browsers with the extra burden of running security software.

                In the end, though, does it really buy any more security than the typical "internet security" packages installed on home PC's? I was kinda hoping to get higher security and faster browsing all at once. Maybe that's asking too much.

                With incredibly sophisticated malware seemingly more common, I'm finding it harder than it used to be to figure out a reasonable solution.

                Comment


                • #23
                  A rules based firewall is your filter. A hosts file protects your lan when it is setup to exclude known malware sites. A secure caching DNS server speeds things up and keeps all page requsts channeled through your routers rules set and hosts file.

                  Watch your router log when you request a page with your browser. Some pages have over a hundred url's requested.

                  The whole reason that we all see browser slowdown is the extreme amount of ad url's that come flying through your router to your PC when you request a web page with your browser.
                  Sites don't care if they are spurious url's, they get paid for the ad's.
                  Stopping those url's @ your router with a hosts file redirecting the url request to null or 0.0.0.0 goes a long ways towards stopping malware and improving page load times. A caching DNS server speeds up repeated url lookups.

                  I have been setup this way for over 15 years. I never have to "rebuild" a malware damaged PC and I have excellent page load times with 2272 Kbps dsl.
                  HS2PRO - Ocelot, SecuIR, Secu16, Attendence Management Alarm Interface, X-10, LCD Studio VFD Display, 3 Apexis IP Cams, Custom Software Interfaces, GMQ Geiger Graphing
                  HS3PRO - Testing

                  Comment


                  • #24
                    Think this is a repost from a few months ago...

                    DNS Spoofing
                    - Pete

                    Auto mator
                    Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb- Mono 6.8X
                    Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro - Mono 6.8X
                    HS4 Pro - V4.0.5.0 - Ubuntu 18.04/W7e 64 bit Intel Kaby Lake CPU - 32Gb - Mono 6.8X
                    HS4 Lite -

                    X10, UPB, Zigbee, ZWave and Wifi MQTT automation. OmniPro 2, Russound zoned audio, Smartthings hub, Hubitat Hub, and Home Assistant

                    Comment


                    • #25
                      Nothing is unexploitable short of pulling the network cables.

                      A correctly configured hosts file, including all the lan puters and excluding the list of bad urls allow dnsmasq to always route traffic to the correct host.

                      I'm pretty sure there is no value in hacking our systems with a sophisticated attack such as poisoning your providers DNS cache.

                      It's the ad's and the associated scripts that foul most users browsers.
                      HS2PRO - Ocelot, SecuIR, Secu16, Attendence Management Alarm Interface, X-10, LCD Studio VFD Display, 3 Apexis IP Cams, Custom Software Interfaces, GMQ Geiger Graphing
                      HS3PRO - Testing

                      Comment


                      • #26
                        It turns out Ubuntu and its derivatives like Lubuntu will boot with UEFI set to boot Windows 8.1. Many other Linux's won't, at least not without non-trivial effort. Anyhow, I'd just as soon not set the UEFI to legacy, just in case the secure boot really does work at preventing rootkits from taking over the MBR (or whatever the MBR equivalent is called these days).

                        So, I got VirtualBox working last night (actually more like a proof of concept) with Windows 8.1 as the host operating system and Lunbuntu as the guest operating system. VirtualBox doesn't seem to release the hard drive space it reserves for the virtual machine, even after I discard the VM and instruct it to delete all associated files, so I eventually ran out of hard drive space after creating and destroying a bunch of virtual machines. I thought I would go through Windows to reclaim the space, but it seems well hidden, even after setting Windows "folder options" to reveal everything.

                        So, the usual two steps forward, one step back. I'll also need to buy more memory if I go this route.

                        Comment


                        • #27
                          Perhaps there's no need for Windows 8.1 Pro after all. I haven't tried this yet, but it looks as though Hyper-V Server 2012 is available for free: http://blogs.technet...tion-itpro.aspx

                          Comment

                          Working...
                          X