cpghost cpghost at
Wed Jun 3 09:18:05 UTC 2009

On Wed, Jun 03, 2009 at 08:49:50AM +0200, Wojciech Puchar wrote:
> >>
> >> I mean things like sending private data to someone else, scanning for
> >> other programs i have on disk, my addressbook etc.
> >
> > Given enough incentive, it unfortunately seems even open source
> > developers will resort to sneaky tactics:
> >
> but it's at least much more difficult. And - my other rule fits very well 
> here. Avoid OVERCOMPLEX programs.
> Unfortunately there are no well done WWW browsers for unix in the world.
> links -g is an exceptions, but in the same time it's quite limited.
> But have best fonts :)

You're right: browser code is overly complex, and a nightmare to audit
properly for security purposes.

That's why when working in a sensitive environment, I browse the web
primarily with elinks (with JavaScript disabled, of course), and
secondarily and only when absolutely necessary with the usual
firefox+noscript+abp...  both browsers running in a virtual box (qemu,
virtualbox) dedicated to this purpose and this purpose only.

Of course, I'm taking more precautions, as running in a box may still
not be 100% secure, if someone creative enough found a way to break
out of the guest OS into the host OS; but everything else is just
irresponsible and way too risky, from a security point of view.

Surely, not everyone has the same security requirements, and YMMV. ;-)


Cordula's Web.

More information about the freebsd-questions mailing list