How to really secure Firefox?

[Dane]

Internet Explorer's sandbox is robust. It's more likely that your father's problem comes from add-ons like Flash etc.

Yes. There is a market for VMware vulnerabilities.

So if you get a virus in VM ware there is a chance for it to "come out of the box" and go after you're normal OS?

Im tempted to load the site on my Macbook pro. but I dont want it connected to anything of mine if its still there.

What can I use to check out the site? I've gone to websites that scan other websites, however they all say the site is clean, i just dont want to risk it.

How do I turn on the IE Sandbox on IE 8?

I might go download the Trial of KAV internet Security. and goto the site then. and hope it doesnt mess with anything

[+Warwagon MVC]

So if you get a virus in VM ware there is a chance for it to "come out of the box" and go after you're normal OS?

Im tempted to load the site on my Macbook pro. but I dont want it connected to anything of mine if its still there.

If you have a mapped drive in the VM to a drive on your actual windows machine, then the malware could spread over the network.

[Raa]

XP-m?

Windows 7's XP Mode. Free download for Windows 7 users.*

FAIL... i for one cannot stand chrome nor get it to work right without crashing.

Quite clearly it is not me who fails.

[Dane]

If you have a mapped drive in the VM to a drive on your actual windows machine, then the malware could spread over the network.

Damn. How do I go about changing that?

Also just to be clear, if I use Sandboxie, ANY virus/spyware cannot touch my actual windows install correct?

[J_R_G]

Chrome and IE8 are already sandboxed on Vista and Windows 7. I've never needed more than that, despite generous amounts of surfing shady sites with each browser I've never caught a single piece of malware on Vista or 7. But sandboxes are not magic bullets, for instance an infected browser, even in a sandbox or VM, can still steal any information you input into that browser, such as credit card numbers or bank login credentials. I made a site that may help, it's at http://bulletproof-windows.blogspot.com so check it out, it has lots of tips for securing Vista/7 and browsers on those OSes. I describe (well, link to a site that describes) how to sandbox FF on Vista/7, together with noscript that may be a good solution. Unless you are running .exe's off the internet, you should be pretty safe with whichever browser you choose on Vista/7 (can't say the same for XP) because of all the exploit-prevention stuff that was added to Windows after XP.

[Dane]

Chrome and IE8 are already sandboxed on Vista and Windows 7. I've never needed more than that, despite generous amounts of surfing shady sites with each browser I've never caught a single piece of malware on Vista or 7. But sandboxes are not magic bullets, for instance an infected browser, even in a sandbox or VM, can still steal any information you input into that browser, such as credit card numbers or bank login credentials. I made a site that may help, it's at http://bulletproof-windows.blogspot.com so check it out, it has lots of tips for securing Vista/7 and browsers on those OSes. I describe (well, link to a site that describes) how to sandbox FF on Vista/7, together with noscript that may be a good solution. Unless you are running .exe's off the internet, you should be pretty safe with whichever browser you choose on Vista/7 (can't say the same for XP) because of all the exploit-prevention stuff that was added to Windows after XP.

Thanks!

[+Warwagon MVC]

Damn. How do I go about changing that?

Also just to be clear, if I use Sandboxie, ANY virus/spyware cannot touch my actual windows install correct?

Only the 32bit version of Sandboxie can guarantee that no virus/spyware cannot touch your actual windows install. The 32bit version (only compatible with 32bit windows, not 64bit) goes down to the kernel to sandbox the malware. In 64bit versions of windows Microsoft created patch guard to keep people out of the kernel. In turn Microsoft created some Kernel Level API's basically saying "This is all we will allow you to do". While the access MS gives the deveopers is good, it's not great. So the developer of sandboxie does not guarantee his product in a 64bit environment.

[Dane]

Only the 32bit version of Sandboxie can guarantee that no virus/spyware cannot touch your actual windows install. The 32bit version (only compatible with 32bit windows, not 64bit) goes down to the kernel to sandbox the malware. In 64bit versions of windows Microsoft created patch guard to keep people out of the kernel. In turn Microsoft created some Kernel Level API's basically saying "This is all we will allow you to do". While the access MS gives the deveopers is good, it's not great. So the developer of sandboxie does not guarantee his product in a 64bit environment.

Awe. Well I used sandboxie, i am on windows 7 64BIT. I uninstalled MSE, and installed KAV Internet security and turned everything to high. Used the sandboxie to goto the site. NOTHING popped up saying it was malware or virus. So I assume its good. I did a full scan and nothing.

Scanning with malwarebytes too.

[Kirkburn]

It clearly points to that the issue shouldn't occur if you're running a non-IE browser unless you've enabled the said feature of auto-open.

Exactly my issue. You appear to be making a sweeping judgement that 1). IE is always susceptible to such issues. 2). all other browsers aren't, unless you've enabled said feature.

For the record: a few months ago I was running an up-to-date Firefox. I do not have that option set. I managed to get malware due to a *slightly* out of date Java install. (Ever since then I've kept enabled plugins at a bare minimum.)

[soldier1st]

J_R_G: could you create a site for XP users if possible?

[J_R_G]

J_R_G: could you create a site for XP users if possible?

I did not make the site for Vista/7 out of some short-sightedness or something like that, XP lacks ASLR (and some other things) that make it pretty much easy to infect once you have a 0-day vulnerability, which are easy enough to find in any complex code-base. Not really MS' fault though, when XP was made, there were no x86 CPUs with DEP, and without DEP, ASLR is useless. MS added DEP to XP, but without DEP *and* ASLR the system is pretty easy to infect, even if you run sandbox applications like sandboxie or run as a standard user it's very easy for malware to infect the browser process and steal all your stuff like bank/paypal credentials, credit card #s and so on that you input into the browser. Whatever the reason (too much testing and development to add ASLR to XP, or what have you) XP is really never going to be a 'secure' OS by modern standards, so I don't see the point of really trying to act like it is, it's much better to concentrate on securing an OS that already has a fundamentally secure foundation, like Vista or Win 7 (or modern apple/oss equiv.)

BUT - you can still just use common sense and apply some things from my security blog to XP, like run as standard user (hard to do without UAC, folder virtualization, and so on though that are only in Vista+), use sandboxie, enable DEP for all processes, run MSE and secunia vulnerability scanner, keep OS + apps updated, etc.

But my main advice would be, that if you really care about security, just upgrade to Win 7 (preferably x64.)

[rawr_boy81]

Exactly my issue. You appear to be making a sweeping judgement that 1). IE is always susceptible to such issues. 2). all other browsers aren't, unless you've enabled said feature.

For the record: a few months ago I was running an up-to-date Firefox. I do not have that option set. I managed to get malware due to a *slightly* out of date Java install. (Ever since then I've kept enabled plugins at a bare minimum.)

Again, read what I post; the post was done on the basis of the original poster running firefox from the get-go therefore I question how he got infected with it. Either read the post or shut up.

[psreloaded]

I personally use NoScript. Initially its annoying but you'll get used to it once the rules are setup right... :)

[migo]

Firefox is secure by itself. Just avoid going to malicious sites to start with.

A) Not true

B) Useless advice without add-ons to tell you what not to go to

1) Install NoScript, this makes FF secure by default

2) Install Web of Trust, this tells you which sites are unreliable

3) If WoT doesn't give a rating, don't turn any scripts on, and you're good