CFA/Security-Research: Difference between revisions
< CFA
Jump to navigation
Jump to search
| (7 intermediate revisions by the same user not shown) | |||
| Line 5: | Line 5: | ||
== General Browser Capabilities == | == General Browser Capabilities == | ||
* [[CFA/Security-Research/AntiPhishing|Anti-Phishing]] | |||
* [[CFA/Security-Research/MalwareDetection|Malware Detection]] | * [[CFA/Security-Research/MalwareDetection|Malware Detection]] | ||
* [[CFA/Security-Research/ | * [[CFA/Security-Research/Passwords|Passwords]] | ||
* [[CFA/Security-Research/ContentEnabling|Content Enabling]] | * [[CFA/Security-Research/ContentEnabling|Content Enabling]] | ||
* [[CFA/Security-Research/Cookies|Cookies]] | * [[CFA/Security-Research/Cookies|Cookies]] | ||
* [[CFA/Security-Research/WarningMessages|Warning Messages]] | * [[CFA/Security-Research/WarningMessages|Warning Messages]] | ||
* [[CFA/Security-Research/Encryption|Encryption (Protocols and Certificates)]] | * [[CFA/Security-Research/Encryption|Encryption (Protocols and Certificates)]] | ||
| Line 34: | Line 34: | ||
* Shiira | * Shiira | ||
== Add-ons to investigate | == Add-ons to investigate == | ||
=== Firefox === | === Firefox === | ||
* | * [https://addons.mozilla.org/en-US/firefox/addon/10 AdBlock] | ||
* | * [https://addons.mozilla.org/en-US/firefox/addon/1865 AdBlock Plus] | ||
* | * [https://addons.mozilla.org/en-US/firefox/addon/722 NoScript] | ||
* | * [https://addons.mozilla.org/en-US/firefox/addon/82 CookieCuller] | ||
* | * [http://www.nektra.com/oss/firefox/extensions/cookiepie CookiePie] | ||
* | * [https://addons.mozilla.org/en-US/firefox/addon/4828 VeriSign EV Green Bar Extension] | ||
* | * [https://addons.mozilla.org/en-US/firefox/addon/2366 FirePhish Anti-Phishing Extension] | ||
* | * [https://addons.mozilla.org/en-US/firefox/addon/3840 PhishTank SiteChecker] | ||
* | * [https://addons.mozilla.org/en-US/firefox/addon/4892 Finjan SecureBrowsing] | ||
* | * [https://addons.mozilla.org/en-US/firefox/addon/3661 iTrustPage] | ||
* YesScript - JavaScript blacklist [https://addons.mozilla.org/en-US/firefox/addon/ | * [https://addons.mozilla.org/en-US/firefox/addon/4922 YesScript]- JavaScript blacklist | ||
* [https://addons.mozilla.org/en-US/firefox/addon/1033 PwdHash]- automatically generates per-site passwords, and the same password for each subdomain; prevents JavaScript from reading your password as it is typed | |||
* [https://addons.mozilla.org/en-US/firefox/addon/957 Petname Tool] | |||
* [http://safecache.com/ SafeCache] | |||
* [http://www.safehistory.com/ SafeHistory] | |||
* [https://addons.mozilla.org/en-US/firefox/addon/315 View Cookies] | |||
=== Internet Explorer === | === Internet Explorer === | ||
Online Protection | * Online Protection | ||
** [http://www.windowsmarketplace.com/details.aspx?view=info&itemid=1715716 SpyWall Anti-Spyware] - IE sandbox blocks attacks encountered while browsing the web; detects and removes spyware (not free) | |||
** [http://www.windowsmarketplace.com/details.aspx?view=info&itemid=3075061 1-Click SignupShield Suite] - enhanced password manager; protects against phishing fraud and automatically fills out forms; generates unlimited number of unique passwords and disposable Email addresses for signing up to Web sites. It fills sign-up forms and encrypts passwords and Email addresses for later use during sign-in. When you need to sign-in to a Web site, SignupShield automatically retrieves the correct e-mail address and password and fills in the sign-in form for you (not free) | |||
** [http://www.windowsmarketplace.com/details.aspx?view=info&itemid=2520839 McAfee SiteAdvisor for IE] - protects from spyware, adware, spam, viruses, browser exploits, and online scams. SiteAdvisor has safety ratings. | |||
** [http://www.windowsmarketplace.com/details.aspx?view=info&itemid=14007 Password Scrambler] - automatically present unique passwords to the sites you visit, generated from a unique master password you choose. It achieves this by uniquely scrambling your password for every site you visit, so every site gets a unique, secure and hard-to-guess password, while you only remember one. | |||
* Parental Controls | |||
* Pop-up Blockers | |||
* Privacy | |||
Parental Controls | |||
Pop-up Blockers | |||
Privacy | |||
== Meeting Takeaways == | == Meeting Takeaways == | ||
* Malware Prevention | |||
** Haute Secure provides good information and a good user experience | |||
*** Blocks pages that are malicious | |||
*** Blocks specific malicious content on non-malicious pages, and issues a non-obtrusive warning | |||
*** Work with Haute Secure on Firefox extension (currently only for IE) | |||
** StopBadware.org | |||
*** Doesn't help character encoding and flash cases | |||
*** Requested numbers on the effectiveness of StopBadware.org | |||
* Anti-Phishing | |||
** Default URI blacklist is over 70% effective | |||
** Checking vs. google online yields only slightly better results | |||
* Passwords | |||
** Use SRP (Secure Remote Password) protocol to integrate secure password authentication into applications | |||
** Improve password security by moving away from web-forms | |||
*** Sxipper creates strong passwords when registering and encrypts stored data | |||
*** Sxipper also saves users time with seamless integration and single click logins | |||
Latest revision as of 17:59, 10 August 2007
« Comparative Feature Analyses
« Security Notes
General Browser Capabilities
- Anti-Phishing
- Malware Detection
- Passwords
- Content Enabling
- Cookies
- Warning Messages
- Encryption (Protocols and Certificates)
- Other
Purpose
Examine a bunch of browsers, existing Firefox Add-ons, and web services to generate a report that describes:
- Which capabilities each has
- A summary of where each is different/unique
- Some conclusions about which aspects seem most innovative and interesting that we might want to consider for Firefox
Browsers to investigate
- Firefox 2
- Camino
- Flock
- iCab
- IE 7
- Maxthon
- Netscape
- OmniWeb
- Opera
- Safari
- SeaMonkey
- Shiira
Add-ons to investigate
Firefox
- AdBlock
- AdBlock Plus
- NoScript
- CookieCuller
- CookiePie
- VeriSign EV Green Bar Extension
- FirePhish Anti-Phishing Extension
- PhishTank SiteChecker
- Finjan SecureBrowsing
- iTrustPage
- YesScript- JavaScript blacklist
- PwdHash- automatically generates per-site passwords, and the same password for each subdomain; prevents JavaScript from reading your password as it is typed
- Petname Tool
- SafeCache
- SafeHistory
- View Cookies
Internet Explorer
- Online Protection
- SpyWall Anti-Spyware - IE sandbox blocks attacks encountered while browsing the web; detects and removes spyware (not free)
- 1-Click SignupShield Suite - enhanced password manager; protects against phishing fraud and automatically fills out forms; generates unlimited number of unique passwords and disposable Email addresses for signing up to Web sites. It fills sign-up forms and encrypts passwords and Email addresses for later use during sign-in. When you need to sign-in to a Web site, SignupShield automatically retrieves the correct e-mail address and password and fills in the sign-in form for you (not free)
- McAfee SiteAdvisor for IE - protects from spyware, adware, spam, viruses, browser exploits, and online scams. SiteAdvisor has safety ratings.
- Password Scrambler - automatically present unique passwords to the sites you visit, generated from a unique master password you choose. It achieves this by uniquely scrambling your password for every site you visit, so every site gets a unique, secure and hard-to-guess password, while you only remember one.
- Parental Controls
- Pop-up Blockers
- Privacy
Meeting Takeaways
- Malware Prevention
- Haute Secure provides good information and a good user experience
- Blocks pages that are malicious
- Blocks specific malicious content on non-malicious pages, and issues a non-obtrusive warning
- Work with Haute Secure on Firefox extension (currently only for IE)
- StopBadware.org
- Doesn't help character encoding and flash cases
- Requested numbers on the effectiveness of StopBadware.org
- Haute Secure provides good information and a good user experience
- Anti-Phishing
- Default URI blacklist is over 70% effective
- Checking vs. google online yields only slightly better results
- Passwords
- Use SRP (Secure Remote Password) protocol to integrate secure password authentication into applications
- Improve password security by moving away from web-forms
- Sxipper creates strong passwords when registering and encrypts stored data
- Sxipper also saves users time with seamless integration and single click logins