Talk:Browser security

Latest comment: 5 years ago by JoeIT in topic Referencing

Article POV

edit

This article appears to be a poorly disguished attempt to promote software like Noscript and take shots a Google Chrome for not making APIs available for Noscript to work. Weighting doees not mirror the various browers share of the market, nor reflect the other security options available to protect browsers. I've addressed some of the concerns, but there's more before that tag can be removed. Socrates2008 (Talk) 10:25, 24 March 2012 (UTC)Reply

Do you even understand the meaning of Wikipedia:Assume Good Faith at all? Did you not notice that I deliberately added that all browsers have security issues in the lead of it too?
I agree that security issues on all browsers should be covered, but I haven't done enough research into other browsers - The solution here is WP:SOFIXIT and write about what you know about the other browsers, not to remove the content that there *is*   --Mistress Selina Kyle (Α⇔Ω ¦ ⇒✉) 10:38, 24 March 2012 (UTC)Reply
I do. And I urge you to stop reverting my WP:AGF attempts to clean up this article and instead raise your concerns here. Also, if you remove the POV tag again without consensus here, I shall seek admin intervention. Socrates2008 (Talk) 10:43, 24 March 2012 (UTC)Reply
I already have, and it's like you're deliberately trying to avoid a discussion... I already suggested what seems to be the best thing to do, and you didn't even reply to it - why? It's really really simple, if you think an article is "weighted" in having too much coverage for one browser, *add more about the other browsers*, WP:SOFIXIT, don't delete the content there is, bearing in mind it's a short article... Like I said, WP:AGF, the reason there's less coverage of other articles is because no one's wrote about it yet. If that's what you are angry about, why not add bits about the other browsers? --Mistress Selina Kyle (Α⇔Ω ¦ ⇒✉) 10:48, 24 March 2012 (UTC)Reply
There's only seven links, and you've tagged it as 'excessive and inappropriate', what is the reason? --Mistress Selina Kyle (Α⇔Ω ¦ ⇒✉) 10:49, 24 March 2012 (UTC)Reply
I see you reverted again without discussion, this time saying it's because the source is a "blog" and to look at the policy - have you, though, recently? Because it says there that there shouldn't be "Links to blogs, personal web pages and most fansites, except those written by a recognized authority. (This exception for blogs, etc., controlled by recognized authorities is meant to be very limited; as a minimum standard, recognized authorities always meet Wikipedia's notability criteria for people.)" (which then links to WP:V for the recognized authorities bit, which says: "Self-published expert sources may be considered reliable when produced by an established expert on the topic of the article whose work in the relevant field has previously been published by reliable third-party publications", which would be an accurate description of the people I quoted. The medium written on doesn't matter so much when someone is notable and it's verifiably written by them, it's no different than if they published it on their home page or a forum page on their site --Mistress Selina Kyle (Α⇔Ω ¦ ⇒✉) 10:57, 24 March 2012 (UTC)Reply
Some of the external links are already linked in the article, therefore inappropriate to link again. There are several links to Mozilla webite when one will do. Links need to comply with the policy lest they suggest that WP is endorsing them. If a link is really that that important to the article, then write a paragraph about it to put it in content and add a reference Socrates2008 (Talk) 11:01, 24 March 2012 (UTC)Reply
Wikipedia policy is created by people much smarter than you or me - unfortunately there's no room for individual editors to selectively override a core policy like WP:RELY when they see fit.Socrates2008 (Talk) 11:01, 24 March 2012 (UTC)Reply
Wikipedia:Ignore all rules actually directly contradicts you there, when it makes sense it's perfectly reasonable to override rules - WP:5P - Anyone can write policies depending on who is around at the time, they are actually written often by children, check out Essjay. Policies aren't like some kind of infallible bible.
But that's not the real point, I just wanted to point that comment you said there is very, very wrong - what is the point is that they are within the policy, I explained why, and you don't even address that. The whole point of external links is relevant ones on the topic, they don't only have to be references depending on whether it's a site that you WP:IDONTLIKEIT... --Mistress Selina Kyle (Α⇔Ω ¦ ⇒✉) 11:13, 24 March 2012 (UTC)Reply
See next section for EL comments. No, policies may not be arbitrarily overriden, particularly over such a core issue as referencing. And with respect, if you're suggesting that WP is run by children, then I'm both surprised and disappointed, as you appear to have an established edit history here. Socrates2008 (Talk) 11:35, 24 March 2012 (UTC)Reply
edit
  • Why is duckduckgo.com mention in the "See also" as well as the "External links section"? What's the heavy weighting, and what's the relevance to the article? Very simply, why should this not be considered as spam?
  • This has absolutely nothing to do with AGF. You need to explain in the article what the relevance is as it's not obvious - and the double linking just makes it look like spam. (This may help to explain what I mean.)
  • Mozilla.org is linked 3 times - why the prominence? NoScript and Adblock are both already internally linked in the article text (WP prefers internal links to external links)
  • AdBlock & NoScript are already internally linked in the article, and therefore do not comply with WP:EL. Linking them again in this section is also giving them undue prominence.
  • What is the relevance of aolstalker.com to the article? Without any context, it looks like spam. Ditto for ixquick.com
  • "the only third-party certified search engine in the world that does not record your IP address or track your searches" is unreferenced and appears like an endorsement from Wikipedia.Socrates2008 (Talk) 11:24, 24 March 2012 (UTC)Reply
  • The relevance is not obvious at all. If you think it's that important, then write a section on it, explaining why it's relevant and adding a reliable reference that supports this.

Referencing

edit

[1] is an advertisement, and therefore fails WP:RELY. Socrates2008 (Talk) 11:44, 24 March 2012 (UTC)Reply

No that is not an "advertisement", that is the official page... --Mistress Selina Kyle (Α⇔Ω ¦ ⇒✉) 11:45, 24 March 2012 (UTC)Reply
...where the software is being promoted. Promotional material does not meet WP:RELY - if you find an independent source, it will carry much more weight, and won't raise any eyebrows about bias. Socrates2008 (Talk) 11:55, 24 March 2012 (UTC)Reply
It is an independent page though, Adblock Plus is not owned nor officially endorsed Mozilla Foundation in the same way that something on Google isn't owned by them... --Mistress Selina Kyle (Α⇔Ω ¦ ⇒✉) 12:00, 24 March 2012 (UTC)Reply
The text on the Mozilla site is submitted by the software author in order to promote his product. Find an independent reference, and no-one will doubt it. Socrates2008 (Talk) 12:05, 24 March 2012 (UTC)Reply

[2] is a vendor page that primarily exists to sell a particular product, and therefore fails WP:RELY.JoeIT (talk) 14:19, 1 January 2019 (UTC)Reply

Suggestions for article improvement

edit
  • Cover security issues in browsers other than Firefox. For example browser helper objects in IE
  • Privacy issues are a whole subject on their own - tracking cookies, including mechanisms around countermeasures, like using Flash cookies or making people authenticate.
  • Using the principle of least privilege (not browsing the web as an admin).
  • User account control and Protected Mode
  • Some people believe that security issues in browser plugins like Adobe Flash, Reader & Java are now a bigger issue than those in the browsers themselves
  • Security update mechanisms in different browsers
  • Issues with rogue access points and other man-in-the-middle attacks
  • DNS hijacking
  • Session cookies have a whole host of issues
  • Certificate issues; 40bit security
  • Vulnerabilites in the SSL protocol
  • Keyloggers
  • Scareware popups

Socrates2008 (Talk) 12:37, 24 March 2012 (UTC)Reply


  • Remote Browsing: An examination of the newly emerging strategy of complete hardware separation between the browser and the user's machine (browsing remotely while maintaining a functional user interface is currently being developed by Spikes, www.spikes.com). It is a technology that is now becoming functional, but I am not impartial (work for Spikes) so I will just suggest that the article be edited to mention this, previously dismissed, approach to browser security. (Spikes is currently in talks with the White House task force on cybersecurity to have remote browsing added to the technologies under consideration for future recommendations, so it may soon begin replacing sandboxing).

Alxfarr (Talk) 5 June 2013

edit

I removed a number of external links to search engines. While I'm sure its useful for people to know about search engines that have good privacy policies, this is not the article where they should be linked, as whether a search engine records your searches has about zero to do with which browser you are using - Internet privacy would be more appropriate place for such links. I've kept for now the links to AdBlock/NoScript etc, but the section on these needs to be trimmed down, there is too much detail on why a particular developer of a particular piece of software isn't putting that software inside a particular browser. If you like, I could do this, but want to give MSK a chance first. Additionally, it would be great, as Socrates2008 suggests, to cover some of the other browser security issues, rather than focusing so much space on one or two scripts for Firefox. I think this is an important article, so glad there is attention being paid, but it should focus on the issues particular to browsers, and not to more generic internet exploits or generic privacy issues. --Karl.brown (talk) 23:53, 24 March 2012 (UTC)Reply

rewrite

edit

This is my suggestion for a rewrite. Many of the points mentioned in the article presented a limited view of browser security. This should address most of the mentioned issues. You all will need to find additional supporting references.

Browser security is the application of Application security to web browsers to protect computer systems (and potentially networks) from harm or breaches of privacy. Browser security Browser exploit often use Mobile code technologies such as JavaScript, ActiveX, Java, or they may compromise the browser itself ref-http://www.cert.org/tech_tips/securing_browser/#features

Description

edit

Breaches of browser security are usually for the purpose of bypassing protections to install Malware. As computer operating systems security has been increased, attackers have had to resort to attacking the programs running on the PC's. Most often, the only service available to a remote attacker is the browser. In drive by download attacks, malicious code is uploaded to a compromised (but legitimate) website, or displayed via an advertisement. In addition, the attacker may host the code on a dedicated web server of their own. In some cases, malicious code on the webserver automatically runs and exploits a vulnerability in the web browser itself, or in plugins running within the browser. In other cases, a user is deceived into executing the code. After successful exploitation of the initial attack, the attacker may establish further, more permanent access to the system, generally by either pivoting services, or by downloading additional software to retain access.

Prevention

edit

Whilst many vulnerabilities are in the software itself and can only be prevented via keeping browser software updated with patches, ref-http://itsecurity.vermont.gov/threats/web_attacks some subcomponents of browsers such as scripting, add-ons and cookies are particularly vulnerable to attack and also need to be addressed. The US National Security Agency recommends using a web browser with sandboxing capabilities, which will contain most of the effects of exploitation to the browser itself. If using a web browser with a PDF plugin, either disable this component if not needed, or insure that the PDF runs in protected mode. The NSA also recommends disabling scripting within the browser (though this may limit functionality in many websites) by using add-ons such as NoScript(Firefox), NotScript(Chrome), or Internet Options(IE).ref-http://www.nsa.gov/ia/_files/factsheets/Best_Practices_Datasheets.pdf In addition, individuals may want to block advertisements to prevent malicious ads from being displayed. Most browsers have some form of adblocking technology or add in.

-- Sephiroth storm (talk) 15:45, 27 March 2012 (UTC)Reply

Rewrite - broadening scope

edit

I rewrote hopefully broadening the scope of this article covering the issues above. It is a bit rough for now, and needs polishing. Widefox (talk) 14:55, 11 April 2012 (UTC)Reply

edit

Hello fellow Wikipedians,

I have just modified one external link on Browser security. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at {{Sourcecheck}}).

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 5 June 2024).

  • If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
  • If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—InternetArchiveBot (Report bug) 14:16, 9 November 2016 (UTC)Reply

edit

Hello fellow Wikipedians,

I have just modified 2 external links on Browser security. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 5 June 2024).

  • If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
  • If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—InternetArchiveBot (Report bug) 16:26, 26 July 2017 (UTC)Reply