Microsoft: Windows 10 Users Should Say No to Chrome and Firefox

Page 21 of 36 FirstFirst ... 11192021222331 ... LastLast

  1. Posts : 46
    64-bit 10240 10 Pro
       #200

    Cliff S said:
    The only thing I do not like about Firefox is it's still on of the few browsers that doesn't sandbox, but that's changing soon, when they go Chrome. For me it is almost like using IE except with more options but sadly less safe(no sandbox).
    It does have a Private Browsing Mode

    Tracking Protection in Private Browsing | Firefox Help

    If I want a sandbox, I use the one that came with Avast AIS.
      My Computer


  2. Posts : 27,162
    Win11 Pro, Win10 Pro N, Win10 Home, Windows 8.1 Pro, Ubuntu
       #201

    Gary said:
    It does have a Private Browsing Mode

    Tracking Protection in Private Browsing | Firefox Help

    If I want a sandbox, I use the one that came with Avast AIS.
    That's good you're covered then, There is also Sandboxie that was designed for browsers, but I don't need it. And in Ubuntu unless I click and give super user permission I'm safe.
      My Computers


  3. Posts : 5,833
    Dual boot Windows 10 FCU Pro x 64 & current Insider 10 Pro
       #202

    Cliff S said:
    I use 64bit Enhanced protected Mode in IE and therefore sandboxed. The only problem is then I have problems with certain sites, then I switch to Chrome. The right tool for the right job
    Ok, but although Enhanced Protected Mode is safer it is not sandboxing. There is a big difference. Enhanced Protected Mode is a ActiveX control, which is MS's add-ons. Hackers find vulnerabilities in these. There are none in sandboxing.

    Supporting enhanced protected mode (EPM) (Windows)

    Sandboxing in .NET 4.0 - .NET Security Blog - Site Home - MSDN Blogs


    The whole point of this from a business standpoint as BunnyJ points out is the cost of coding. Why keep developing something that is unsafe to where you have to recode eventually when they can develop a safer product? This is not to say that sndboxing is fool proof. Nothing on this earth is, but sanboxing is safer at this point in time. Eventually something else may come along that's safer, but for now this is what they have.
      My Computers


  4. Posts : 27,162
    Win11 Pro, Win10 Pro N, Win10 Home, Windows 8.1 Pro, Ubuntu
       #203

    HippsieGypsie said:
    Ok, but although Enhanced Protected Mode is safer it is not sandboxing. There is a big difference. Enhanced Protected Mode is a ActiveX control, which is MS's add-ons. Hackers find vulnerabilities in these. There are none in sandboxing.

    Supporting enhanced protected mode (EPM) (Windows)

    Sandboxing in .NET 4.0 - .NET Security Blog - Site Home - MSDN Blogs


    The whole point of this from a business standpoint as BunnyJ points out is the cost of coding. Why keep developing something that is unsafe to where you have to recode eventually when they can develop a safer product? This is not to say that sndboxing is fool proof. Nothing on this earth is, but sanboxing is safer at this point in time. Eventually something else may come along that's safer, but for now this is what they have.
    From 1st link:
    AppContainers create a sandbox between an app and the rest of the system. AppContainers define capabilities that control the features an app is allowed to use. Apps are not allowed to read or write to access securable objects outside of authorized capabilities. Because nearly every object in the Windows API can be thought of as a securable object, this means that access (read and write) to API objects is blocked unless that access has been explicitly granted. As a result, AppContainers also limit the impact of successful exploits to the resources authorized for a given AppContainer.
      My Computers


  5. Posts : 27,162
    Win11 Pro, Win10 Pro N, Win10 Home, Windows 8.1 Pro, Ubuntu
       #204

    If you’re using Internet Explorer in immersive mode on Windows 8/8.1 to browse Internet web sites, under the hood, your browser will be running inside the Enhanced Protected Mode sandbox. Enhanced Protected Mode (EPM) is the sandboxing mechanism in IE that attempts to prevent a successful remote exploit from installing persistent malware and from stealing personal/sensitive information.

    Enhanced Protected Mode was first introduced in IE 10 on Windows 8 and it is the improved version of the Protected Mode sandbox first introduced in IE 7 on Windows Vista. And as with other security features in widely deployed software, it is important to understand how the EPM sandbox works and assess its effectiveness.

    Next week, I’ll be presenting my EPM sandbox research at Black Hat Asia 2014 in Singapore. In my talk, I’ll be discussing the internals of the EPM sandbox which includes the sandbox restrictions in place and the different components that make up of the EPM sandbox. I’ll then cover sandbox security where I’ll be discussing its limitations/weaknesses and the potential vectors for sandbox escape. And finally, I’ll wrap up by demonstrating a live EPM sandbox escape!
    Diving Into IE 10’s Enhanced Protected Mode Sandbox at Black Hat Asia 2014
      My Computers


  6. Posts : 5,833
    Dual boot Windows 10 FCU Pro x 64 & current Insider 10 Pro
       #205

    Cliff S said:
    From 1st link:
    Ok, Cliff. I just learned something. That's all well and fine as long as an add-on is written to be safe via the explanation there. We know that MS uses ActiveX extension add-ons, which (for the most part) are safe. We know as geeks how to keep our system safe. We are but a minority in the sea of users.

    Let's take it from and speculate how MS views this. Scenarios:

    Alice wants to load a 3rd party add-on search toolbar in her browser using EPM that isn't written quite right according to the explanation linked. The UAC pops up asking permission. Of course she wants the toolbar and pushes allow. Now what?

    Bob wants to load a program on his system and gets the UAC popup asking permission to make changes to his system. He pushes allow. He installs some more and gets annoyed with the popup so he finds a way to turn UAC off. Now what?

    I'm sure you get my drift. There are millions that do such.

    Not so with WinRT Store apps (which Edge is). UAC is not involved upon installation. Think of it as "automated UAC". Any app written is tested and approved by MS for this reason. People think that MS is controlling app sales and what gets released. Yes they are, but for this reason only. Do they get a piece of the pie? Yes they do to cover Store app testing and other costs. I realize some apps don't do what they claim they do. That's why MS tags feedbacks along with viewing the apps in the Store. Buyer beware so far as that is concerned.

    This is just one of the huge reasons why MS is porting the whole system controls over to WinRT. User fool-proofed.

    Not pointed at you specifically, but if anyone wants to run Win32/64 programs on your system they are not blocking you whatsoever. But don't complain when your system gets hacked or infested.
      My Computers


  7. Posts : 27,162
    Win11 Pro, Win10 Pro N, Win10 Home, Windows 8.1 Pro, Ubuntu
       #206

    I understand, and as soon as Edge is more stable and the add-on portion(so I can get my tracking protection, it is an add-on in IE) Edge will probably become my main browser. But HG you did see the screenshots of Reliability History I posted above/earlier? Does that look like a browser any one wants as his main one right now? I mean I realize all browsers can crash, but that's just ridiculous! And of course I click check for solutions so the crash data gets sent every morning, or else how can the fix the problematic .dlls, which being system32 is brobably the whole problem, when the make it 100% WinRT, it'll be more stable, but for now, I think it's some kind of hybrid.
      My Computers


  8. Posts : 3,367
    W10 Pro x64/W7 Ultimate x64 dual boot main - W11 Triple Boot Pending
       #207

    lehnerus2000 said:
    FF 41 runs OK in my VMs too (once I've downloaded the Classic Theme Restorer add-on to get rid of Mozilla's GUI "improvements).

    If I wanted to run Chrome, I'd install Chrome.
    I never had to fuss ever with Waterfox needing any Classic theme Restorer app. I have that on the 10565 VM I upgraded from the 10240 clean install there and it picked up Waterfox and the IE pins to Start and the Taskbar like nothing ever happened. That's how smooth that upgrade went compared to one of the two desktops and a laptop being upgraded from 7 on each. The developer who came up with the 64bit flavor doesn't add bloatwares in but keeps it plain and simple as seen when going from build to build to build from version 16 to now seeing version 40.
      My Computers


  9. Posts : 1,811
    W7 Ultimate SP1 (64 bit), LM 19.2 MATE (64 bit), W10 Home 1703 (64 bit), W10 Pro 1703 (64 bit) VM
       #208

    Gary said:
    You have to use CTR, I am running Fx 42 RC1 and so far it is the best they have come out with. I have actually gone without a crash since 42 Beta 7.
    I used to use FF all the time (until Aug 2013) and I only ever had one or two crashes.
    My FF profile had a corrupt file that caused issues (in FF 4.0).

    PM sometimes gets weird lockups when I download files.
    I don't know if it is a PM issue or some sort of network issue somewhere in cyberspace.

    TechRepublic uses some garbage js code, which once activated constantly locks PM up ("Script not responding" error).

    Night Hawk said:
    I never had to fuss ever with Waterfox needing any Classic theme Restorer app.
    You don't need the CTR add-on in PM either. :)
      My Computer


  10. Posts : 3,367
    W10 Pro x64/W7 Ultimate x64 dual boot main - W11 Triple Boot Pending
       #209

    Pale Moon is a relatively basic but not stripped down looking browser that can work well for a secondary. Ice Weasle wasn't too bad wither but a bit limited and mainly better for anything Debian based rather then Windows. The one thing I would like to see however is when firing up any Linux VM being able to replace or substitute Waterfox for the default FF or other option a distro may feature.

    As for security sand boxing will never be 100% fail safe either. Don't forget you have to watch carefully as well as have filters in place for things you download which may carry their own "Trojan Horse"?! Some of the unwanted extras can also punch holes through things since they will often connect directly.
      My Computers


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 07:23.
Find Us




Windows 10 Forums