Articles‎ > ‎Data Security‎ > ‎

Securely Surfing the Web, Part 1

It’s getting more difficult these days to surf the web securely even with the latest operating systems (OS) and applications that are fully patch and running the most up-to-date anti-malware programs.  The bad guys are constantly using existing exploits and creating new ones.

By reducing the attack surface (e.g. running fewer programs and services) and locking down the OS you can make it hard for an attacker to be able to exploit weaknesses (e.g. exploits, misconfiguration, etc.) on your computer.   This is often referred to as “hardening the system”.  These types of systems are not impenetrable they’re just very difficult to compromise. 

Most attackers will go after easiest exploitable targets first, also known as the “low hanging fruit”.  Windows, Macintosh, and Linux are all great operating systems.  All current versions of these OS are far more secure than previous versions. 

Since Linux currently has a smaller market share it is not attacked as aggressively as Windows and more recently the Macintosh.  This will change over time as its gains popularity and its market share increases.

Possible Solutions
The question is can you surf the web securely?  The answer could be using a Linux Virtual Machine, or possibly Google’s new Chromebook laptop.  Both of these solutions have their advantages and disadvantages, but what’s important to find out is which solution is right for you.

Using Linux VMs
One solution is to create a Linux Virtual Machines (VMs), running a non-administrator account to prevent your system from being infected.  In theory if the VM gets infected you can just destroy it and build another one.

This solution can be setup using Hyper-V, Citrix, VirtualBox, or any other hypervisor or VM software that you want to use.  This is not a perfect solution for everyone, because it does require some technical knowledge to setup it up properly.  This solution also requires a computer that has enough system resources (e.g. CPU, RAM, hard drive space, etc.) to support running a VM with a full operating system. (Note: a computer like a Netbook might not have enough systems resources to run this type of software)

Pros:
  • This environment if setup correctly (e.g. hardened) can be more secure then browsing from a Windows or Macintosh computer.
  • Using VirtualBox (http://www.virtualbox.org/) from Oracle (formerly Sun), and one many Linux variants (e.g. Ubuntu [http://www.ubuntu.com/], Jolicloud [http://my.jolicloud.com/]) it can be setup for no cost if you have the resource capacity on your existing hardware.
  • If the VM gets compromised all you do is delete and start again. 
Cons:
  • It can be complex to setup, and requires regular updating.
  • It can be cumbersome to surf the web from a VM regularly and requires discipline to use it. 

Chromebook
With a device like the Chromebook running the Chrome OS in theory, you can surf the web more securely then most platforms, such as Windows, Macintosh OS X, or Linux.    Even though the Chrome OS is based on Linux there are security features built-in to it, to make it very difficult to be compromised.

Some of the major security features of the Chrome OS are:
  • Every tab in the browser runs in its own separate sandboxed environment.  This helps isolate untrusted code from being executed outside the browser memory space.
  • Every time you start the system, during boot-up the system performs a self-check called “verify boot”.  If the OS has been tampered with by malware, it’s restored automatically from a known good backup.

Pros:
  • It’s very difficult for a system like this to be infected. 
  • You will not have to worry about updating the system or running anti-malware software.  The system will update automatically in the background.
  • No data is stored on the laptop so if the device is lost or stolen you don’t lose your data.
Cons:
  • You will not be able to run your favorite programs, and will have to find alternatives for them.  For example, you could not run Microsoft Office you will have to use Google Docs.
  • All data is stored in the “cloud”, so if your account gets compromised all your data can be stolen without your knowledge.

Before buying a device like the Chromebook make sure that you can live with the constraints that a system like this has to offer.  It’s dependent on an Internet connection to be useable.  If all you want to do is surf the web, watch videos online, etc. this might be a great solution for you.

More information: http://www.google.com/chromebook/  

(Read part 2 of this article)
Comments