Secure mainstream browsers are difficult to find, as seen in recent years with the increased complexity of malware and the inherent design flaws that need patching after release. A hardened or secure browser is necessary to stop MitB attacks. Since the emergence of so-called banking-trojans like Zeus, this issue has become a priority for on-line commerce. All browsers now claim to be ‘secure’, though with increased demand for frivolous functions, wider ranging apps and user ease, the real level of security is eroded. Below are a some of 2016’s new browsers/plug-in solutions that are considered by techworld.com in tests to be the ‘safest’:
Avira Scout (free)
Cocoon+ (paid)
IceBrowser (Cocoon)
HTTPS Everywhere (free)
Maxthon Cloud Browser (free)
Dooble (free)
Tor (free)
Comodo Dragon/IceDragon (free)
Epic (free)
The site has so far with-held judgment on which is the most secure of these. They all have different security attributes for general browsing though nothing dedicated to critical data transfer. Some of the above are designed by default to have settings or add-ons that can be applied to existing browsers like FireFox (such as NoScript Security Suite which disallows JavaScript to run on websites, &c). Or they are routed through servers in Iceland. These ‘secure’ browsers are more about privacy than security.
If a hardware browser is used and is connected to a secure server to make a trusted on-line connection, then the biggest part of the problem is solved because the hacker cannot get into this environment. And if this stand-alone device is in no way connected to or communicating with a user’s operating system, it is impossible to obtain authorization details, &c by using current hacking methods. Hardware browsers are either configured to not store information that may be acquired by a theoretical hack, physical theft or reading – they are read-only (like the ZeusGard device). If the the devices have the need for storage, then they have an encrypted memory partition to safeguard any data or security codes needed to be stored. To prevent key-logging, many of these browsers generate virtual keyboards. The forerunners of today’s hardware browser devices include various past applications like Live CD.
2 or Multi-Factor Authentication (2FA, MFA) adds a substantial layer of security to weak or suspect browser use. And if a hardware browser was stolen or compromised in some way, and hackers managed to gain information, then they would not have a solution for such security like a one-time key generation and the PIN. Combining these makes perfect sense and companies such as Vasco (with their DIGIPASS range) are starting to introduce such systems. This company’s devices incorporate a hardened, hardware browser with PIN protection, one-time passwords and electronic signatures (so: four layers of security – three factors of authentication).
