the problem as i see it

biggerabalone

biggerabalone last edited by

there are several good browsers using webkit. the problem is most people using them are doing so because they dislike google and its privacy concerns. we don't want opera to be just another fringe browser of google chromes discontent. but the truth is, chrome has features to offer that the fringe webkits don't. i used comodo dragon for a while. it was a good browser, but it lacked NativeClient support. translation: you couldn't play some of the games in the chrome store (not unless you installed chrome). another example is chromes sandbox feature: it is a serious security feature that is lacking in the spin offs. i could go on, but those two will suffice to illustrate the problem: why not just use google chrome, it is safer, has more plugins, and plays more games (don't be deceived, games attracts a lot of users. chrome is a gaming platform). either opera needs to add the features that chrome has, and it lacks ... or it needs some truly innovative features to compete with the chrome juggernaut. i suspect that they don't have the resources to add the chrome features (ex. an integrated sandbox would be costly to implement and develop. and operas switching to webkit is an indicator that they could no longer match googles money in development). so the question remains, how to make opera compete and stand out.

-perhaps integrate some of comodos dragons features (their secure dns is their biggest stand out for me and a large security plus). perhaps opera could join forces with opendns (or someone else) to implement something similar.

-it goes without saying to respect privacy. both comodo and iron focus on this. otherwise, why not use google chrome?

-a download scanner (i talk about this in a different post in the wish list)

-perhaps bringing back the integrated mail???? not sure if there is enough demand for this, but once i got used to it, i liked it. and it did stand out and differentiate opera.

-portable versions (opera may already have this ... not sure? comodo, iron and chrome have it).

-perhaps a banking button to secure opera for online transactions (copy bitdefenders banking browser, or trusteer rapport ... they seem to isolate the browser from the computer so no one can snoop on your banking info). this would be a stand out feature.

-perhaps a integrated web site reputation, rating and review tool (like web of trust, or WOT. avast now has one also). with all of opera's users, this could surpass WOT as the best in the market. as i said, it would be integrated with an easy to use button to quickly rate a site ... for phishing, malware, etc etc).

-porn controls. i understand its not for everyone, but there is an huge market for it (ie does it). this could be part of the opendns system (for they can filter malware sites or porn).

i'm not sure. as you can tell, security is very important to me for my browser needs. plus it gets a lot of publicity. speed is no longer an issue (since everyone is using webkit). it would be hard to compete with chrome in gaming. but utilitarian things (like mail) could be useful (ex. googles drive, and office suite helps it stand out from firefox and ie). i suspect some integrated way of handling social media and simplifying it could be useful ....

any ideas? post them and maybe the team will see them (and they already know about all the missing features from opera's presto version).

blackbird71

blackbird71 last edited by

I do like the idea of a browser really, seriously emphasizing security. It's probably the most natural upcoming "growth" area for browser design, given the increasing current user concerns about privacy, phishing, compromised downloads, drive-by-laden ads, dangerous websites, dns hijacking, and questionable banking connections. Users may not understand all of those concepts, but they certainly fear the effects of being victimized by them. If truly creative, sound approaches to deal with them could be incorporated into a browser that otherwise possessed smooth operation, speed, and outstanding website compatibility, it would prove a real market contender - provided it was adequately marketed and advertised as such.

I know I'd certainly have such a browser on my system, and I'd probably end up using it far more than I can now imagine.

biggerabalone

biggerabalone last edited by

to further supplement to my post. i'd like to point out that most of the ideas i'm suggesting are feasible and inexpensive (relatively). the malware site protection and porn protection would come from an open source service that already exists (opendns). permissions would be needed, but its cheap to do and a major security boost. plus you could turn it off if you don't want it. opendns also claims it speeds up you surfing by caching or something.

and the browser download scanner would be via the immunet project, another open source product ... though they are now owned by sourcefire or something. but their community is already implemented and could be similar to smartscreen filter. and its separate clam online malware scanner could be useful. again, permissions would be needed to direct downloads through them (same goes for virustotal - however, i think google owns them now, so immunet would be better). in the old opera i used to use the dr. web plugin to scan links and download links. this would take it to the next level.

and another idea, but likely too expensive to develop, might be to virtualize the browser while surfing.

i agree with blackbird, security maybe the best way to distinguish opera. but given opera is not made of money, using established technologies from the open source world is the way to go.

last point, with the WOT style integrated opera button, opera could generate more revenue. WOT seems profitable. i understand you could always get an extension, but this one would be part of the browser, giving it an advantage over WOT which is usually not installed. opera could later release their version into a plugin form for firefox etc, to further monopolize the market and make more money.

Deleted User

Deleted User last edited by

Wrong forum but then, you just don't get it, do you. There s no longer read these forums. Take your ideas to their blogs where they might have a chance of being seen.

Deleted User

Deleted User last edited by

Originally posted by blackbird71:

I do like the idea of a browser really, seriously emphasizing security. It's probably the most natural upcoming "growth" area for browser design, given the increasing current user concerns about privacy, phishing, compromised downloads, drive-by-laden ads, dangerous websites, dns hijacking, and questionable banking connections. Users may not understand all of those concepts, but they certainly fear the effects of being victimized by them. If truly creative, ...

Ignorance combined with fear is a great mixture to take average users for a ride

Wonder which of the two articles is more creative:
Chrome Is Most Secure of the Top Three Browsers, Study Finds
Firefox burns Chrome in our trustworthy browser poll

blackbird71

blackbird71 last edited by

Originally posted by Krake:

Originally posted by blackbird71:

I do like the idea of a browser really, seriously emphasizing security. It's probably the most natural upcoming "growth" area for browser design, given the increasing current user concerns about privacy, phishing, compromised downloads, drive-by-laden ads, dangerous websites, dns hijacking, and questionable banking connections. Users may not understand all of those concepts, but they certainly fear the effects of being victimized by them. If truly creative, ...

Ignorance combined with fear is a great mixture to take average users for a ride
Wonder which of the two articles is more creative:
Chrome Is Most Secure of the Top Three Browsers, Study Finds
Firefox burns Chrome in our trustworthy browser poll

Which is why I mentioned "really, seriously" emphasizing security. If a browser were able to specifically address many of these security issues inherently in its design, to the extent that Old Opera addressed configurability, standards-compliance, and user features, then users wouldn't be taken for a ride - the browser would actually "deliver".

biggerabalone

biggerabalone last edited by

Originally posted by leushino:

Wrong forum but then, you just don't get it, do you. There s no longer read these forums. Take your ideas to their blogs where they might have a chance of being seen.

the bitter little man taking selfies appears again. "There s no longer read these forums" - huh? please, no drinking when typing.

my posting seems appropriate: it is in the browser section and relates to the browser, it is not a duplicate subject and has fresh ideas expressed, it is specific and to the point, i describe a problem in relation to security and relevance and ideas on how to rectify them (though, i doubt you actually read more than a sentence). so how is this the wrong forum (true, a superficial reading might want to put it in the wish list, but it is far more nuanced than that, it discusses direction of development, relevance, and profitability)? please quote me this forum's guidelines that i failed to understand.

inversely, you have with your post(s) violated the opera rules of conduct. specifically rule 1: "Don't make inflammatory posts or threads just to stir up the forum or blog. Don't exaggerate just to make a point. Respect your fellow community members, and don't vent your frustrations at them. No trolling."

you have also repeatability violated rule 2: "No personal attacks. Attack the idea, not the person. Never post negative forum threads about other forum members".

and 5."Flooding and/or spamming means instant ban". b/c all you seem to do is repost the same comment flooding the forum, though worded slightly differently, over and over and over again. (which might also be a violation of rule 7).

i wish you would stop trolling this site. most non-nerds don't realize that you don't represent opera and will be turned off of the browser because of your boorish manners. they will regard it as poor customer service and use another browser out of spite.

biggerabalone

biggerabalone last edited by

Originally posted by Krake:

Originally posted by blackbird71:

I do like the idea of a browser really, seriously emphasizing security. It's probably the most natural upcoming "growth" area for browser design, given the increasing current user concerns about privacy, phishing, compromised downloads, drive-by-laden ads, dangerous websites, dns hijacking, and questionable banking connections. Users may not understand all of those concepts, but they certainly fear the effects of being victimized by them. If truly creative, ...

Ignorance combined with fear is a great mixture to take average users for a ride

Wonder which of the two articles is more creative:
Chrome Is Most Secure of the Top Three Browsers, Study Finds
Firefox burns Chrome in our trustworthy browser poll

your reference to pcworld's article "chrome is most secure of the top three browsers study finds" validates my point. with webkit, opera will be similar in speed and rendering as other webkit browsers. security is a stand out that attracts users. chrome has a sandbox, we don't (my kids love flash games which are easily infected - a sandbox is a big deal). however, chrome stumbles with added windows services and spying for advertising purposes. we make up ground by not copying these mistakes, but not enough (as browser usage studies illustrate). most users are anti-nerd and just use their browser (they don't care what an extension is or how to get it or how to configure it). integrated security (such as the netcraft antiphishing tech in opera's presto browser) attracts users. when presto opera was rated the best browser against phishing attacks, i downloaded it. security gets publicity which attracts users. this is why google is funding so many tainted security studies to show chromes supposed superiority. if opera won the next browser hacking tests, it would be a big deal.

utilitarian features also attracts users, such as when opera introduced multi tabbing. but its hard to come up with ground altering revelations in that area (ex. google docs is a big deal. ie and firefox can't use it. luckily, we can ride on googles coat tails with the webkit engine in this regard. however, with time, google will find a way to change their apps to cut out other webkit browsers).

Deleted User

Deleted User last edited by

Originally posted by biggerabalone:

your reference to pcworld's article "chrome is most secure of the top three browsers study finds" validates my point.

Your above answer validates my point :lol:

biggerabalone

biggerabalone last edited by

Originally posted by blackbird71:

Originally posted by Krake:

Originally posted by blackbird71:

I do like the idea of a browser really, seriously emphasizing security. It's probably the most natural upcoming "growth" area for browser design, given the increasing current user concerns about privacy, phishing, compromised downloads, drive-by-laden ads, dangerous websites, dns hijacking, and questionable banking connections. Users may not understand all of those concepts, but they certainly fear the effects of being victimized by them. If truly creative, ...

Ignorance combined with fear is a great mixture to take average users for a ride
Wonder which of the two articles is more creative:
Chrome" target="_blank">http://www.pcworld.com/article/245856/chrome_is_most_secure_of_the_top_three_browsers_study_finds.html]Chrome Is Most Secure of the Top Three Browsers, Study Finds
Firefox" target="_blank">http://nakedsecurity.sophos.com/2013/09/23/firefox-burns-chrome-in-our-trustworthy-browser-poll/]Firefox burns Chrome in our trustworthy browser poll

Which is why I mentioned "really, seriously" emphasizing security. If a browser were able to specifically address many of these security issues inherently in its design, to the extent that Old Opera addressed configurability, standards-compliance, and user features, then users wouldn't be taken for a ride - the browser would actually "deliver".

your point seems, in light of blackbirds post, to disagree that "increasing current user concerns about privacy, phishing, compromised downloads, drive-by-laden ads, dangerous websites, dns hijacking, and questionable banking connections" are a problem. and that such concerns are for the ignorant. therefore, you seem to indicate that opera should ignore such concerns. an unorthodox position.

Deleted User

Deleted User last edited by

Originally posted by biggerabalone:

your point seems, in light of blackbirds post, to disagree that ...

My point is that there is no protection against ignorance/stupidity. Period.

Originally posted by biggerabalone:

"increasing current user concerns about privacy, phishing, compromised downloads, drive-by-laden ads, dangerous websites, dns hijacking, and questionable banking connections" are a problem. and that such concerns are for the ignorant.

Exactly.
Increasing user concerns should encourage computing education for the basics (safe hex).
Knowing the basics and practicing safe hex, all the above shouldn't be a main concern.

• privacy = generic term, interpreted by different users in different ways
• phishing = you don't land on a fishing site by magic. You don't follow a link to access your banking page. Besides, browsers have an address bar which should show you the exact address.
• compromised downloads = download software only from the producer's home page. No browser can protect you from downloading shitware.
• drive-by-laden ads = this can occur in different ways. No browser can prevent legit sites to be infected. However practising safe hex will keep you clean even you visit infected sites. Most used attack vectors: scripting, malicious iframe, third party plugins.
• dangerous websites = theoretically it can be any site you visit
• dns hijacking = many ISPs (in Western Europe and USA as well) for self-serving purposes but I don't think you meant that.
  Anyway, how could a browser protect your system from malware???
• questionable banking connections= ???

Increasing user concerns should encourage computing education for the basics (safe hex).
Knowing the basics and practicing safe hex, all the above shouldn't be a concern.

Originally posted by biggerabalone:

therefore, you seem to indicate that opera should ignore such concerns.

I couldn't care less what Opera does.
Opera Presto was my first choice for more than a decade whereas the new 'Opera' (Blink) is dead meat for me.

biggerabalone

biggerabalone last edited by

"My point is that there is no protection against ignorance/stupidity. Period."

we'll disagree on this one. i maintain some computers in a seniors home, and they are truly ignorant. i have set up their systems to protect them despite their ignorance. no user input or interaction required, just safety and ease of use. you have to remove the nerd factor from the technology. education works only for those who wish to be educated, most do not. a fishermen care about fishing, not phishing. if he has to use a computer, he'll want it to work like his microwave or fridge - just to do what its meant to do without taking a class or reading a book about it. firefox has many great plugins. its nerd paradise. yet the average user grows tired and/or intimidated by the multitude of choices regarding them. which ones are legitimate, which work, which one is superior for your task, etc. after hours of reading and trial and error you may finally get it configured. this is why firefox is losing the battle, because it only really appeals to the fringe tech nerds. some people would rather go hunting or water skiing on their off time. we both know that for proper security you have to remove java, flash, and pretty much anything that makes the internet fun. so likely, you'll have to manually turn them on or off depending on your sites etc. i, for one, grow tired of wasting my life on these pursuits. i used to spend hours (a year) looking up the independent testing of antivirus companies (firewalls, etc) and changing my systems to maximize protection (for freeware). lifes too short for this. i could have used that time to have sex:) apple understands this and integrates security and simplifies operation. that is why they are worth soooooo much money.

Deleted User

Deleted User last edited by

Originally posted by biggerabalone:

i, for one, grow tired of wasting my life on these pursuits. i used to spend hours (a year) looking up the independent testing of antivirus companies (firewalls, etc) and changing my systems to maximize protection (for freeware). lifes too short for this. i could have used that time to have sex:)

I have also been through that. However, I had also time for a girlfriend. It was enough time for sex too, certainly not for 5 hours the day
I learned what a FW & AV does and how it works. I had a nice malware collection and also learned how to trick AVs with a weak unpacking engine or weak signatures. Then I gave up testing with malware and some time later also gave up to use a FW and an AV. With other words 'I grew up'
For the last 7 years I was using W2k without a firewall and without an AV. Guess how often I got hit by malware?
Now I am on Win7. I've left its firewall enabled but I have disabled the AV. So I am unprotected and still waiting to get hit by some malware.
BTW, I have also disabled in Opera Presto "Enable Fraud and Malware Protection" and so did I in Firefox with "Block reported attack sites" and "Block reported forgeries".

@scratchspaceredux
Your favorite argument seems to be the term "dodge". Good luck with it

biggerabalone

biggerabalone last edited by

Originally posted by Krake:

Originally posted by biggerabalone:

i, for one, grow tired of wasting my life on these pursuits. i used to spend hours (a year) looking up the independent testing of antivirus companies (firewalls, etc) and changing my systems to maximize protection (for freeware). lifes too short for this. i could have used that time to have sex:)

I have also been through that. However, I had also time for a girlfriend. It was enough time for sex too, certainly not for 5 hours the day
I learned what a FW & AV does and how it works. I had a nice malware collection and also learned how to trick AVs with a weak unpacking engine or weak signatures. Then I gave up testing with malware and some time later also gave up to use a FW and an AV. With other words 'I grew up'
For the last 7 years I was using W2k without a firewall and without an AV. Guess how often I got hit by malware?
Now I am on Win7. I've left its firewall enabled but I have disabled the AV. So I am unprotected and still waiting to get hit by some malware.
BTW, I have also disabled in Opera Presto "Enable Fraud and Malware Protection" and so did I in Firefox with "Block reported attack sites" and "Block reported forgeries".

@scratchspaceredux
Your favorite argument seems to be the term "dodge". Good luck with it

i know what your saying, but without protection, you wouldn't know if you had a rootkit, trojan, etc because they wish to be undetected. you might notice a system slowdown, but not likely (considering you have no av which eats resources). i suspect you don't do online banking or purchase things online with your credit card, 'cuz that would be asking for trouble. i might be able to set your computer up as a slave bot for some nefarious activity i've been contemplating, please post your email:) at the end of the day though, you might want to try running linux. i'm using xubuntu to write this. linux is pretty hard to infect and doesn't require antivirus protection (if your system is stronger than mine, which it is, you might prefer mint or ubuntu) - but i'm digressing into nerdville here. time to go find the mrs.:)

Deleted User

Deleted User last edited by

Originally posted by biggerabalone:

i know what your saying, but without protection, you wouldn't know if you had a rootkit, trojan, etc because they wish to be undetected.

I could ask you the same question although you are 'protected'.
Ask the Iranians or picking a more trivial example - was the Sony rootkit detected by an AV?
As for being unprotected, my protection consists in common sense and now and then a forensic check.

To make it clear for everybody - I strongly recommend for every eaverage user to use an AV!
However I found your recommendations to make a browser secure funny to say the least.

Originally posted by biggerabalone:

i might be able to set your computer up as a slave bot for some nefarious activity i've been contemplating, please post your email:)

krake@myopera.com
Please feel free to set up my computer as a slave for whatever activities you like. Take this as my official allowance

Originally posted by biggerabalone:

at the end of the day though, you might want to try running linux.

Or OpenBSD (if your hardware supports it) for that matter.

BTW, did you know that UNIX rootkits were the first? Windows rootkits came many years later.

frenzie

frenzie last edited by

Originally posted by Krake:

For the last 7 years I was using W2k without a firewall and without an AV. Guess how often I got hit by malware?

I assume you were still behind a router's firewall, or you'd have been hit by the Blaster virus.

Deleted User

Deleted User last edited by

Originally posted by Frenzie:

Originally posted by Krake:

For the last 7 years I was using W2k without a firewall and without an AV. Guess how often I got hit by malware?

I assume you were still behind a router's firewall, or you'd have been hit by the Blaster virus.

Wrong assumption
I was behind a simple DSL modem. With closed ports/services you don't need turned off, Blaster had no chances.
Among other ports/services I had port 135, DCOM closed.

Deleted User

Deleted User last edited by

Originally posted by scratchspaceredux:

Another example of your impeccable reasoning: Citing a spectacular example involving the world's most sophisticated malware to imply that AV software doesn't really protect a user.

You did understand nothing. Doesn't surprise me taken into consideration the way you argued till now.
My point was that a forensic check would have revealed even the most sophisticated malware. Same applies to the Sony rootkit which was far less complicated.

Originally posted by scratchspaceredux:

Current security software is totally ineffective against rootkits?

Where did I said that?
However mostly ineffective against rootkits/malware it doesn't have signatures for or against rootkits/malware packed with an unknown packer.
Some AVs have also memory scanners but once the harming code is in RAM it could be too late.
Behaviour scanners are FP prone and thus can do more harm than benefit.

Originally posted by scratchspaceredux:

But rationality had to take a back seat to your most important point, which was that "real men" (such as yourself) don't use AV software.

My point was that the weakest link in a chain is always the user. It's not about using or not an AV.
I even strongly recommended using an AV. See my post above.
Some of those who know what they are doing (not only men but also women) will prefer to make a forensic check now and then.

You can 'enhance' a browser by routing every request around half of the world before it reaches destination (data collectors will enjoy it) to make users feel safer. I couldn't care less how many security layers people would choose to add. My point is that basic education (safe hex) is as valuable (if not the most) than any of the security layers one might choose to add.

Originally posted by scratchspaceredux:

Sensible people are not impressed.

Nice to meet such a sensible person, scratchspaceredux

frenzie

frenzie last edited by

Originally posted by Krake:

I was behind a simple DSL modem. With closed ports/services you don't need turned off, Blaster had no chances.
Among other ports/services I had port 135, DCOM closed.

It can be hard to tell what you don't need if it's all enabled by default. But yes, back in those days I was definitely trying to turn off as much as possible. Primarily for memory and performance reasons, although additional security was a nice bonus.

Deleted User

Deleted User last edited by

Originally posted by Frenzie:

It can be hard to tell what you don't need if it's all enabled by default.

There were nice instructions that most people could understand and follow.