Duplicate Opera installation?
-
hucker last edited by
@blackbird71 said in Duplicate Opera installation?:
In my case, I use a certain limited user account to occasionally access some very sensitive files and which has only one browser installed that can go out onto the Internet... that one (which happens not to be Opera) is extremely "locked down" via security tools, both internal and external, to allow access only to certain 'secure' sites. No other browsers are even accessible from within that account.
Surely you trust yourself?
-
hucker last edited by
@donq said in Duplicate Opera installation?:
One major reason to install software into Appdata folder is limited users inability to install into normal (programfiles) folder. Non-administrative users can't install anything into programfiles,
That cannot be true. A lot of Windows users are not admin on their own computer, yet they install software into program files in the normal way.
-
blackbird71 last edited by
@hucker said in Duplicate Opera installation?:
@blackbird71 said in Duplicate Opera installation?:
In my case, I use a certain limited user account to occasionally access some very sensitive files and which has only one browser installed that can go out onto the Internet... that one (which happens not to be Opera) is extremely "locked down" via security tools, both internal and external, to allow access only to certain 'secure' sites. No other browsers are even accessible from within that account.
Surely you trust yourself?
What I don't trust are websites that all too often contain scripted callouts to other sites (which, in turn, could contain malware that might compromise files within that account). As a result, I block anything from being accessed in that user account and its browser other than a very few specific sites themselves. The sites I may need to access are used for reference with regard to updating my sensitive files. YMMV.
-
hucker last edited by
@blackbird71 If a website can do that, your browser has a monumental security flaw and you oughta change browser.
-
blackbird71 last edited by
@hucker said in Duplicate Opera installation?:
@blackbird71 If a website can do that, your browser has a monumental security flaw and you oughta change browser.
We'll have to agree to disagree on that. "Drive-by" infections are as old as browser vulnerabilities themselves... and as new as many of the chromium updates that are issued every few weeks by the Chromium Project. The site you visit may seem safe with regard to its own code, but the rented-out adspace it hosts for some rotating ad server can be a whole different ballgame... they have long been favorite targets for zero-day browser exploits. For some things, it just makes no sense to take chances.
-
hucker last edited by
@blackbird71 They're not just security holes, they're stupidly written browsers. Running code without your permission is monumentally absurd.
PSST, get an AV program.
-
blackbird71 last edited by
@hucker said in Duplicate Opera installation?:
@blackbird71 They're not just security holes, they're stupidly written browsers. Running code without your permission is monumentally absurd.
PSST, get an AV program.
That's the nature of "vulnerabilities": they're security holes of which the developers weren't (usually) aware, else they wouldn't have issued the code in the first place. A zero-day exploit is simply an exploit that's deployed 'in the wild' before a vulnerability has become generally known. Depending on where the vulnerability exists, it may or may not be primarily a browser issue... it may be a flaw in JavaScript itself, in the chromium/Blink engine, in the browser layer sitting upon the engine, in an extension attached to the browser, in the host OS, or even in some system module being invoked by the browser when directed by a site's code.
Most users (myself included) use an AV, but an antivirus is not the end-all protection against threats, particularly when "it really matters". Many 'zero-days' are just that: not recognized by an AV until an update eventually is issued to it.
Security is a layered process, and the best security is a many-layered process... just one of which is to keep a browser tightly locked down, especially when it really matters; another of which is to employ limited user accounts to compartmentalize data access; still another is to keep any admin account very tightly controlled regarding its online exposure.
-
hucker last edited by leocg
@blackbird71 AV has always done me well. You have to visit a lot of dodgy porn sites to get anything bad.
And as I said, there should not be any ability to run any code through a browser. Code belongs in an exe file on your own computer.
-
donq last edited by
@hucker said in Duplicate Opera installation?:
@donq said in Duplicate Opera installation?:
One major reason to install software into Appdata folder is limited users inability to install into normal (programfiles) folder. Non-administrative users can't install anything into programfiles,
That cannot be true. A lot of Windows users are not admin on their own computer, yet they install software into program files in the normal way.
Actually not. Most home users have in fact enough privileges and can install into programfiles after accepting UAC prompt, but in controlled (domain) environments they are asked for real administrator approval also - which they usually cannot get
Installing into Appdata avoids all such hassle. -
donq last edited by
@hucker said in Duplicate Opera installation?:
And as I said, there should not be ANY ability to run any code through a browser. Code belongs in an exe file on your own computer.
Considering that browser itself is code, then your statement is meaningless. Every operation, even just simple drawing a rectangle, involves some code execution.
What about 'badly written code' - have you written alot of code? I have - and I can say 'bug-free' with 100% certainity only about one 10 byte assembly program I wrote maybe 35 years ago.Browser contains millions of lines of code, running on operating system, containing much more code and it is theoretically impossible to make all this bug-free. Sometimes some people praise open source, because it allows anyone to find and fix bugs - unfortunately no one will scan through millions of code lines and find hidden paths to allow some bad data screwing code execution up.
-
blackbird71 last edited by blackbird71
@hucker said in Duplicate Opera installation?:
@blackbird71 ... You have to visit a lot of dodgy porn sites to get anything bad. ...
Not true. Over the years, drive-by exploits have successfully infected website visitors to the New York Times, Google, the BBC, and NBC, just to name a few. Any website that carries ads (especially rotating ads) can be a potential carrier for issuing a drive-by; any website that has been successfully hacked has the potential for issuing a drive-by; an exploitable vulnerability in any website's server has the potential for enabling a drive-by issuance. While "dodgy sites" have a higher potential for hosting drive-bys. to blithely assume "reputable" sites can't host them is to live in a dream world.
AV has always done me well.
If the drive-by exploit is of a zero-day variety, your AV's signature-detection engine will be ineffective. The AV protection will then be at best only as good as its heuristic detection engine - and those aren't all equally effective against various forms of exploits.
-
hucker last edited by hucker
@blackbird71 said in Duplicate Opera installation?:
@hucker said in Duplicate Opera installation?:
@blackbird71 ... You have to visit a lot of dodgy porn sites to get anything bad. ...
Not true. Over the years, drive-by exploits have successfully infected website visitors to the New York Times, Google, the BBC, and NBC, just to name a few. Any website that carries ads (especially rotating ads) can be a potential carrier for issuing a drive-by; any website that has been successfully hacked has the potential for issuing a drive-by; an exploitable vulnerability in any website's server has the potential for enabling a drive-by issuance. While "dodgy sites" have a higher potential for hosting drive-bys. to blithely assume "reputable" sites can't host them is to live in a dream world.
Any browser which allows code from a website to execute is stupidly badly written. Running code must always involve the user confirming it. The only browser and email programs I've seen letting in stuff like that are made by Microsoft, where they can't understand the difference between local and internet, they want everything to be the same to give the user a convenient experience.
AV has always done me well.
If the drive-by exploit is of a zero-day variety, your AV's signature-detection engine will be ineffective. The AV protection will then be at best only as good as its heuristic detection engine - and those aren't all equally effective against various forms of exploits.
And yet I've never been hit in all my years on the internet (starting in 1995). And I do visit dodgy sites.
-
oddssatisfy last edited by
It is possible that you have installed two different versions of Opera on your computer. One version may be installed in the system-wide "Program Files" directory, while the other may be installed in your user-specific "AppData" directory. The version installed in "Program Files" is typically available to all users on the computer, while the version installed in "AppData" is only available to your user account. The version in "AppData" may have been installed as a standalone installation or as an update to the previous version. Both versions may have the same settings because Opera saves its settings in a user-specific location, such as the AppData directory. This allows different users on the same computer to have their own settings and preferences for Opera. If you no longer need one of the versions of Opera, you can uninstall it through the Windows Control Panel. However, be sure to only uninstall the version that you no longer need and not the one that you currently use.
-
blackbird71 last edited by
@hucker said in Duplicate Opera installation?:
@blackbird71 said in Duplicate Opera installation?:
@hucker said in Duplicate Opera installation?:
@blackbird71 ... You have to visit a lot of dodgy porn sites to get anything bad. ...
Not true. Over the years, drive-by exploits have successfully infected website visitors to the New York Times, Google, the BBC, and NBC, just to name a few. Any website that carries ads (especially rotating ads) can be a potential carrier for issuing a drive-by; any website that has been successfully hacked has the potential for issuing a drive-by; an exploitable vulnerability in any website's server has the potential for enabling a drive-by issuance. While "dodgy sites" have a higher potential for hosting drive-bys. to blithely assume "reputable" sites can't host them is to live in a dream world.
Any browser which allows code from a website to execute is stupidly badly written. Running code must always involve the user confirming it. The only browser and email programs I've seen letting in stuff like that are made by Microsoft...
I'm not sure what you mean by this. JavaScript is script code, and many websites execute it on a user's system. Vulnerabilities and flaws in browser code are discovered constantly, hence many of the chromium code updates (that underlie Opera and many other browsers) that are issued every couple of weeks. Those flaws may allow site code to "go rogue", which is why attention should always be paid to keeping a browser updated.
-
hucker last edited by
@blackbird71 said in Duplicate Opera installation?:
@hucker said in Duplicate Opera installation?:
@blackbird71 said in Duplicate Opera installation?:
@hucker said in Duplicate Opera installation?:
@blackbird71 ... You have to visit a lot of dodgy porn sites to get anything bad. ...
Not true. Over the years, drive-by exploits have successfully infected website visitors to the New York Times, Google, the BBC, and NBC, just to name a few. Any website that carries ads (especially rotating ads) can be a potential carrier for issuing a drive-by; any website that has been successfully hacked has the potential for issuing a drive-by; an exploitable vulnerability in any website's server has the potential for enabling a drive-by issuance. While "dodgy sites" have a higher potential for hosting drive-bys. to blithely assume "reputable" sites can't host them is to live in a dream world.
Any browser which allows code from a website to execute is stupidly badly written. Running code must always involve the user confirming it. The only browser and email programs I've seen letting in stuff like that are made by Microsoft...
I'm not sure what you mean by this. JavaScript is script code, and many websites execute it on a user's system. Vulnerabilities and flaws in browser code are discovered constantly, hence many of the chromium code updates (that underlie Opera and many other browsers) that are issued every couple of weeks. Those flaws may allow site code to "go rogue", which is why attention should always be paid to keeping a browser updated.
It should be like a sandbox. Code running inside a browser should never ever get outside the browser. This is basic programming. Say you ran a virtual machine on your computer. No virus in there could ever get out.
-
donq last edited by
@hucker said in Duplicate Opera installation?:
It should be like a sandbox. Code running inside a browser should never ever get outside the browser. This is basic programming. Say you ran a virtual machine on your computer. No virus in there could ever get out.
Of course it can. It may not be easy, but has happened.
Are you programmer? Hacker? Security expert?
Or, as I was asked some twenty and more years ago (when I attempted to explain to someone that one specific program is foolproof - complete misunderstanding of course), are you black, white or red hat?
This seemed totally stupid question to me, but curious as I am, I started to investigate, what this question means. I have not become any color of hat, but I have gathered alot of interesting information since -
hucker last edited by
@donq said in Duplicate Opera installation?:
@hucker said in Duplicate Opera installation?:
It should be like a sandbox. Code running inside a browser should never ever get outside the browser. This is basic programming. Say you ran a virtual machine on your computer. No virus in there could ever get out.
Of course it can. It may not be easy, but has happened.
Only with downright stupid programming. What is inside stays inside. Calls to the outside must go through the user.
-