People should really all consider doing what I do: install a throwaway VM on your system from which you surf the Web. For all the sites that I don't trust I do surf from a VM which can be erased / re-installed at will.
For sites I trust, like my GMail / Google Docs, I surf from a separate user account. I'm using a firewall that can do "per user" rules and I'm only using whitelists. By default no packets can be emitted. Then the user account used to access GMail / Google Docs is configured so that it can emit HTTP/HTTPS trafic.
No Java in the user accounts / VM that do surf the Web: and I'm a "Java" dev (Java + Clojure). Java can be installed only for one user account on Linux, without needing to be root.
Wanna do online banking / MoneyBookers / etc.: boot a read-only Linux CD / DVD.
Yes, it is slightly more inconvenient than using your main user account to surf the Web. But so far security and conveniency haven't exactly been good matches yet.
The state of security today is really terribly bad. It is so bad that I'm going back to a "stupid" Nokia S40 phone until things settle down.
That's not just inconvenient, it's verging on paranoia. Most people haven't got the time or the processor cycles to spare to run a separate VM. What's wrong with just disabling plugins for all but trusted sites?
There are lots of browser bugs which aren't plugin related at all. Lots of DOM/parser/JS stuff; the most popular bug class at the moment is use-after-free.
I'd like to see a custom version of Chromium for this purpose. Google's sandboxing is great. Just reduce the attack surface by stripping out non-essentials like plugins, SVG, WebGL, NaCl, etc. etc. and you have a pretty darn secure browser. See the ridiculous complexity of those two exploits by Pinkie Pie for what attackers are up against.
Seems like a good convenience/security tradeoff to me.
That's nothing. I have my web surfing VM hooked up to a separate VLAN. My main browser (that runs on the host) can only reach the corporate network. The VM can only reach the public internet.
People should really all consider doing what I do: install a throwaway VM on your system from which you surf the Web. For all the sites that I don't trust I do surf from a VM which can be erased / re-installed at will.
For sites I trust, like my GMail / Google Docs, I surf from a separate user account. I'm using a firewall that can do "per user" rules and I'm only using whitelists. By default no packets can be emitted. Then the user account used to access GMail / Google Docs is configured so that it can emit HTTP/HTTPS trafic.
No Java in the user accounts / VM that do surf the Web: and I'm a "Java" dev (Java + Clojure). Java can be installed only for one user account on Linux, without needing to be root.
Wanna do online banking / MoneyBookers / etc.: boot a read-only Linux CD / DVD.
Yes, it is slightly more inconvenient than using your main user account to surf the Web. But so far security and conveniency haven't exactly been good matches yet.
The state of security today is really terribly bad. It is so bad that I'm going back to a "stupid" Nokia S40 phone until things settle down.