I know this is not yet the case, but it would say that it will be in the near future.
Is this a threat? does CID need to be adjusted so it had more CF-like protection from within the browser against this.
If this is (or would) become a serious security issue, CID would have a great 'sellingpoint ’ (i know it is free)
CID would be more secure on this front than others
The way Dragon/Chromium is built is superior. Windows has sandboxing-techniques that can be combined to a powerful sandbox:
Restricted Token (great for XP-users with administrator-account)
Job Objects (several restrictions can be applied, such as clipboard-access (read/write), process-launch)
Alternate desktop (disallows sending of window-messages to processes on the user’s desktop)
Untrusted integrity-level (Vista and later; denies access to any resource at low or higher level)
IceDragon/Firefox does none of that. (Internet Explorer on Vista and later does some of it.) On Vista and later, Restricted Token is applied, as it is for all non-elevated processes, and it is run at medium integrity-level. (All user-files are medium level.)
Unless the architecture is changed into a sandboxed multi-process one, I cannot see how it could possibly be as secure as Dragon.
you definately know your stuff
thanks for your input. I might just use CD instead of CID and skip NoScript all together
I just use that to be protected against threats coming from those external ad servers
Legit sites which use those ad services could become a danger to anyone visiting ths sites once the ad services got hacked.
This has happend and many pc’s got infected. I skipped the dance because noscript disabled the script by default and I only enabled the domian’s JS
Would CD also have kept me safe? even though the malware script was allowed to run
But this is more of a Dragon question instead of an IceDragon one
That is what it is meant to protect against. But no security-solution can block every attack, since no software is perfect. Recently, at Pwnium 2, a bug in WebKit combined with a bug in the IPC-layer made it possible to escape the Chrome-sandbox.
I doubt that a one-bug-exploit could be successful.
The problem with NoScript is that it breaks the majority of the internet by default.
I prefer to use the AdBlock Plus extension and use a filter to block third-party scripts, (Such as external adservers) because external scripts are something that the site owner has no control over. This way, most site functionality is not broken because the locally hosted scripts are allowed to run, yet I have protection from external scripts.
You can do this with the filter:
If you do encounter a site that you’d like to allow external scripts, such as YouTube that requires external scripts for load balancing/content serving, you can add domain exceptions to the filter.
If you want to add more domains, you can string them together using the “Pipe” symbol. (|)