How secure is Opera?
- 29 January, 2009 09:57
When executed under Windows Vista, Opera runs as a single process (Opera.exe) of medium integrity, with file system and registry virtualization enabled (a User Account Control feature that allows users to operate without administrative rights), but without DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization).
Opera's unfortunate lack of support for DEP and ASLR makes the Opera process the weakest protected of any of the browsers I've tested (including Google Chrome, Firefox, Safari, and Internet Explorer) and potentially puts it at higher risk of buffer overflows. This weakness is exacerbated by the 45 announced vulnerabilities in Opera 9.x over the last two years, one-third of which would have allowed complete system compromise. Opera Software should immediately recode Opera to use ASLR and DEP, to remove this major blemish on an otherwise fine product.
Block that content
Opera lets a user (or admin) control which Web sites are allowed (or prohibited) and which content types can be downloaded through a URL-filtering .ini file (called urlfilter.ini by default). Wild-card characters and paths can be used to configure the rules, and any Web site not specifically included is automatically excluded when URL filtering is turned on. Most users prevent inadvertent excludes by allowing all Web sites by default (e.g. http://*.* and https://*.*) and then specifying the sites to exclude. If you really want to lock down the browser, Opera can easily be configured so that no files can be downloaded, saved, launched, or executed, or so that downloaded content is set to read-only. The only deficiency is that common file extensions are hidden by default.
Join the Computerworld Australia group on Linkedin. The group is open to IT Directors, IT Managers, Infrastructure Managers, Network Managers, Security Managers, Communications Managers.
- the Quick Preferences menu option
- right-clicking the Web page and choosing Block Content
- standard Security menu option
- type " Opera:config" into the URL bar
- some of the best cookie controls
- Fraud Protection
- Netcraft Ltd - Internet Research, Anti-Phishing and PCI Security Services
- PhishTank : Join the fight against phishing
- Haute Secure
- the first five ciphers use 256-bit AES keys
- Strict EV enforcement
- regular EV enforcement
- Welcome - PayPal
- Opera: Kiosk mode
- Chapin Information Services
- Browser Security Test
- Jason Levine's Toolbox: Browser Security Tests
Thanks a million, Drupal
Optus goes over the top with VoIP service
Turnbull asks how the NBN got that way
U.S. retailers insist on PIN requirement in smartcard rules
Yelp speeds database access with flash storage