Firefox and Ubuntu are #1 for Identity Protection
Category
The latest release of Ubuntu has a terrific new feature: advanced security for browsing with Firefox. This feature is not enabled, by default, and requires running a single line in a console to activate. The Karmic Koala release hints at this capability in the release notes:
This is pretty amazing, as the only other reasonable solution for browser protection is the recommendation of Brian Krebs to rely on booting up with a Live CD. Useful, but not practical. In a work environment, I need to use my browser continuously, and having to juggle with a Live CD is not a practice which is going to be widely adopted. On the other hand, by relying on Ubuntu's AppArmor profile for Firefox, I achieve an extraordinarily high level of Identify Protection with barely an inconvenience.
Why isn't this feature turned on by default ? Reading the Ubuntu Security Team wiki on Firefox, explains that users "must opt-in to using the profile and therefore should know that AppArmor confinement could cause Firefox to behave unexpectedly." Unexpectedly ? That's not a term which bolsters my confidence for adding the profile. I asked Canonical's Security Engineer for Ubuntu, Jamie Strandboge, if he would describe the benefit of enabling the AppArmor profile for Firefox:
Jamie hasn't found any broken Firefox applications, and when I read through the bug reports, it seemed that any problems with a secured Firefox were related to user configurations, and not to AppArmor's Firefox implementation. I think the enhanced security of Firefox on Ubuntu is one more reason that Ubuntu provides a solid corporate desktop environment.
Technorati Tags: Ubuntu, Firefox, AppArmor, Jamie Strandboge
The latest release of Ubuntu has a terrific new feature: advanced security for browsing with Firefox. This feature is not enabled, by default, and requires running a single line in a console to activate. The Karmic Koala release hints at this capability in the release notes:
A new profile is provided for Firefox as well, though it is disabled by default. Users can enable AppArmor sandboxing of their browser by running:
$ sudo aa-enforce /etc/apparmor.d/usr.bin.firefox-3.5
This is pretty amazing, as the only other reasonable solution for browser protection is the recommendation of Brian Krebs to rely on booting up with a Live CD. Useful, but not practical. In a work environment, I need to use my browser continuously, and having to juggle with a Live CD is not a practice which is going to be widely adopted. On the other hand, by relying on Ubuntu's AppArmor profile for Firefox, I achieve an extraordinarily high level of Identify Protection with barely an inconvenience.
Why isn't this feature turned on by default ? Reading the Ubuntu Security Team wiki on Firefox, explains that users "must opt-in to using the profile and therefore should know that AppArmor confinement could cause Firefox to behave unexpectedly." Unexpectedly ? That's not a term which bolsters my confidence for adding the profile. I asked Canonical's Security Engineer for Ubuntu, Jamie Strandboge, if he would describe the benefit of enabling the AppArmor profile for Firefox:
The basic idea is that Firefox is a complex application. It (like all browsers due to the complexity) has had a lot of security vulnerabilities. AppArmor confines an application to being able to perform only a known and well-defined set of actions. Because of Firefox's complexity, the profile is disabled by default, to not interrupt the user's experience. If the profile can provide the necessary protection as well as a good user experience, then it may be enabled in a future release of Ubuntu.
I absolutely recommend using AppArmor in a corporate environment, which is one reason why we ship it. It is well tested in Ubuntu, and does work with extensions and plugins shipped in Ubuntu. The best thing to do is try it out and report any bugs.
Jamie hasn't found any broken Firefox applications, and when I read through the bug reports, it seemed that any problems with a secured Firefox were related to user configurations, and not to AppArmor's Firefox implementation. I think the enhanced security of Firefox on Ubuntu is one more reason that Ubuntu provides a solid corporate desktop environment.
Technorati Tags: Ubuntu, Firefox, AppArmor, Jamie Strandboge
- 
Comments
Posted by Nakeva At 01:00:19 PM On 11/10/2009 | - Website - |
Try this URL for a workaround for Notes 8.5.1 on Karmic:
{ Link }
Posted by Mike Brown At 07:26:36 AM On 11/10/2009 | - Website - |
Posted by Ralf M Petter At 01:10:12 AM On 11/10/2009 | - Website - |
Posted by Chris Whisonant At 11:24:53 PM On 11/09/2009 | - Website - |