SecurityInnovation / Security-Best-Practices

A Security and Privacy Guide for non-technical users
Other
43 stars 9 forks source link

Redo and expand Browser Security page #19

Closed Zaxim closed 9 years ago

Zaxim commented 9 years ago

The Browser Security page probably should be restructured: https://github.com/MrVaughan/Security-Best-Practices/wiki/Browser-Security

I am concerned that if we're going to be distributing this best practices document that we should be making strong product recommendations. Just saying Chrome is the best, is probably not sufficient, and will get all the Mozilla fanboys mad at us. We might want to say that Chrome sandboxes things better and have their own Flash binary instead of Adobe. Also, is Microsoft Edge that bad? Or even IE11 in terms of security? This is why I'm leery of recommending a specific product.

Also, why this? "Use incognito mode to do browsing sensitive sites" Is it because it won't store the cookies? Maybe expand and explain why.

MrVaughan commented 9 years ago

I think historically IE is really that bad and anything other than latest and greatest really shouldn't be used (also true for all browsers). Now if we want to debate edge or IE 11 I would still argue based on reputation alone these products should be probably be avoided.

To argue the counter, to say we would strongly recommend IE would be a very difficult claim to support.

This section was partially inspired from the grugq's Free security advice post which is admitetly pretty biased. https://gist.github.com/grugq/353b6fc9b094d5700c70

I think we could say generically that a modern fully updated browser is always a best option and maybe that chrome and firefox are preferred over others for the above reasons ( adobe engine, better sandboxing, etc)

Will change incognito section to speak more to if you are using a browser on a public computer.

MrVaughan commented 9 years ago

Cleaned it up to remove a lot of the browser debate type issues. Also fixed incognito mention. This issue also made the document more simplified and to the point.