Evercookies & other malware: A different approach

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

As I've been contemplating this over the last few days it occurred to me tools to deal with this effectively are readily at our disposal. The bullet-proof way to deal with this is related to what I wrote a few days ago. As I mentioned, I do my web browsing inside virtualbox and virtualbox has what are called immutable images. I can make my vm disk read-only and it's easy to do. I know this is not a viable solution for some, however for those who are able to go this route it really doesn't matter what gets loose or written to obscure locations since it'll all be wiped out after a restart. Hence: no tracking and no malware possible...persistently anyway.
I also looked into other ways this may be accomplished from within the OS itself. I haven't implemented or experimented with this since what works for me takes all of 5 minutes yet I list it so that perhaps it may be helpful in giving someone else a solution that works for them. 

Tool: firejail & firectl - from their page...
*"Firejail* is a SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces <https://lwn.net/Articles/531114/> and seccomp-bpf <https://l3net.wordpress.com/2015/04/13/firejail-seccomp-guide/>. It allows a process and all its descendants to have their own private view of the globally shared kernel resources, such as the network stack, process table, mount table." 

It also has a ready template for Firefox.
https://firejail.wordpress.com/
The latest version: 0.9.42-rc1 released 7/21/16

https://lwn.net/Articles/671534/        firejail review
http://www.pcreview.co.uk/threads/firejail.4069760/ another review
I'm not sure if this would prevent tracking however since I haven't used the tool and don't know if it's easy to "reset" the environment once an app closes. I also considered a permissions-based approach yet after considering it it doesn't seem much different than using a gui plugin: if a browser doesn't have permission to write a cookie or run a script it would probably respond just like the gui tools banning the same.
Also let me be clear my "bulletproof" comment above was only in the context of malware; not protection from a hacker/cracker since if they were able to jump out of the vm into the host...then obviously they've also left the ro env. 

hth.

Drew



--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://lists.fedoraproject.org/admin/lists/users@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux