We sat down with Dino A. Dai Zovi, a security researcher focused on offensive security and former member of the Sandia National Laboratories' Information Design Assurance Red Team (the guys who test the security of national agencies). Check it out.
Alan: Would you specifically recommend Chrome for Vista and Windows 7 users then?
Dino: If security is your highest priority, I would recommend Chrome for any user on any operating system that it supports. Chrome has leap-frogged the other Web browsers in terms of security due to its innovative multi-process sandbox model. Chrome is even more secure on Windows Vista and Windows 7.
Alan: What browser should we be using on the Mac or Linux?
Dino: If security is your highest priority, I’d recommend using lynx.
Alan: It’s that bad, huh? What do you use personally on your Mac?
Dino: It depends on which Mac. I run Safari, FireFox, and Chrome within a Vista x64 VM on VMware Fusion. I like Safari's UI and polish so I use that for casual Web browsing because I'd be less concerned if an attacker gained access to my Twitter and Facebook account than my other private personal data. I use FireFox for that more sensitive Web browsing such as financial sites, etc. On my secure development machine, I surf the Web using Chrome within a Vista x64 VM on VMware Fusion. Good data separation takes a little work, but it's not too much to recommend that most users do their online banking from a different machine than the one that their children use to play games on the Web. For that, I'd recommend that users keep an old machine around with a clean install of the operating system that is only turned on when needed and that they patch it before surfing the Web with it.
Alan: That’s a great tip. One last question: in 1998, the members of L0pht testified in front of the US Congress that a committed team of hackers could take down the entire Internet in 30 minutes. Security has certainly improved and the Internet has certainly gotten bigger, but the attackers have gotten more sophisticated too. Do you think that statement still holds today?
Dino: Yes, and I probably shouldn’t say much more about it than that. Unfortunately, the Internet is more fragile than we would like to think and a lot of its core protocols require a redesign with security in mind.
I apologize for the sometimes short and vague answers, but this business often requires a high degree of secrecy in order to protect clients and users.
Alan: I completely understand. Thank you for your time. It was pleasure.