Pages

September 11, 2015

Firefox is About to Become an Almost Complete Copy of Chrome

Mozilla Firefox is due for some big changes soon. By the end of 2015, Firefox will move to a more Chrome-like multi-process design. And, in a year to a year and a half, Firefox will abandon its current add-on system for one largely compatible with Chrome extensions.
These aren’t necessarily bad changes — in fact, they’re arguably big improvements. But Firefox seems to be abandoning its big advantage and becoming even more Chrome-like. The list of reasons to use Firefox over Chrome is shrinking.



A Multi-Process, Sandboxed Firefox is Almost Here

Firefox currently stands alone as the only single-process web browser. Chrome was multi-process when it launched, and other browsers like Internet Explorer, Microsoft Edge, Apple Safari, and Opera are all multi-process browsers now.
Actually, Firefox isn’t really single process anymore — it has a special plugin-container process it uses to isolate the Flash plug-in and other browser plug-ins from the rest of the browser. But, if you have an eight-core CPU and load eight web pages, they won’t run on eight cores — they’ll just run on a single one.


Mozilla has had an on-again, off-again project to fix this named Electrolysis. The project was halted in 2011 because it was too hard, but it was restarted years later. Thankfully, it’s almost here. Multi-process Firefox is on by default in the current nightly builds of Firefox and will be rolled out to everyone in mid-December 2015, according to Mozilla. This means

Firefox will finally perform better on multi-core CPUs when rendering multiple web pages.
As another bonus, security sandboxing will arrive along with Electrolysis. This is another long-awaited feature other browsers — yes, including Internet Explorer — have had for years. Firefox is currently the only web browser not making use of sandboxing technologies to limit the damage browser exploits can do. This has had real impacts in the real world — witness the recent malvertising attack that used a zero-day in Firefox to compromise Windows, Mac, and Linux users on a Russian website. Sandboxing likely would have prevented this, or at least would have required the attackers exploit a separate flaw in the sandbox as well.



 

 

WebExtensions Will Replace Firefox’s Powerful Extension Framework

Mozilla recently announced its intention to kill the current Firefox extension framework and replace it with something new. The new framework, named WebExtensions, is “largely compatible with the model used by Chrome and Opera.” Microsoft Edge is about to gain an extension framework that will also be largely compatible with Chrome’s extension framework — everyone but Apple seems to be jumping on this bandwagon and incorporating Chrome-like extensions.


Current XUL and XPCOM extensions will be deprecated and removed entirely within a year and a half. Those powerful add-ons you’re using in Firefox today? They’ll be gone at some point in the near future, replaced with add-ons much more like Chrome’s.
Now, this isn’t the end of the world. Mozilla wants to extend the Chrome extensions framework to add features to make extensions like NoScript possible and add sidebar support like the sidebar support in Opera. Mozilla wants to ensure current popular extensions can continue to work in the FIrefox of the future, and is working on making that happen.


And, what’s more, this is good news. Firefox’s powerful extension framework has led to a lot of teething problems, particularly when Mozilla jumped on board a Chrome-like rapid release cycle. It’s about to cause a lot more problems, as many extensions will need to be updated to support multi-process Firefox or they won’t work properly. Future projects like Servo — a new layout engine to perhaps one day replace Gecko — wouldn’t be compatible with the old extension system, either. And there should be an improvement in security, as extensions can be sandboxed a bit more and don’t all have access to everything.
But this rightly rubs some people the wrong way. Firefox’s extension system is about to become less powerful. Currently, browser extensions can do practically anything in Firefox. That leads to security problems, compatibility issues, and breakages during development. But it’s also Firefox’s big advantage — Firefox is the browser with the most powerful add-on framework, bar none. That’s about to no longer be true. Mozilla will add features to allow the most popular add-ons to continue to function, but less-used add-ons and future add-ons will be much more restricted in what they can do.


If Firefox no longer has the most powerful add-on framework, its biggest advantage over its competitors will be gone.



 

 

Firefox Has Been Following in Chrome’s Footsteps for Years

Of course, Firefox has been following in Chrome’s footsteps for a long time now. Shortly after Chrome launched, Mozilla jumped on-board a rapid release cycle that sees regular releases of Firefox every six weeks. This caused a lot of problems with broken add-ons because Firefox’s add-on framework was never designed for this.
Last year, Firefox received a new theme named Australis designed to be more “modern.” Many users considered this much more Chrome-like and balked at it. Firefox has also dumped the status bar, as Chrome did.


Other features have become increasingly Chrome-like, too. Firefox Sync was redesigned to use just a username and password instead of the old security key system — just like Chrome. You can now have both normal browsing and private browsing windows at once, like in Chrome. Mozilla has started packing in questionable features like Firefox Hello and Pocket integration, just as Google has built its own features into Chrome. Firefox can now play H.264 videos on the web, as other browsers can.


Mozilla is also only going to allow Mozilla-signed add-ons on the stable version of Firefox, requiring users switch to a developer version to install ones Mozilla hasn’t approved. Chrome is also limiting these for security reasons.


And Mozilla is about to come out with Firefox for iOS — a browser for iPhone and iPad that provides a different skin around Apple’s Safari renderer but allows you to sync with your Firefox account. Chrome for iOS works similarly, but Mozilla avoided doing this for years because they couldn’t use their own Gecko rendering engine.



 

 

Firefox Needs a Distinct Identity

Now, don’t get us wrong: Most of these changes are good. Even the most controversial ones like getting rid of the extension framework will probably be an improvement in the long run.
But there’s no doubt that Firefox is gradually losing its distinct identity. Abandoning the most powerful extension framework for an add-on model largely compatible with Chrome’s will be a huge blow to a vocal part of Firefox’s user base.
Mozilla has to answer an important question: Why use Firefox over Chrome? Mozilla would probably argue that Firefox is unique because it’s made by a non-profit company dedicated to making the web better, rather than big for-profit corporations that do more things like its competitors. It also uses Gecko, a different rendering engine, which hopefully helps preserve web standards through a variety of implementations. But is that really enough?

Firefox is now using Yahoo as its default search engine, and that certainly isn’t a big advantage. Go ahead — search “vlc” on Google, Bing, and Yahoo right now. Google will show you a big VLC download link without any misleading ads, Bing will show you some dangerously misleading ads but still point you toward the VLC download page, and Yahoo will show you a bunch of ads trying to get you to download malware without a clear indication of where you can get VLC. Firefox has the worst default search engine of any mainstream browser, and Mozilla certainly isn’t helping users by going with Yahoo.

Source: http://www.howtogeek.com/228131/firefox-is-about-to-become-an-almost-complete-copy-of-chrome/

September 2, 2015

The best 7 secure browsers 2015

All browsers claim to be secure these days, so is there any point in using one that majors on its security?



Browse the web with privacy and security with these best secure browsers. Protect your privacy online with the five best secure browsers you can use in 2015.


What does the idea of a secure browser mean in 2015? The world is now more complex than it was in 2010 when we last looked at the contenders. People are more oriented to mobile devices running under very different conditions while a range of security features such as URL filtering, download protection and do not track have transformed mainstream desktop browsers such as Chrome, IE and Firefox. In a sense all browsers could now plausibly claim to be ‘secure’ browsers.



If that’s the case, what has happened to what were once considered secure browsers? One answer is the specialised products are now more focused on the issue of user privacy, of handing back control to the user and opting out of data collection systems of the sort that underpin firms such as Google.


It is perfectly possible to tweak Chrome, Firefox or IE, fine tuning them for security and privacy if that’s important. Each now has a privacy mode – which might or might not convince the sceptic of course. But the philosophy behind the true secure browser is to eschew the notion of platforms and plug-ins, stripping back every non-essential feature to create a more minimalist experience.


The following five (OK, plus one plug-in) achieve this is in different ways. This list is not intended to be exhaustive, merely an indication of what’s on offer from ones that caught our eye. Privacy usually requires compromises so they won't be for everyone.


Best Secure Browser: Epic privacy browser





Based on Chromium, Epic is the perfect example of a browser that strips out every conceivable feature to maximise privacy. It’s rather like using a minimalist Google Chrome with the Google. Cookies and trackers are eliminated after each session, all searches  are proxied through the firm’s own servers (which means there is no way to connect an IP address to a search), and it attempt to  prioritise SSL connections wherever possible., useful for open Wi-Fi connections. It does not collect data about its users and comes with excellent built-in ad blocking.


For a fully-encrypted connection, it includes a one-button proxying feature that does slow down browsing but will appeal to some users (it can’t necessarily be used as a regional bypass proxy because Epic’s servers are based in the US). Despite eschewing plug-ins a handful are available to make life a bit easier, for example password manager LastPass.
Downsides? Epic doesn’t seem to include the malware or anti-phishing protection now found on popular browsers.


Best Secure Browser: Comodo Dragon/Ice Dragon




Comodo has continued to improve its Dragon secure browser, forking it into two version based on Chromium (Dragon) and Firefox (Ice Dragon), sort of remixed versions of the standard browsers that add features while removing some potentially undesirable ones. Which one you choose would depend on your current investment in either Chrome or Firefox because each aims to maintain compatibility with thing like plug-ins, stored passwords, and favourites if desired.
Features? Probably the first one is the ability to choose whether to use Comodo’s SecureDNS servers for either Dragon or all applications (or not at all), which potentially offers privacy and security compared to a user wanting to bypass their ISP’s infrastructure.  This incorporates a domain filtering system designed to limit exposure to problem domains of the sort used by malware     


Probably the most intriguing feature is the browser’s ‘virtualised mode that isolates it from the host system. This is a free feature but requires the user to install Comodo Internet Security (CIS), a free version of the company’s anti-virus software. Not everyone will want to do that but the added security of this approach is worth considering.
Comodo also includes SiteInspector, a system for filtering suspect URLs as they are accessed.


Downsides? Comodo is set up as a parallel world to Chrome or Firefox minus some of the tracking and with some extra added layers of security. Impressive as this sounds it’s almost the polar opposite of Epic’s minimalism - worth experimenting with perhaps.
We should also mention that the recent controversy that engulfed Comodo over its promotion of tools such as PrivDog does not, according to the company, affect Dragon.
‘Chromodo’
Comodo also now offers something called Chromodo. As far as we can tell it is identical to Dragon but with a more standard (i.e. non-Comodo branded) look and feel.

Best Secure Browser: Tor





The Tor browser has become the watchword for the anti-surveillance because it is built on an entire infrastructure of ‘hidden’ relay servers. Built atop a modified Firefox, it can be installed on a Windows, Mac or Linux PC but also on a USB stick if that’s preferable.
The important thing to remember about Tor is that it is really an advanced privacy browser rather than a secure one in that it includes no anti-malware technology and blocks plug-ins by design. It is designed to anonymise a user within certain constraints such as the requirement to use only HTTPS connections (enforced by HTTPS Everywhere – see entry below).  The Tor Project offers a list of do and don’t for using it securely, including being very careful about downloading and opening documents which require external applications. Tor is a privacy browser not a secure environment.
Downsides? Using Tor will be slower than with other browsers and it can be demanding to use to its full privacy potential.  Some people think that anyone who uses Tor is trying to hide something. Of course they are right. If privacy is that important, let them think what they want.


Hornet


As an aside, in 2015 a system called Hornet was proposed fir the future that would speed up Tor’s Onion routing by minimising the system’s network overhead. Today, Tor browsing is slower than conventional browsing but this might not always be the case.



Best Secure Browser: Dooble





Dooble is a lean Chromium-based multi-platform (Windows, Linux, OS X) browser that won’t be for everyone despite its privacy features. In its default state it disables insecure interfaces such as Flash and Javascript which will make it difficult to use with a lot of sites but might be worth it for its stripped-down approach. The browser assumes the user wants to travel incognito from the off, while HTTPS can be enforced and third-party session cookies in iFrames blocked. The handling of cookies is unusually granular.
An innovative feature is that all user content (bookmarks, browsing preferences and history) can be encrypted using various ciphers and a passphrase. Another interesting feature is to set privacy, for example private browsing, for each tab using the right-click option.
Reviewers haven’t taken to Dooble because it lacks refinement in places but we found it fast and in some of its ideas clever.
Downsides? As stated.


Best Secure Browser: Maxthon Cloud Browser




Maxthon is not so much a secure browser as a totally new type of HTML5-compatible browser that wants to act as a straight replacement.  With origins in China, and designed around synchronisation between PC and mobile and builds in features often enabled in other browsers using plug-ins.
Although not a security browser per se, it embeds claimed protection from AdBlock Plus including the (for some) contentious ‘Acceptable Ads’ technology,  AES256 encrypted synchronisation  of files to its cloud services, and says it limits employee access at its end to customer data. That probably gives most people the collywobbles but it’s worth pointing out that exactly the same issues exist for any cloud service, including Google.
Downsides? Despite the interesting aspect of cloud integration we couldn’t see how Maxthon was inherently more secure than running a branded browser with the security settings turned up. In places poorly explained and documented, it’s also unclear whether it has features such as download protection that would come as standard elsewhere.


Best Secure Browser: HTTPS Everywhere

A browser plug-in rather than a browser as such, HTTPS Everywhere is an EFF/Tor project that enforces SSL security wherever that’s possible in Chrome, Firefox and Opera. Its promise is to make what would otherwise be a complex and uncertain process much simpler because it is easy to start out using HTTPS on a website and be sent back to non-HTTPS pages without realising it.
Downsides? It’s another plug-on of course but it’s worth it. A boon for cafĂ© surfers everywhere.

Best Secure Browser: Cocoon browsing


When we first looked at Cocoon in 2014 we were put off by the fact that it didn’t seem to have been much recommended since its first appearance around 2011-2012. More recently the firm seems to have re-launched itself as an ad-supported free product (a more advanced Cocoon+ is ad-free but costs $19.99 per annum) as a “military-grade” product offering a range of alluring security features –anonymous browsing, anti-Facebook tracking, better W-Fi security on open hotspots, and an encrypted end-to-end connection.
Based on a plug-in design (Firefox, Chrome, Safari and IE), Cocoon is really a proxy VPN-like service in which the user logs into its server using a created account, and logs out after conducting any browsing. In theory, this makes it ideal when using unsecured PCs away from home.
We have yet to properly test the browser’s security for this review (that is imminent) but the paid version does advertise some interesting additional features such as ‘mailslots’, basically disposable email addresses that hide the real address (webmail services also offer this through aliases although the underlying service such as Gmail or Yahoo is always apparent). Deleting the temporary email address effectively unsubscribes you from anything signed up for.


Best Secure Browser: IceBrowser (Cocoon)




Based on the Cocoon platform, Icebrowser is a Firefox-only plug-in that offers exactly the same security features as Cocoon but routes traffic via servers in Iceland. The advantage? Browsing data is logged in that country, far from the prying eyes of the NSA and others, or at least we assume that’s the benefit.
Using the service requires the user to sign up to the possibility of a $9.95 per annum charge on the basis of the following:
“You will not be charged at this time. Providing your billing information ensures your service will continue uninterrupted at the end of your free trial and limits one free trial per person to avoid fraud.” Make of that what you will.

Source: http://www.techworld.com/security/best-7-secure-browsers-2015-3246550/3/