Browser security, Lunascape v5-6

RonC · **Posted:** Sat Jan 16, 2010 4:22 pm

There has been "quite a flap" in the news recently, about browser security problems, specifically Microsoft Internet Explorer -- practically all versions above 5.5.

:!:

I have seen no specific reference on this site, regarding the security offered by Lunascape.

So, should I therefore assume its protection against attacks (of all types, including the reference above) would be the same, no better and no worse, than any of the three browsers it replaces, running their original form?

Guest · **Posted:** Sat Jan 16, 2010 4:26 pm

edit:

RonC wrote:

... running their original form?

Should be:
... running in their original form?

RonC · **Posted:** Sat Jan 16, 2010 5:21 pm

Edit:

RonC wrote:

-- practically all versions above 5.5.

Should read:
-- all versions above 5.01 SP4.

yuki@Lunascape · **Posted:** Wed Jan 20, 2010 1:20 am

Hi RonC,
In terms of the recent IE issue, we strongly suggest everybody applies Windows Update patch that is coming out on 1/20 or to use Gecko engine in the mean time.
We sometime apply our own additions to take care of security issues to any of the 3 engines, but in general, you are correct in the assumption of being the same to originals.

I'd like to highlight one Lunascape's advantage though. That is you can simply switch your default engine with the same UI, bookmarks, favorites,etc. when there is significant security problem like this. You stay safe without much productivity loss.

RonC · **Posted:** Wed Jan 20, 2010 9:15 am

On the topic of browser security, Yuki said Lunascape, more or less, shares the strengths and weaknesses for each browser engine it uses.

Is there any interest at Lunascape, of instead making this browser much more secure than any other browser? Some new browsers have built-in 'sandboxing' but it's usually incomplete, in the name of 'user friendliness.'

But, it's possible to sandbox a browser nearly 100% for an extra jump in security. In this illustration you'll see Lunascape running in Sandboxie Control, as well as settings for Firefox's sandbox exceptions:

Attachment:

File comment: Sandboxie configuration settings are seen for other browsers, but so far, not for Lunascape. :-(

Sandboxie for Lunascape request.png [ 58.69 KiB | Viewed 1433 times ]

Total sandboxing is a little tricky so I need some advice from the developers of Lunascape. For example, I've noted that updates to my Firefox plug-ins are being 'dumped' when I dump my sandbox.

May we have a Sandboxie configuration file to allow maximum security consistent of not losing any Lunascape functionality? This works best with help from someone who's really familiar with where the program stores things, and which Registry locations need to be accessed.

Unfortunately, Sandboxie's author hasn't made specific Lunascape exceptions available. Some help would be appreciated.

RonC · **Posted:** Wed Jan 20, 2010 9:23 am

[edit]
... maximum security consistent of not losing any Lunascape functionality?

[should read]
... maximum security consistent with not losing any Lunascape functionality?

RonC · **Posted:** Wed Jan 20, 2010 9:28 am

[addendum]
It should be noted that this type of sandboxing works in all Windows NT versions, v5.0 (Windows 2000 Professional), and higher.

Lunascape Support Forum

Browser security, Lunascape v5-6