Otter Browser (Opera 12 reloaded)



  • @drozdman:

    … This mambo jumbo coming from the Opium 15+ fanboys about security issues is just pure nonsense. ...

    I have real hopes for browser initiatives like Otter, Qupzilla, and a few others, but with all due respect, concern over "security issues" is never "mambo jumbo" or "pure nonsense". Anything that faces the Internet and the hordes of hackers and thieves infesting its sites has to be ironclad in terms of security across a wide range of protocols, scripting languages, data compartmentalization techniques, and mastery of complex interactive segments of coding between browser modules.

    Creating and maintaining that ironclad quality is not to be taken lightly - it's a major, compelling, critical task. Many different makers of browsers have repeatedly failed in key security areas during the years after their concepts first saw the light of day. The ability of a new designer with limited resources to keep on top of all the minutiae of good security design practice is something that has to be demonstrated, not merely asserted nor simply taken as an article of faith. That demonstration will only occur over time and with thorough testing in the "heat of battle" and by users and penetration experts… and such time (and testing) has not yet happened with Otter, though it is gradually happening with Qupzilla.

    In the meantime, be careful in a security sense with any "new" browser concept that has yet to have its mettle truly tested. By all means, try them out and participate where possible in feeding back information and ideas to developers... but do so only with proper system security and compartmentalization in place, and don't entrust the browser with sensitive/personal/financial usage. Do not live under the illusion that the browser is "secure" until it has been proven to be so over time and testing.

    None of this is to say that Otter (or any other up-and-coming browser) is insecure... it is to simply say their security has yet to be rigorously tested and established. The wise user will act accordingly.



  • Amen dear brother! ;-) Very wise words!!! Thank You very much!!! :cheer:

    Therefore i hope like i already had written earlier that Opera 12.xx will hopefully be secure enough (individually depending on the sensitivity of the data that will have to be transferred using it!) until Qupzilla might hopefully reach reasonable maturity and stability in perhaps one year or so from now.

    Until then i recommend using browsers in sandboxes or in virtual machines. Or for extremely sensitive data to use read-only or other especially privacy- and security-oriented Linux distributions like TAILS, Knoppix, Qubes OS, Whonix, Ubuntu Privacy Remix, and so on and so forth …



  • QupZilla really looks good. If it had a mail client with the rss reader it would be excellent.



  • @Blackbird:

    @drozdman:

    … This mambo jumbo coming from the Opium 15+ fanboys about security issues is just pure nonsense. ...

    I have real hopes for browser initiatives like Otter, Qupzilla, and a few others, but with all due respect, concern over "security issues" is never "mambo jumbo" or "pure nonsense". Anything that faces the Internet and the hordes of hackers and thieves infesting its sites has to be ironclad in terms of security across a wide range of protocols, scripting languages, data compartmentalization techniques, and mastery of complex interactive segments of coding between browser modules.

    Speaking of the devil…
    What you are saying is exactly "mambo jumbo" or "pure nonsense". A bunch of truisms with no relation to the issue at hand. Otter browser will be a shell for the Chromium rendering engine (I hope it will use V8 JavaScript engine). It's basically the user interface that Otter has to invent. The security overall will be the same as in Chromium.

    If you want security, try a good firewall (OS firewall) and try browsing without JavaScript when it's not necessary. And never use Windows 8.

    So this is just scaring people from Otter and other competition. It's being done by fanatical members of the cult that irrationally worships Opium 15+. They know Opera is dead, but they try to ressurect and defend the zombie anyway.



  • What does this QupZilla offer? Otter browser is intended to provide the features of old Opera. Does QupZilla offer this, too?

    Does it offer those features?
    **
    ● full mouse gestures and keyboard shortcuts with JavaScript execution
    ● User JS (native, not through extensions)
    ● User CSS (it may be in one file like in Firefox, this actually could be better)
    ● customizable graphical user interface (toolbars, buttons) - like buttons on a toolbar to quickly switch on and off JavaScript, plug ins, cookies
    ● sidebar
    ● Notes
    ● tab stacking
    ● debugger like Dragonfly
    ● Status bar like in old Opera (shows up and hides)
    ● Plug-ins on demand only**



  • @drozdman:

    … Speaking of the devil...
    What you are saying is exactly "mambo jumbo" or "pure nonsense". A bunch of truisms with no relation to the issue at hand. Otter browser will be a shell for the Chromium rendering engine (I hope it will use V8 JavaScript engine). It's basically the user interface that Otter has to invent. The security overall will be the same as in Chromium.

    So is it your contention then that a user interface and its methods of integration with a rendering engine can never create an opportunity or vulnerability for security exploits to occur?

    @drozdman:

    If you want security, try a good firewall (OS firewall) and try browsing without JavaScript when it's not necessary. And never use Windows 8.

    It will be interesting to see how your "good" firewall protects you from a JavaScript-based exploit the next time a rotating ad containing a drive-by appears on a website you believe is safe for use with JS. With regard to Windows 8, I don't use it - but a large and growing number of folks around the world do, if only because it comes with their new computers.

    @drozdman:

    So this is just scaring people from Otter and other competition. It's being done by fanatical members of the cult that irrationally worships Opium 15+. They know Opera is dead, but they try to ressurect and defend the zombie anyway.

    You obviously failed to read my posts. I am quite interested in and hopeful about Otter and other browsers; I'm anything but an Opera 15+ fanatic - I don't really like New Opera versions. I mainly now use Firefox plus a little of Opera 12; I'm open to trying all manner of new browsers for casual browsing. What I said before, and will reiterate again, is that before one commits their financial Internet and critical browsing usage to any new browser design, they would be wise to establish that the designers are experienced in the security aspects of browser design and have proven themselves capable of successfully responding to security vulnerabilities in timely ways when they arise.



  • @Blackbird:

    So is it your contention then that a user interface and its methods of integration with a rendering engine can never create an opportunity or vulnerability for security exploits to occur?

    Don't ask question, make a point, if you have one.
    But I can answer: Oh, yeah. Theoretically, it could. That's where OS firewall comes to work. I hope you know how that works. If you don't, don't bother with anything above Chrome or Opium. You will never be safe anyway.

    @Blackbird:

    It will be interesting to see how your "good" firewall protects you from a JavaScript-based exploit the next time a rotating ad containing a drive-by appears on a website you believe is safe for use with JS.

    I can tell you that it's not that interesting. It protects me quite well. But I can tell you I know what I'm doing. I don't spend all the time on Opera forums.
    I hope you know how OS firewall works. That's not anti-virus. Firewall with OS firewall lets me deal with programs interactions. Even with components interactions.
    I went to so many strange websites , even downloaded viruses and I never let them stay thanks to OS firewall.
    Of course I can do nothing about the rootkits included in Microsoft programs for Pentagon (NSA). But that's another issue. Nobody can.
    If you are downloading, for instance a "missing plug-in" from a website streaming a football match, you are a sucker, and nobody can help you.

    @Blackbird:

    You obviously failed to read my posts. I am quite interested in and hopeful about Otter and other browsers;

    That's the point with you. You are just writing essays full of nothing but truisms or mambo jumbo. Intelligent people present their thesis. People who have too much time, try to write pointless "essays".
    I told you how irrelevant your point was. I showed you that raising issues of security with browsers based on Chromium is just a scare tactic or a bloviating of a guy who has nothing else to do.

    Otter will be used by sophisticated users, as far as I read the intentions of the creator. If you are not one, move along to Opium 15+ or Chrome. That's it.



  • @drozdman:

    Otter browser will be a shell for the Chromium rendering engine (I hope it will use V8 JavaScript engine). ]It's basically the user interface that Otter has to invent. The security overall will be the same as in Chromium.

    You do know that the shell interacts with the system too?
    The shell is relevant for security too because it is no monolithic block with neither interaction to the underlying interpreter and renderer codes nor the system.
    If the author for example uses a framework like QT, he has to look into the security issues of that too because that framework had its own issues in the past and will have new ones. No such complex software is bug free.

    If an author uses the chromium blink or webkit code, he will have the same security flaws in his browser as those have - plus those of his shell framework. It is fine if the programmers of an alternative browser can handle that, but if not, it will be prone to security issues.

    Additional questions, that have to be answered:
    [ul]

    • What new potential issues do his own modifications cause?
    • How fast is the author with updating his modification, if the chromium/blink/webkit code or the framework code changes? Much more than 24 hours can be too slow.
    • Can he handle regression testing fast enough?
      [/ul]

    In that regard I trust bigger programming teams with a dedicated security team a bit more than one person teams.

    @drozdman:

    If you want security, try a good firewall (OS firewall) and try browsing without JavaScript when it's not necessary. And never use Windows 8.

    About Firewalls and other security software:
    [ul]

    • Desktop firewalls can be a stopgap at best. 90% of them are poor in that regard and external firewalls offer exactly no protection against those flaws.
    • A good antivirus software with a good HIPS might help a bit more, but even those do not solve problems that arise from a sloppy system configuration or badly coded software.
    • A good filtering proxy with the ability to inspect and rewrite page code, running on an external computer could help to protect the system from malicious code - but that could cause issues with secured connections because it would need to act like a "man in the middle" which breaks the chain. Nobody who does not know exactly what he is doing should use that.
      [/ul]

    The recommendation to switch off JS where possible is a good one, but it still does not protect against hacked sites that are on the whitelist.

    The arbitrary recommendation not to use Win 8 is correct. You should update to Win 8.1.



  • @QuHno:

    If an author uses the chromium code, he will have the same security flaws in his browser as chromium has plus those of his shell framework.

    That's my point that if you use Chromium in Opera or Chrome, anyway, you cannot complain about its problems in independent browsers. They are a given. The rendering engine, JavaScript engine are the main source of security problems.
    And when you use the shell (user interface), you never give it too much authorization in firewall. I don't give it too much even to Opera 12.
    Again. You have to know what you are doing. If you let the browser open other programs to access internet or the registry, you are not a smart person.
    If you know what you are doing, the security of Otter would be not an issue (above Chromium problems, of course, which are, as I said, a given).

    @QuHno:

    You do know that the shell interacts with the system too?

    And what about it? I just said you need to use firewall and it's not for greenhorns. If you are not sophisticated, don't use it. Don't scare people back to Opium 15+.

    @QuHno:

    While desktop firewalls can be a stopgap at best, 90% of them are poor in that regard.

    That's absurd. Just don't use the 90% of them that are bad. I just wrote that I can manage even viruses with an OS firewall (and of course other obvious things).

    @QuHno:

    btw: The arbitrary recommendation not to use Win 8 is true. You should update to Win 8.1.

    You see.. And that's your problem. The main security issues in Windows 8 are still existent in 8.1. Only the user interface is a little better. And for you it's just a new great thing.
    The worst security problems are deep rooted (in operating system and in the rendering engine).

    Superficial look at security issues is just irritating. People don't care about obvious spyware in Opera 15+, but are warning others off from the new competition with made-up hysterical security "concerns".

    All the exploits are usually made by state actors (USA's NSA, Russia, etc). They are very sophisticated and sold on black market by Pentagon contractors and other state mafias. That's where the real danger comes from. If you are using a niche browser (or OS), there is a much lower chance that NSA created an exploit for it. Even if it did, it's not the best or not popular on the black market. So you are still safer than with Chrome. Unless spy agencies are looking especially for you. But that's not a problem for regular users.



  • Just curious: Is it a name, or does it refer to anything or have a meaning, the context of Otter (the five letter word)?



  • @Totto:

    Just curious: Is it a name, or does it refer to anything or have a meaning, the context of Otter (the five letter word)?

    to quote from the Otter developer page:

    Why this name, Otter?
    [ul]

    • I don't like "invented" names (don't look deeper into history of repository, you will find such name there, thankfully I've changed it quickly ;-)).
    • I've chosen Otter because it also start with "o", furthermore it has the same amount of letters as Opera.
    • Why there is Browser in name? There was already such package, some mathematics related software (such ones probably should use invented names, or at least prefix or suffix them).
    • Coincidentally full name is pronounced in similar way to Other Browser, and well, indeed Otter intends to be different from current mainstream trend of UI oversimplification (and in fact it started with IE years ago, I believe that Chrome was trageted to takeover users of that browser, which had biggest market share back then).
    • Also it allows "fun" jokes about for example Firefox (the last "mainstream" browser that didn't lost its identity, at least not yet), fire and water. ;-)

    [/ul]



  • @drozdman:

    @Blackbird:

    It will be interesting to see how your "good" firewall protects you from a JavaScript-based exploit the next time a rotating ad containing a drive-by appears on a website you believe is safe for use with JS.

    I can tell you that it's not that interesting. It protects me quite well. But I can tell you I know what I'm doing. …I hope you know how OS firewall works. ... Firewall with OS firewall lets me deal with programs interactions. Even with components interactions. ...

    OK… case in point: how would your "OS firewall" alone block malware like Cryptolocker from locking your computer?



  • @Blackbird
    You apparently have too much time on your hand.
    What's "Cryptolocker"? Why would you come up with this particular name?
    Just tell me how it infects computers, and I can tell you how I can protect myself (you probably have no idea whatsoever how it infects computers, you just read some article about another malware).
    This kind of mambo jumbo discussions are good for gossiping people.



  • @drozdman:

    @Blackbird
    You apparently have too much time on your hand.
    What's "Cryptolocker"? Why would you come up with this particular name?
    Just tell me how it infects computers, and I can tell you how I can protect myself (you probably have no idea whatsoever how it infects computers, you just read some article about another malware).
    This kind of mambo jumbo discussions are good for gossiping people.

    You really don't know what CryptoLocker is?? It's a rather well-known form of malware payload that locks up your computer until you pay hackers a ransom to unlock it. The original way it infected was via an eMail attachment; later varieties came in via other methods, including from infected websites. The point is, that once it got into a computer, it generally communicates to its master server via http port 80. Since my point, to which you objected, was that browser security matters, let's say it got on the system this particular time because the browser's user interface contained a flaw allowing a malicious site to pop up a faked system warning message instead of confining the textual display to the regular site-page display, whereupon the user (in closing out the "message") actually was clicking to download a small program to be deposited in a critical system startup folder, in part because his closeout click wasn't properly vetted by the browser's user interface. How will your "OS firewall" block or prevent such a malware stub from phoning home to get the code that locks up your computer and holds it ransom until you wire the hacker his $300?



  • Careful Blackbird. Something doesn't smell right. ;-)



  • @Blackbird
    Are you seriously that slow? You are writing about this particular malware like I couldn't have found it on google if I wanted to? Seriously… are you that slow?
    You don't get the point..
    It's like you are talking to a guy who practices, let's say, aikido and asking him: "how would you protect yourself from John Brown". This kind of infantilism is typical for Opera 15 fanboys.

    @Blackbird:

    clicking to download a small program to be deposited in a critical system startup folder, in part because his closeout click wasn't properly vetted by the browser's user interface. How will your "OS firewall" block or prevent such a malware stub from phoning home

    It's good for people like you to know about this "CryptoLocker" (that's irony), because only greenhorns like you can be victims of this malware. You probably wouldn't even notice when the malware uses up the CPU power for encryption..lol..
    You have no clue what OS firewall is, so you ask stupid questions. OS firewall would not allow any program to write anything to the startup folder or "Run" registry key. That's what it's used for. And regular firewall would warn me, that browser or another program tries to use another program to access internet.
    That's how simple that is. Only total greenhorns like you or know-nothing senile grandpas like this JamesD/leushino (who has no life of his own) don't know about it.

    Seriously.. Maybe spend more of your time on something useful, like protecting your computer, instead of writing mambo jumbo on forums about "the need for security"… You know nothing, except some basic warnings from articles about some new named malware (like "CryptoLocker") that's a problem only to total lamers. Don't read about names of malware, read about how they work. Don't whine about security, just learn something about it. Those lamers who know nothing about security, don't see a problem in Windows 8 or Opera 15+, Chrome and mobile phones. Because they don't have a clue about firewalls and their knowledge of security concerns consists only of screams: "we need more security".

    This is just ridiculous…lol... A guy asks me how would an OS firewall protect me from something so simple for OS firewall to protect from. Or even a basic firewall. That's like asking: how would the roof of your house protect you from the rain? That's how stupid that is. Just unbelievable.
    Seriously.. This is like a discussion at coffee table with grandpas.



  • @drozdman:

    @Blackbird
    Are you seriously that slow? You are writing about this particular malware like I couldn't have found it on google if I wanted to? Seriously… are you that slow?
    You don't get the point..
    It's like you are talking to a guy who practices, let's say, aikido and asking him: "how would you protect yourself from John Brown". This kind of infantilism is typical for Opera 15 fanboys.

    @Blackbird:

    clicking to download a small program to be deposited in a critical system startup folder, in part because his closeout click wasn't properly vetted by the browser's user interface. How will your "OS firewall" block or prevent such a malware stub from phoning home

    It's good for people like you to know about this "CryptoLocker" (that's irony), because only greenhorns like you can be victims of this malware. You probably wouldn't even notice when the malware uses up the CPU power for encryption..lol..
    You have no clue what OS firewall is, so you ask stupid questions. OS firewall would not allow any program to write anything to the startup folder or "Run" registry key. That's what it's used for. And regular firewall would warn me, that browser or another program tries to use another program to access internet.
    That's how simple that is. Only total greenhorns like you or know-nothing senile grandpas like this JamesD/leushino (who has no life of his own) don't know about it. … Maybe spend more of your time on something useful... instead of writing mambo jumbo on forums about "the need for security"... You know nothing ... Don't whine about security, just learn something about it. ... Those lamers who know nothing about security, don't see a problem in Windows 8 or Opera 15+, Chrome and mobile phones. Because they don't have a clue about firewalls and their knowledge of security concerns consists only of screams: "we need more security".

    This is just ridiculous...lol... A guy asks me how would an OS firewall protect me from something so simple for OS firewall to protect from. Or even a basic firewall. ...

    So finally you explain yourself. "OS Firewall". A nice, simple term, probably understood properly by virtually everyone (except you), including the Internet's search engines, as being a built-in, conventional, personal software firewall supplied by an OS maker (eg: Windows Firewall). Such software simply blocks network connections to/from a computer, based on the ports being used and perhaps the software being permitted (if the user is skilled enough to write custom rules). And malware like CryptoLocker goes right past such firewalls.

    But, instead, it turns out that you unilaterally and repeatedly apply that "OS firewall" terminology to some amalgamation of security tools/settings such as firewall, "classic HIPS", anti-executables, deep-freeze technology, and user-compartmentalization… and then you call everyone who doesn't understand your homemade mish-mashed terminology of manifesting stupidity? What arrogance! I can accept and understand that a person perhaps not using English as their first-language might not get the English terminology quite right… but accusing others of stupidity or being "greenhorns" for not recognizing your own misuse of terminology crosses the line.

    If you elect to operate on the Internet fully locked down in the way you have (finally) more clearly described, that's commendable. And it may allow you to "safely" utilize all manner of "unsafe" Internet-facing software. But the simple reality is that most computer users never will use those methods, nor will they ever grasp the nuances of how to use them without falling all over themselves. Browsers are ordinarily created for normal users, and whether those browsers are Otter or Chrome, Opera or Firefox, Sleipnir or whatever, that browser's inherent security features and capability do matter to most normal users. Your extreme security methodology may provide ironclad protection for you, regardless of the security behavior of the browsers used… good for you.

    But good security consists of layers, the outer-most of which is whatever faces a public network. And to advise normal users to ignore the potential security behavior (real or theoretical, proven or unproven) of a new browser, based on the assumption that they are or should employ security methods as deeply as you might employ is irresponsible. And to criticize, mock, and demean others for advising caution to such users about that outer, browser-layer is simply unacceptable.



  • What is "telling" in the discussion is the inflammatory and demeaning language used by that certain member. And yet he wants to make accusations against me (and now against you). What on earth either of us has done to merit his angry diatribe is beyond me. And this is yet another reason why we desperately need the IGNORE function button here on Vivaldi. You're not going to teach him anything, blackbird; he isn't open to that. Best to just leave him to his own devices. Maybe it's something in their water?



  • @Blackbird
    You are trying to distort and muddle the issue again. Not only you write another of your mambo jumbo long posts, but you also quote my whole long post. Are you consciously doing this, or you don't know how to use the quote function?
    And if English is your first language… OMG... It means that you are confused intellectually, not just linguistically.

    @Blackbird:

    So finally you explain yourself. "OS Firewall". A nice, simple term, probably understood properly by virtually everyone (except you),

    But, instead, it turns out that you unilaterally and repeatedly apply that "OS firewall" terminology to some amalgamation of security tools/settings such as firewall, "classic HIPS", anti-executables, deep-freeze technology, and user-compartmentalization...

    You got caught being an ultimate lamer and a greenhorn (if you are still a greenhorn after having been using computers for more than 10 years, it's really a bad sign . You are a seriously intellectually poor man).
    You just try some muddling tactics here like that simpleton leushino/JamesD. You can't get away, though.

    OS firewall includes a feature to control all programs trying to change startup programs. Even regedit.exe (you know what that is?). You need more explanation of what startup is? You seem to have no idea whatsoever.
    So that particular malware would not be able to load at startup without my knowledge. Got it? Or maybe that's way too complicated for you?
    So that's where OS firewall comes to play. Of course you need a good firewall. Not the one included in Windows or Norton.
    And any good firewall allows the user to stop (control) outgoing/ingoing traffic. So you either didn't know that, or you are unable to put two things together to draw a logical conclusion.

    @Blackbird:

    And malware like CryptoLocker goes right past such firewalls.

    LOL
    No, they don't. You make ridiculous general assumptions. Based on what? That's not a good tactic for an ignoramus. And I just explained it to you twice. It wasn't enough for you in the previous post, because you have no idea of what a firewall is. That's how much of a greenhorn you are.
    Not only OS firewall lets me control of startup programs, a regular firewall (a good one) lets me deal with programs interactions, even with components interactions. That's what firewall does.
    Any malware can go through a Windows firewall. If you don't know how to use a more sophisticated firewall (like in your case), it won't help you either. Computer software can't fix the stupid. Can't help the stupid. Like any other tool. If you don't know how to use a hammer or a door knob, you can hurt yourself.

    @Blackbird:

    If you elect to operate on the Internet fully locked down

    ..lol.. That's another revelation of a lamer.
    Yeah.. I lock down my house, too. That's what smart people do.
    If you are not controlling what program is accessing internet, stop even talking about security and internet software. You are the ultimate lamer, who should never open his mouth about security. You are on the level of that grandpa leushino/JamesD ("Get off my loan!", "Every loan is mine!", " I'm ignoring you, while I'm doggedly reading every post..").

    When I used to look at Opera forums from time to time, I noticed the Opera Zombie trolls like this "leushino", "Blackbird", "rafaelluik" and others who viciously attacked every critic under the cover of moderators protection. I wanted play a game of "whack a troll", but didn't want to support the Opera software anymore by signing up. But it seems, they come to the front in another place…

    That's revealing.. Why the biggest lamers (that I mentioned) are the most fanatical pro-Opera 15+ zealots on Opera forums?
    Because the new Opera is an ultimately primitive browser that suits such people perfectly. It's simply idiot-friendly.
    It used to be that software had to be idiot-proof. Now things are progressing, it must be idiot-friendly...lol... Thanks to Microsoft, Google and the new Opera management.



  • @drozdman:

    OS firewall would not allow any program to write anything to the startup folder or "Run" registry key.

    Who, apart from script kiddies without any real knowledge, needs to write there?

    The last time I counted I found 47 other active autostart ramps (ramps! Not auto-starting programs.) that can work on logon in the system (and I am almost sure I missed some), a bunch more that can work directly after logon and each single ramp can be used for an attack that survives a restart. Heck, you can even abuse the context menu or the drag and drop handler hook to start malicious software in the background. While malware using those ramps would not start on logon, it would start as soon as the user performs a right click anywhere or tries to drag and drop anything from a to b, meaning in almost every session.

    Yes, there are ways to prevent the above mentioned abuses reliably - and none of those involves an "OS firewall" but a bunch of real knowledge.


Log in to reply
 

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.