Security and Safety



  • Hello all. My wife and I have been using Firefox for the last few years as we were led to believe that it was safer and more secure than IE. I do not know if that was true or is still true. In light of that, how does the new Vivaldi browser compare? Not that we are power uses by any imagination but just use it for searches, social media and email. What can you tell me? Thanks. Joel Gardner


  • Moderator

    I think on the whole, safety and security are to be found in one's browsing habits and system security software than in which browser one uses. A person who is alert to security concerns and doesn't stupidly click on every interesting-looking shiny thing they see on the web or in an email is likely to be secure. For people with bad security habits, a good antivirus and firewall are more helpful than a "secure" browser. The most "secure" browser will not protect you from clicking on things to download or install that infect your machine.

    That said, Firefox for years was a victim of many fewer exploits than Internet Explorer, largely because IE was far and away the most widely-used browser, and therefore the one most attractive to hackers - more bang for the buck. Lately, Firefox, IE and the vast majority of chrome-based browsers are pretty much neck-and-neck in terms of security, so long as secure settings are used in IE. Vivaldi is pretty immature, and very new, so no one is targeting it directly, but it's a chrome browser and therefore vulnerable to chrome exploits, which are on about a par with Firefox and better than IE. People who like Chrome features but are finicky about security usually prefer SRWare Iron browser, which makes a big thing of being privacy and security conscious. It's better than Firefox in that respect

    And in the not-too-distant future, I suspect that using one setting and another, Vivaldi will be able to be made equally secure to Iron Browser.



  • I went to a website in Internet Explorer, and tried to purchase an item, received a warning about the security certificate requested by the website, to the effect that it was not issued by a trusted certificate authority, or that it had expired or were not yet valid, or that the security certificate for the website may have been issued for a different website address. Internet Explorer also advised: " "Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server." I went to the website in Opera 30 and in Firefox, and received similar warnings. Now there are things about that website that should give pause, including that it's selling an item that everyone else says is out of stock, and the maker of the item is known to have gone out of business. The business website was not a ".com" or ".net," but was simply .html, with numbers as opposed to words in its address. I don't remember seeing something like that before.

    When I went to the website in Vivaldi and tried to purchase the item (of course I never would have given my credit card, but was just testing preliminary steps, as I had done in the other browsers), I received "no warning." :ohmy: So I don't think they are at all up to speed yet on safety. This is something that needs to be fixed very soon – certainly before Vivaldi comes out with a final product.


  • Moderator

    According to the last annual report of Symantec, that you can find at their website, IE was the one with most vulnerabilities, followed by Chrome, Firefox and Safari. Which is a change from previous years where IE was the last, with Safari at the top.

    But according to the same report, and all previous reports, the biggest entry of virus are through Flash, Adobe PDF and Java. The order is the only thing that changes every year.

    The report also points iOS as the most vulnerable mobile OS, despite not being as popular as Android.

    For years this report was a little buried in their site but now it's quite easy to find.

    • I have not read much of last year's report, those are my views from previous reports.


  • Yes, right now I don't think its more secure and I'm just completely honest. Opera Chromium is in the same boat.

    First like somebody else mentioned with the certificates warning, I don't think Vivaldi is playing nicely yet with certificates or warnings. Don't get me wrong. The latest Chrome is insane, not only warning about some certificates but warning even when you link with a blank target to an external non secure page from a secure one. This is a huge exaggeration on Google's part because they want to force everyone to HTTPS, but yet there is absolutely nothing wrong or unsafe to link to a HTTP only page from a secure page as you are sending the visitor to another site, in another windows.(and no I don't think everything should be encrypted, on the Internet, why do you need to encrypt a news article which is public in the first place????? Such a waste on resources)

    So Chrome is actually bugging users so much that I think most people are starting to ignore the warnings which has the opposite effect or making it more secure. If people start to ignore warnings because almost all websites don't play correctly, then its making it more insecure.

    But Vivaldi is the opposite. Vivaldi is not giving warnings about some things it should, which would be considered insecure.

    Now the biggest reason why I think both Vivaldi and Opera Chromium and every other browser based on Chromium is not the safest thing around is because they are not updated immediately when Google pushes a security issue.

    The Chromium project is pushing a security patch or fixing critical holes at least once every 2 weeks now. Yet Opera or Vivaldi don't update to the latest engine for weeks or months after it. This means you are actually at risk for all those weeks. This is a problem which is not easy to resolve because they need to wrap their own code first and test it. The last time Vivaldi updated the Blink engine it broke many things.

    If you are using Explorer, Firefox or Chrome, then you get updates immediately. Fast security updates is important today. This is the biggest problem I see with browsers based on another engine. That is of course unless Vivaldi can update their browser in 24 hours after Blink released a patch without breaking everything. Unless they can in the feature, I think they are always going to be behind in terms of security.

    I would still not switch to Chrome or Firefox because I need the features Vivaldi has. If they can be faster in terms of security or add their own extra layers over it, then I think it will be a perfect browser. Of course Vivaldi is not even in Beta yet, so we can't possible know how this will work once its officially released.

    If you are just using it for basic browsing, social network and reading. Its just as safe as using any other browser today. If you are a very heavy browser or opening potential dangerous links you can have luck and not be targeted as they think you are on Chrome and the attack does not work or you can have very bad luck and be exploited with a bug which is fixed in Chrome but not yet in Vivaldi.



  • @An_dz:

    According to the last annual report of Symantec, that you can find at their website, IE was the one with most vulnerabilities, followed by Chrome, Firefox and Safari. Which is a change from previous years where IE was the last, with Safari at the top.

    But according to the same report, and all previous reports, the biggest entry of virus are through Flash, Adobe PDF and Java. The order is the only thing that changes every year.

    The report also points iOS as the most vulnerable mobile OS, despite not being as popular as Android.

    For years this report was a little buried in their site but now it's quite easy to find.

    • I have not read much of last year's report, those are my views from previous reports.

    That means nothing in the computer world. Every software that is very popular will have a big attack layer so it will be targeted by malicious people and so you will have more security holes reported. Finding tons of security holes and patching then can be viewed by some people as more secure than using a product which there are none (or you think none are there). That is a false sense of security. If 100 people use a software and there are no security holes reported, you could say it's very secure but its not true. The product could be awful insecure but because only 100 people use it, nobody cares to find them or exploit them.

    It's the same story with Windows is insecure and Mac and Linux is secure. Nothing far from true. The minute something is popular it will be targeted. A big example of this is that most web servers today on the Internet are running Linux and yet they are cracked and hacked like candy. So with that assumption you could say Windows Server is more secure. So Linux is not more secure than Windows, as they are the most widely used OS on the Internet, you see tons of security holes and servers compromised that send spam or host malware.

    Same is true for Android. Android is based on Linux. And I'm not saying its insecure, but because its so widely popular, the mobile operating system that has most security holes reported is Android yet Windows Phone has none, because nobody is using it. The more popular and widely used a software is, the more security issues you will usually find as more people care about it and try to attack it or report them. So Explorer will have more security holes discovered than any other browser and the same is true for Windows on desktops.

    I will say that every software has holes. It's a different story if they are known in the wild or not. And what makes a product more secure is not how many holes it has but how the vendor reacts to them and patches them. I would prefer a software that has security holes but the vendor patches them immediately, vs one that has none discovered but if they find one, they take weeks to fix it.

    My advise if you use Vivaldi now or any browser is to disable plugins. Those are the biggest attack vector today. Go to vivaldi://plugins and disable all plugins, in particular Flash and Java. Also use an ad blocker as many malwares are distributed on ads now.



  • If I have to disable all plugins, and flash, java and maybe other things, the browser would just be awful and I wouldn't use it. I do use an ad blocker. I would advise: don't shop with Vivaldi, or give financial information out with it, as they don't seem to have the security/safety features set up yet. And till they do, I would never consider using Vivaldi as my main browser. It's just for enjoying some of the neat/different features – more in play than serious.


  • Moderator

    @terere
    Please, read my post at full. Clearly you didn't as you pointed things that I have pointed.

    Firstly, the report points security holes discovered and not necessarily fixed. Also I pointed how the same report shows IE at the last position in older reports (Shouldn't it always be at first since it's the most widely used? Why Safari was leading if it has less users than Firefox?)

    You also said Android is the OS with most security holes which in my post I pointed the report claims iOS with many more. Despite having only ~15% market share.

    I have not claimed at any point for those being the only and one point of truth to be used, it's another metric that one can use to check where and how malware are attacking. I have not claimed IE to be insecure I just said it was the one with most vulnerabilities found.

    You said to disable plugins which I also pointed at the end as the biggest malware door as stated by the report.



  • @LemB:

    … I would advise: don't shop with Vivaldi, or give financial information out with it, as they don't seem to have the security/safety features set up yet. ...

    +1. This would be sound advice, if only just because all Vivaldi versions are still Tech-Preview-quality items, technically not even "released". Because Vivaldi runs so smoothly for so many of the things that it currently does, and because there's such a pent-up desire to see a return of a browser with a high degree of user control, I believe there's a user tendency to forget that the browser is still at the early development stage that it is. A wise user will never commit mission-critical usage to an unreleased version of software… ANY software. And for most non-business users, exposing purchase or banking information online is mission-critical for them.

    For non-mission-critical browsing, I have no problem using Vivaldi and, in fact, do so most of the time... so for that kind of browsing, Vivaldi's now my "main" browser. For mission-critical browsing, I want a stable, released browser... so for those cases I use something else (FF).


Log in to reply
 

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.