back to article Opera CEO: Unite not a security risk

Opera has been defending its Unite product, claiming that far from causing security problems it actually increases the security for users who would otherwise be dependent on the cloud. In an interview reported by NetworkWorld, Opera CEO Jon von Tetzchner claimed that putting servers into every copy of Opera would increase the …

COMMENTS

This topic is closed for new posts.

And that explains their marketshare....

Sure the internet as a whole might be better off..

But still they'd be adding more ways into a customers computer. And that's why they have none..

Customers that is.

0
0
Badgers

"Fair" Amount of Time?

I feel much better now. I guess that I must be exercising overkill in my own work, because I devote a "Huge" amount of time to designing in security from the bones on out.

0
0
Stop

No it doesn't explain their marketshare

"But still they'd be adding more ways into a customers computer. And that's why they have none.. Customers that is."

You're quite wrong.

Firefox is my browser of choice (so don't point any of that fanboi rubbish at me) and has support for images, css, javascript, extensions, themes, etc, all of which increase the browser attack surface. They have also most likely increased, not decreased, its market share.

Obviously this is true for all browsers and all software in general. The more functionality, the more opportunity for that functionality to be misused.

0
1
Coffee/keyboard

bla

Yes, that is why most DoS traffic and Spam, etc. is generated by all SINGLE windows computers.

0
0
Grenade

But...

But... Opera also has the capacity for most of those things too.

The fundamental issue here is that it is actively encouraging people to unharden their systems' firewalls to allow certain in-bound connections.

And believe me, people will get fed up of nagging reminders and just turn off the firewall altogether - have seen this happen more than once.

So while they have a smaller attack surface in theory, they just made it easier to get into the machine as a whole from the outside without having to write an addon, submit it to Mozilla Addons and 'hope' no-one notices.

Grenade... because this is like a bomb about to go off, IMO.

0
0
Bronze badge

Phew

Instead of one datacentre patching their security hole, we'd just have to wait for every Opera user to do it.

Loads more secure.

0
0
Pirate

I'm sure...

in the early days, Microsoft didn't consider IIS to be a security risk either...

0
0

simple solution

Check the source code,

Oh

Can't choose an icon on the G1

0
0
Anonymous Coward

@Pete Spicer

"But... Opera also has the capacity for most of those things too."

Um ... I know. Most browsers do. I was desperately trying to not talk about Opera so people wouldn't wave the fanboi stick at me.

"The fundamental issue here is that it is actively encouraging people to unharden their systems' firewalls to allow certain in-bound connections."

The real fundamental issue is that most functionality requires unhardening. Plug it in, turn it on, connect to the internet, load OS, open your browser ... it's all unhardening. I'm a command line linux lover. I don't use lynx. I'd rather unharden and see some pictures and shiny things.

Security people need to stop whinging about the great unwashed and their joy for all things social, and get on with engaging their brains a bit more. Personally, as a developer, I enjoy the massive, massive challenge that web app security has become.

0
1
Jobs Horns

@Dave Lawless

"Check the source code"

Yeees, because that's prevented Firefox from being absolutely flooded with scores of security holes since day one, some of which affect versions 1, 2 and 3... not.

0
0
Thumb Down

@John Dee

The difference is that Firefox doesn't open a port and allow random unsolicited incoming connections. If you want to hack me via Firefox, you have to get me to click on a link first.

0
0
Thumb Down

@AC

"The difference is that Firefox doesn't open a port and allow random unsolicited incoming connections. "

No but there's a bunch of apps that do. I'm sure you would never use a torrent client or the tor network or anything like that.

"If you want to hack me via Firefox, you have to get me to click on a link first."

No I don't.

0
0
Stop

What people are forgetting.

Opera is the most secure browser on the planet, more secure than Firefox (not hard), more secure than IE (even easier), more secure than Chrome/Webkit/Safari.

I trust Opera to implement Unite in a way that does not compromise their existing unbeaten security track record, history says when Opera does it, they do it right. When Mozilla do it, it ends up a security swiss cheese...

The fact that Unite is off by default is something rather important to understand, and something that seems to be beyond the logic of some Tech writers.

0
0
Alert

More Deatils Please

What level of sandboxing (if any) does Unite employ? Are all inbound connections read-only, as they should be? Are directory accesses outside the 'shared' folders (including via aliases) blocked? What level does the Unite web server process run at on non-admin accounts?

If they do use a very simple system - and simple is the key here - which implements a highly restricted read-only policy for remote connections, then that alone will mitigate many potential security problems. I would be very surprised if they were providing a full-featured web server inside Opera, since that is not only overkill, but asking for a mountain of trouble as well.

0
0

opera

Opera is the most secure browser on the planet?

If this were only true, I would be still using opera.

0
0
This topic is closed for new posts.

Forums