back to article Opera CEO: Unite not a security risk

Opera has been defending its Unite product, claiming that far from causing security problems it actually increases the security for users who would otherwise be dependent on the cloud. In an interview reported by NetworkWorld, Opera CEO Jon von Tetzchner claimed that putting servers into every copy of Opera would increase the …

COMMENTS

This topic is closed for new posts.
  1. Charlie Mason

    And that explains their marketshare....

    Sure the internet as a whole might be better off..

    But still they'd be adding more ways into a customers computer. And that's why they have none..

    Customers that is.

  2. Anonymous Coward
    Badgers

    "Fair" Amount of Time?

    I feel much better now. I guess that I must be exercising overkill in my own work, because I devote a "Huge" amount of time to designing in security from the bones on out.

  3. Anonymous Coward
    Stop

    No it doesn't explain their marketshare

    "But still they'd be adding more ways into a customers computer. And that's why they have none.. Customers that is."

    You're quite wrong.

    Firefox is my browser of choice (so don't point any of that fanboi rubbish at me) and has support for images, css, javascript, extensions, themes, etc, all of which increase the browser attack surface. They have also most likely increased, not decreased, its market share.

    Obviously this is true for all browsers and all software in general. The more functionality, the more opportunity for that functionality to be misused.

  4. Janko Hrasko
    Coffee/keyboard

    bla

    Yes, that is why most DoS traffic and Spam, etc. is generated by all SINGLE windows computers.

  5. Pete Spicer
    Grenade

    But...

    But... Opera also has the capacity for most of those things too.

    The fundamental issue here is that it is actively encouraging people to unharden their systems' firewalls to allow certain in-bound connections.

    And believe me, people will get fed up of nagging reminders and just turn off the firewall altogether - have seen this happen more than once.

    So while they have a smaller attack surface in theory, they just made it easier to get into the machine as a whole from the outside without having to write an addon, submit it to Mozilla Addons and 'hope' no-one notices.

    Grenade... because this is like a bomb about to go off, IMO.

  6. Robert Grant

    Phew

    Instead of one datacentre patching their security hole, we'd just have to wait for every Opera user to do it.

    Loads more secure.

  7. Pirate Dave
    Pirate

    I'm sure...

    in the early days, Microsoft didn't consider IIS to be a security risk either...

  8. dave lawless

    simple solution

    Check the source code,

    Oh

    Can't choose an icon on the G1

  9. Anonymous Coward
    Anonymous Coward

    @Pete Spicer

    "But... Opera also has the capacity for most of those things too."

    Um ... I know. Most browsers do. I was desperately trying to not talk about Opera so people wouldn't wave the fanboi stick at me.

    "The fundamental issue here is that it is actively encouraging people to unharden their systems' firewalls to allow certain in-bound connections."

    The real fundamental issue is that most functionality requires unhardening. Plug it in, turn it on, connect to the internet, load OS, open your browser ... it's all unhardening. I'm a command line linux lover. I don't use lynx. I'd rather unharden and see some pictures and shiny things.

    Security people need to stop whinging about the great unwashed and their joy for all things social, and get on with engaging their brains a bit more. Personally, as a developer, I enjoy the massive, massive challenge that web app security has become.

  10. Anonymous Coward
    Jobs Horns

    @Dave Lawless

    "Check the source code"

    Yeees, because that's prevented Firefox from being absolutely flooded with scores of security holes since day one, some of which affect versions 1, 2 and 3... not.

  11. Anonymous Coward
    Thumb Down

    @John Dee

    The difference is that Firefox doesn't open a port and allow random unsolicited incoming connections. If you want to hack me via Firefox, you have to get me to click on a link first.

  12. Anonymous Coward
    Thumb Down

    @AC

    "The difference is that Firefox doesn't open a port and allow random unsolicited incoming connections. "

    No but there's a bunch of apps that do. I'm sure you would never use a torrent client or the tor network or anything like that.

    "If you want to hack me via Firefox, you have to get me to click on a link first."

    No I don't.

  13. MarkOne
    Stop

    What people are forgetting.

    Opera is the most secure browser on the planet, more secure than Firefox (not hard), more secure than IE (even easier), more secure than Chrome/Webkit/Safari.

    I trust Opera to implement Unite in a way that does not compromise their existing unbeaten security track record, history says when Opera does it, they do it right. When Mozilla do it, it ends up a security swiss cheese...

    The fact that Unite is off by default is something rather important to understand, and something that seems to be beyond the logic of some Tech writers.

  14. Doc Spock
    Alert

    More Deatils Please

    What level of sandboxing (if any) does Unite employ? Are all inbound connections read-only, as they should be? Are directory accesses outside the 'shared' folders (including via aliases) blocked? What level does the Unite web server process run at on non-admin accounts?

    If they do use a very simple system - and simple is the key here - which implements a highly restricted read-only policy for remote connections, then that alone will mitigate many potential security problems. I would be very surprised if they were providing a full-featured web server inside Opera, since that is not only overkill, but asking for a mountain of trouble as well.

  15. jeanX

    opera

    Opera is the most secure browser on the planet?

    If this were only true, I would be still using opera.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019