Opera CEO: Unite not a security risk Opera has been defending its Unite product, claiming that far from causing security problems it actually increases the security for users who would otherwise be dependent on the cloud. In an interview reported by NetworkWorld, Opera CEO Jon von Tetzchner claimed that putting servers into every copy of Opera would increase the …
"But still they'd be adding more ways into a customers computer. And that's why they have none.. Customers that is."
You're quite wrong.
Firefox is my browser of choice (so don't point any of that fanboi rubbish at me) and has support for images, css, javascript, extensions, themes, etc, all of which increase the browser attack surface. They have also most likely increased, not decreased, its market share.
Obviously this is true for all browsers and all software in general. The more functionality, the more opportunity for that functionality to be misused.
But... Opera also has the capacity for most of those things too.
The fundamental issue here is that it is actively encouraging people to unharden their systems' firewalls to allow certain in-bound connections.
And believe me, people will get fed up of nagging reminders and just turn off the firewall altogether - have seen this happen more than once.
So while they have a smaller attack surface in theory, they just made it easier to get into the machine as a whole from the outside without having to write an addon, submit it to Mozilla Addons and 'hope' no-one notices.
Grenade... because this is like a bomb about to go off, IMO.
"But... Opera also has the capacity for most of those things too."
Um ... I know. Most browsers do. I was desperately trying to not talk about Opera so people wouldn't wave the fanboi stick at me.
"The fundamental issue here is that it is actively encouraging people to unharden their systems' firewalls to allow certain in-bound connections."
The real fundamental issue is that most functionality requires unhardening. Plug it in, turn it on, connect to the internet, load OS, open your browser ... it's all unhardening. I'm a command line linux lover. I don't use lynx. I'd rather unharden and see some pictures and shiny things.
Security people need to stop whinging about the great unwashed and their joy for all things social, and get on with engaging their brains a bit more. Personally, as a developer, I enjoy the massive, massive challenge that web app security has become.
"The difference is that Firefox doesn't open a port and allow random unsolicited incoming connections. "
No but there's a bunch of apps that do. I'm sure you would never use a torrent client or the tor network or anything like that.
"If you want to hack me via Firefox, you have to get me to click on a link first."
No I don't.
Opera is the most secure browser on the planet, more secure than Firefox (not hard), more secure than IE (even easier), more secure than Chrome/Webkit/Safari.
I trust Opera to implement Unite in a way that does not compromise their existing unbeaten security track record, history says when Opera does it, they do it right. When Mozilla do it, it ends up a security swiss cheese...
The fact that Unite is off by default is something rather important to understand, and something that seems to be beyond the logic of some Tech writers.
What level of sandboxing (if any) does Unite employ? Are all inbound connections read-only, as they should be? Are directory accesses outside the 'shared' folders (including via aliases) blocked? What level does the Unite web server process run at on non-admin accounts?
If they do use a very simple system - and simple is the key here - which implements a highly restricted read-only policy for remote connections, then that alone will mitigate many potential security problems. I would be very surprised if they were providing a full-featured web server inside Opera, since that is not only overkill, but asking for a mountain of trouble as well.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
