undefined | Better HN

0 pointsReelin5y ago0 comments

To be fair, modern OSes are quickly catching up in this regard. WASM is also increasingly available for use as a native sandbox. Examples: (https://github.com/WAVM/WAVM) (https://github.com/bytecodealliance/lucet)

0 comments

StillBored5y ago

Or you just run the installer in a sandbox/container, as has been possible for at least a decade in all major OSs

Sandboxee was released in 2004, and there have been various bits of registry journaing/snapshot software since the late 1990's which combined with NT ACLs could provide at least as much security as your getting out of a browser sandbox.

Browsers have an absolutely huge sandbox surface and lack even the most basic of fine-grained security controls out of the box. Enabling even basic restrictions to avoid fingerprinting has turned out to be difficult. How you do you know (particularly with firefox) that one tab isn't actively picking out data from another tab open to your banking site. Much less the problem with malicious javascript being injected via the ad frameworks.

Browser security is pretty much a joke.

phailhaus5y ago

> Or you just run the installer in a sandbox/container, as has been possible for at least a decade in all major OSs

The level of technical know-how necessary to accomplish that is astronomical compared to "here's a link," especially since it's cross-platform out of the box. That's why it's a no-brainer: any sane person is going to prefer that over installing untrusted software. Basically zero users know about the sandboxing solutions available for their system, much less willing put in the effort to Do It Right.

j / k navigate · click thread line to collapse