Hacker News new | ask | show | jobs
by haberman 4585 days ago
> Secure? When did OS+browser became more secure than just OS?

You can't get a virus from visiting a web page.

You don't give a web page access to all your files just by visiting it.

Running a native app requires significantly more trust than running a web app. Web apps are significantly more sandboxed.
1 comments
coldtea 4585 days ago
>You can't get a virus from visiting a web page.

You very much can.

In fact, that was one of the most common attack vector for viruses: web browser exploits, from applet bugs to native web browser code buffer overflows and other issues.

link
haberman 4585 days ago
Do I really have to spell things out in legalistic precision to make what should be a very obvious point?

Are you really going to argue that native apps and web apps are equally secure because web browsers can occasionally be compromised to give you the permissions that native apps give you by default?

Are you really going to argue against the security of today's web browsers because security of browsers used to be comparatively atrocious?

If I give you the choice of either running my malicious native app or visiting my malicious website, are you really going to say that they are equally risky?

link
coldtea 4585 days ago
>Are you really going to argue that native apps and web apps are equally secure because web browsers can occasionally be compromised to give you the permissions that native apps give you by default?

By default in which system? Because sandboxing for native apps has been a default on OS X for the last 2 OSes at least.

Plus, there's another differentiator at play.

People don't only stick to a few large websites (like Google and NYT). People visit THOUSANDS of sites every month, and each can be an attack entry point if there's a browser/applet/etc exploit.

OTOH, with apps the situation is different. People use far fewer third party apps (say, less than 20 for the average user), and have the option to get them from legit (and verified/encrypted) sources, like several App Stores, the services of official vendors like Adobe etc, official software sites and such.

I never had a virus from a legit app purchase/download. How many cases are there were the upstream sources is poisoned?

link
BitMastro 4585 days ago
I don't think that's a fair comparison..

1) Web apps in this case are downloaded from an app store (and people complained about it too)

2) Average people also use fewer sites: I wouldn't be surprised if regular use comprehends just gmail/outlook, facebook, wikipedia, youtube/netflix

3) You need a browser running in the OS anyway

4) App -> sandbox -> OS vs. App -> Javascript sandbox/Nacl sandbox -> browser -> sandbox -> OS... The latter looks more secure to me

link
afsina 4585 days ago
Applets are very different from web extensions.
link