Does a browser really need to be sandboxed on a linux computer?

[Amiga500]

As the title suggests.Is it really vital to use a sandboxed browser on linux.
I did use google chrome for a short period but eventually i discovered i dont really like it.Yes it was fast and smooth and had all the bells and whistles like sandboxing etc.
Is it really needed on linux seeing as seccomp etc is already on linux.

Any thoughts please..?

 

[Cch123]

My question to you is: Why not?

Linux provides very robust sandboxing architecture, and it is up to the browser to take advantage of them. Sandbox is an added layer of protection, and Linux is nowhere near imprevious to malware and exploits. So in my opinion it is definitely a benefit, but as with everything, it is not a necessity if you know your security fundamentals, unless you unfortunately run across a zeroday where a sandbox will be very useful.

 

[Ink]

Not a direct answer.

A lot of things use Sandboxing techniques, including browser plugins, mobile apps and operating systems.
Sandboxes Explained: How They’re Already Protecting You and How to Sandbox Any Program

If interested, for reading:
First fully sandboxed Linux desktop app | Alexander Larsson

 

[Tony Cole]

Is that how Google Chrome enables you to essentially block unsandboxed browser plugins access to your computer - it's a shame Firefox does not use such an approach.

 

[BoraMurdar]

I don't know why people is so obsessed with sandboxing these days. I also saw some recommending it for basic security setup. Chrome has its own sandbox technologies, Safe browsing Bloom, and except zeroday exploit (which you will encounter if you search for one only, or in minimal percent), you still need to give an administrative privilege to it, which is disabled in Chromium. All actions are user dependent if something unusual happens as Chrome broker supervisor has a process level granularity and not the Root (Administrator). So it will be shut down or if exploited, still, the most it can do it can ask you what to do.
So unless you click on thisismalware.exe on Windows and let it run under Admin privileges you are safe.

On Linux it's different story, as you need to exploit something really big to access to Root and make changes to the system. Few, if any in the wild are already obsolete with Linux patching the updates for the companies that run Linux and really can be hurt by DNS poisoning , Rexob trojans, which is very very very (did I say very?) rare.

Believe me, you are not so special to be a target. If you play a lot with luck and test then sandboxing can be additional layer of course

 

[darko999]

I have never used Sandboxing on my browser on windows and I have never been infected. If you want to get infected, you will; even with sandboxing.

 

[MalwareT]

I have never used Sandboxing on my browser on windows and I have never been infected. If you want to get infected, you will; even with sandboxing.

Me too,never used sandboxed browser. 0 infections.

 

[jamescv7]

The question here is do you really needed on that part? Considering Linux is far on danger at current situation against those possible vulnerabilities, however proposed mitigation attacks are always present which needs an immediate patches.

For typical user you don't need it, you cannot easily infect within Linux system + for sure majority of users didn't complain they are infected though; only in Windows and few on Mac OS X.

 

[Dirk41]

Mh I don't think I am OT here: can someone suggest a program like sandboxie for Linux ?
Thank you

 

[jamescv7]

@Dirk41: Read here ; AppArmor is one of the common program/tools for Linux which you can configure like a policy based/sandbox to the programs you execute.

 

[Dirk41]

@Dirk41: Read here ; AppArmor is one of the common program/tools for Linux which you can configure like a policy based/sandbox to the programs you execute.

I read about apparmour but I didn't get if it is only in Ubuntu or even on lubuntu ( I want To use lubuntu on an old PC with 1gb ram). And I can't understand if it is as safe as SBIE

Thank you

 

[jamescv7]

@Dirk41

Getting AppArmor Distributions and Ports Distributions that include AppArmor:Annvix Arch Linux Debian Gentoo Mandriva openSUSE (integrated in default install) Pardus Linux PLD Ubuntu (integrated in default install) Any derivatives of these distributions should also have AppArmor available. Updated RPMS can be found at the openSUSE Build Service. These are not limited to SUSE distributions.

Source . Yes it is safe, you need a little patience to configure it.

 

[Deleted member 178]

Chrome is far stronger on Linux than Windows , adding Apparmor and you ill be quite safe with Chrome.