VW00 3 Posted December 29, 2022 Share Posted December 29, 2022 Can someone explain what does secure browser actually does besides creating a different browser profile? Example, for MS Edge, it basically just creates a different profile setting and launches it with a green bar. What exactly does someone gain from using it? Link to comment Share on other sites More sharing options...
COStark26 10 Posted December 29, 2022 Share Posted December 29, 2022 (edited) 1 hour ago, VW00 said: Can someone explain what does secure browser actually does besides creating a different browser profile? Example, for MS Edge, it basically just creates a different profile setting and launches it with a green bar. What exactly does someone gain from using it? I saved this itman Reply from 2018. Let's see if he wants to Correct / Add To ........... BBP can best be described as ..... "hardening" your browser against malware attacks; especially those employed by banking trojans and the like. If you observe a BPP session running in Process Explorer, you will see your browser running as a child process under Eset's kernel process, ekrn.exe. You will also see eOPPFrame.exe running as a child process that additionally.... assists with detection of any browser tampering. Finally, Eset injects a .dll into the browser that will scramble all your keystrokes so you're protected against both browser based and global keyloggers. Edited December 29, 2022 by COStark26 Link to comment Share on other sites More sharing options...
itman 1,659 Posted December 29, 2022 Share Posted December 29, 2022 (edited) 3 hours ago, COStark26 said: If you observe a BPP session running in Process Explorer, you will see your browser running as a child process under Eset's kernel process, ekrn.exe. Eset B&PP Secured browser mode has changed in ver, 16. As the below screen shot shows, Eset Secured browser mode can lock down the browser in its normal startup mode. As shown, PE running in Admin mode can't access it. 4 hours ago, VW00 said: Example, for MS Edge, it basically just creates a different profile setting Eset ver. 16 Secure all browsers mode no longer uses a separate browser profile. At least, this is the case for Firefox. On the other hand, a separate browser profile is created and will be used in B&PP mode if the Secure all browsers option is disabled. Edited December 29, 2022 by itman Link to comment Share on other sites More sharing options...
VW00 3 Posted December 30, 2022 Author Share Posted December 30, 2022 I still don't know what it does in terms of security. Example, does it do something similar to what Sandboxie did with a process? Example, if I want a secure browser I would just launch EdgeGuard which is using virtualization under the hook with Hyper-V, it means the whole browser is completely isolated, reason why you can't even copy, paste between the operating system. Why would I use this over EdgeGuard? I read here in the forums someone mentioning you can disable extensions from installing or updating which is why was more interested but can't really find anything on that. Link to comment Share on other sites More sharing options...
itman 1,659 Posted December 30, 2022 Share Posted December 30, 2022 7 hours ago, VW00 said: I still don't know what it does in terms of security. Example, does it do something similar to what Sandboxie did with a process? The major browsers, Chrome, Edge, and Firefox all perform sandboxing in some form regardless of the use of a third party solution such as Sandboxie. Sandboxing prevents the spread of malware from the browser. It does not prevent malicious code from being injected into the browser. This is the purpose of Eset's Secured browser mode. 7 hours ago, VW00 said: I read here in the forums someone mentioning you can disable extensions from installing or updating which is why was more interested but can't really find anything on that. Eset Secured browser Extension installation mode controls this. If it is set to only allow Essential add-ons/extensions, the following applies to add-on/extension installation: Quote Essential extensions—Only the most essential extensions, developed by a specific browser manufacturer. https://help.eset.com/essp/16/en-US/idh_config_opp.html Also, any add-ons/extensions installed prior to the setting of Essential extension mode will be allowed to load w/o issue. Note: There is currently a bug in ver. 16 that is preventing prior installed add-ons/extensions from updating in Essential extension mode. Link to comment Share on other sites More sharing options...
VW00 3 Posted December 30, 2022 Author Share Posted December 30, 2022 1 hour ago, itman said: The major browsers, Chrome, Edge, and Firefox all perform sandboxing in some form regardless of the use of a third party solution such as Sandboxie. Sandboxing prevents the spread of malware from the browser. It does not prevent malicious code from being injected into the browser. This is the purpose of Eset's Secured browser mode. Eset Secured browser Extension installation mode controls this. If it is set to only allow Essential add-ons/extensions, the following applies to add-on/extension installation: https://help.eset.com/essp/16/en-US/idh_config_opp.html Also, any add-ons/extensions installed prior to the setting of Essential extension mode will be allowed to load w/o issue. Note: There is currently a bug in ver. 16 that is preventing prior installed add-ons/extensions from updating in Essential extension mode. Yes, I'm aware of the sandbox in browsers, but it's mostly between tabs and decoupled with API's from the OS, mainly for JavaScript threats. Firefox sadly is the worst one when it comes to that, I guess when they completely moved to RUST it will be better. Based on your explanation, the secure browsers is the inverse of something like Edge Guard or Sanboxie, it protects the browser from malicious code running in the host operating system, but not from the browser to the operating system. Got it. But to be fair, if you operating system is already compromised, it's game over. I guess it's useful for lower type of malware or malicious apps that try to tap into the browser but for anything serious, if your operating system is infected, there are no security software that will help here since code can run with high privileges and do basically anything, including turning off all protections. I mean, the browser is the least of your concerns if you have a compromised operating system. The extensions' configuration seems great, I will check that with more detail. Link to comment Share on other sites More sharing options...
VW00 3 Posted January 2, 2023 Author Share Posted January 2, 2023 The only problem with launching a new instance of the secure browser is for services that require to be on the same logged account as from which the payment is initiated. Example, PayPal, you would need to log in to the website you want to order from the secure browser, since usually PayPal is redirected back to the provider after payment, while you could set PayPal.com to launch in the secure browser I assume this could create problems with payments and having to log in separately seems very cumbersome when you are browsing and just want to pay something. And not sure if they changed this, but in the past, many years back, the secure browser erased all your history/data which means some banking systems detected each log in as a new place and require all sort of security checks before log in again every time. Not sure if they changed this, but those 2 cases were the reason I tried it once or twice and never stuck with using it. I would love to see how others are using the secure browser. Link to comment Share on other sites More sharing options...
itman 1,659 Posted January 2, 2023 Share Posted January 2, 2023 1 hour ago, VW00 said: Example, PayPal, you would need to log in to the website you want to order from the secure browser, since usually PayPal is redirected back to the provider after payment, while you could set PayPal.com to launch in the secure browser I assume this could create problems with payments and having to log in separately seems very cumbersome when you are browsing and just want to pay something. As far as I am aware of, there are no current issues with Secured browser mode and Paypal. There were some issues in the past but they all appear to have been resolved. 1 hour ago, VW00 said: And not sure if they changed this, but in the past, many years back, the secure browser erased all your history/data I saw no indication this was the case. Storing of cookies, history, etc. are controlled by browser settings. Eset cannot alter those settings. Link to comment Share on other sites More sharing options...
VW00 3 Posted January 2, 2023 Author Share Posted January 2, 2023 It probably runs different now than it did in the past when it first launched. I think in the past, it basically executed in an isolated environment that was completely reset after closing it. Hence, you could not save settings, and they were decoupled from the regular browser and cache. At least that was the case when I tested it with Edge some years back. Now it seems it just runs a different profile which allows you to save settings and browsing. At least when I launch Edge in secure browser today from ESET, it does seem to be a complete new profile with its own settings from my regular browser. As for PayPal, the issue is not with PayPal per se, but doing transactions from your regular browser, which would then switch to a secure browser once it detects PayPal.com. Example: You are buying on example.com, it asks for payment, that logs in you into PayPal, that would launch the secure browser for PayPal in the secure browser mode, but then when you log in for payment, you are now on a different browser and profile than example.com, and example.com, most shopping carts wait for the PayPal transaction to complete and PayPal redirects you back to the cart to complete the payment. It's not the same session. Link to comment Share on other sites More sharing options...
ESET Staff IggyPop 20 Posted January 4, 2023 ESET Staff Share Posted January 4, 2023 Hi @VW00, In my case when I'm using the Secure Browser I have it enabled by default for all the windows and I hide the green frame just my preference, however, when I pay for example at example.com and I'm popped up with another window with my bank secured tab and finalize the verification I'm redirected back to the original page. Do you use the Secure Browser on demand or you have it turned on by default on all pages? Thanks, Ingemar Link to comment Share on other sites More sharing options...
VW00 3 Posted January 4, 2023 Author Share Posted January 4, 2023 12 hours ago, IggyPop said: Hi @VW00, In my case when I'm using the Secure Browser I have it enabled by default for all the windows and I hide the green frame just my preference, however, when I pay for example at example.com and I'm popped up with another window with my bank secured tab and finalize the verification I'm redirected back to the original page. Do you use the Secure Browser on demand or you have it turned on by default on all pages? Thanks, Ingemar I don't want it enable for all browsers. I prefer the option that just opens specific websites only because it allows me to keep a different profile with more secure settings for that browser, example no extensions, or only specific ones, and other more private settings than my regular browser. Furthermore, I also prefer not to slow down regular browsers, as ESET clearly does something to the browser. The redirect option is better for me since as I only use the secure more for specific domains. My regular browsing is very intensive and most sites are just content or research which don't need to be secured. I prefer regular browsers to run natively on the system since Microsoft, for example in the case of Edge, already does certain memory protection and other things build into the operating system. Link to comment Share on other sites More sharing options...
ESET Staff Solution constexpr 46 Posted January 5, 2023 ESET Staff Solution Share Posted January 5, 2023 On 1/2/2023 at 5:45 PM, VW00 said: You are buying on example.com, it asks for payment, that logs in you into PayPal, that would launch the secure browser for PayPal in the secure browser mode, but then when you log in for payment, you are now on a different browser and profile than example.com, and example.com, most shopping carts wait for the PayPal transaction to complete and PayPal redirects you back to the cart to complete the payment. It's not the same session. In this case (detected payment from eshop) it doesn't redirect you to paypal/bank website even if you have it setup as protected website, because as you mentioned, it may terminate session between eshop and payment gateway. That's also one of the reason, why Secure All Browsers is now enabled by default, because most of the payments were gone via unsecured browser. btw Thanks for description of your usage of secured/unsecured browser. Link to comment Share on other sites More sharing options...
itman 1,659 Posted January 5, 2023 Share Posted January 5, 2023 22 hours ago, VW00 said: Furthermore, I also prefer not to slow down regular browsers, as ESET clearly does something to the browser. I have to agree with this. I have been using secured browser mode for about 3 weeks and switched back to unsecured mode yesterday. Right away, I noticed Firefox was "snappier." The performance hit w/secured browser mode wasn't huge but nonetheless noticeable. I am also on a 1 Gb network connection and the performance hit might be more severe on a slower connection. Link to comment Share on other sites More sharing options...
VW00 3 Posted January 5, 2023 Author Share Posted January 5, 2023 3 hours ago, constexpr said: In this case (detected payment from eshop) it doesn't redirect you to paypal/bank website even if you have it setup as protected website, because as you mentioned, it may terminate session between eshop and payment gateway. That's also one of the reason, why Secure All Browsers is now enabled by default, because most of the payments were gone via unsecured browser. btw Thanks for description of your usage of secured/unsecured browser. To be fair, I made a PayPal payment yesterday, and it did not redirect me to ESET, so it worked fine, but when I open PayPal.com directly it does. So it does seem to detect when you are opening it directly or are being redirected from a payment correctly using the regular browser. Today I made another payment and the PayPal popup window opened fine in my current browser for payment. So far good. One of the things I'm not a fan is that I had set up in this case ESET to ask me each time as I have more than one PayPal account, personal, business. But it remembers the session (prompts once) and does not ask again. I rarely close my browser or reboot my system. Instead of remembering the choice I would prefer if it asks me every single time, that way I can sometimes switch to the ESET browser and sometimes not instead of asking me just once and then remembering the choice until I close the browser completely. I understand that some might actually prefer that remember option until they completely close their browser. For some domains, I would actually prefer to be asked the choice every time I type the domain. A shortcut to be able to pin it or add to the start menu would also welcome instead of the extra clicks required to open it from ESET in case you want to launch it manually. Link to comment Share on other sites More sharing options...
VW00 3 Posted January 5, 2023 Author Share Posted January 5, 2023 (edited) 3 hours ago, itman said: I have to agree with this. I have been using secured browser mode for about 3 weeks and switched back to unsecured mode yesterday. Right away, I noticed Firefox was "snappier." The performance hit w/secured browser mode wasn't huge but nonetheless noticeable. I am also on a 1 Gb network connection and the performance hit might be more severe on a slower connection. And it makes sense because if ESET is doing something to the browser, there is some over head added, there is no way around it, since it has to protect the memory and add it under its process when it's running for the keylogger protection. Extra security will always come with some penalty in performance. For example, Microsoft Edge has a great security feature called Enhanced Security which disables JIT compiling for JavaScript in websites. This is really a great to secure against browser attacks since most exploits in that regard, but enabling it for all websites would make all your sites slower or even break some apps. Reason the default Basic mode only runs it for less common websites you frequent. That is a good way to balance things between usability, speed and security. This is why I also prefer ESET secure browser off by default. I don't want or need a performance penalty on 99% of the sites I use when I only need it for maybe 10 sites I log in once every couple of days. Edited January 5, 2023 by VW00 Link to comment Share on other sites More sharing options...
Recommended Posts