BSI Federal Security Agency recommends Firefox

Firefox is the only web browser proposed by the German Federal Office for Information Security (BSI) following its research (the German Federal Office for Information Security or the Bundesamt für Sicherheit in der Informationstechnik - BSI).

BSI performed tests on Mozilla Firefox 68 (ESR) applications, , Microsoft Internet Explorer 11 και τον Microsoft Edge 44. Οι δοκιμές δεν περιείχαν άλλα προγράμματα περιήγησης όπως Safari, Brave, Opera ή Vivaldi.BSI

The audit was conducted in a manner described in detail in a guideline (PDF) for "modern secure browsers" released by BSI last month in September on 2019.

BSI usually uses this guide to guide government agencies and private companies in which browsers are safe to use.

According to the new BSI guide, to be considered "safe", a modern browser must meet the following minimum requirements:

- Must support TLS
- Must have a list of trusted certificates - Must support Extended Validation Certificates (EV)
- Must verify loaded certificates with a Certificate Revocation List (CRL) or Certificate Status Protocol (OCSP)
- The browser must use icons or primary colors to indicate whether communication with a remote server is encrypted or in plain text format. Links to remote sites running with expired certificates should only open after users have approved them
- Must support HTTP Strict Transport (HSTS) security (RFC 6797)
- It must support the same source policy (SOP) and it must support the 2.0 Content Security Policy (CSP)
- Must support Sub-resource integrity (SRI)
- Must support automatic updates with a separate browser update for critical browser updates and extensions
- Browser updates must be signed and verifiable
- The browser password manager must store the passwords in encrypted form and access to the browser's built-in password function should only be allowed when the user has entered a master password
- The user must be able to clear the passwords from the browser password manager
– Οι χρήστες θα πρέπει να είναι σε θέση να μπλοκάρουν ή να διαγράφουν αρχεία cookie. Οι χρήστες θα πρέπει να είναι σε θέση να μπλοκάρουν ή να διαγράφουν το αυτόματης συμπλήρωσης
- Users should be able to block or delete their browsing history
- Administrators should be able to configure or block browsers from sending telemetry (usage data). Browsers should support the mechanism for controlling harmful content and URLs
- Browsers will allow organizations to have blacklists locally
– Must support a settings section from where users can enable or disable addons, extensions or JavaScript.
- Administrators should be allowed to disable the profile sync features that Cloud uses.
- Must run with minimal permissions on the operating system and must support sandboxing. All elements of the browser should be isolated from each other as well as the operating system. Communication between isolated features can only take place through specified interfaces. It should not be possible to access individual resources directly.
- Websites should be isolated from each other, ideally in the form of stand-alone processes.
- Browsers should be deployed using programming languages ​​that support stack and heap memory protections
- Browsers should use OS memory protections such as Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP).

Σύμφωνα με το BSI, ο Firefox είναι το μόνο πρόγραμμα περιήγησης που υποστηρίζει όλα τα παραπάνω. Τα που απέτυχαν οι άλλες εφαρμογές:

- Lack of support for a master password (Chrome, IE, Edge)
- No built-in update mechanism (IE)
- There is no option to exclude telemetry
- No SOP (Same Origin Policy) support (IE)
– Without CSP ( Security Policy) support (IE)
- No SRI (Subresource Integrity) support (IE)
- No support for browser profiles, different configurations (IE, Edge)
- Lack of transparency (Chrome, IE, Edge)

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).