I have had the privilege of knowing Jeremiah Grossman, the iCEO of Whitehat Security, for many years now. He has spoken on many occasions about web security and specifically web browser security or rather, the lack thereof. I recall at one point asking him, “OK, what do you use as a web browser?” He paused, smiled and said, “My own”.
That Cheshire cat response played over again in my head when Whitehat Security released their browser offering called Aviator. This is a browser that was purpose built with security in mind and, freely available for Mac users.
So, what can Aviator do? It has a few ways that it helps the web user. It prevents any cookies or caches from being stored when the browser shuts down. For privacy reasons it takes out the trash when you’re done. A second aspect is that Aviator strips advertisements from web pages leveraging the Disconnect plugin. This can be disabled if you are simply dying to see advert…yeah, I didn’t think that you were. The third aspect of this browser that stands out is that Java simply does not work. Nada, zip, zilch. This is a good thing. There are just far too many problems that Java introduces to make it worth while to enable it.
All great stuff but, one thing that has been a hobgoblin that has affected many shops is the use of such frameworks as BeEF to leverage a browser to act as a pivot point for an attacker. How does Aviator handle this?
Well, it doesn’t allow this to work at all.
WhiteHat Aviator blocks access to internal websites (sites behind the firewall) to prevent something called "Intranet port scanning" and "Intranet hacking." Aviator protects you by preventing you from reaching these dangerous and often unprotected regions of your network unless you do so in a different browser. Using a different browser limits internal access to only things you actually manually intend to do.
I thoroughly enjoy using this browser on my Macbook. I wondered when this would be made available for the Windows platform. Not long it turned out. With a far larger install base they could really benefit from this application. I had occasion to chat with Robert Hansen about the project and he made it clear that an alpha version of the Aviator browser would be made available soon. Friday evening I got my email with the link to download the alpha version. Two weeks after we spoke it was here.
Now the testing begins. I have my Windows virtual machine ready to roll and will be kicking the tires over the next week. I hope that this will be available for general release soon.
(Image used under CC from SPP Photography (StefPress))