Process isolation is a set of different hardware and software technologies [1] designed to protect each process from other processes on the operating system. It does so by preventing process A from writing to process B.
Process isolation can be implemented with virtual address space, where process A's address space is different from process B's address space – preventing A from writing onto B.
Security is easier to enforce by disallowing inter-process memory access, in contrast with less secure architectures such as DOS in which any process can write to any memory in any other process. [2]
In a system with process isolation, limited (controlled) interaction between processes may still be allowed over inter-process communication (IPC) channels such as shared memory, local sockets or Internet sockets. In this scheme, all of the process' memory is isolated from other processes except where the process is allowing input from collaborating processes.
System policies may disallow IPC in some circumstances. For example, in mandatory access control systems, subjects with different sensitivity levels may not be allowed to communicate with each other. The security implications in these circumstances are broad and span applications in network key encryption systematics as well as distributed caching algorithms. Interface-defined protocols such as basic cloud access architecture and network sharing are similarly affected. [3]
Notable operating systems that support process isolation:
Internet Explorer 4 used process isolation in order to allow separate windowed instances of the browser their own processes; however, at the height of the browser wars, this was dropped in subsequent versions to compete with Netscape Navigator (which sought to concentrate upon one process for the entire Internet suite). This idea of process-per-instance would not be revisited until a decade afterwards, when tabbed browsing became more commonplace.
In Google Chrome's "Multi-Process Architecture" [4] and Internet Explorer 8's "Loosely Coupled IE (LCIE)", [5] tabs containing webpages are contained within their own semi-separate OS-level processes which are isolated from the core process of the browser so as to prevent the crash of one tab/page from crashing the entire browser. This method (known popularly as multiprocess or process-per-tab) is meant to both manage memory and processing by allowing offending tabs to crash separately from the browser and other tabs and manage security.
Erlang (programming language) is providing a similar concept in user space, by realizing strictly separated lightweight processes.
Internet Explorer is a discontinued series of graphical web browsers developed by Microsoft and included in the Microsoft Windows line of operating systems, starting in 1995. It was first released as part of the add-on package Plus! for Windows 95 that year. Later versions were available as free downloads, or in-service packs, and included in the original equipment manufacturer (OEM) service releases of Windows 95 and later versions of Windows. New feature development for the browser was discontinued in 2016 in favor of new browser Microsoft Edge. Since Internet Explorer is a Windows component and is included in long-term lifecycle versions of Windows such as Windows Server 2019, it will continue to receive security updates until at least 2029. Microsoft 365 ended support for Internet Explorer on August 17, 2021, and Microsoft Teams ended support for IE on November 30, 2020. Internet Explorer will be discontinued on June 15, 2022, after which, the alternative will be Microsoft Edge with IE mode for legacy sites.
Mozilla Firefox or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. Firefox uses the Gecko rendering engine to display web pages. In 2017, Firefox began incorporating new technology under the code name Quantum to promote parallelism and a more intuitive user interface. Firefox is available for Windows 7 or Windows 10, macOS, and Linux. Its unofficial ports are available for various Unix and Unix-like operating systems including FreeBSD, OpenBSD, NetBSD, illumos, and Solaris Unix. Firefox is also available for Android and iOS. However, the iOS version uses the WebKit layout engine instead of Gecko due to platform requirements, as with all other iOS web browsers. An optimized version of Firefox is also available on the Amazon Fire TV, as one of the two main browsers available with Amazon's Silk Browser.
Maxthon is a freeware web browser developed by the company Maxthon Ltd., based in Beijing, China. It is available for Windows, macOS, Linux, and as Maxthon Mobile for Android, iOS, and Windows Phone 8. Since version 6 Maxthon is based on Chromium.
In computing, a virtual address space (VAS) or address space is the set of ranges of virtual addresses that an operating system makes available to a process. The range of virtual addresses usually starts at a low address and can extend to the highest address allowed by the computer's instruction set architecture and supported by the operating system's pointer size implementation, which can be 4 bytes for 32-bit or 8 bytes for 64-bit OS versions. This provides several benefits, one of which is security through process isolation assuming each process is given a separate address space.
In computer security, a sandbox is a security mechanism for separating running programs, usually in an effort to mitigate system failures and/or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as storage and memory scratch space. Network access, the ability to inspect the host system, or read from input devices are usually disallowed or heavily restricted.
Mozilla Firefox has features that allow it to be distinguished from other web browsers, such as Chrome and Internet Explorer.
Windows Internet Explorer 7 (IE7) is a web browser for Windows. It was released by Microsoft on October 18, 2006. Internet Explorer 7 is part of a long line of versions of Internet Explorer and was the first major update to the browser since 2001. It is the default browser in Windows Vista, Windows Server 2008 and Windows Embedded POSReady 2009 and can replace Internet Explorer 6 on Windows XP and Windows Server 2003 but unlike version 6, this version does not support Windows NT 4.0, Windows 98, Windows 98 SE, Windows 2000, and Windows Me. It also does not support Windows 7, Windows Server 2008 R2 or later Windows Versions.
Microsoft has developed eleven versions of Internet Explorer for Windows from 1995 to 2013. Microsoft has also developed Internet Explorer for Mac, Internet Explorer for UNIX and Internet Explorer Mobile respectively for Apple Macintosh, Unix and mobile devices. The first two are discontinued but the latter runs on Windows CE, Windows Mobile and Windows Phone.
Microsoft Internet Explorer 3 (IE3) is a graphical web browser released on August 13, 1996 by Microsoft for Microsoft Windows and on January 8, 1997 for Apple Mac OS. It began serious competition against Netscape Navigator in the first Browser war. It was Microsoft's first browser release with a major internal development component. It was the first more widely used version of Internet Explorer, although it did not surpass Netscape or become the browser with the most market share. During its tenure, IE market share went from roughly 3–9% in early 1996 to 20–30% by the end of 1997. In September 1997 it was superseded by Microsoft Internet Explorer 4.
Internet Explorer Mobile is a discontinued mobile browser developed by Microsoft, based on versions of the Trident layout engine. IE Mobile comes loaded by default with Windows Phone and Windows CE. Later versions of Internet Explorer Mobile are based on the desktop version of Internet Explorer. Older versions however, called Pocket Internet Explorer, are not based on the same layout engine.
Windows Internet Explorer 8 (IE8) is a graphical web browser by Microsoft, the eighth version of Internet Explorer and the successor to Internet Explorer 7. It was released on March 19, 2009, and is the default browser for Windows 7 and Windows Server 2008 R2 operating systems. It was also made available for Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP1 and Windows Server 2008.
Mandatory Integrity Control (MIC) is a core security feature of Windows Vista and later that adds mandatory access control running processes based on their Integrity Level (IL). The IL represents the level of trustworthiness of an object. This mechanism's goal is to restrict the access permissions for potentially less trustworthy contexts, compared with other contexts running under the same user account that are more trusted.
Internet Explorer 9 or IE9 is the ninth version of the Internet Explorer web browser from Microsoft. It was released to the public on March 14, 2011. Microsoft released Internet Explorer 9 as a major out-of-band version that was not tied to the release schedule of any particular version of Windows, unlike previous versions. It is the first version since Internet Explorer 2 not to be bundled with a Windows operating system, although some OEMs have installed it with Windows 7 on their PCs, as well as new Windows 7 laptops.
Turbo is a set of software products and services developed by the Code Systems Corporation for application virtualization, portable application creation, and digital distribution. Code Systems Corporation is an American corporation headquartered in Seattle, Washington, and is best known for its Turbo products that include Browser Sandbox, Turbo Studio, TurboServer, and Turbo.
XAML Browser Applications are Windows Presentation Foundation (.xbap) applications that are hosted and run inside a web browser such as Firefox or Internet Explorer. Hosted applications run in a partial trust sandbox environment and are not given full access to the computer's resources like opening a new network connection or saving a file to the computer disk and not all WPF functionality is available. The hosted environment is intended to protect the computer from malicious applications; however it can also run in full trust mode by the client changing the permission. Starting an XBAP from an HTML page is seamless. Although one perceives the application running in the browser, it actually runs in an out-of-process executable (PresentationHost.exe) managed by a virtual machine. In the initial release of .NET Framework 3.0, XBAPs only ran in Internet Explorer. With the release of .NET Framework 3.5 SP1, which includes an XBAP extension, they also run in Mozilla Firefox.
Google Chrome is a cross-platform web browser developed by Google. It was first released in 2008 for Microsoft Windows, built with free software components from Apple WebKit and Mozilla Firefox. It was later ported to Linux, macOS, iOS, and Android, where it is the default browser. The browser is also the main component of Chrome OS, where it serves as the platform for web applications.
Internet Explorer is a series of graphical web browsers developed by Microsoft and included as part of the Microsoft Windows line of operating systems, starting in 1995.
Pwn2Own is a computer hacking contest held annually at the CanSecWest security conference. First held in April 2007 in Vancouver, the contest is now held twice a year, most recently in April 2021. Contestants are challenged to exploit widely used software and mobile devices with previously unknown vulnerabilities. Winners of the contest receive the device that they exploited and a cash prize. The Pwn2Own contest serves to demonstrate the vulnerability of devices and software in widespread use while also providing a checkpoint on the progress made in security since the previous year.
Internet Explorer 11 (IE11) is the eleventh and final version of the Internet Explorer web browser, released by Microsoft on October 17, 2013 along with Windows 8.1 and Windows Server 2012 R2. IE11 was included with the release of Windows 8.1 and Windows Server 2012 R2 on October 17, 2013 and was released for Windows 7 and Windows Server 2008 R2 on November 7, 2013. It is the successor to Internet Explorer 10, released the previous year, and is the default browser in Windows 8.1 and Windows Server 2012 R2. Windows Vista and earlier are not supported. Windows 8 is also not supported either. IE11 was also included with the release of Windows 10 on July 29, 2015, but Microsoft Edge is the default browser in this version of Windows, and there, Internet Explorer is configured to run websites based on legacy HTML technologies. It is also the default browser in Windows Server 2016 and Windows Server 2019.
Browser security is the application of Internet security to web browsers in order to protect networked data and computer systems from breaches of privacy or malware. Security exploits of browsers often use JavaScript, sometimes with cross-site scripting (XSS) with a secondary payload using Adobe Flash. Security exploits can also take advantage of vulnerabilities that are commonly exploited in all browsers.