How to prevent dirty hands from touching my cookies?

windows-7 privileges

According to my other question, it seems that my cookies are unprotected. (I should have known that as there was a time I just manually deleted cookies from Internet Temporary Files.)

So to make my question a little bit more general:

How to prevent a program on my computer from accessing some resources on my computer?

Or the other way around:

How to open access of some resources only to selected programs?

Or an seemingly impractical request:

How to make programs ask for permission when they want to access certain resources?

Though Windows 7 makes it a rule to request administrative privilege when changes are made to system files. However, access to (I mean, just view) resources is open to all programs.

Virtual machines seem to be a choice, but those programs isolated by a virtual machine stand no chance to view any of the resources of the outer (host) system, which does not seem to be preferable.

I am using Windows 7 now, but solutions on any OS are welcomed.


Well, let me answer one part of your broader question first: how to do it. My immediate experience is on Linux, but you said that answers on any platform were welcome, so here goes. If you were on Linux, you could probably require root access to access your cookies in any way other than (in principle) deleting them. The general procedure would look like this:

  1. Change the permissions of the file so that other users can't read it. chmod 600 <file> should work as the right mode for this.
  2. Test to make sure that your browser doesn't clobber those permissions accidentally.
  3. Create a new user account for your browser. Let's call it foxy for argument's sake.
  4. Change the ownership of the browser's cookies file to foxy, as well as anything else which the browser may need to write to. (Really everything in the browser's user directory could in principle be affected.)
  5. Test to make sure that your browser still knows where its cookies are stored when being run as foxy. If necessary, give foxy a home directory exclusively for such things.
  6. Use visudo to give yourself permission, but only when running your browser, to change users to foxy The line in the sudoers file would look something like <your user name> ALL = (foxy) NOPASSWD: /usr/bin/firefox. This would guarantee that you only have permission to run this one particular program as user foxy.
  7. Write a shell script which runs your browser with the given user name, so that you can refit the .desktop files of the links you use to open the browser. Let's say you put it at /usr/local/bin/browse; it might simply contains (after the hash-bang line) sudo -u foxy /usr/bin/firefox or so.

The part that Linux does really well is in these sorts of extra options. I don't know much about Windows 7, but I would be somewhat surprised if it could do the same thing -- if it had a substitute-user system which could restrict the user which you substitute as based on the executable name. (Notice that if I just give myself arbitrary permission to substitute as foxy, this will not stop a dedicated attacker; they will just substitute an arbitrary command to read out the cookies as foxy.

Now let me explain why perhaps this is the wrong question. Gmail happens to have nice options that force you to only send your cookies over TLS/SSL (secured browsing connections). Most login-based services don't. This means that your cookies are in principle viewable to the entire Internet infrastructure. Surprisingly, that infrastructure has proven quite passive and generally will not attack you except perhaps to censor you, although there are parts of the Internet like Tor where this rule breaks completely.

However, it is still an issue when, say, you're using someone else's WiFi connection. They can "hear" everything which you send which is not TLS, and you have no way of stopping them without, say, using a secure proxying scheme to get through. (Like Tor! ...whoops.) It's not just the wireless security which I'm talking about (though if they're not using proper encryption, your cookies might also be in danger from anyone who has a laptop in the same room as you). It's the establishment itself. Perhaps your hotel desk clerk happens to be technologically savvy and wants to eavesdrop on Internet traffic at the hotel he works at; how do you stop him?

You could also solve this in Linux, but it requires shelling out a little cash to someone to buy what's called an SSH tunnel server. It's a remote proxy which you control which has (hopefully) a safer Internet connection than your day-to-day wireless voyages; you connect to it through an encrypted connection. It still depends on the rest of the Internet to be secure, but your immediate surroundings can be insecure. By setting up a ~/.ssh/authorized_keys file on that server you can get the tunnel to work without providing a password, though you might want to (or have to) set up a shell script to add this to firefox by default, as before.


One way you can accomplish this...

  1. Create a new user account and set a password
  2. Login to that account and install Chrome or run Firefox to create the %Appdata% folder
  3. Encrypt that %AppData% folder using EFS (Right Click -> Properties -> Advanced -> Encrypt...)
  4. Switch to your main account Hold Shift and Right click on your browser shortcut and choose "Run as different user"
  5. Enter the new account credentials and click ok

You are now running the browser as a different user and those files are encrypted so only that user/application can read them.

For Chrome you will need to edit the shortcut to open the Chrome installed in the browser account.

You will also need to change the download directory to your main users and give the browser user permission on that directory or you can possible set it to a public folder and add that public folder as a library.

Edit: Just tested it in a VM with Firefox and Chrome... Firefox worked but Chrome crashes. It might be due to the sandbox it uses but I am not sure and there is probably a simple work around.

Edit2: Yea its the sandbox. If you add --no-sandbox to the shortcut it will work :\ If you have sandboxie you could set Chrome to be forced into a sandbox that is encrypted by the browser user.

Related

sudo chown fails with operation not permitted
Can we disable IPV4 and use purely IPV6 on Windows XP/2003?
How to detect FireWire interface and Connected device on it, in Ubuntu 11.04?
Copy and Paste from Clipboard to URxvt
Path prefixes \??\ and \\?\
Drawing lines on html page
Why does @PostConstruct callback fire every time even though bean is @ViewScoped? JSF
Wait for image to be loaded before going on
How to detect whether custom keyboard is activated from the keyboard's container app?
How do you detect an evil merge in git?
Minimum Working Example for ajax POST in Laravel 5.3
Storing images in Core Data or as file?