Whitehatsec’s Aviator

logoAviator012112

A new web browser is brought to us from Whitehatsec called Aviator, built for speed, security and privacy.  Its based on the Open-Source Chromium browser and can utilise many of Chrome’s browser plugins.

The browser boasts that with every website you visit, you are potentially vulnerable to malicious hackers out to steal your surfing history, passwords, email access, bank account numbers, medical info, and more. That the “big browsers” don’t do enough to stop this, and this is where Aviator is different:

Internal websites are blocked

Whitehatsec’s Aviator blocks access to internal websites (sites behind your router/firewall) to prevent something called “Intranet port scanning” and “Intranet hacking.” Aviator protects you by preventing you from reaching these dangerous and often unprotected regions of your network unless you do so in a different browser. Using a different browser limits internal access to only things you actually manually intend to do.

Attacks Prevented

  • CSRF attacks against your home broadband router.
  • Intranet port scanning within your DMZ/Corporate Domain; though this may affect legitimate browsing on the internal network for small/medium businesses.
  • Malicious Phishing/Redirect attacks on your internal network.

Aviator will not ‘Remember Me’ to keep me signed into XYZ site

For privacy reasons when using ‘Protected Mode’, once you shut down Aviator, all cookies and caches are automatically removed. This also defends against attacks that require you to be logged into your bank or social networking site, by ensuring that you regularly log out.

Attacks Prevented

  • Old cookie replay.
  • Cookie theft.

No advertisements

Aviator removes adverts using a plugin called Disconnect. You can re-enable ads through the Disconnect plugin if you need or want to see the adverts.

Attacks Prevented

  • Malware delivered through 3rd Party Advertisement plugins

3rd-Party cookies are blocked

Aviator blocks third-party cookies by default to prevent advertisers and third-party systems from tracking you. This can affect some functionality. We recommend emailing the webmaster and informing them if their site breaks due to this – it usually only requires them to implement a simple JavaScript fix.

What does this “NOT PROTECTED” banner mean when I open settings?

To make certain you’re aware and notified whenever you leave ‘Protected Mode’. By default, settings must live outside of protected mode. Whithatsec found that some users accidentally keep surfing after changing settings without realising. This banner is a prominent reminder for you. If you find yourself in unprotected mode, please remember to clear cookies and cache to minimise your risk.

Java Disabled by Default

Chromium is currently 32 bit and the most recent version of Java (7) only supports 64 bit browsers. We recommend not using Java at all, as it’s a highly dangerous technology that has been used to mount an insurmountable number of drive-by downloads to infect computers around the world. But if you must use Java, we do support Java 6 since it supports 32 bit browsers.

Attacks Prevented

  • Malicious Java Drive-By Download attacks

When ‘Quitting’ Aviator gives a pop-up asking if you really want to quit

That is intended behavior because Aviator runs by default in ‘Protected Mode’. If you mistakenly quit the browser, all open tabs, cookies, and cache are gone forever. Rather than risk an unintentional shutdown, Aviator prompts you to confirm you really want to quit the browser.

References: