Ask HN: time for an extra-secure browser?
A report on the BBC website about a new attack on internet banking (http://www.bbc.co.uk/news/technology-16812064) made me wonder if it is time for an enhanced security browser that could be used just for online banking? So for example, it would not run any Javascript, have a very strict same-origin policy, and could perhaps include some kind of built-in anti-virus. Any thoughts? Not running JS is, unfortunately, a death sentence. Too many sites legitimately depend on it. On the other hand, you could reasonably require a user to turn JS on for each site that needed it. On the gripping hand, users would complain, or automatically turn it on for every site, or both. Do you mean that many (most?) online banking sites use JS? Based on my bank's online system, I don't think there is anything that could not be done without scripts. And my suggestion (perhaps not well expressed) is that someone (e.g. the banks themselves) develop a cut-down extra secure browser for use exclusively with online banking websites. I am assuming that the majority of online banking is done from customers' own home computer or tablet; obviously this idea won't help people logging on via a shared public PC.