The things i know are:
- use an adblocker
- harden browser security settings (autodownload, v8 etc.)
- updates ofcourse
- use non-windows PC
Anything i am missing?
It depends how far you want to take it, but if you’re just looking for basic protection I’d recommend two more:
- Be careful about what websites you visit by avoiding sketchy or unknown sites, ideally stick to reputable well-known websites when possible. Caution is at least half the battle.
- Consider using DNS filtering. Some DNS providers like Cloudflare and Mullvad allow you to use malware-blocking DNS servers which might compliment Google Safe Browsing.
If we’re strictly talking about drive-by malware, avoiding Windows shouldn’t be considered a true mitigation. I think it’s fair to say macOS or QubesOS are probably better at dealing with malware whereas Linux has its pros and cons.
1 Like
Speaking from personal experience if you’re on windows: avoid game modding or ricing websites, hahaha
2 Likes
Does the package format of the browser matter? If i install Brave on Ubuntu as a snap will it be more secure agaisnt drive-by malware in comparison to .deb? If malware escapes the chromium sandbox it needs another step to escape the sandbox of the snap. And many kernel vulnerabilities cannot be exploited through the snap sandbox.
Are my conclusions correct?
Yes, package formats affect browser security.
I’m unaware of any potential security benefit Snap could provide to Chromium-based browsers, no one has ever mentioned it as a selling point before so my assumption is that there is none. Brave warns users against using the Snap as it still has bugs, so if anything I’d lean towards it being potentially more risky. I’d install it natively and look at hardening Brave. Also check to ensure it is running in Wayland, the last time I used Linux it defaulted to Xwayland.
1 Like