Skip to main content
I have searched the knowledge base but didn't seem to get any returns on the Tor Browser Bundle and Webroot Secure Everywhere (for a Windows 64-bit PC, in my case.)

 

Should Webroot be encouraged to integrate "check TBB releases" into whatever internal process they have, with regards how the Tor Browser Bundle is handled by Webroot Secure Everywhere?

 

Thank you!

 

(Suggestion from Torproject's blog)

"Users need to disable WebRoot, whitelist the appropriate Tor Browser files, and more importantly contact WebRoot support to warn them that their product is breaking the Tor Browser and, to the best of Tor support’s knowledge, Firefox stable releases. Ideally, WebRoot should test new releases before harming Tor users."
Can you provide more information on this issue?

 

I have TOR installed alongside of Webroot on a variety of computer and have never seen an issue.

 

Can you please elaborate?
The following article is a update on Tor Browser Bundle

(Developers Get Advice on Hardening Tor Browser Bundle )

 

By Eduard Kovacs on August 21, 2014 A recent study conducted by iSEC Partners provided the developers of the Tor Browser Bundle with several long and short-term recommendations on how to make the application more secure.

The study, commissioned by the Open Technology Fund, the primary funder of the Tor Browser, focused on reviewing current hardening options and finding additional ways of making the software more difficult to exploit.

Since the Tor Browser is based on Firefox, researchers have also performed a historical vulnerability analysis on Mozilla's Web browser. This, along with other information on public and private exploits, is useful for the Security Slider, an upcoming feature that will allow users to disable certain elements of the browser for enhanced security.

The Security Slider will have four levels: low, medium-low, medium-high and high. For example, the "low" mode will be the current Tor Browser settings, with the addition of JIT support. In the "high" level, JavaScript will be completely disabled, remote fonts will be blocked via NoScript, and all media codecs (except WebM, which remains click-to-play) will be disabled.

 

SecurityWeek/ full article here/ http://www.securityweek.com/developers-get-advice-hardening-tor-browser-bundle
The following is a update

(Tor Browser 4.0, Tails 1.2 are out)

Author: Zeljka Zorz HNS Managing Editor/ Posted on 17 October 2014.

 

The Tor Project has released version 4.0 of its popular homonymous browser that allows users to use the Internet anonymously and privately, and to circumvent online censorship and surveillance efforts by various countries.



Since the Tor Browser Bundle - now called only Tor Browser - includes a modified Mozilla Firefox ESR web browser, this new release features security updates for it that were incorporated in Firefox 31 ESR.



The team has also disabled SSLv3 in this release in order to protect users against POODLE attacks.



Another important change is the addition of three versions of meek, a pluggable transport that uses HTTP for carrying bytes and TLS for obfuscation.



Two of them - meek-amazon and meek-azure - at the moment allow users in mainland China to bypass the country's Great Firewall but, according to the developers, "the meek transport still needs performance tuning before it matches other more conventional transports," and they plan to work on it.



"This release also features an in-browser updater, and a completely reorganized bundle directory structure to make this updater possible. This means that simply extracting a 4.0 Tor Browser over a 3.6.6 Tor Browser will not work," explained Tor Browser and Tor Performance Developer Mike Perry.


 

 

Full Article

 
New update: (I have not been on forums since last year)

 

Tor Browser 4.5a3 is released

 

 

Link to TorProject Blog post: https://blog.torproject.org/blog/tor-browser-45a3-released

Reply