What is Nessie?
Nessie is an extremely simple web browser for Windows, best used as a secondary browser. It was inspired by other minimal web browsers such as Netsurf or Dillo, but aims for better compatibility with the modern web, and higher security.
It is one of the few remaining browsers based on the Trident layout engine. (You might have a strong urge to stop reading right here - don't!)
Its feature set is intentionally limited to the bare essentials, to minimize both distractions and attack vectors. It is a good option if you are looking for a fast, casual and low-resource browser, or need to use legacy websites requiring an IE-compatible web browser.
Note that Nessie has no extensions, no tabs, and no toolbars. On the surface, it could be described as just a "webview with an address bar". Read below to find out how it is much more than that.
Using Trident in 2020, for all its flaws, provides a few nice benefits:
● A frozen feature set means fewer bugs over time
● A battle-tested engine
● It is built into every version of Windows
● Monthly security updates are still provided by Microsoft
● Large viewable screen space
● Privacy-oriented: zero behavior tracking, zero telemetry
● Reasonably effective and lightweight adblocker
● Lightning-fast startup time
● Tiny binary size
● Low RAM usage
● KeePass friendly
Did you know? 4 out of the last 5 zero-day exploits in Trident were due to critical bugs in the legacy jscript.dll engine, which has been deprecated for a long time, but any web page can still force IE11 to load it. Nessie entirely blocks out the loading of that DLL to minimize attack surface.
Nessie also has other unique security features including TLD whitelisting, URL scheme whitelisting, MITM detection, URL homoglyph detection and strict patch-level checking. More details on these soon!
Its codebase is very small (about 2500 LoC currently) and could be open sourced in the next few months if the project gains enough traction and support.