Which browser is most secure?
- Lobster
- Official Crustacean
- Posts: 15522
- Joined: Wed 04 May 2005, 06:06
- Location: Paradox Realm
- Contact:
Which browser is most secure?
Working on the next version of GROWL
Puppy Browser is enabled for javascript and flash - not so good for security
choices in 4.3.1 package manager include:
gtkmoz
netsurf
skipstone
Would Dillo2 (if available?) be better for security/banking/building worlds biggest net?
[ oops must not reveal secret Lobsterian phishing plans for increasing fish stocks]
Which is the best of the small browsers for security?
Puppy Browser is enabled for javascript and flash - not so good for security
choices in 4.3.1 package manager include:
gtkmoz
netsurf
skipstone
Would Dillo2 (if available?) be better for security/banking/building worlds biggest net?
[ oops must not reveal secret Lobsterian phishing plans for increasing fish stocks]
Which is the best of the small browsers for security?
- Lobster
- Official Crustacean
- Posts: 15522
- Joined: Wed 04 May 2005, 06:06
- Location: Paradox Realm
- Contact:
lynx or elinks do not have javascript or Flash
Javascript is the only problem I have experienced
that is redirects or 'Clickjacking attacks'
You can turn off javascript with Monkeymenu
or Noscript
https://addons.mozilla.org/en-US/seamonkey/addon/722
- however these attacks are annoying more than anything
One did try and convince me that Windows was infected
I of course was not running Windows it was trying to sell
a product for a fault I did not and could not have (no Wine on my system even)
Adblock (part of 4.3.1) disables Flash
which can contain actionscript BUT I have never experienced problems with it
Javascript is the only problem I have experienced
that is redirects or 'Clickjacking attacks'
You can turn off javascript with Monkeymenu
or Noscript
https://addons.mozilla.org/en-US/seamonkey/addon/722
- however these attacks are annoying more than anything
One did try and convince me that Windows was infected
I of course was not running Windows it was trying to sell
a product for a fault I did not and could not have (no Wine on my system even)
Adblock (part of 4.3.1) disables Flash
which can contain actionscript BUT I have never experienced problems with it
The integration of internet explorer and other activeX controls on windows were the main catalysts for virus proliferation on the internet. The other route was having lan ports open to the net...135/137/139 (rpc and netbios/samba)
That's about it really...deal with that and life is much better.
mike
That's about it really...deal with that and life is much better.
mike
I have an old laptop that dual boots Puppy 421 and Puppy 431.
It was setting idle with a black screen and no applications running.
It had a netlink USB wireless connection to the internet, but no browser running.
I noticed that the activity light on the USB wireless stick was flashing.
When I went to shut it down, just before the screen shut down with the computer, I noticed in the center of the screen a fleeting message.
All it said was "Keyboard Logger".
This is the first time I have ever seen anything like that.
I was also running Puppy 431 on the other computer that was connected to the router physically.
Is this anything to be concerned with?
Remember we are talking about 2 PCs running Puppy 431 here.
It was setting idle with a black screen and no applications running.
It had a netlink USB wireless connection to the internet, but no browser running.
I noticed that the activity light on the USB wireless stick was flashing.
When I went to shut it down, just before the screen shut down with the computer, I noticed in the center of the screen a fleeting message.
All it said was "Keyboard Logger".
This is the first time I have ever seen anything like that.
I was also running Puppy 431 on the other computer that was connected to the router physically.
Is this anything to be concerned with?
Remember we are talking about 2 PCs running Puppy 431 here.
Hello 8-bit,
I too have noticed my network Icon flashing unexpectedly running Barry's early version, 431 (works fine for the tamed webserver app that I use it for and some browsing) have a download also from ttuuxxx website that is September update to try. Actually posting from Lighthouse in ram Puppy and found your post.
The harddrive version of 431 has Iptable mods and resists GRC probes, Cupsd is turned off. A base hardened Hiawatha is turned on, but there isn't any publication of its IP's and ports, but the PC sets directly off of a Linksys router.
I know that Windows is vulnerable to commercial keyloggers, and presume that Linux should also be, as it is so "network friendly", and the personal using it so much more capable of programming art.
I found a small linux a coupla days ago with a rootkit searching in the menu, it is called Insert-139B or close to that, maybe # is partially wrong,
Went to HD and found name to be INSERT-1.3.9b_en.iso
I booted it in ram, but it was so needful of command line guidance, that I personally could not use it.
As I type here, the network Icon of Lighthouse is inactive, as is the HD lights, I would have concern over your systems, maybe mine too
jay
PS edit,
A thought just occurred to me, reading all the posts on ttuuxxx link where members lament that so many pets have not been updated and errors are continued from puppy version to version, this is a way that mischief might be done, even if the "listener" on the "far end" is long gone - just a thought.
.
I too have noticed my network Icon flashing unexpectedly running Barry's early version, 431 (works fine for the tamed webserver app that I use it for and some browsing) have a download also from ttuuxxx website that is September update to try. Actually posting from Lighthouse in ram Puppy and found your post.
The harddrive version of 431 has Iptable mods and resists GRC probes, Cupsd is turned off. A base hardened Hiawatha is turned on, but there isn't any publication of its IP's and ports, but the PC sets directly off of a Linksys router.
I know that Windows is vulnerable to commercial keyloggers, and presume that Linux should also be, as it is so "network friendly", and the personal using it so much more capable of programming art.
I found a small linux a coupla days ago with a rootkit searching in the menu, it is called Insert-139B or close to that, maybe # is partially wrong,
Went to HD and found name to be INSERT-1.3.9b_en.iso
I booted it in ram, but it was so needful of command line guidance, that I personally could not use it.
As I type here, the network Icon of Lighthouse is inactive, as is the HD lights, I would have concern over your systems, maybe mine too
jay
PS edit,
A thought just occurred to me, reading all the posts on ttuuxxx link where members lament that so many pets have not been updated and errors are continued from puppy version to version, this is a way that mischief might be done, even if the "listener" on the "far end" is long gone - just a thought.
.
- Lobster
- Official Crustacean
- Posts: 15522
- Joined: Wed 04 May 2005, 06:06
- Location: Paradox Realm
- Contact:
Would you click on this browser link?
http://5z8.info/manhunter_b0c6w_nakedgrandmas.jpg
Yep part of my 'don't fight the paranoia' campaign
http://5z8.info/manhunter_b0c6w_nakedgrandmas.jpg
Yep part of my 'don't fight the paranoia' campaign
OK,...Netsurf and Slipstone don't have (am I right?) java or flash? I've used Midori (I likey)....but it has flash enabled (not java, though). But don't a lot of the banking (I'm thinking PayPal, too) require the use of java and/or flash? For instance,..even when I use the very latest FireFox,..my bank's "secure" website fusses at me for not using IE!!! (Firefox works, though,..just don't know how secure it really is...and the banking website has some stuff that only work with java).
Let's be clear on a crucial point. Java and JavaScript are completely unrelated.nitehawk wrote:OK,...Netsurf and Slipstone don't have (am I right?) java or flash? I've used Midori (I likey)....but it has flash enabled (not java, though). But don't a lot of the banking (I'm thinking PayPal, too) require the use of java and/or flash? For instance,..even when I use the very latest FireFox,..my bank's "secure" website fusses at me for not using IE!!! (Firefox works, though,..just don't know how secure it really is...and the banking website has some stuff that only work with java).
Java is a language created by Dr. James Gosling at Sun Microsystems, designed to be "Write once, run anywhere". Compiled Java code will run on any machine with a Java Virtual Machine installed, regardless of what you built it on. You can write Java on a PC and run it on Linux. Some websites embed Java applets, though they are rare. If you have Java installed on your machine, the browser calls Java as a plugin to handle the applet,the same way it calls Adobe's Flash player to handle flash.
JavaScript is a light weight, object oriented scripting language, originally written by Brendan Eich for Netscape Navigator 2. (Brendan is now Chief Architect at Mozilla.) It was originally called LiveScript, and was renamed to JavaScript by someone in Netscape marketing to capitalize on the popularity of Sun's then new Java language. This has caused endless confusion in the years since by people who conflate the two. The only thing the two languages have in common is the word Java in the name.
JavaScript has subsequently been implemented by most other browsers, has become an ECMA standard, and is appearing in things that aren't browsers. (Adobe embeds a form called ActionScript in PDFs.)
The main Linux browser I can think of offhand that doesn't support JavaScript is Dillo. (NetSurf and Slipstone may not, but I don't have them installed to look.) Firefox, SeaMonkey, Opera, Midori, and Elinks here all handle JavaScript. Firefox disables some JavaScript functions by default, like the "open unrequested window" function, which is normally used to create popups. The NoScript extension can disable JavaScript entirely (and optionally disable Java, Flash, and Microsoft Silverlight) unless the website is in a user maintained whitelist.
Most websites now use JavaScript, and won't behave correctly unless it is active. Your banking site (and mine) both use it. No banking site I am aware of uses Java (and I can't see a reason offhand why it would need to.) I could disable JavaScript entirely, but won't. Too many places I visit require it.
Many websites, including banking sites, alas, are coded expecting Internet Explorer as the browser, and complain if they don't see it. Generally, Firefox will actually work just fine, as long as the site is coded adhering to current web development standards. There are add-ons for Firefox and SeaMonkey designed to deal with brain dead sites that only think they work with IE by lying. They modify the user agent string sent to the website when they access it to claim the browser is IE rather than Firefox/SeaMonkey. (It's actually been some time since I've had to resort to that sort of trickery to get a site to work. Firefox is now too popular to ignore. )
I haven't had security issues or worries with my banking and credit card sites. All use https to create an encrypted session between me and them when I am accessing account information. I don't worry about being compromised when I am accessing it.
______
Dennis
Father of Java, James Gosling, follows a number of other noted ex-Sun employees out the door since Oracle's purchase of the company was finalized in January.DMcCunney wrote:Java is a language created by Dr. James Gosling at Sun Microsystems, designed to be "Write once, run anywhere". Compiled Java code will run on any machine with a Java Virtual Machine installed, regardless of what you built it on. You can write Java on a PC and run it on Linux. Some websites embed Java applets, though they are rare. If you have Java installed on your machine, the browser calls Java as a plugin to handle the applet, the same way it calls Adobe's Flash player to handle flash.
After news, something about insecure browsing. Google researcher Tavis Ormandy has published details of a Java virtual machine bug that could be used to run unauthorized programs on a computer. The flaw affects all versions since Java SE 6 update 10 for Microsoft Windows and Linux (http://seclists.org/bugtraq/2010/Apr/80).
Many researchers are talking about serious Java bug, but Oracle don't consider this vulnerability to be critical, which could be a mistake on their part as that means it won't be patched until the next patch in the cycle is released – which should be around July.
- Lobster
- Official Crustacean
- Posts: 15522
- Joined: Wed 04 May 2005, 06:06
- Location: Paradox Realm
- Contact:
Access all areas - go to all URL's
http://lifehacker.com/5516305/top-10-wa ... on-the-web
http://lifehacker.com/5516305/top-10-wa ... on-the-web
Are you experiencing your browser unstable? Have you Java? Is your Java up to date? Many questions, but there is a reason for them. The number of Java exploit attempts increased sharply in summer (http://blogs.technet.com/b/mmpc/archive ... -java.aspx).
- Lobster
- Official Crustacean
- Posts: 15522
- Joined: Wed 04 May 2005, 06:06
- Location: Paradox Realm
- Contact:
http://puppylinux.org/wikka/JavaRuntimeEnvironment
Coolpup has just repackaged java
Midori in Lucid 5.2 warns that it may be a security risk if used as
a connect to web browser (it is used internally as a HTML reader)
- is it a risk? Can it be hardened?
What about Iron (secure Chrome) 2 versions are available in the
Lucid 5.2 package manager - check it out
http://en.wikipedia.org/wiki/SRWare_Iron
Check them all with Wireshark
http://murga-linux.com/puppy/viewtopic. ... 787#111787
Coolpup has just repackaged java
Midori in Lucid 5.2 warns that it may be a security risk if used as
a connect to web browser (it is used internally as a HTML reader)
- is it a risk? Can it be hardened?
What about Iron (secure Chrome) 2 versions are available in the
Lucid 5.2 package manager - check it out
http://en.wikipedia.org/wiki/SRWare_Iron
Check them all with Wireshark
http://murga-linux.com/puppy/viewtopic. ... 787#111787
- Lobster
- Official Crustacean
- Posts: 15522
- Joined: Wed 04 May 2005, 06:06
- Location: Paradox Realm
- Contact:
900 million IE users compromised
http://www.bbc.co.uk/news/technology-12325139
http://www.bbc.co.uk/news/technology-12325139
Last edited by Lobster on Wed 02 Feb 2011, 05:07, edited 1 time in total.
- ttuuxxx
- Posts: 11171
- Joined: Sat 05 May 2007, 10:00
- Location: Ontario Canada,Sydney Australia
- Contact:
I would say the latest Firefox 4, without flash and java. Firefox is updated 10 to 1 compared to Seamonkey, the guys at Seamonkey just monkey around most the time, lol
I don't think any other browser is updated/patched and tested for security leaks as much as Firefox.
ttuuxxx
I don't think any other browser is updated/patched and tested for security leaks as much as Firefox.
ttuuxxx
http://audio.online-convert.com/ <-- excellent site
http://samples.mplayerhq.hu/A-codecs/ <-- Codec Test Files
http://html5games.com/ <-- excellent HTML5 games :)
http://samples.mplayerhq.hu/A-codecs/ <-- Codec Test Files
http://html5games.com/ <-- excellent HTML5 games :)
- ttuuxxx
- Posts: 11171
- Joined: Sat 05 May 2007, 10:00
- Location: Ontario Canada,Sydney Australia
- Contact:
hi jpeps
Its not about virus there's only a handful for linux and your chances on getting one with any browser is extremely low, Its more about security, like online banking, or people hacking your system via flash/java holes in the browser that haven't been patched yet. Hmmm but links doesn't do java or flash right, so that's also a great browser, if you like pure min features, but still it does have a place for a lot of users who like that sort of browsing experience
ttuuxxx
Its not about virus there's only a handful for linux and your chances on getting one with any browser is extremely low, Its more about security, like online banking, or people hacking your system via flash/java holes in the browser that haven't been patched yet. Hmmm but links doesn't do java or flash right, so that's also a great browser, if you like pure min features, but still it does have a place for a lot of users who like that sort of browsing experience
ttuuxxx
http://audio.online-convert.com/ <-- excellent site
http://samples.mplayerhq.hu/A-codecs/ <-- Codec Test Files
http://html5games.com/ <-- excellent HTML5 games :)
http://samples.mplayerhq.hu/A-codecs/ <-- Codec Test Files
http://html5games.com/ <-- excellent HTML5 games :)
Fresh flash and java are needed if any, but what about socially engineered malware.
Old graph
New graph
Test report: http://www.nsslabs.com/assets/noreg-rep ... -FINAL.pdf.
Old graph
New graph
Test report: http://www.nsslabs.com/assets/noreg-rep ... -FINAL.pdf.
Secure browser
Last week, I've found out that Fortress Linux has released a secure Linux OS that is called the "Secure Browsing Edition". It only includes a hardened web browser.
This browser has a smart protection system against evil scripts and cookies. And it seems to be the only browser that forces TLS 1.2/SSL 3.3 encryption, while all the available web browsers in my Puppy install only use TLS 1.0, which was cracked recently. (Google for TLS cracked). Besides, I don't trust Puppy anymore after my system was infected by a root-kit last week.
I now use the Fortress Linux secure browsing edition to do my online banking and more. It's fast and it has an "Apple" look window manager. It boots in a matter of seconds.
The URL of their website is:
http://www.fortresslinux.org
This browser has a smart protection system against evil scripts and cookies. And it seems to be the only browser that forces TLS 1.2/SSL 3.3 encryption, while all the available web browsers in my Puppy install only use TLS 1.0, which was cracked recently. (Google for TLS cracked). Besides, I don't trust Puppy anymore after my system was infected by a root-kit last week.
I now use the Fortress Linux secure browsing edition to do my online banking and more. It's fast and it has an "Apple" look window manager. It boots in a matter of seconds.
The URL of their website is:
http://www.fortresslinux.org