 |
Puppy Linux Discussion Forum Puppy HOME page : puppylinux.com "THE" alternative forum : puppylinux.info
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in|
The time now is Thu 15 Nov 2018, 07:11 All times are UTC - 4 |
 Forum index » Off-Topic Area » Security |
|
Which browser is most secure?
|
 
|
View previous topic :: View next topic |
| Page 1 of 3 [32 Posts] | Goto page: 1, 2, 3 Next |
| Author | Message | ||||
|---|---|---|---|---|---|
|
Lobster
Official Crustacean  Joined: 04 May 2005 Posts: 15239 Location: Paradox Realm |
Working on the next version of GROWL Puppy Browser is enabled for javascript and flash - not so good for security 
choices in 4.3.1 package manager include: gtkmoz netsurf skipstone Would Dillo2 (if available?) be better for security/banking/building worlds biggest net? [  oops must not reveal secret Lobsterian phishing plans for increasing fish stocks] 
Which is the best of the small browsers for security? _________________ YinYana AI Buddhism |
||||
|
|||||
 |
|||||
trapster
 Joined: 28 Nov 2005 Posts: 2115 Location: Maine, USA |
I'm curious, is it only gui browsers that are security risks? Where does lynx or elinks fit into this? _________________ trapster Maine, USA Asus eeepc 1005HA PU1X-BK Frugal install: Slacko Currently using full install: DebianDog |
||||
|
|||||
|
|||||
|
Lobster
Official Crustacean Joined: 04 May 2005 Posts: 15239 Location: Paradox Realm |
lynx or elinks do not have javascript or Flash Javascript is the only problem I have experienced that is redirects or 'Clickjacking attacks' You can turn off javascript with Monkeymenu or Noscript https://addons.mozilla.org/en-US/seamonkey/addon/722 - however these attacks are annoying more than anything One did try and convince me that Windows was infected I of course was not running Windows it was trying to sell a product for a fault I did not and could not have (no Wine on my system even) Adblock (part of 4.3.1) disables Flash which can contain actionscript BUT I have never experienced problems with it _________________ YinYana AI Buddhism |
||||
|
|||||
|
|||||
mikeb
 Joined: 23 Nov 2006 Posts: 11193 |
The integration of internet explorer and other activeX controls on windows were the main catalysts for virus proliferation on the internet. The other route was having lan ports open to the net...135/137/139 (rpc and netbios/samba) That's about it really...deal with that and life is much better. mike |
||||
|
|||||
|
|||||
8-bit
 Joined: 03 Apr 2007 Posts: 3425 Location: Oregon |
I have an old laptop that dual boots Puppy 421 and Puppy 431. It was setting idle with a black screen and no applications running. It had a netlink USB wireless connection to the internet, but no browser running. I noticed that the activity light on the USB wireless stick was flashing. When I went to shut it down, just before the screen shut down with the computer, I noticed in the center of the screen a fleeting message. All it said was "Keyboard Logger". This is the first time I have ever seen anything like that. I was also running Puppy 431 on the other computer that was connected to the router physically. Is this anything to be concerned with? Remember we are talking about 2 PCs running Puppy 431 here. |
||||
|
|||||
|
|||||
efiguy
 Joined: 06 Sep 2006 Posts: 169 |
Hello 8-bit, I too have noticed my network Icon flashing unexpectedly running Barry's early version, 431 (works fine for the tamed webserver app that I use it for and some browsing) have a download also from ttuuxxx website that is September update to try. Actually posting from Lighthouse in ram Puppy and found your post. The harddrive version of 431 has Iptable mods and resists GRC probes, Cupsd is turned off. A base hardened Hiawatha is turned on, but there isn't any publication of its IP's and ports, but the PC sets directly off of a Linksys router. I know that Windows is vulnerable to commercial keyloggers, and presume that Linux should also be, as it is so "network friendly", and the personal using it so much more capable of programming art. I found a small linux a coupla days ago with a rootkit searching in the menu, it is called Insert-139B or close to that, maybe # is partially wrong, Went to HD and found name to be INSERT-1.3.9b_en.iso I booted it in ram, but it was so needful of command line guidance, that I personally could not use it. As I type here, the network Icon of Lighthouse is inactive, as is the HD lights, I would have concern over your systems, maybe mine too jay PS edit, A thought just occurred to me, reading all the posts on ttuuxxx link where members lament that so many pets have not been updated and errors are continued from puppy version to version, this is a way that mischief might be done, even if the "listener" on the "far end" is long gone - just a thought. . |
||||
|
|||||
|
|||||
|
Lobster
Official Crustacean Joined: 04 May 2005 Posts: 15239 Location: Paradox Realm |
Would you click on this browser link? http://5z8.info/manhunter_b0c6w_nakedgrandmas.jpg 
Yep part of my 'don't fight the paranoia' campaign _________________ YinYana AI Buddhism |
||||
|
|||||
|
|||||
nitehawk
 Joined: 13 Apr 2008 Posts: 658 Location: West Central Florida |
OK,...Netsurf and Slipstone don't have (am I right?) java or flash? I've used Midori (I likey)....but it has flash enabled (not java, though). But don't a lot of the banking (I'm thinking PayPal, too) require the use of java and/or flash? For instance,..even when I use the very latest FireFox,..my bank's "secure" website fusses at me for not using IE!!! (Firefox works, though,..just don't know how secure it really is...and the banking website has some stuff that only work with java). |
||||
|
|||||
|
|||||
|
DMcCunney
Joined: 02 Feb 2009 Posts: 894 |
Let's be clear on a crucial point. Java and JavaScript are completely unrelated. Java is a language created by Dr. James Gosling at Sun Microsystems, designed to be "Write once, run anywhere". Compiled Java code will run on any machine with a Java Virtual Machine installed, regardless of what you built it on. You can write Java on a PC and run it on Linux. Some websites embed Java applets, though they are rare. If you have Java installed on your machine, the browser calls Java as a plugin to handle the applet,the same way it calls Adobe's Flash player to handle flash. JavaScript is a light weight, object oriented scripting language, originally written by Brendan Eich for Netscape Navigator 2. (Brendan is now Chief Architect at Mozilla.) It was originally called LiveScript, and was renamed to JavaScript by someone in Netscape marketing to capitalize on the popularity of Sun's then new Java language. This has caused endless confusion in the years since by people who conflate the two. The only thing the two languages have in common is the word Java in the name. JavaScript has subsequently been implemented by most other browsers, has become an ECMA standard, and is appearing in things that aren't browsers. (Adobe embeds a form called ActionScript in PDFs.) The main Linux browser I can think of offhand that doesn't support JavaScript is Dillo. (NetSurf and Slipstone may not, but I don't have them installed to look.) Firefox, SeaMonkey, Opera, Midori, and Elinks here all handle JavaScript. Firefox disables some JavaScript functions by default, like the "open unrequested window" function, which is normally used to create popups. The NoScript extension can disable JavaScript entirely (and optionally disable Java, Flash, and Microsoft Silverlight) unless the website is in a user maintained whitelist. Most websites now use JavaScript, and won't behave correctly unless it is active. Your banking site (and mine) both use it. No banking site I am aware of uses Java (and I can't see a reason offhand why it would need to.) I could disable JavaScript entirely, but won't. Too many places I visit require it. Many websites, including banking sites, alas, are coded expecting Internet Explorer as the browser, and complain if they don't see it. Generally, Firefox will actually work just fine, as long as the site is coded adhering to current web development standards. There are add-ons for Firefox and SeaMonkey designed to deal with brain dead sites that only think they work with IE by lying. They modify the user agent string sent to the website when they access it to claim the browser is IE rather than Firefox/SeaMonkey. (It's actually been some time since I've had to resort to that sort of trickery to get a site to work. Firefox is now too popular to ignore.  )
I haven't had security issues or worries with my banking and credit card sites. All use https to create an encrypted session between me and them when I am accessing account information. I don't worry about being compromised when I am accessing it. ______ Dennis |
||||
|
|||||
|
|||||
xman
 Joined: 24 Sep 2009 Posts: 144 |
Father of Java, James Gosling, follows a number of other noted ex-Sun employees out the door since Oracle's purchase of the company was finalized in January. After news, something about insecure browsing. Google researcher Tavis Ormandy has published details of a Java virtual machine bug that could be used to run unauthorized programs on a computer. The flaw affects all versions since Java SE 6 update 10 for Microsoft Windows and Linux (http://seclists.org/bugtraq/2010/Apr/80). Many researchers are talking about serious Java bug, but Oracle don't consider this vulnerability to be critical, which could be a mistake on their part as that means it won't be patched until the next patch in the cycle is released – which should be around July. |
||||
|
|||||
|
|||||
|
Lobster
Official Crustacean Joined: 04 May 2005 Posts: 15239 Location: Paradox Realm |
Access all areas - go to all URL's http://lifehacker.com/5516305/top-10-ways-to-access-blocked-stuff-on-the-web _________________ YinYana AI Buddhism |
||||
|
|||||
|
|||||
|
xman
Joined: 24 Sep 2009 Posts: 144 |
Are you experiencing your browser unstable? Have you Java? Is your Java up to date? Many questions, but there is a reason for them. The number of Java exploit attempts increased sharply in summer (http://blogs.technet.com/b/mmpc/archive/2010/10/18/have-you-checked-the-java.aspx). |
||||
|
|||||
|
|||||
|
Lobster
Official Crustacean Joined: 04 May 2005 Posts: 15239 Location: Paradox Realm |
http://puppylinux.org/wikka/JavaRuntimeEnvironment Coolpup has just repackaged java Midori in Lucid 5.2 warns that it may be a security risk if used as a connect to web browser (it is used internally as a HTML reader) - is it a risk? Can it be hardened? What about Iron (secure Chrome) 2 versions are available in the Lucid 5.2 package manager - check it out http://en.wikipedia.org/wiki/SRWare_Iron Check them all with Wireshark http://murga-linux.com/puppy/viewtopic.php?p=111787#111787 _________________ YinYana AI Buddhism |
||||
|
|||||
|
|||||
|
Lobster
Official Crustacean Joined: 04 May 2005 Posts: 15239 Location: Paradox Realm |
900 million IE users compromised http://www.bbc.co.uk/news/technology-12325139 _________________ YinYana AI Buddhism Last edited by Lobster on Wed 02 Feb 2011, 01:07; edited 1 time in total |
||||
|
|||||
|
|||||
ttuuxxx
 Joined: 05 May 2007 Posts: 11193 Location: Ontario Canada,Sydney Australia |
I would say the latest Firefox 4, without flash and java. Firefox is updated 10 to 1 compared to Seamonkey, the guys at Seamonkey just monkey around most the time, lol I don't think any other browser is updated/patched and tested for security leaks as much as Firefox. ttuuxxx _________________ http://audio.online-convert.com/ <-- excellent site http://samples.mplayerhq.hu/A-codecs/ <-- Codec Test Files http://html5games.com/ <-- excellent HTML5 games  |
||||
|
|||||
|
|||||
Which browser is most secure?
| Page 1 of 3 [32 Posts] | Goto page: 1, 2, 3 Next |
|
|
View previous topic :: View next topic |
|
Forum index » Off-Topic Area » Security |
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum |
Powered by phpBB © 2001, 2005 phpBB Group