Do I need to worry if SeaMonkey is out of date?

For discussions about security.
Post Reply
Message
Author
mttdd
Posts: 4
Joined: Thu 18 Oct 2012, 17:34

Do I need to worry if SeaMonkey is out of date?

#1 Post by mttdd »

Hi community.

I just recently started using Puppy Linux and I have to say I'm blown away. I have an old HP laptop running only 512 MB RAM with no hard drive and Puppy Linux is flying!

My question is regarding browser security; more specifically using an outdated version of SeaMonkey. Out of the box, SeaMonkey is already out of date. I was wondering if the version of SeaMonkey that ships with each release of Puppy Linux is chosen based on its state of security/stability? Or is each Puppy Linux released with whichever happens to be the newest version of SeaMonkey at the time?

It's stated on http://puppylinux.org/wikka/Security that it's best practice to use the latest version of internet browsers. In normal use cases, when the OS is installed on a hard drive, this is easy to keep on top of. Given that Puppy Linux is booted as a Live CD, and that each restart is like a fresh installation, updating the browser isn't as easy. Also, from what I'm reading on the forums, updating SeaMonkey in Puppy Linux might be a difficult task for beginners (like myself).

To sum up my question: is browsing with SeaMonkey from a fresh start-up of Puppy Linux (latest release), having the firewall enabled and armed with common sense considered safe for important tasks such as online banking and webmail? Even though the browser is out of date and could be subjected to vulnerabilities?

Any insight is much appreciated!

User avatar
Barkin
Posts: 803
Joined: Fri 12 Aug 2011, 04:55

Re: Do I need to worry if SeaMonkey is out of date?

#2 Post by Barkin »

mttdd wrote:... Given that Puppy Linux is booted as a Live CD, and that each restart is like a fresh installation ...
I think that's correct, when running from a live CD any malware infection contracted when browsing the web could only persist for one boot session. Rebooting the live CD before doing anything sensitive like online banking should return your OS to a pristine malware-free state.

User avatar
Sky Aisling
Posts: 1368
Joined: Sat 27 Jun 2009, 23:02
Location: Port Townsend, WA. USA

Do I need to worry if SeaMonkey is out of date?

#3 Post by Sky Aisling »

Hello mttdd, Welcome to the kennels.

My apologies, mttdd, I just posted some incorrect information to you.
I've deleted the content of my post. :oops:

At least I can still offer my welcome to the forum.
Attachments
cat welcome.gif
(13.74 KiB) Downloaded 1124 times

Dewbie

#4 Post by Dewbie »

mttdd wrote:
Or is each Puppy Linux released with whichever happens to be the newest version of SeaMonkey at the time?
Usually that's the case, although BarryK rolled back to SeaMonkey 1.1.18 later in the Wary 5.1 series because the current SeaMonkeys at the time were broken.

Keep in mind that SeaMonkey is updated every few weeks anymore, so it's hard to keep up.
Given that Puppy Linux is booted as a Live CD, and that each restart is like a fresh installation, updating the browser isn't as easy.
It is if you set up a save file, and boot to it from CD.

Make a master copy of your save file, then copy the master to the hard drive...or whatever partition you plan to use for your sessions. Install the newest browser there. Save all important data (docs, etc.) on another partition.

When a new browser is released, delete the save file, copy your master and start over. It takes very little time.

User avatar
Sky Aisling
Posts: 1368
Joined: Sat 27 Jun 2009, 23:02
Location: Port Townsend, WA. USA

Do I need to worry if SeaMonkey is out of date?

#5 Post by Sky Aisling »

Dewbie,

I think he doesn't have a HDD on the machine.

mttdd writes:
I have an old HP laptop running only 512 MB RAM with no hard drive and Puppy Linux is flying!

mttdd - I run older machines with no HDD with no major issues. There are several choices of puppies to use via Live CD or Live USB stick on older machines. For example: Puppy 4.3.1 works well, Puppy 525 Retro runs well. There are others to take out to play also. Puppy 520 rarely gives me issues on older machines.

cthisbear
Posts: 4422
Joined: Sun 29 Jan 2006, 22:07
Location: Sydney Australia

#6 Post by cthisbear »

mttdd:

Welcome to Puppy mate.

"""""""

" old HP laptop "

Supply your model so we may give you something more recent,
that still makes you smile.

And what Puppy version did you download?

""""""""""""""""""""""""
I use an old version for banking.
It gives me a warning error on only one banksite...
security warning>>> which I ignore.

I fix Windows machines all the time,
and still I feel safe enough.

Of course I am the sarcastic type on occasion as well.

Post back your specs.
There are ways to update Seamonkey for some.

http://murga-linux.com/puppy/viewtopic.php?t=80905

Chris.

mttdd
Posts: 4
Joined: Thu 18 Oct 2012, 17:34

#7 Post by mttdd »

Thanks for all the responses!

cthisbear:

The laptop is an HP Pavilion dv 1000. The hard drive crashed on it years ago and it has been collecting dust in my closet until just this week. Just for fun I tossed the HDD and tried running Slacko Puppy 5.3.3. It's running great out of the box with a paltry 512 MB RAM. Zero issues getting up and running and connecting to the interwebs via wifi. Super impressed!

Sky Aisling:

I'll have to try those other PL versions you mention. I haven't tried pushing the limits of running Puppy on my old laptop yet. I'm guessing I'd reach the RAM threshold pretty quickly if I made an effort. Though running four or five browser tabs seems pretty smooth.

Dewbie:

A save file definitely sounds like the way to go. Especially for longer-term Puppy Linux use. I'll just use a USB thumb drive. The first thing I do before using the browser is install the NoScript and Ad Block Plus Addons in SeaMonkey. Though not a lengthy task, it would be nice to skip those steps at start up.

Barkin:

The concept you point out is what encouraged me to start looking into the Linux Live CD, and subsequently led me to the Puppy Linux community. I'm becoming much more security cautious as I get older. Some might call it tin foil hat syndrome, ha ha. Though I really do buy into the "ounce of prevention" mentality.

====================

I'll look into how to update SeaMonkey. I should be able to figure it out (plus I like a good challenge).

Save files sound super handy for general, longer term computer usage. Though for online banking, I really like the idea of using a fresh, unaltered OS boot for one-off sessions.

Here's my theory: If I just go straight to the bank website (either via direct URL or through Google), starting from a fresh OS boot, running the firewall (but no save file), then there is no opportunity for a browser attack. Even with an outdated browser, you're, in theory, only ever on "trusted" websites in the two or three steps it takes to get there. Trying to look at this from every angle. I can't see how that is a bad route to go.

This scenario is of course assuming that the two or three "trusted" websites visited have not been breached and are themselves not phishing, running nasty scripts, or distributing malware.

Anyone wish to shed some insight on my theory? Am I missing a piece of the puzzle? (I probably just answered my own question)

Looking forward to the discussion!

User avatar
Barkin
Posts: 803
Joined: Fri 12 Aug 2011, 04:55

#8 Post by Barkin »

mttdd wrote: I just go straight to the bank website (either via direct URL or through Google)
I'd avoid routinely going to bank/paypal via a link thrown up by a search engine if possible.
It's all too easy to make a typo or to click on a lookalike site on the google search results.

Once you've got a legitimate link to bank/paypal bookmark it.

mttdd
Posts: 4
Joined: Thu 18 Oct 2012, 17:34

#9 Post by mttdd »

Barkin wrote:I'd avoid routinely going to bank/paypal via a link thrown up by a search engine if possible.
I've given this a lot of thought myself and have read good arguments for both strategies. I tend to search with Google instead of entering URLs directly for the very reason that I fear making a typo, landing me on a phishing site. Google tends to do a very good job adjusting for predictable spelling mistakes ("Showing results for"). This also gives me one last opportunity to proof my spelling before clicking a link.

Using Google in combination with myWoT.com and OpenDNS, I *think* I'm in good shape.

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#10 Post by nooby »

I do have a vague memory that Seamonkey actually asked us to update
but not when that where if 6 months or more ago?

Hopefully if you google seamonkey update upgrade security risk
that kind of key words in google search would tell you?
I use Google Search on Puppy Forum
not an ideal solution though

Dewbie

#11 Post by Dewbie »

Sky Aisling wrote:
Dewbie,
I think he doesn't have a HDD on the machine.
I wrote:
then copy the master to the hard drive...or whatever partition you plan to use for your sessions.
When you plug in a thumb drive, it shows up in Puppy as a partition.
(Still, it would have helped if I had clarified this.)

mttdd wrote:
A save file definitely sounds like the way to go. Especially for longer-term Puppy Linux use. I'll just use a USB thumb drive.
Make sure the drive itself is formatted with a non-journaling filesystem such as FAT32 or ext2.
Then it won't wear out as quickly.

As for formatting the save file, read this specific comment:
(scroll down a bit)
Posted on 3 Jul 2012, 7:11 by BarryK

cthisbear
Posts: 4422
Joined: Sun 29 Jan 2006, 22:07
Location: Sydney Australia

#12 Post by cthisbear »

Slacko Puppy 5.3.3
Should be newer there.

http://puppylinux.org/wikka/SlackoNews

His site

http://www.01micko.com/

Click on the shed for his high tech lab.

""""

Specs: HP Pavilion dv1000

http://www.cnet.com/laptops/hp-pavilion ... 00131.html

""""""

Environmental Parameters

Min Operating Temperature 50.0 °F
Max Operating Temperature 95.0 °F

Yikes.

:::::::

Chris.

User avatar
tallboy
Posts: 1760
Joined: Tue 21 Sep 2010, 21:56
Location: Drøbak, Norway

#13 Post by tallboy »

I only run my dpups live, and I use Firefox right now, but I think these tips are good in Seamonkey as well.

Running from a live CD/DVD is very safe, I use mine for banking all the time. If someone in theory should manage to get into your RAM, they could never access the memory blocks freshly allocated all the time, to gather any useful info.

I have set the preferences in Firefox to clear history and cookies when closing Firefox, and not to search for text when I start typing, and never store passwords. I always type the full web address, and never let Google finish an address for me. When finishing after having logged in to a site with a password, I simply close the Firefox, and then open a new, fresh one, and all old info is cleared. No need to reboot.

tallboy
True freedom is a live Puppy on a multisession CD/DVD.

cthisbear
Posts: 4422
Joined: Sun 29 Jan 2006, 22:07
Location: Sydney Australia

#14 Post by cthisbear »

tallboy:

Basically what i do as well.

Always close my browser etc.

Chris.

User avatar
Sky Aisling
Posts: 1368
Joined: Sat 27 Jun 2009, 23:02
Location: Port Townsend, WA. USA

Do I need to worry if SeaMonkey is out of date?

#15 Post by Sky Aisling »

Me too.

User avatar
Barkin
Posts: 803
Joined: Fri 12 Aug 2011, 04:55

#16 Post by Barkin »

tallboy wrote:... I simply close the Firefox, and then open a new, fresh one, and all old info is cleared. No need to reboot.
a malware add-on [extention] for FireFox would survive closing the browser but would not survive rebooting the live CD.

www.symantec.com/connect/blogs/invisible-firefox-extensions

User avatar
tallboy
Posts: 1760
Joined: Tue 21 Sep 2010, 21:56
Location: Drøbak, Norway

#17 Post by tallboy »

In 2009, Symantec wrote:To solve this issue, the Mozilla developers have now decided to remove this capability and only load their own core components in Firefox 3.6 and beyond. This should prevent malicious add-ons from using this method in the future, but unfortunately this is not the only trick they can use.
Good thing I use good old version 3.6, then! :lol:

Seriously, there are always someone that find a new way to spy, but eliminating ~90% of the possibilities is OK by me.

tallboy
True freedom is a live Puppy on a multisession CD/DVD.

mttdd
Posts: 4
Joined: Thu 18 Oct 2012, 17:34

#18 Post by mttdd »

Thanks everyone for the great tips and input. I feel pretty good about going with the Live CD. (Closing the browser between sessions is a common practice for me as well.)
cthisbear wrote:Yikes.
Ha ha. Yeah. I was really only using that HP Pavilion as a test. I might pick up something more on the efficient side to keep around for live CD booting.
Last edited by mttdd on Mon 22 Oct 2012, 14:07, edited 1 time in total.

User avatar
tallboy
Posts: 1760
Joined: Tue 21 Sep 2010, 21:56
Location: Drøbak, Norway

#19 Post by tallboy »

I might pick up something more on the efficient side to keep around for live CD booting.
Not necessary to spend a lot of money on that! The beauty of any puppy on a live CD/DVD, is that you can use any PC with enough memory to boot and run! Have fun! :lol:

tallboy
True freedom is a live Puppy on a multisession CD/DVD.

Post Reply