Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Tue 21 Oct 2014, 17:56
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Do I need to worry if SeaMonkey is out of date?
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 1 of 2 Posts_count   Goto page: 1, 2 Next
Author Message
mttdd

Joined: 18 Oct 2012
Posts: 4

PostPosted: Thu 18 Oct 2012, 14:51    Post_subject:  Do I need to worry if SeaMonkey is out of date?  

Hi community.

I just recently started using Puppy Linux and I have to say I'm blown away. I have an old HP laptop running only 512 MB RAM with no hard drive and Puppy Linux is flying!

My question is regarding browser security; more specifically using an outdated version of SeaMonkey. Out of the box, SeaMonkey is already out of date. I was wondering if the version of SeaMonkey that ships with each release of Puppy Linux is chosen based on its state of security/stability? Or is each Puppy Linux released with whichever happens to be the newest version of SeaMonkey at the time?

It's stated on http://puppylinux.org/wikka/Security that it's best practice to use the latest version of internet browsers. In normal use cases, when the OS is installed on a hard drive, this is easy to keep on top of. Given that Puppy Linux is booted as a Live CD, and that each restart is like a fresh installation, updating the browser isn't as easy. Also, from what I'm reading on the forums, updating SeaMonkey in Puppy Linux might be a difficult task for beginners (like myself).

To sum up my question: is browsing with SeaMonkey from a fresh start-up of Puppy Linux (latest release), having the firewall enabled and armed with common sense considered safe for important tasks such as online banking and webmail? Even though the browser is out of date and could be subjected to vulnerabilities?

Any insight is much appreciated!
Back to top
View user's profile Send_private_message 
Barkin


Joined: 12 Aug 2011
Posts: 727

PostPosted: Thu 18 Oct 2012, 17:11    Post_subject: Re: Do I need to worry if SeaMonkey is out of date?  

mttdd wrote:
... Given that Puppy Linux is booted as a Live CD, and that each restart is like a fresh installation ...

I think that's correct, when running from a live CD any malware infection contracted when browsing the web could only persist for one boot session. Rebooting the live CD before doing anything sensitive like online banking should return your OS to a pristine malware-free state.
Back to top
View user's profile Send_private_message 
Sky Aisling


Joined: 27 Jun 2009
Posts: 909
Location: Port Townsend, WA. USA

PostPosted: Thu 18 Oct 2012, 19:00    Post_subject: Do I need to worry if SeaMonkey is out of date?
Sub_title: Try Shinobar's solution
 

Hello mttdd, Welcome to the kennels.

My apologies, mttdd, I just posted some incorrect information to you.
I've deleted the content of my post. Embarassed

At least I can still offer my welcome to the forum.
cat welcome.gif
 Description   
 Filesize   13.74 KB
 Viewed   1001 Time(s)

cat welcome.gif

Back to top
View user's profile Send_private_message 
Dewbie

Joined: 15 Apr 2010
Posts: 1783

PostPosted: Thu 18 Oct 2012, 22:58    Post_subject:  

mttdd wrote:
Quote:
Or is each Puppy Linux released with whichever happens to be the newest version of SeaMonkey at the time?

Usually that's the case, although BarryK rolled back to SeaMonkey 1.1.18 later in the Wary 5.1 series because the current SeaMonkeys at the time were broken.

Keep in mind that SeaMonkey is updated every few weeks anymore, so it's hard to keep up.

Quote:
Given that Puppy Linux is booted as a Live CD, and that each restart is like a fresh installation, updating the browser isn't as easy.

It is if you set up a save file, and boot to it from CD.

Make a master copy of your save file, then copy the master to the hard drive...or whatever partition you plan to use for your sessions. Install the newest browser there. Save all important data (docs, etc.) on another partition.

When a new browser is released, delete the save file, copy your master and start over. It takes very little time.
Back to top
View user's profile Send_private_message 
Sky Aisling


Joined: 27 Jun 2009
Posts: 909
Location: Port Townsend, WA. USA

PostPosted: Thu 18 Oct 2012, 23:15    Post_subject: Do I need to worry if SeaMonkey is out of date?
Sub_title: Shinobar's Seamonkey-2.10.1-en.sfs easy fix
 

Dewbie,

I think he doesn't have a HDD on the machine.

mttdd writes:

Quote:
I have an old HP laptop running only 512 MB RAM with no hard drive and Puppy Linux is flying!



mttdd - I run older machines with no HDD with no major issues. There are several choices of puppies to use via Live CD or Live USB stick on older machines. For example: Puppy 4.3.1 works well, Puppy 525 Retro runs well. There are others to take out to play also. Puppy 520 rarely gives me issues on older machines.
Back to top
View user's profile Send_private_message 
cthisbear

Joined: 29 Jan 2006
Posts: 3431
Location: Sydney Australia

PostPosted: Fri 19 Oct 2012, 00:43    Post_subject:  

mttdd:

Welcome to Puppy mate.

"""""""

" old HP laptop "

Supply your model so we may give you something more recent,
that still makes you smile.

And what Puppy version did you download?

""""""""""""""""""""""""
I use an old version for banking.
It gives me a warning error on only one banksite...
security warning>>> which I ignore.

I fix Windows machines all the time,
and still I feel safe enough.

Of course I am the sarcastic type on occasion as well.

Post back your specs.
There are ways to update Seamonkey for some.

http://murga-linux.com/puppy/viewtopic.php?t=80905

Chris.
Back to top
View user's profile Send_private_message 
mttdd

Joined: 18 Oct 2012
Posts: 4

PostPosted: Fri 19 Oct 2012, 09:32    Post_subject:  

Thanks for all the responses!

cthisbear:

The laptop is an HP Pavilion dv 1000. The hard drive crashed on it years ago and it has been collecting dust in my closet until just this week. Just for fun I tossed the HDD and tried running Slacko Puppy 5.3.3. It's running great out of the box with a paltry 512 MB RAM. Zero issues getting up and running and connecting to the interwebs via wifi. Super impressed!

Sky Aisling:

I'll have to try those other PL versions you mention. I haven't tried pushing the limits of running Puppy on my old laptop yet. I'm guessing I'd reach the RAM threshold pretty quickly if I made an effort. Though running four or five browser tabs seems pretty smooth.

Dewbie:

A save file definitely sounds like the way to go. Especially for longer-term Puppy Linux use. I'll just use a USB thumb drive. The first thing I do before using the browser is install the NoScript and Ad Block Plus Addons in SeaMonkey. Though not a lengthy task, it would be nice to skip those steps at start up.

Barkin:

The concept you point out is what encouraged me to start looking into the Linux Live CD, and subsequently led me to the Puppy Linux community. I'm becoming much more security cautious as I get older. Some might call it tin foil hat syndrome, ha ha. Though I really do buy into the "ounce of prevention" mentality.

====================

I'll look into how to update SeaMonkey. I should be able to figure it out (plus I like a good challenge).

Save files sound super handy for general, longer term computer usage. Though for online banking, I really like the idea of using a fresh, unaltered OS boot for one-off sessions.

Here's my theory: If I just go straight to the bank website (either via direct URL or through Google), starting from a fresh OS boot, running the firewall (but no save file), then there is no opportunity for a browser attack. Even with an outdated browser, you're, in theory, only ever on "trusted" websites in the two or three steps it takes to get there. Trying to look at this from every angle. I can't see how that is a bad route to go.

This scenario is of course assuming that the two or three "trusted" websites visited have not been breached and are themselves not phishing, running nasty scripts, or distributing malware.

Anyone wish to shed some insight on my theory? Am I missing a piece of the puzzle? (I probably just answered my own question)

Looking forward to the discussion!
Back to top
View user's profile Send_private_message 
Barkin


Joined: 12 Aug 2011
Posts: 727

PostPosted: Fri 19 Oct 2012, 10:56    Post_subject:  

mttdd wrote:
I just go straight to the bank website (either via direct URL or through Google)

I'd avoid routinely going to bank/paypal via a link thrown up by a search engine if possible.
It's all too easy to make a typo or to click on a lookalike site on the google search results.

Once you've got a legitimate link to bank/paypal bookmark it.
Back to top
View user's profile Send_private_message 
mttdd

Joined: 18 Oct 2012
Posts: 4

PostPosted: Fri 19 Oct 2012, 14:11    Post_subject:  

Barkin wrote:
I'd avoid routinely going to bank/paypal via a link thrown up by a search engine if possible.


I've given this a lot of thought myself and have read good arguments for both strategies. I tend to search with Google instead of entering URLs directly for the very reason that I fear making a typo, landing me on a phishing site. Google tends to do a very good job adjusting for predictable spelling mistakes ("Showing results for"). This also gives me one last opportunity to proof my spelling before clicking a link.

Using Google in combination with myWoT.com and OpenDNS, I *think* I'm in good shape.
Back to top
View user's profile Send_private_message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Fri 19 Oct 2012, 16:30    Post_subject:  

I do have a vague memory that Seamonkey actually asked us to update
but not when that where if 6 months or more ago?

Hopefully if you google seamonkey update upgrade security risk
that kind of key words in google search would tell you?

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send_private_message 
Dewbie

Joined: 15 Apr 2010
Posts: 1783

PostPosted: Fri 19 Oct 2012, 18:37    Post_subject:  

Sky Aisling wrote:
Quote:
Dewbie,
I think he doesn't have a HDD on the machine.

I wrote:
Quote:
then copy the master to the hard drive...or whatever partition you plan to use for your sessions.

When you plug in a thumb drive, it shows up in Puppy as a partition.
(Still, it would have helped if I had clarified this.)

mttdd wrote:
Quote:
A save file definitely sounds like the way to go. Especially for longer-term Puppy Linux use. I'll just use a USB thumb drive.

Make sure the drive itself is formatted with a non-journaling filesystem such as FAT32 or ext2.
Then it won't wear out as quickly.

As for formatting the save file, read this specific comment:
(scroll down a bit)
Posted on 3 Jul 2012, 7:11 by BarryK
Back to top
View user's profile Send_private_message 
cthisbear

Joined: 29 Jan 2006
Posts: 3431
Location: Sydney Australia

PostPosted: Sat 20 Oct 2012, 01:39    Post_subject:  

Slacko Puppy 5.3.3
Should be newer there.

http://puppylinux.org/wikka/SlackoNews

His site

http://www.01micko.com/

Click on the shed for his high tech lab.

""""

Specs: HP Pavilion dv1000

http://www.cnet.com/laptops/hp-pavilion-dv1000/4507-3121_7-31000131.html

""""""

Environmental Parameters

Min Operating Temperature 50.0 °F
Max Operating Temperature 95.0 °F

Yikes.

:::::::

Chris.
Back to top
View user's profile Send_private_message 
tallboy


Joined: 21 Sep 2010
Posts: 444
Location: Oslo, Norway

PostPosted: Sat 20 Oct 2012, 23:35    Post_subject:  

I only run my dpups live, and I use Firefox right now, but I think these tips are good in Seamonkey as well.

Running from a live CD/DVD is very safe, I use mine for banking all the time. If someone in theory should manage to get into your RAM, they could never access the memory blocks freshly allocated all the time, to gather any useful info.

I have set the preferences in Firefox to clear history and cookies when closing Firefox, and not to search for text when I start typing, and never store passwords. I always type the full web address, and never let Google finish an address for me. When finishing after having logged in to a site with a password, I simply close the Firefox, and then open a new, fresh one, and all old info is cleared. No need to reboot.

tallboy

_________________
True freedom is a live Puppy on a multisession CD/DVD.
Back to top
View user's profile Send_private_message 
cthisbear

Joined: 29 Jan 2006
Posts: 3431
Location: Sydney Australia

PostPosted: Sun 21 Oct 2012, 05:29    Post_subject:  

tallboy:

Basically what i do as well.

Always close my browser etc.

Chris.
Back to top
View user's profile Send_private_message 
Sky Aisling


Joined: 27 Jun 2009
Posts: 909
Location: Port Townsend, WA. USA

PostPosted: Sun 21 Oct 2012, 12:14    Post_subject: Do I need to worry if SeaMonkey is out of date?
Sub_title: Close browser to clear cookies and other debris
 

Me too.
Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 1 of 2 Posts_count   Goto page: 1, 2 Next
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Off-Topic Area » Security
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0996s ][ Queries: 13 (0.0095s) ][ GZIP on ]