Thread: A question about Firefox.

I switched to Firefox a couple of years ago and have had no problems whatsoever.
You and I are in a similar age grouping so I assume your requisites are similar to mine.
I also switched to Mozilla Thunderbird for my Emails (same Email address etc) but so far I am not 100% sure it was the best thing to do; will have to wait and see.
Half the trouble with switching any sort of programme or whatever, is the learning of the particular quirks of that programme, and so far as I said earlier, I haven't had a problem.
Movie downloads and games aren't my forte so I cannot offer any opinion on how either one affects those sides of the coin. General usage, picture downloads etc. though, no problem.
Regards
Glen

If you use both Firefox and Thunderbird, download a program called Mozbackup and do a back of both on a regular basis.
Then can then do a full restore on any pc running both that will include all your settings, passwords and even all your emails.

the problem with xp is the exploits exist in the gui (the pretty bit that makes it easy to use)

there is no 100% solution to securing xp other than a power switch.

imho mse is as good as it gets with a free antivirus and at the moment kaspersky is the pick of the pay ones, but that can change at any time.

most people with trojanised xp machines have no idea they are infected, (same goes for linux boxes actually).

all the major browsers in xp have issues because the problem is the operating system itself is full of holes.

will be an interesting couple few months ... but not as bad as the doomsayers are predicting i believe

jrt, adwcleaner, combofix, atf-cleaner, ccleaner and malwarebytes will become your best friends if you are wise....

Hi Incisor,

do you have some more info on the latest trojan(s) that infect Linux, I'd like to follow up for my own safety.

Linux can get infected if you go on line as administrator ie root or setuid(?)

What often gets passed off as a Linux virus is usually something they call social engineering ie send the user a false url (this is your bank calling, urgent matter, please log in) leading the user to thinking they are interacting with a legitimate log on screen ie your bank. So you enter your user id and password, which then goes to the bad guy.

There is virus protection software for Linux, but its usually there to pick up on viruses that may affect future windows recipients ie Linux user gets infected file (no infection), Linux user passes it on to Windows user (infection).

Not saying it can't happen.

Sent from Fuduntu.

Cheers.

PS did a quick search on web for Linux and Trojans and anything I could find was mid 2013 and seems like not really a threat with basic precautions.

Changing the browser or email program you use will not require any change to email addresses or passwords etc.

Another consideration if relying on antivirus programs etc to protect you is that companies making that software will gradually stop supporting XP leaving you with out of date software. Once this happens you should really consider moving on.

Originally Posted by workingonit

Hi Incisor,

do you have some more info on the latest trojan(s) that infect Linux, I'd like to follow up for my own safety.

Linux can get infected if you go on line as administrator ie root or setuid(?)

What often gets passed off as a Linux virus is usually something they call social engineering ie send the user a false url (this is your bank calling, urgent matter, please log in) leading the user to thinking they are interacting with a legitimate log on screen ie your bank. So you enter your user id and password, which then goes to the bad guy.

There is virus protection software for Linux, but its usually there to pick up on viruses that may affect future windows recipients ie Linux user gets infected file (no infection), Linux user passes it on to Windows user (infection).

Not saying it can't happen.

Sent from Fuduntu.

Cheers.

PS did a quick search on web for Linux and Trojans and anything I could find was mid 2013 and seems like not really a threat with basic precautions.

do you know what services or inetd.conf is?

you have php, ssh or mysql installed or running ?

do you run postfix or sendmail?

cucipop or a basic pop3 deamon and is it running as a service or from inetd?


have you run a hardening script on your install?

talking about viruses and windows style trojans when it comes to linux gives a very opaque view of how insecure it is

there are many many root kits that automate taking over linux boxes but penetrating a linux box doesn't take fancy virus or trojan software generally speaking, it just takes a little knowledge

have a look at a few linux security sites... packet storm is an okay place to start


(sorry my phone dropped out so had to finish this when i got to a computer)

I'm not a computer programming geek. But I rely on those geeks to provide me with a secure system, for free! Good on them! I'm guessing you might be a geek, and better informed than me, given you host your own site, aulro (great site). So your comments on Linux send me on a reading spree, interesting but time consuming. I'm genuinely interested if you have read a recent article that describes serious basically unsolved current linux problems. Everyone is vulnerable if their server admin people are not on the ball, but the vulnerability seems to be predominately in the server not the home linux machine ie you export your user id and password from home machine but it is taken by hacker through host admin oversight. The hacker can then come back at your home machine.

I'm not a ford/holden, landrover/toyota, take sides guy - I accept each has it good and bad and go by need. Same with Windows/Linux. Windows is good for gaming, easy to download programs, user friendly - but this comes at a security cost. You can play games on linux but not as well embraced, as in windows, given its open source origins (hard to make money) and security controls. The Linux community has quick turn around of vulnerabilities.

I have played around with partitioning, virtual systems, multiboot systems etc. Have had years of happy surfing using Linux, but Windows grrrr grrrr grrrr. I run my Linux from a USB key which loads to my CPU. Once I turn my computer off the program is all gone. No doubt there is a partition left behind, but never really bothered to confirm this. I save any downloads to an external drive - nothing stored on my machine. Don't think there is anyway that corrupt code can be written into the linux program stored on the USB unless I allow it - could be wrong. Chrome is packaged in my Fuduntu, and seems a bit buggy when coming to watching lots of youtube vids ie LRover vs Nissan, LRover vs Toyota etc. Otherwise it will run all day without falling over.

Occasionally there will be comment that Linux is now failing, which of course sends me off to find comment on the vulnerabilities. There are vulnerabilities, usually revolving around server admin issues, but with solutions. Of course if you go on line as Linux admin (home desktop or server administrator) then your asking to be hit on the head. Then there are the social engineered vulnerabilities that are not really program code related, but user incaution dealing with unsolicited emails asking you to do something like filling out a scam log in page - affects windows and linux user alike..

Until recently you could play easily with BIOS to allow multiboot options ie have both Windows and Linux loaded onto your machine in different partitions. Or allow you to load a non-windows operating system from a CD or USB. An index would pop up on boot asking which system you want to go to.

Recently there was some attempt by industry to only allow multiboot to other iterations of windows, ostensibly to protect your latest windows o/s from infections - but really to exclude the use of Linux and other non Linux non windows o/s. Not sure where this pressure on computer manufacturers came from (sarcasm). The UN and others complained. BIOS flexibility was returned, in a sense, so you can use other o/s, but manufacturers resist providing information on what changes are required.

Can't find anything that says the Linux world is currently being crippled by attacks. Issues seem to revolve around proper admin practices on servers. It seems though that as a desktop machine I should close down some server functions because they are not needed ie just to reduce unlikely risk.

[Updated] How They Popped The Penguin: One Bash Tactic And What It Means For Linux Data Security - Forbes

If you took the headline of the above article at face value and did not read on then you would think there are significant issues with Linux. Basically using Bash you can determine your server vulnerabilities or use it to create a vulnerability. It is usual for individuals to willfully connect to hosts and there are systems in place to control their activity. Hosts do not willfully connect to individuals, but they can if prompted to do this by a hacker using an admin oversight. This is a known problem and can be closed by using stateful filtering to block SYN packages. Otherwise if you want your host to connect to individuals you as an admin can monitor those connections using stateful package filtering found on the modern firewalls.

inetd.conf and xinetd.conf issues again seem server admin related.

How To Tell If Your Linux Server Uses xinetd OR inetd sever

PHP and SQL issues seem to be server related and can be avoided by good administrator practices.

Linux: 25 PHP Security Best Practices For Sys Admins - nixCraft

20 Linux Server Hardening Security Tips - nixCraft

SSH issues - link to security and link to rumours about SSH vulnerabilities. Again seems server related.

Top 20 OpenSSH Server Best Security Practices - nixCraft

InfoSec Handlers Diary Blog - OpenSSH Rumors

Anyway, this has taken a couple of hours of time to research and hack out roughly - off to the post office to get some Landy parts to fix some 'vulnerabilities' Of course if you're a Tojo/Nissan nut then these are blown out of all proportion in articles and stop people using LRovers.

Sorry pressed the wrong button. And I guess arguments about Linux are getting off the track of the original thread intent.