]> The move to Mozilla « log archives « projekt draco

projekt draco

... is where Sunny Wong writes about nothing in particular and everything in general.

The move to Mozilla

My migration to a Mozilla suite for web browsing, e-mail and general net activities, and why you should join me.

Latest news

The latest updates; something you should read before continuing.

Origins Posted : 09 May 2004

I’ve made the neccessary changes to the article to better state I am using Mozilla, not the seperated parts of it… I would recommend Firefox and Thunderbird seperately if they are out of beta versions; currently they are in 0.x versions. Once they’re out of 0.x and into 1.x, I’ll try them, and update this page as neccessary.

Introduction

First line of defence lies in firewall, maybe. Well, that’s where all, if not most, internet traffic to and fro your computer will be captured and analysed before letting them pass. So perhaps you’ve a firewall configured properly, you’ve up-to-date anti-virus in place or more lines of defence set up to keep your computer safe from the outside (internet) world. So, you might debate that I’ve mentioned that even if your system is not patched regularly, your firewall will do its job to stop incoming probes for intrusions. And now you’re 99% if not 100% safe from intrusions, right?!

Partially, with some signs pointing to no.

Why? Damn it, I thought you said as long as I follow your instructions I’ll obtain 99% security! Now I wasted my time doing so.

You’re partially right. In this world of Internet, there are no such things as true 99% security lest say 100% unless of course, you unplug your PC off the internet; so I’m always on the look out for more security. There’s never enough, or too much security! Why? Simply because all software have bugs. Even those software you used as your firewall. And firmwares you use for your routers. They have bugs. Repeat after me, they have b-u-g-s. These bugs can range from some minor glitches and conflicts, to major security issues that could allow intruders to run arbituary codes on your system, more popularly known as buffer overflow. Definitely not something you want occuring in your computers.

And if you don’t practise safe hex, you’ll find yourself operating software that might turn off your firewall and antivirus, rendering your system open to the internet and that’s when problems start. This article serves as an extra to better security and you will still need to practise safe hex.

I’ll be providing links to sites that do, so you might wanna check it out! And what’s left now will be explanation to do.

Some background information

Let’s admit it. We don’t really like the way Microsoft code their software. But for many of us, we still have to use it because we are so used to it that a change of environment could mean unproductivity! And that could mean monetary loss to some people.

It’s a common misconception that since Windows has alot of users, it’s more likely a virus writer will write a virus to target Windows. Partially true. Have you tried Linux yet? Any system-level modification would be prompted and only you decide whether it should be made, not the programs. If only Microsoft locked system priviledges, most of the exploits will never happen. But they didn’t, and with the support of many users that means more vulnerable computers, exploits are being made everyday… most targetting at Windows systems. And the lack of Windows patches being applied by the users due to fear, uncertainty and doubt has made it even better for these exploits to be carried out; so much so Microsoft is planning auto update on users’ systems! Read this! And it has some debating issues over it. So the aim is to use software that require less maintenance, preferably not from Microsoft in this case.

I don’t hate Microsoft. Not for any reason yet. But we know Microsoft had released seriously-bugged software before, after which they will release a service pack for it, and then offer to send to your home with a minor fees, or you can download it over the internet for free. So much for the "Trustworthy Computing" eh?

But I still use Microsoft Windows operating system. I’ve been using it to do my work, play my games. In fact I’m writing this article in Windows! But other than the operating system, I try not to use their bundled programs such as IE and OE. For Microsoft Office, I’ve been using its substitute - OpenOffice. I like it a lot although some formats don’t come out like the way I want them to. But it’s okay, I think I can live with it… at least for now!

And to make matter worse..

And to make things worse…

asasdasd

“Security experts are warning Microsoft customers about silent Internet attacks that exploit a security flaw in the Internet Explorer Web browser, potentially allowing remote attackers to run malicious code on vulnerable machines.”

There’s this “object type” vulnerability discovered by eEyes Digital Security that was supposingly fixed by Microsoft on August 20 when they released MS03-032, patch for the mentioned vulnerability, only to discover it has to be re-released. And now it seems like it has to undergo yet another re-release!

asdasd

The vulnerability is similar in scope to those exploited by devastating worms such as Nimda, Badtrans and Klez, according to one security company. And, to make matters worse, the flaw is one Microsoft said it fixed weeks ago.

Patch doesn’t always mean you’re safe, at least not patches from Microsoft, well you’ll see. If you haven’t read it, please go forth to InfoWorld and read about it! So much for "Trustworthy Computing" isn’t it?

This is but only another reason to abandon IE & OE.

With reference to ZDNet too.

What I did

Yes, I’m afraid someone might plant a zombie in my computer. I’m afraid that someone will exploit my Windows and turn my computer into a living nightmare to handle. I’m afraid my Windows computer might be infected with some computer viruses. I’m also afraid of many other things that could happen only in Windows and not other operating systems. But I’ll do my best to prevent such things from happening, which is why I use a software firewall, deploy an anti-virus software. And the next best thing I could do, is to not use the buggy programs that came with Windows, such as Internet Explorer and Outlook Express.

Some experiments…

Let’s do some practical issues. This might or might not work for you to demonstrate a very serious vulnerability problem in IE. Of course it’s better if it doesn’t!

Please follow this link http://www.lockdowncorp.com/bots/testyourbrowser.html to test if your Internet Explorer is really outdated. The site highlights and uses a vulnerability inside of IE. Please read the site carefully before testing your browser. Internet Explorer is something you should always patch if there’s one available. But I tried it with IE6.0 with the latest patches, it’s not working for me. Which means I’m patched against the vulnerability, are you?

http://bcheck.scanit.be/bcheck/ also has some very neat vulnerabilities checking there, go ahead and try them. I’ve came up with 0 0 0 for low, medium, high risks for both my IE and Mozilla, how about yours?

The 2 links are external links and I accept no liability for whatsoever results you might achieved over there.

I’ve heard Netscape has finally died and discontinued, moving all sources to Mozilla where it will continue its legacy. I didn’t like Netscape so I didn’t think Mozilla would be good. But somehow, one fine day I’ve decided to browse to www.mozilla.org and voila! It capture my attention and I was thinking, no harm trying. I could uninstall it anytime I want.

asdasd

Please note that Firefox and Thunderbird are seperate parts whereas Mozilla is an integrated software. I am using Mozilla, not the seperated parts(Firefox and Thunderbird).

I know it gets kinda confusing; just forget it if you don’t really get it. It doesn’t really matter much.

Nice. Mozilla worked like a charm except for the fact that it wouldn’t display some sites like IE would and that’s a bother, really. For one, I’ve to still use IE to view and login my school website. But its tabbed windows somewhat resembles Avant Browser’s, which I really enjoyed. But Avant Browser’s is thoroughly a single window program with all windows tabbed. Mozilla isn’t; page opening in new window will still open a new window of Mozilla instead of tab. That isn’t much of a problem to trade with better security, is it? So I guessed I’ll live with it.

Migrating to Mozilla from Outlook Express was another story. It involved importing the tons of POP3 mails account I have and that certainly meant some work. So I brought over one account that is frequently used, intending to trial it for a week before deciding. And it was only the 3rd day before I couldn’t resist the beauty of this magnificent program. One of the best things that make me fell in love with Mozilla’s mail client is because it auto-translate those little vertical > into | that forms a line… The interface looks neater, even with its default skin. And if I have to come up with a word to describe it, it would be sleek.

And so, I migrated to Mozilla, from Outlook Express. And now I can read forwarded mails easily - in OE I’ll keep opening and opening and finally getting so many opened windows in the taskbar then I’ll just select group and destroy them all! Infuriating at times. Oh yes, not to mention I do read forwarded mails, just not opening unknown attachments!

Migration took me nearly half an hour to figure out the input areas for many different information, and setting them up to work with K9. But it was worth it. I definitely recommend Mozilla to anybody out there using OE and IE. They’re really faster and more stable although the browser sometimes refuses to display some pages correctly. But due to the fact that I’m worried over the vulnerabilities present in IE that could someday be exploited from the innocent ol’ me, I think I’ll be better off using Mozilla, and occasionally firing up IE to display some stubborn HTML stains in my school’s website. Perhaps it’s due to the tolerance HTML rendering by IE that is rendering the bad codes of my school’s site correctly which Mozilla doesn’t.

I think using Mozilla is much more stable because if it does crash, it won’t bring explorer.exe down as would IE since they’re so closely integrated. But I could be wrong, I’ve been missing out on IE alot lately.

For those who’re using MSIE, I won’t persuade you to drop it. It’s personal preferences that I migrated. You might want to try Avant Browser, I was using it before migrating to Mozilla a while back. It’s based on IE’s core, so always ensure regular patches of both programs; you’ll be awed by the amount of buffer overflow problems discovered and discussed all over the internet regularly should you see them. Read up more here if you decide to continue using IE to learn about locking up IE anyway.

No, I’m not saying Mozilla doesn’t have buffer overflow problems. Just lesser, perhaps, if any. You’ll still have to upgrade it regularly. Just that it’s open source means any problems discovered will be solved faster than it would have been in IE. Though in development stage, it’s looking good. It might be the next big thing in town.

There’re no extra ideas to integrate other programs other than both of them together. Mozilla uses Gecko rendering engine and is far away from the exploits and problems Microsoft has implemented in OE and IE. This application-level integration beats IE/OE system-level integration. Settings in Mozilla is set to the secure level by default. You can also disable HTML viewing and stuffs like that, and although that can be done in OE, I’ll still feel better in Thunderbird.

And no, I didn’t plan on making a review on Mozilla, so I hope this doesn’t sound one. I just wish to explain why I would migrate to Mozilla when I’ve been using IE and OE for such a long time.

What if I don’t change?

Well, you don’t have to. I didn’t, and had been using OE and IE for a very long time. I’ve religiously followed the safe usage of the Internet, locking up dangerous zones, and always patching my software. I’d previously disabled preview in OE, and many other settings that could potentially introduce a virus into my system. But I figured sometimes even the most cautious person will make mistake and step into some wrong sites. So before I become like him, it’s time to move ahead. And truthfully, I’ve Mozilla saved my ass from backdoors A LOT of times already. But I still patch OE and IE should there be one available.

Remember to know your settings if you are still using OE, certain settings enabling things like preview and ActiveX is a potential hazard to your computer.

Remember that exploits through software cannot be protected with the use of simple firewall. Programs such as IE has been allowed access through your firewall, and until you patched IE to solve the problem, the chances of it executing malicious codes without your knowledge is very high. But if you run an anti-virus software, then maybe you’ll be protected against known exploits. And you’ll have to update its signature for it to recognise such exploits. It’s better to play safe. Now you know why it’s so important to always patch your software?

Although with an anti-virus software in place, I’m feeling safer. But an anti-virus software can’t always protect me against other bugged software that I’ve allowed access to the internet. The only choice left would be using a software I believe that wouldn’t be or at least less likely to be affected by the same problem. Mozilla is my choice for replacing IE and OE(Is it yours?). It’s open source and open source means many things. One of it means bugs found are more likely to be fixed in a shorter time than it would be in Microsoft’s software. And also because it is not part of Windows operating system, it is restricted to application-level access only, unlike IE’s system-level access which can cause big problems when exploited.

Conclusion

If you’re still using IE and OE, all the best and remember to patch regularly, and not forgetting the safe settings. But if you’re migrating to Mozilla like I did, good luck on getting used to the changes. Remember that Mozilla is still in heavy development and things might change on the way. The version I’ve written this article on is based on v1.4. And it solely represents my opinion on v1.4. Remember that Mozilla also has new versions and builds coming up regularly and you’ll still have to update it.

Why I did this extra step of moving away from OE and IE while they’re relatively safe if I can configure them correctly is because of the unknown vulnerabilities that configuration won’t help. It’s the way the programs are coded by Microsoft, not the options.

There’re many other programs that can replaced IE and OE but I’m just using Mozilla. I don’t intend to try others. As usual, feel free to mail me if you think otherwise.

One of the site that has a list of many other software for use would be http://lists.gpick.com/! It’s very useful.

6 comments Post your own »

Lucian

Get a mac. :)

draco

I know this is a totally lame-arsed excuse, but I really can’t afford a Mac no matter the cost as I’m still schooling. And this PC is a shared one (though I get to use most of the time). ;)

I’ve been thinking of getting a Mac, and now the BootCamp thing is pretty interesting. But still, I’ll think about it when I CAN afford it.

n3wyDnAc

Actually i duno wtf u’re typing most of the time but i agree tt IE totally sux. Coz even me, the com noob feels tt it sux like hell & i’m FINALLY willing to change frm being ‘used to IE” to using Mozilla, BUT i’m using FIREFOX LEH?! wat u mean by its part of mozilla!?

& wats OE? Microsoft Office got substitute ahh where to get?! I only knew of Lotus as Office sub but duno if it’s available for dl-ing online.

Anywayz Microsoft’s become the Standard OS in the corporate world or watsoever shit, so no matter hw sucky it is, Bill still wins.

*Opinion from a com noob*

draco

@n3wyDnAc: This article is seriously outdated by the way and a little inaccurate, lol. Long story short, there used to be a Mozilla suite that contains a HTML editor, web browser, IRC client and an e-mail client bundled together when Firefox(the then Phoenix) was in beta progress. So I chose to use the (out-of-beta) suite instead of the beta program as my mainstream.

But soon Firefox 1.0 came out and I hopped over to Firefox(web browser)+Thunderbird(e-mail), which are less bloated and load faster compared with the suite. And OE = Outlook express, which I abandoned for Thunderbird.

I’m using OpenOffice 2.0(openoffice.org) in replacement of Microsoft Office so you might to give it a try, it’s free. Been using for 4 years and I’m still happy with its abilities though you should not expect 100% compliance with Office files.

I think Bill won’t win forever. But we’ll see. ;-)

And I’m really surprised you would locate this article and actually read it. lol. Good luck! I think you don’t understand most of what this comment is trying to say but hope I helped!

n3wyDnAc

eh i understand la!!! i tink i understand agar more than 50% la!! outdated u still noe i commented LOL

draco

@n3wyDnAc: eh I got an admin panel for a reason right? haha.
Add a new comment
Your e-mail will be kept confidential.