Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

What risks of an Outdated Internet Browser?

Off-Topic discussions about science, technology, and non Debian specific topics.
Message
Author
User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

What risks of an Outdated Internet Browser?

#1 Post by bester69 »

They say you must update inmediatly your internet browser, but I'd like to know what are really the dangers of using an outdated Internet Browser.

In windows systems there's the risk a malware software install by itself due to an outdated security hole in the browser, but we're discussing here about a linux system, when there's is no possibility a malware/virus component being insalled or executed by itself as it hasn't got the admin account.

So, What dammages can they do with an outdated browser, if they can't install anything in it?? (phissing maybe??). I'd like to know as ive using an outdated browser for a whole year.. , and i intent to keep doing it for regular use but virtual bank operations :roll:
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: What risks of an Outdated Internet Browser?

#2 Post by Head_on_a_Stick »

bester69 wrote:a linux system, when there's is no possibility a malware/virus component being insalled or executed by itself as it hasn't got the admin account
If you are using Debian with any display manger other than GDM then the X server itself is being run as root and any successful exploits in FF will be able to gain full root access to your system.

https://www.debian.org/releases/stable/ ... uires-root

If any security fixes have been published then the exploits are widely known and will be tried by every script kiddie, to not update is sheer foolishness and this is the reason why FF & Chromium are some of the only packages in the stable release which are kept up to date.

There are also _many_ other ways to compromise the security of the average Linux system and gain elevated privileges, you are very naive.

https://en.wikipedia.org/wiki/Linux_malware
deadbang

User avatar
RU55EL
Posts: 546
Joined: 2014-04-07 03:42
Location: /home/russel

Re: What risks of an Outdated Internet Browser?

#3 Post by RU55EL »

bester69 wrote:[...] we're discussing here about a linux system, when there's is no possibility a malware/virus component being insalled or executed by itself as it hasn't got the admin account. [...]
If you believe that there is no possibility of malware or a virus obtaining root privileges, why are you asking the following question?
bester69 wrote:So, What dammages can they do with an outdated browser, if they can't install anything in it?? (phissing maybe??). I'd like to know as ive using an outdated browser for a whole year.. , and i intent to keep doing it for regular use but virtual bank operations :roll:
If you never lock the door to your house and have never had anything stolen from your house, does that mean that nobody can steal from your house?

[edit]

Carefully read the materials at the links Head_on_a_stick provided. I'm sorry if I've come across as harsh, but computer security is no laughing matter considering the information that many people have on their computers. Linux virus programs exist!

[/edit]
Last edited by RU55EL on 2017-10-20 15:28, edited 1 time in total.

Bulkley
Posts: 6383
Joined: 2006-02-11 18:35
Has thanked: 2 times
Been thanked: 39 times

Re: What risks of an Outdated Internet Browser?

#4 Post by Bulkley »

As always, it depends upon what you do with it. As you noted, you want good security when banking. Depending upon the sites visited there may be nasty little surprises waiting. Sites that specialize in vices (porn, gambling, sex, drugs) are simply not trustworthy to begin with so avoid them.

One of the best things about using Debian is that when I do apt-get install [package] what I receive is clean. Do something similar with Windows and the odds are that it will come loaded with all sorts of crap that can take weeks to find and get rid of. We once downloaded a Windows version of Firefox and it came pre-loaded with hidden commercial redirects.

pcalvert
Posts: 1939
Joined: 2006-04-21 11:19
Location: Sol Sector
Has thanked: 1 time
Been thanked: 2 times

Re: What risks of an Outdated Internet Browser?

#5 Post by pcalvert »

bester69 wrote:I'd like to know as ive using an outdated browser for a whole year.. , and i intent to keep doing it for regular use
Which web browser, and WHY?
Freespoke is a new search engine that respects user privacy and does not engage in censorship.

User avatar
GarryRicketson
Posts: 5644
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: What risks of an Outdated Internet Browser?

#6 Post by GarryRicketson »

Just do a search :
What risks of an Outdated Internet Browser?
There are plenty of results.

User avatar
alan stone
Posts: 269
Joined: 2011-10-22 14:08
Location: In my body.

Re: What risks of an Outdated Internet Browser?

#7 Post by alan stone »

bester69 wrote:What risks of an Outdated Internet Browser?
An outdated feeling of online security.

User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

Re: What risks of an Outdated Internet Browser?

#8 Post by bester69 »

GarryRicketson wrote:Just do a search :
What risks of an Outdated Internet Browser?
There are plenty of results.
Those articles speaks about window viruses, worns, and malware. As you know linux systems doesnt allow propagation, and nothing can be installed without the
authorization and admin password, So that's why I was asking about it. In windows I can understand it, in Linux i still dont get it, I dont see how a security hole in the browser, could infect the own browser, or delete , or steal any home documents, cos to do those operations you need a running program that should run throught the own browser's services, and to do that the browser need to be rewritted its code, and i only see that happening as long as the browser is running in memory ram, once its reopened the bad code would be pushed away and cleanned back. But im just guessing and asking to figure it out
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

Re: What risks of an Outdated Internet Browser?

#9 Post by bester69 »

Head_on_a_Stick wrote:
bester69 wrote:a linux system, when there's is no possibility a malware/virus component being insalled or executed by itself as it hasn't got the admin account
If you are using Debian with any display manger other than GDM then the X server itself is being run as root and any successful exploits in FF will be able to gain full root access to your system.
....
https://en.wikipedia.org/wiki/Linux_malware
I suppose, to get root access, would mean a kernel exploit accesed throught a security browser hole, wouldnt it?., nothing to be with the browser bug..
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

User avatar
HuangLao
Posts: 485
Joined: 2015-01-27 01:31
Been thanked: 1 time

Re: What risks of an Outdated Internet Browser?

#10 Post by HuangLao »

it is foolhardy to say the least to accept the myth that *nix is immune to malware/viruses etc... If the day ever comes when *nix users are a percentage worthy of such attacks then it will be prevalent indeed. Also, there are many rootkits, viruses etc... for *nix, if you use sudo, guess what that virus can find out easily what your "root" password is. Look at Ebury/Windigo and tell me that something as simple as ssh cannot be used as an exploit, or dare I say the Debian openSSL fiasco a few years back.

Your browser is your first line of defense (actually your router), if your browser is hosed, outdated etc... then you are walking around naked in the matrix telling everyone to take a pull for free. Banking is the least of your worries if you continue to use an old browser for anything other then liveCD trivial browsing, why do you think TOR updates their browser often etc....

***Wait a minute, are you not the same person that likes to herald the benefits of frankendebian and having the latest and greatest?

User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

Re: What risks of an Outdated Internet Browser?

#11 Post by bester69 »

HuangLao wrote:it is foolhardy to say the least to accept the myth that *nix is immune to malware/viruses etc... If the day ever comes when *nix users are a percentage worthy of such attacks then it will be prevalent indeed. Also, there are many rootkits, viruses etc... for *nix, if you use sudo, guess what that virus can find out easily what your "root" password is. Look at Ebury/Windigo and tell me that something as simple as ssh cannot be used as an exploit, or dare I say the Debian openSSL fiasco a few years back.

Your browser is your first line of defense (actually your router), if your browser is hosed, outdated etc... then you are walking around naked in the matrix telling everyone to take a pull for free. Banking is the least of your worries if you continue to use an old browser for anything other then liveCD trivial browsing, why do you think TOR updates their browser often etc....

***Wait a minute, are you not the same person that likes to herald the benefits of frankendebian and having the latest and greatest?
See,
Millons of users are using everyday oudated Android's Apps from litle trust sources and i dindnt heard anything bad happening to them. And they've their smartphone full of important documents and stuff and full of all kind of litle trusted apps. Most of them even has litle knowns about security risks,
So my feeling is all this paranoid about security is a so exagerated in a linux system, facts say otherwise, there's litle to be worried if you know more or less what you 're doing.
I think using an oudated browser for a regular use, and preventing bank operations with it, in linux should be ok; the browser code cant be altered, so once its reopened the worm, or whatever that might be exploiting the bug, would be pushed away, getting the code fresh and clean back.

Just think about the millons Android users, installing and uninstalling thousands of apps from litle trusted sources.. Its maddness if you compared with my case,
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

User avatar
stevepusser
Posts: 12930
Joined: 2009-10-06 05:53
Has thanked: 41 times
Been thanked: 71 times

Re: What risks of an Outdated Internet Browser?

#12 Post by stevepusser »

Similar to the risk of running a stop sign on a remote, little-used country road: https://www.youtube.com/watch?v=7Esrly_qWOc

End of the stream: https://www.youtube.com/watch?v=7Esrly_qWOc&t=8732s
MX Linux packager and developer

ruffwoof
Posts: 298
Joined: 2016-08-20 21:00

Re: What risks of an Outdated Internet Browser?

#13 Post by ruffwoof »

I get Bester's point. Security is a procedure not a package/product. Greater risks come from running a browser or other external/network program as root, or other doorways such as from installing browser add-ons, or opening email attachments.

Old browser with known exploit/breakout leaves a hacker sitting at user command level ... what damage could be done. Could steal or delete any of the users files/view emails etc. but if backed up and the content wasn't personal/sensitive that might be of little concern to a casual computer user. Greater concern about privilege escalation ... get access to root and be able to install ransomware or proliferate into other systems behind the same LAN, but most systems are designed to prevent such privilege escalation so by no means a easy choice, easier to attack other vectors such as via updates/addons or human error.

Similar (or lower) risk than having a laptop stolen. If there is limited damage that such a theft could achieve then running older browser is of even less concern?

For many users likely data is the more valuable. Systems are relatively easily/cheaply replaced. Data such a family pictures might be invaluable. Provided you're not particularly bothered about a stranger seeing those pictures or whatever and you have disconnected/offsite backup copies then you're relatively safe.

Computer security is big business and you hear much about potential exploits that are found (and plugged), but much much less so about actual exploits, at least at a single desktop user software breached level. The bigger targets are servers, or human error (getting individuals to disclose their banking details via a telephone call or via credit card skimming ...etc.).

Turn it around and perhaps its safer to use a pristine factory fresh operating system and brand new copy of a browser, booted and used to go directly to your banks web site, nowhere else before or after (shutdown afterwards) ... even though that operating system and browser might be 10+ years old (dated), is perhaps securer than using the latest patched up system, that has been used to browse here, there and everywhere before/after going to your banks website.

User avatar
RU55EL
Posts: 546
Joined: 2014-04-07 03:42
Location: /home/russel

Re: What risks of an Outdated Internet Browser?

#14 Post by RU55EL »

bester69 wrote:
Millons of users are using everyday oudated Android's Apps from litle trust sources and i dindnt heard anything bad happening to them.
I will say it again!
RU55EL wrote:If you never lock the door to your house and have never had anything stolen from your house, does that mean that nobody can steal from your house?
It is your choice to use an outdated browser, or leave your front door unlocked when you leave. But, don't claim that there is no security risk.

There are many vulnerabilities in any operating system. The way to keep them secure as possible is to fix the security bugs as soon as they are found.

If you are using an outdated browser, or other software, with known vulnerabilities, it makes it very easy for someone to exploit your system. If the vulnerability is known, someone with limited computer skills can look up how to use the exploit and use it. It is not rocket science. For example.

I did this years ago, to demonstrate to my employer the need to keep an operating system updated. Using nothing more than instructions and software from the Internet I was able to decrypt the password file and obtain everyones password using an unprivileged account. (My computer did have to run for a couple nights, and most of the password were not very good.) A month later, we had a brand new operating system installed. The method I used wouldn't work today, because operating systems have been updated to prevent it. Unless, of course, you are using outdated software.

User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

Re: What risks of an Outdated Internet Browser?

#15 Post by bester69 »

My point, is
I dont think none in world is looking for a me to rapped me, isnt it?, I dont think none knows me, they dont know my ip, they dont know what its within my computer, and i dont think we both concur in same temporarily gap activity, language, or whatever... and given into my ip, and getting to listen and trying to operate me, when i can inmediatly close the browser or turn off the computer. I mean, to be rapped for someone, there must be a good reason for it. isn't it?? None with enought hacking knowledge was going to put such an efforts at sniffing trying to hacking me in anyway without knowing what is behind the router, there must be a known and good reason for it,i think you can get my point.. Perhaps if i were a knowed server bank, i could be worried to not being enought secured.

I see it really silly the critycal worry of having to update the browser in a linux system. It can't be infected in the code as we're talking about linux persmissions , to practical effects, the app is behaving as it was a hardware device or an old Livecd. And we dont put to update router's firmware everyday, dont we?. Its secure by itself in the same way as any linux apps, as long as they can't hack the user, they cant operate. I dont see it..Its similar to being infected by a virus. I think we've more chances to see The Loch Ness Monster that being hacked.. its just my feeling.. but somene said so about linux viruses, they exists, but none has never seen them, and none knows someone that has ever seen them.. i read that recently in a linux article :mrgreen: .

The only risk i see here with outdated browsers, might be with an infected addon ..supposing that's even possible (by exploiting a vulenerability browser's hole in remote and behing router).
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

User avatar
RU55EL
Posts: 546
Joined: 2014-04-07 03:42
Location: /home/russel

Re: What risks of an Outdated Internet Browser?

#16 Post by RU55EL »

bester69 wrote:My point, is
I dont think none in world is looking for a me to rapped me, isnt it?[...]
OK. That is your opinion, and it is your choice to decide how important security is on your system.
bester69 wrote:I see it really silly the critycal worry of having to update the browser in a linux system. It can't be infected in the code as we're talking about linux persmissions , to practical effects, the app is behaving as it was a hardware device or an old Livecd.[...]
This is wrong! Every single Linux computer can be hacked! It might not be easy, and it is certainly not probable in many cases. To claim otherwise is wrong.

bester69 wrote:And we dont put to update router's firmware everyday, dont we?. [...]
This is true, at least with me. I check for router firmware updates every three months. I prefer DD-WRT firmware.
bester69 wrote:The only risk i see here with outdated browsers, might be with an infected addon ..supposing that's even possible (by exploiting a vulenerability browser's hole in remote and behing router.
Just because you can't see the risk or vulnerability, doesn't mean it doesn't exist.

My point is that it is your choice how much security you want to worry about. But, don't spread the idea that Linux isn't vulnerable. Don't mislead others into thinking there are no threats or vulnerabilities.

nnm
Posts: 16
Joined: 2017-10-07 10:11
Location: /dev/zero

Re: What risks of an Outdated Internet Browser?

#17 Post by nnm »

The problems lie not in outdated browsers but rather browsers not actively receiving security patches as holes are discovered. That, and poor browsing habits.
Debian 9 (Stretch)
Asus Vivobook S551LB

User avatar
debiman
Posts: 3063
Joined: 2013-03-12 07:18

Re: What risks of an Outdated Internet Browser?

#18 Post by debiman »

bester69, you asked a question.
you got some answers.
and now you're doing everything to disprove those answers.
it's like i said in that other thread: you won't listen to advice.

or maybe you just hope for someone to come along and say:
"It's OK. You have permission to run an outdated browser."
There. I said it.
Happy now?

nnm
Posts: 16
Joined: 2017-10-07 10:11
Location: /dev/zero

Re: What risks of an Outdated Internet Browser?

#19 Post by nnm »

debiman wrote:you won't listen to advice.
Hey, at least there is no jumbo sized screenshot in this thread (yet).
Debian 9 (Stretch)
Asus Vivobook S551LB

User avatar
alan stone
Posts: 269
Joined: 2011-10-22 14:08
Location: In my body.

Re: What risks of an Outdated Internet Browser?

#20 Post by alan stone »


Locked