Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Secunia finds Netscape8.x as a security threat.

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
All Threads

This thread has been marked as locked.
stan3 Secunia finds Netscape8.x as a security threat.
Member 22nd Nov, 2009 22:29
Ranking: 0
Posts: 1
User Since: 9th Oct, 2009
System Score: N/A
Location: N/A
I have installed Netscape 9.x which should have gotten rid of 8.x. After a scan, the result shows up as "0 threats detected" but the next time I boot up my computer, it is back as a security threat Cat. 4. How can I get Secunia to keep finding threats which no longer exist?

Maurice Joyce RE: Secunia finds Netscape8.x as a security threat.
Handling Contributor 22nd Nov, 2009 22:46
Score: 11620
Posts: 8,911
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Where does PSI say the vulnerability is?

FINDING A VULNERABILITY FILE PATH
=================================

To locate the exact file that the Secunia PSI has detected, use or switch to the ADVANCED interface, then :

1 Click on the + sign of the programme to "expand' it.
2 Click on Technical Details in the Toolbox to see the installation path of the detected file. (Copy (CTRL+C) & paste (CTRL+V) the Installation Path of the file back to the Forum if U are unsure what to do next)).



--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
goyta RE: Secunia finds Netscape8.x as a security threat.
Member 24th Nov, 2009 07:37
Score: 0
Posts: 10
User Since: 10th Jun 2009
System Score: N/A
Location: São Paulo, BR
Netscape 9.0 is from 2007. AOL announced that it had ceased all support and development for Netscape in early 2008. You are basically using dead software (a sad end for a major milestone, because I still remember Netscape's heyday, how good it was for its time, what it meant to the Web and how it made it possible for the Web to be what it is).

This means Netscape will not have any new security patches, and it is likely that there will be many incompatibilities with modern Web design trends and the plug-ins needed for them.

I'd suggest that you uninstall Netscape and try using Firefox, which is a direct (although branched) descendant of earlier versions of Netscape. The last versions of Netscape actually closed the circle and were based on Mozilla code back again, but by now that code is very outdated. Firefox is very light on system resources and will run even on old PCs with a slow CPU and little memory for today's standards.

Actually, things have reached a state where one has to use more than one browser to have a complete Web experience. I use three: IE 8 (rarely, and avoiding it as much as I can, but this is not always possible), Firefox 3.5 (my default and more usual browser - I'm using it now) and Google Chrome 3 (occasionally, for speed and for some Chrome-optimized sites - yes, they already exist!).

I would recommend avoiding Safari, though - it's even more easily hacked than IE (and contrary to Apple's reputation, its interface is a disaster).
Was this reply relevant?
+0
-0
thedillpickl RE: Secunia finds Netscape8.x as a security threat.
Contributor 25th Nov, 2009 02:31
Score: 376
Posts: 872
User Since: 3rd May 2009
System Score: 100%
Location: US
Hi goyta;

I'm really on the wrong thread here, so forgive me. I mostly use browsers just to get somewhere on the net (like this forum). I don't understand all the intricacies.

I have become aware that Firefox uses "tabs" to run workarounds for certian sites & I believe you may run an "IE tab" to do things such as run MS Update.


Fred

--
XP Home
Chrome, Firefox, IE8
--
consilio et animis
Was this reply relevant?
+0
-0
goyta RE: Secunia finds Netscape8.x as a security threat.
Member 25th Nov, 2009 10:36
Score: 0
Posts: 10
User Since: 10th Jun 2009
System Score: N/A
Location: São Paulo, BR
on 25th Nov, 2009 02:31, thedillpickl wrote:
Hi goyta;

I'm really on the wrong thread here, so forgive me. I mostly use browsers just to get somewhere on the net (like this forum). I don't understand all the intricacies.

I have become aware that Firefox uses "tabs" to run workarounds for certian sites & I believe you may run an "IE tab" to do things such as run MS Update.

Fred


OK, Fred, let me try to keep things simple (though, I'm afraid, still long). Sometimes I do get carried away and that's a serious flaw I have... Sorry! :-(

Netscape: it is DEAD, not maintained or supported any more. This means that any vulnerabilities it may have that allow hackers or malicious Web sites to "invade" your system will not be fixed. You are at serious risk using it. Don't!

Mozilla Firefox: it is alive and well, under continuous development and support, with minor updates always being released to correct eventual bugs and newly found vulnerabilities. Because Firefox directly descends from earlier versions of Netscape, you may find it easier to learn than other browsers. It is generally considered to be safer to use than Internet Explorer. You can get Firefox from http://www.mozilla.com/ .

Internet Explorer (IE): It is already there in Windows and many Web sites are still optimized for it. So, why not use it? Because it is very insecure! I will spare you the technical details, but it suffices to say that it makes the job of installing and running malware on your system much easier and more likely than with other browsers (though none is perfect or 100% safe).

This is related to the very way IE is designed to work, intimately integrated to Windows itself. So, no security patch will be able to eliminate its inherent design weaknesses (though patches should still be applied anyway, because IE is used "in disguise" by many other programs). The same applies to some security features Microsoft introduced in IE 7 and 8 - they will indeed protect you from some kinds of threats, but IE remains open to most of them. There will be occasions when you will have to use IE anyway, but otherwise avoid using it as much as you can!

Google Chrome is a very interesting browser, simple to use and a lot faster than any other browser, but it still has some limitations (such as not supporting Java, essential to use most Internet banking sites, for example). So, I wouldn't recommend Chrome to be your main or sole browser. If you want to have a look, go to http://www.google.com/chrome/ .

There are many other browsers, such as Opera, Apple Safari, SeaMonkey (also a Netscape derivative), but I believe you'll be better served with Firefox, eventually with Chrome as well. Safari has had a poor security record on Windows and should be avoided.

----

Now, you asked about tabs. Firefox was the first major browser to implement tabs and make them mainstream, but now the latest versions of all browsers have them. The idea was too good and quickly became too popular to be ignored.

Tabs are not what you thought they were: they simply mean that the browser can open more than one Web page in the same window, and you switch between them clicking on little title bars on the top, just like the actual tabs used to separate paper documents in office cabinet files. Believe me, once you get used to "tabbed browsing", you'll wonder how you could ever live without it! Tabs make surfing the Web much swifter and more productive. You'll see for yourself.

In spite of the name, IE Tab has nothing to do with tabbed browsing (at least directly). It is simply an add-on for Firefox (there are hundreds of optional Firefox add-ons available, little programs that you can install on the browser to implement all sorts of additional functions - some very useful, some just exotic).

IE Tab is used to display a Web page in a Firefox window or tab, but internally using Internet Explorer to do the job. It is useful when you are surfing with Firefox and encounter a Web site that will only display or function correctly on IE. Yes, you can even run MS Update with it, but I'd still advise you to use the proper shortcut in the Start button menu and open IE itself to do it. This is not really what IE Tab is intended for.

However, IE Tab doesn't work with Firefox's latest version (at least here), and it is increasingly becoming unnecessary, as Firefox is steadily gaining market share and pages that won't be rendered properly on it are getting rarer every day; they used to be common in the past, but now I can't remember when I last found one. It should be stressed that when you open a page with IE Tab, you are really using Internet Explorer, with all its security weaknesses - Firefox becomes just an outer shell that doesn't actually do much. So, be careful!

Any further doubts? Ask. I'll be glad to try to help you.
Was this reply relevant?
+0
-0
Anthony Wells RE: Secunia finds Netscape8.x as a security threat.
Expert Contributor 25th Nov, 2009 16:33
Score: 2428
Posts: 3,316
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 25th Nov, 2009 16:38
Hello goyta ,

No need to apologise for verbosity , everything you have said makes easy understanding at my non-techie level and your time taken is appreciated .

I have two questions relating to your last two paragraphs :-

In my IE Tab settings , MS/Windows updates are preset and the latest version of IE Tab 1.5.20090525 seems to auto select IE for me as I navigate to these pages . I have used it to update my PC for a long time now , with no problems (crosses fingers) to date - I don't run the auto update but custom select at MS updates.

Is there a significant reason to run IE direct instead ??

I am not sure what you refer to at the beginning of the last paragraph as I can switch here between Ff and IE , as in this Forum site , within Ff version 3.5.5.

Could you clarify that a little.

Thank you again and take care
Anthony

PS: Fred's middle name is actually "verbosity" :o))


--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
goyta RE: Secunia finds Netscape8.x as a security threat.
Member 25th Nov, 2009 19:04
Score: 0
Posts: 10
User Since: 10th Jun 2009
System Score: N/A
Location: São Paulo, BR
Anthony, IE Tab stopped working when I updated from Firefox 3.0.x to 3.5. In later minor updates (such as from 3.5.4 to 3.5.5), I found that other add-ons stopped working as well, but started working again if I uninstalled and reinstalled them. It might be possible that this would happen with IE Tab as well (especially as Firefox still shows it as active), but I just haven't missed it, as it is now very unusual to find a page that won't be displayed properly with Firefox, as both Web designers and Firefox itself have adapted themselves to each other.

There is no increased risk in using IE Tab rather than IE directly, other than IE's inherent risks themselves. However, the main situation for which I still occasionally use IE is for certain Web sites with functional content that depend on IE - for example, some on-line antivirus scans that I run once in a while to supplement my regular antivirus' own detection, and that use ActiveX technology, a form of running programs inside the browser that only works on IE.

Such a scan will usually run for hours, and for mere convenience I prefer to keep my browsing proper separated from it - I might carelessly close the Firefox window or even a separate window when finished browsing, especially now that I'm using Windows 7, which groups taskbar icons by default and makes it easier for you to do that. That is, in this case IE Tab might cause the weak link located between the keyboard and the chair to mess things up... :-)

Windows Vista and Windows 7 don't use a browser window to perform MS Update, but a Control Panel applet instead (though this is one of many situations when IE is still used "in disguise", as I mentioned earlier), so IE Tab is irrelevant for it.
Was this reply relevant?
+0
-0
Anthony Wells RE: Secunia finds Netscape8.x as a security threat.
Expert Contributor 25th Nov, 2009 19:38
Score: 2428
Posts: 3,316
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Thank you goyta ,

That clears things up nicely .

A final point concerning Chrome , my latest version stable release version 3.0.195.33 shows as using JRE U 17 in PSI "secure browsing" and gives me a "positive" message at this link :-

http://www.java.com/en/download/chrome.jsp?locale=...

I can go to my bank which requires JAVA and have "normal" A/C access (even though I normally use Ff in sanboxie) . My comment re Chrome would tend to be that some of the "add-ons" like Flash and Java are (not yet) not fully secured in/by the Chrome sandbox system , as I understand .

I don't know where or how to validate this any further in a way I can understand .

Take care
Anthony


--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
goyta RE: Secunia finds Netscape8.x as a security threat.
Member 26th Nov, 2009 03:36
Score: 0
Posts: 10
User Since: 10th Jun 2009
System Score: N/A
Location: São Paulo, BR
I saw that same warning regarding Java in Chrome, and since Chrome is an alternative browser for me and my main use of Java is for Internet banking, I thought I would not trust something as sensitive as that to an unsupported feature. I also consulted my bank's technical support and they said Chrome is not supported.

I switched banks a couple of years ago because my account was robbed of a significant amount (almost my entire earnings that month, just as I had been paid), and somehow the fraud was committed on-line. I was eventually repaid but it took some time, a lot of hassle and an emergency loan in the meantime.

So, I have reason to be very wary of anything related to on-line banking security. But avoiding on-line banking is not much of an option. Here in Brazil banks are all streamlined to work using extensive automation and networking - in fact, we have one of the most high-tech banking systems in the world, though this is not really a reason for pride (it stems from the fortunately finished hyperinflation period of the 1980s and early 1990s, when banks had to push information technology to new limits to be able to cope with the crazy economy of the time), and everything pushes you to use technology along with them.

Back to Chrome, one of the main criticisms of it is that its architecture is closed to add-ons and plug-ins, and Sun may be encountering problems to implement Java fully in it, though Adobe Flash, also a plug-in, works perfectly.
Was this reply relevant?
+0
-0
Anthony Wells RE: Secunia finds Netscape8.x as a security threat.
Expert Contributor 26th Nov, 2009 14:53
Score: 2428
Posts: 3,316
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hello again goyta ,

Your comments strike a chord with me ; although the IT side of my (French) bank is highky geared IT and security wise , I had the instance of someone using my card account to purchase 15€ of Skype time , immediately after an on-line purchase with a "highly reputable" company .

Everyone thought I was joking and only after serious time with Skype and my bank did they come up with the fact that "I" had "transferred" my purchase "overnight" ; as "I" had not , they cleaned up for me satisfactorily ; whether they caught the villain and where he/she/they were in the chain they refused to say.

At least my regular on-line checking of my A/C caught the felon "red handed" , so I guess things cut both ways !!

Take care
Anthony

PS: In case anyone is wondering 15€ x 1,000 = not to be sneezed at !!

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
thedillpickl RE: Secunia finds Netscape8.x as a security threat.
Contributor 26th Nov, 2009 23:58
Score: 376
Posts: 872
User Since: 3rd May 2009
System Score: 100%
Location: US
Thanks goyta;

I didn't really expect such a detailed reply to my post. As mentioned, I know little about browsers, but have been checking out threads such as this to learn. You are correct that I replaced the term "add on" with "tab", my bad.

As one who has put time and effort into responses, I appreciate the time you have taken. BTW, do not take the word of Anthony in referance to me. My middle name is Lee, my last name is verbosity!


regards;
Frederick Lee Verbosity

--
XP Home
Chrome, Firefox, IE8
--
consilio et animis
Was this reply relevant?
+0
-0
Anthony Wells RE: Secunia finds Netscape8.x as a security threat.
Expert Contributor 27th Nov, 2009 22:33
Score: 2428
Posts: 3,316
User Since: 19th Dec 2007
System Score: N/A
Location: N/A


Hello FLV ,

Don't think that that allows you the last word !!

Anthony ;o))

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability