Why do I (you) still keep using older (v12) version?
-
-
blackbird71 last edited bySeveral points should be kept in mind about risks to browser security. First, all exploits "cost" to create, in time and/or money. So a key question is how the exploit author views the cost/reward ratio for creating exploits aimed at certain browsers. Since there's always some author who may create something just because he can, there will always be a finite (though small) risk that any browser at any version level might be successfully targeted. However, most exploit authors aim for targets offering the best chances of success against the most installations, or that offer possible entry points into the richest private networks. From that standpoint, the lowest likelihood of being targeted by new exploits lies with the lowest-usage browsers, unless they are known to populate large or rich private networks. In that regard, "old" Opera browsers stand in a better position regarding risks of targeting by new exploits than other more popular and numerous browsers.
However, a second point to consider is that exploits are digital - they have no expiration date. So exploits that were successful against old browser versions of any brand can be kept "on file" to be automatically applied against such browsers whenever they "come knocking" at the exploit purveyor's door. In reality, many "nasty" malware sites examine the user-agent strings or employ JavaScript techniques to auto-tailor their attacks from a list of available malware specifically aimed at the inquiring browser brand/version. In such a situation, "old" unpatched browsers fall easy prey to such sites.
Third, not all exploits are created equal. Some merely foul up the browser, hijacking search engines or inserting ads or pop-ups... but in these cases, the trouble may not extend much past the boundaries of the browser. Other malware uses the browser weakness as a portal into the system, installing key-loggers or all kinds of malware infection-partners or bots - and these are the exploits most threatening to a typical user's privacy and identity. Unfortunately, "security exploits" is a broad term that blurs the distinction. The point here is that exploits against just the browser itself may not in every case rise to the threat level presented by exploits that use the browser to attack the system... hence certain patches may not seem as important to a user.
Finally, some exploits are of a more general nature, attacking weaknesses in protocols (think in terms of "Poodle"), rather than specific browser engines themselves. In these cases, "old" browsers are in a peculiarly awkward place, since they are unlikely to ever become fully-patched, and any external remediation of the protocol flaws at servers or sites may leave "old" browser functionality crippled or deficient. In such cases, the security repercussions could be serious, but the remedial paths very limited if some kind of remedy outside the browser (in the OS or anti-malware, etc) can't be supplied.
The bottom line remains intensely personal as to how one reads the security risks applying to them specifically when using a particular browser, especially old ones. However, over the years my experience has been that most folks will under-rate the level of security risk applicable to them until they have been hit by a successful attack. Just sayin'...
-
Deleted User last edited by
Thanks for the informative post, blackbird. There's a lot to digest here.
-
pqr3 last edited by
Opera having dramatically changed its configuration, it may be helpful to others to be aware of my use of Opera Notes in particular.
Notes, to me at least, is a greatly underrated function of Opera. As it has been deleted from Opera 15, Opera 12.15 is the last Opera browser version I'll be using. My Opera Notes files are actually a large collection of media articles from the internet, each note therefore being between 500 and 3000 bytes in size - being grouped by category and subcategory, which naturally alter as more are added. It is much easier to move and regroup them in Opera than in a Word file. Also large Word files (up 6,000 pages of text) are unstable, and as inconvenient as Opera's autosave function.
As Notes are automatically created with URL &c, the Copy to Note function is - especially en masse - much more convenient than cut-and-paste to a Word document. Having tried about a dozen note/bookmark managers, my strongest comment is how excruciatingly bad some of the design and programming really is. Only one of those programmes even sort of allowed using the first line of whatever was copied as the title line - so simple, as Opera does, yet they couldn’t even get that right! As a group, they are dreadful; Opera pre-15 was a browser, yet it is a better (also simpler, and more versatile) Notes Manager than any of them.
Unlike most users, bookmarks are of absolutely no value whatever to me. Indeed, bookmarks' only value is that up to Opera 9.27, one could use Bookmarks as a temporary storage/transfer hub, which is much more precise and reliable than importing. A very useful function, lost from 9.50 and now completely gone with Opera 15. Unlike File > New and File > Import, the File > Open feature in Bookmarks allowed the current file to be neatly closed and the desired one opened. So the overall Notes collection can easily be broken down into lots of smaller files, rendering the time lost to autosave much less important.
So I still use both 9.27 and 12.15.
-
A Former User last edited by
I use old opera because I like it better and 99 plus percent of sites I frequent still work. And I am not worried about any kind of risk. I suppose by risk we talking about some hacker getting our banking passwords and taking all our money, right?
-
shandra last edited by
laingman: more ore less things like "buffer overflows",etc. Something where you pass some executable code into the system via "unhandled exceptions"/"bad memory managment"/etc. -> some way to infiltrate the system via an app (in this case the browser or corresponding plug-in (Java/Flash/Acrobat/etc.) that the infiltrating code doesn't need the browser/reader/player/etc. anymore afterwards...
That's why it is always a good advice to scann one system once in a period (weekly/month/quarterly/...) via an external boot (BartPE/Rescue System/...) - as the security measures within the system may have become corrupted.
And in disregards to Leushino, that is my POV - regular scanns from an external source, regular backups and partition images, system partitioning and folder redirections (Documents/AppData/etc.) to different partitions/HardDrives... Bla...
So to say, every possibilities of Drive/Folder Organization that MS is with each advancement in Windows Versions so eagerly against (Fit the system to the Dummy Users, take away customizability)... -
shandra last edited by
Ok, and if I would know how to modify my recent post I would like to replace at least my typo of leushina to leushino (as I don't meant any offence or cynical misspelling) - sorry for that!
-
ruario last edited by
Ok, and if I would know how to modify my recent post I would like to replace at least my typo of leushina to leushino (as I don't meant any offence or cynical misspelling) - sorry for that!
You click on the Cog underneath your Monkey badge.
P.S. Typo corrected.
-
A Former User last edited by
That's why it is always a good advice to scann one system once in a period ... via an external boot (BartPE/Rescue System/...) - as the security measures within the system may have become corrupted.
How do you do that?
I suppose by risk we talking about some hacker getting our banking passwords and taking all our money, right?
No, Laingman. Read Blackbird's post above.
-
blackbird71 last edited by
... And I am not worried about any kind of risk. I suppose by risk we talking about some hacker getting our banking passwords and taking all our money, right?
By "risks", most knowledgeable people refer to all the collective kinds of digital security risks that go with a browser flaw becoming an avenue for a successful malware attack against just the browser, the host computer, or the entire local network (if any) the computer might be connected to. For example: key-loggers, file- or drive-destructive viruses, file stealers, spyware, adware, scareware, dns hijackers, password/log-in stealers, bots, malware relays, remote controllers, and countless other forms of malware. Some of these are thieves, stealing data or identity information off the computer and whatever it connects with; others are destructive, damaging files or drives or hardware controlled by the computer; while still others force your system into remote-controlled malware networks that infect or exploit other systems without your knowledge.
Once malware has successfully gotten beyond your browser into the system itself, there is almost no predictable limit to what it can do to or through that system... often, the first thing malware will do is to covertly import still more malware types onto the system. The importance of what is on the computer or what/where the computer is connected to dictates the degree of overall risk to a user of a given software vulnerability that enables penetration into the computer.
-
-
-
shandra last edited by
joshl: Well, the german computer magazine C't has included with their magazine periodical for some years now a AV Scann CD (Article) with 1 years licences for some ScannEngines (current CD: Avira/BitDefender/Kaspersky/ClamAV)(the CD is based on a minimal Ubuntu).
With Avast you can create a Bootable Media from within the AV Application, and AFAIK some other Manufacturers (like Avira) are offering downloadable isos for such a media on their sites.
-
Deleted User last edited by
Ok, thanks all. Still not scared of any risks tho
Then you're very foolish. Anyone reading what blackbird just posted and still saying that it doesn't really concern them is in denial. Denial? Oh... it can't happen to me! I'm very knowledgeable and careful about my browsing habits. I've known very knowledgeable technical writers to have their systems compromised and their identity stolen by just what blackbird described. To continue to run with an old, unpatched browser is foolishness.
-
shandra last edited by
Still not convinced - as blackbird has said "once compromissed"... And thats (at this time) more within the type of user and computer usage, then for the browser (presto). Even the best secured system is on the edge of becoming infected if the user just calls for it ...
So far (forgetting about Amiga Times and infected Public Domain Discs, etc.) my PC System (to my knowledge) was just compromissed once and that was in a scenario (win2k times) where I deactivated all security meassures (Firewall/AV Scanner) to test something - and as I was prepared for it, I previously (as one should regularly do) backed up the whole system (partition images for system/program partition) and data (regular copy to removable media), so that wasn't any problem at all... -
donq last edited by
leushino, it is you who are in denial - you have protected your PC with a lot of software (and hardware) and think you are safe. This is called 'false sense of security'.
Did you glue USB ports as well - about half of USB devices are subject to such clever attacks, which cannot be detected with usual tools? Another half may be subject of not yet known attacks of sourse
In other hand I know very well that I'm not safe and what can be happen, using PC in 'ignorant' manner (CIF happened once to me actually, it was quite nasty to recover my single important database afterwards). Quite possible I'm underestimating my risks, but these are my risks; I do not press other users to change their behavior.
Sorry for offtopic, but leushino's "relevant and on-topic" personal insults just need to addressed. Well, this doesn't help of course
-
Deleted User last edited by
dong: use what you like. I think one needs to update to the latest version which is PATCHED for security glitches. It's true that one can never be perfectly safe BUT it's also true to try and reduce your risk factor by taking safety precautions. It's known that at this time of year there will be thefts of packages from one's front door. However, it's also true that by having security cameras over the doorway and signs warning would-be thieves away, you will reduce the likelihood of theft. Airbags on the front dash and side curtains will not necessarily save your life in an accident BUT they will reduce the chance of a fatality. In the same way, an updated browser will not guarantee your security while online BUT like the other examples it will act as an aid in keeping you more secure than running with an older, unpatched browser.
And please stop turning this thread into personal attacks. Stay on-topic. Thanks.
-
blackbird71 last edited by
As noted earlier, the issue of "security risk" is intensely personal. No two users will look at the situation the same way, as it applies to them.
I liken it to crossing a busy street. One can look both ways several times with both eyes unobscured, walking quickly to the other side. One can do it with eyes half blocked by headware. One can do it with one eye closed (or missing). One can do it with both eyes closed (with or without a white cane). One can do it by crawling across, instead of walking. Or one can elect some combination of the above. In fact, one can even elect not to cross the street at all. What a person actually chooses to do while/if crossing depends on his past experiences with traffic, his estimate of his own crossing speed, his estimate of the nature of traffic flow on this particular day, his habitual attention to personal safety, his tendency to show off his recklessness versus his leaning toward phobia about being hit, and a million other factors.
However, the chances of a browser with demonstrable security vulnerabilities being successfully attacked by some kind of malware are mathematically greater than for a browser with no such vulnerabilities. The web browser is one of the greatest portals to the "outside" and unpoliced world of the Internet. Given that even "layered security" (including 'safe-hex') has finite weaknesses, use of a web browser with known vulnerabilities adds greater security risk to the mix than not using such a browser. Whether that rises to the level of causing a user to abandon that browser is, of course, where the "intensely personal" decision element comes in. It depends on the person, what (if anything) he may be concerned to protect, and whether he has been burned in the past by malware compromise. Suffice it to say: "You pays your ticket price, and you takes your chances."
-
A Former User last edited by
Stay on-topic.
Let me put it this way.
I play games. Now it's Neon Race 2 quite frequently...
What I want to say is sometimes, when I "buy" more handling - I accidentally crash more! Due to what?
It's psychological: I 'buy' this handling - then I tend to feel that the car's gonna handle itself to a much more extent, but I overestimate that "self-handling" - it is ME that handles the car, not some "purchased overdrive".Well, that applies to some people - certain people who are skilled enough already (or "feel good"), but when they "overpurchase" some "system automata" ("ultimate" upgrade in our case) - they might tend to overrelax - and miss something*:)*
However, the chances of a browser with demonstrable security vulnerabilities being successfully attacked by some kind of malware are mathematically greater than for a browser with no such vulnerabilities. The web browser is one of the greatest portals to the "outside" and unpoliced world of the Internet. Given that even "layered security" (including 'safe-hex') has finite weaknesses, use of a web browser with known vulnerabilities adds greater security risk to the mix than not using such a browser. Whether that rises to the level of causing a user to abandon that browser is, of course, where the "intensely personal" decision element comes in. It depends on the person, what (if anything) he may be concerned to protect, and whether he has been burned in the past by malware compromise. Suffice it to say: "You pays your ticket price, and you takes your chances."
Agreed*:)*
(Who's was thats suffices guys, by the ways?) -
.