Firefox 4
 

Came out the other day.
My 3 series upgraded yesterday, so I checked today and from the Help menu I hit check for updates, and it offered to download and install itself.

Mine does not look much different than the older one, and it is missing some buttons on the top bar like in the Tour pictures you get after the installation.

It does seem to be faster though, but one of my add ons for AVG anti virus that shows safe sites to click on when you do a :google: search does not work.

They wanted me the add on would not work until AVG updates it and submits it in.

Anyone else using it, and what do you think of it?

I do not use IE except for updating Windows.
I simply do not like that browser at all.

Also the bottom status bar is gone giving you more screen to view, but when you mouse over links it will show the URLs below, kind of cool.

I have noticed it to be a little faster and a little more stable myself

I stopped using firefox, thanks to chrome.

Would you guys say giving the new firefox a chance? or sticking with chrome?

photobucket uploader add-on doesn't work with it. :bag: gonna give it a shot anyway. Looks pretty cool though. At least my web developer tool bar still works. :great:

X2 same here

I would definitely recommend giving ff4 a try. Its very speedy.

But I do think that FF3 felt a little more homey and organized. 4 seems a little more thin and rushed, but I think that was the point, to make it faster.

I do enjoy the new speed of it though. Very quick!

Use Lynx! No other browser can come close to how fast and non-resource intensive Lynx is.

I'm trying out FF4 on my work machine before I upgrade to it at home. Still hating the fact if I have only one tab open I can't close just the tab to get a blank one (like you could in FF2 and earlier FF3 releases). It feels snappier but when I have my typical 30+ tabs open it still bogs down like FF3.

My work machine has the latest versions of Lynx, FF, IE, Chrome, and Opera installed on it. I use Lynx for most of my browsing and FF for when I want to see pictures. IE, Chrome, and Opera are only there because I do development for our company intranet and need to verify that things work across multiple browsers. I don't like IE because I'm not used to using it anymore and can't stand the little quirky differences between it an FF; IE 8 and IE 9 are actually pretty decent browsers and a lot better than previous incarnations on the security-side and resource-side of things. I don't like Chrome because I do not enjoy the concept of every tab being it's own JVM and potentially using more resource than IE. My concept of system security is "don't give a crap about the Windows machine and keep everything important somewhere else" so I don't need my browser to setup little jails for every tab. As for Opera? Just not my thing, I don't need it's robustness or functionality and really neither does 99% of planet Earth.

Does this mean you don't store anything on your windows machine? IE bugs me because it gets extremely annoying when notifying you of SSL connections or certificates. Real PITA if you ask me. Its also significantly slower than FF.

I store everything important (work stuff, important documents, anything I basically don't want someone breaking onto my Windows machine to access) on a FreeBSD file server but keep plenty of crap on the Windows machine. It also helps having the OS installed on a separate drive from anything I actually store on that computer. If my Windows machine becomes compromised then I just nuke and pave though I have never had to put it into practice and frequently keep Windows installs around for several years.

I've got a Centos box setup as a proxy/firewall in addition to my router IP/MAC filters. :great: So far so good on this FF4. I've got borderline Govt. security type stuff going on here. Ain't no one getting through it.

Want me to run a penetration test against your setup? :P

My Windows machine is the DMZ, raw internet really is the best-tasting internet.

penetration over the net??

xxtreme what is the need for your centos proxy? Doesnt your router take care of that anyways?

Attempt to break through his setup and then tell him how I did it if I do it so it can't happen again.

Generally speaking a consumer-grade router will... generally protect you. From? Not much. You are a little more effort than someone not using one, usually not worth that effort despite the fact that you could probably Google remote bypass methods for any consumer-grade router.

He just wants more protection, same reason why I use pfsense.

Both of which probably have loads of easily Googled exploits.

Yes, but this would require his public IP address. The only way people can attempt penetration testing over a WAN is by obtaining someone's public address, or running a dns lookup on their domain name. Otherwise, unless his address is public there is no actual purpose for this. Unless you traveled to his area and had physical access to his local network.

I agree that consumer-grade routers might not be the best defense, but using a router actually adds a TON of security to your network. It renders your public address useless (assigning private addresses to each host inside the network) in WAN attacks. Also, on top of your computer's firewall, you can enable your router to block certain ports and also block IP/ MAC addresses to prevent outsiders from entering your private network, correct?

Google up Network Based Application Firewall and network appliances. A router will only do port forwarding/blocking and encryption. All of which can be broken and bypassed using certain trojens. IPTables is also much more customizable in Linux. ModSecurity is what I mainly use to thwart attacks, but I am still learning it so can't really go into too many details, but it can be configured to notice any types of bypass attempts by whatever calls might be passed using http based attacks.

I also run a LAMP test server on the centos box which is why I use ModSecurity. DoS attacks are common and it's nearly impossible to accomplish with the proper setup of ModSecurity.

See latter comment of mine, there are certain non-standard ports I need open and are open to attack, ie DoS, php sql injection etc etc. Also google up port scanners. I don't need to give out my IP address for someone to find me and attempt access.

Im sorry for some reason I forgot to consider the fact that you might be maintaining a server....is this the case? If it is then this is completely different.



If you are talking purely by client software, how would someone attempt to access your internal network without your public address?

Not trying to argue...just wondering. Networking is my major, and I still have alot to learn. :nerd:

correct, maintaining LAMP test server. not "public" but publicly accessible. for added security, I have all te applications running on non-standard ports as well. BUt can be found using port scanners. ie Apache is not on port 80, 443 is being used on a different port etc etc..

hmmm ok...but still the only remote way anybody can even try to bypass your firewall, and access any internal hosts on your network, would be to run a dns lookup and get your (public) address, correct? then from there, modify or bypass your gateway.

Uh... actually, if -I- wanted xxxtreme's IP and he wasn't willing to give it to me I'd grab it from here. Jelsoft, the company that made the software YT runs on, doesn't exactly write secure software. Of course that assumes Corey hasn't done anything to fill holes or lock stuff down.