Tag Archives: Mozilla

Ubuntu 8.04 Hardy Heron – First impressions

I’ve been following Ubuntu since it’s inception in 2005 with Warty Warthog which was labelled 4.10. Each year since then they’ve released two versions a year – one in April and one in October – and this is where the version number comes from. For example, the 8 in 8.04 is from the year 2008, and the 04 is the fourth month of the year.

Each release has been getting better, and especially the last version (7.10) which I thought was a definite contender. So Ubuntu 8.04 was released today and I’ve just finished ‘installing’ it and giving it a very quick test.

I put ‘installing’ in quotes, because if you’re running Windows, Ubuntu have created an impressive installation called Wubi. This allows you to install it on your Windows computer without having to make any changes to the disk partitions. They do this by creating a folder called Ubuntu on either your C or D drive and install all the necessary files in this folder. Then, with a simple modification to your boot options, when you first turn on your computer you can choose between Windows or Ubuntu. Here’s a screenshot of the Wubi installation manager:

Wubi installation manager

Once Wubi finished installing, I rebooted choosing the newly added Ubuntu option. Ubuntu loaded up quickly and I was presented with a login box. I had already set up the first user account in the Wubi installation manager as you can see in the installation window above. After logging, I was impressed to see that my screen resolution was set to the correct size, sound was working, and a network icon in the top menu bar indicated that there were available wireless networks available. I selected my wireless network, enter the secure key and connected successfully.

Wow.

What just happened there isn’t possible with any other operating system on my notebook. Not Windows XP, Vista or any other flavour of Linux that I’ve tested. The key hardware was detected automatically and I didn’t have to install any additional drivers or software to get up and running. That’s impressive – and all that without needing to repartition or reformat my disks.

So once again I’ve been impressed with Ubuntu, but there was one major problem – and this was a show-stopper for me. Ubuntu have always prided themselves on providing the absolute latest software and sometimes on the bleeding edge too. So I wasn’t completely surprised that they included Firefox 3.0, but I also wasn’t happy as it’s still in beta and in my opinion still has a way to go before being complete. This becomes obvious when trying to install addons, even installing the Adobe Flash plugin through up an error after just browsing for a few minutes.

For me, my internet browser is the most important tool on my computer, and I absolutely need it to be as stable as possible. That’s why I never run beta versions of Firefox as my default browser. So I tried to install Firefox 2 by using the add/remove programs applet but I couldn’t find anything apart from the version that was installed.

I’m sure that I could have installed Firefox 2 by downloading it directly from Mozilla but it just annoyed me that they would think that a beta version of Firefox would be fine for the typical home user.

Safe computing for your home

On the TV1 Breakfast show this morning, Paul Henry was interviewing Peter Griffin about security software for home computers. In my previous field engineer roles, and my current role as "IT guy" for my extended family, I’ve got a lot of experience setting up and securing home computers as well as small business computers (ones that are not managed by a central server.) I’ve also had a lot of experience fixing computers that have been infected with viruses, trojans and other nasties.

So naturally I have strong opinions on the topic and I tend to disagree on some of the points that Peter was recommending. So here is my advice on securing a home computer running Windows. (See note at the end if you’re running a Mac or Linux.)

Note: This turned into a rather long article – I encourage you to read the whole post, but if you’re in a rush, at least read the summary at the bottom.

Operating System

Starting at the bottom of the stack, if you’re buying a new computer get Windows Vista. I have lots of gripes about Vista, but it is far more secure than Windows XP, and will be supported for the next 5 years. If you’ve already got a computer you should be running Windows XP with service pack 2. If you’re not running service pack 2 on Windows XP, your computer is vulnerable to attacks. If you’re running any operating system prior to Windows XP, such as Windows 2000, Windows ME, Windows 98, etc, your computer is extremely vulnerable and you should probably just upgrade to a new computer running Vista. (Again, see note at the end if you’re running a Mac or Linux.)

You can check your operating system and service pack version by clicking on Start, then Run, and typing: "winver" (without quotes) and pressing enter.

Automatic Updates

Now that we’ve decided on the operating system, you need to make sure that it is kept up to date. This is one of the most important parts of maintaining your computer. As soon as Microsoft release updates to the operating system, hackers start creating malware that targets the vulnerabilities. It’s effectively a race between you and the hackers, which is why I recommend always installing updates as soon as they are released – and rebooting once they are installed.

There is a fear that updates can break your computer if you install them straight away, and there have been some cases in the past where this has been true, but you are far more likely to be infected by a virus by not updating, than you are of having a new update break your computer.

Windows makes it very easy to keep your computer up to date – just go to the Control Panel through the Start Menu, then find the Automatic Updates icon (or Windows Updates icon in Vista) and select "Automatic" which is labelled as the recommended option.

Most other software you install on your computer will also have some mechanism for keeping it up to date. Adobe (Acrobat Reader), Apple (Quicktime, iTunes), Sun (Java) all provide update mechanisms that usually use a scheduled task to check for updates. All of this software is also vulnerable to bugs and attacks so it’s important to let the software notify you when there is an update to install.

This is especially true of your Internet browser of choice. Whether you use Internet Explorer, Firefox, Safari, Opera, etc, it’s important to keep it up date as this is the software that you use the most to interact with the Internet. My personal favourite is Firefox and this is the most secure browser to use in my opinion. Running Internet Explorer on Vista with User Account Control (UAC) enabled has the added benefit of running as a limited user so is also less vulnerable to attack.

Firewall

The single most important security software on a computer is the firewall – in fact, I can’t imagine ever running a home computer without a firewall. If you’re only going to take one piece of advice from this post, then make it the firewall.

If you have Windows XP or Windows Vista then you have a firewall built in, and you need to check that it’s turned on. Head back into the Control Panel, open the Windows Firewall icon, and turn it on. It’s that simple.

More advanced users running Windows XP, should use a third party firewall such as Zone Alarm, as you have more granular control about what comes in and goes out. But for home users not needing to allow any inbound traffic, then the Windows XP firewall is fine.

If you’re running Windows Vista, there’s no need to run any other firewall as the one provided by Vista is superb and has been greatly improved upon since Windows XP. Advanced users on Vista can tweak the firewall to their heart’s content by using the Windows Firewall MMC snap-in which you can get to through the Administrative Tools.

The benefit to using the Windows firewall instead of a third party firewall, is that Microsoft have designed it to hook in to the networking aspects of your computer. So if you enable file and print sharing, then Windows will open the necessary firewall ports.

Antivirus Software

If you’ve followed the previous three steps, then you’re in pretty good shape already. You’re running a supported operating system, your computer software is patched and up to date, and you have a firewall protecting you from network attacks. However, this does not prevent you from downloading a virus from the Internet, or opening a virus-infected attachment from your emails.

This is where antivirus software comes in – it runs in the background on your computer, monitoring all of the activity going on, looking for viruses that it knows about and also looking out any other suspicious behaviour.

There are lots of different antivirus products available today, some free, most of them not. I don’t recommend using the free software to home users, as you have no guarantees that the software will be kept up to date. I also don’t recommend buying ‘suites’ of software – such as the ones from Symantec/Norton, or McAfee. These suites try to take over whole your computer with their own recommended settings, and you get showered with cryptic alerts, slow performance, and unreliable behaviour from your computer.

My current recommendation is to install Trend Micro Internet Security 2008. This is by far the best antivirus software I have used to date, for the following reasons:

  • It’s lightweight and won’t slow down your computer
  • It’s easy to use
  • It’s easy to configure
  • And you aren’t forced into using all of their settings

During installation of the software, you are asked if you want to install the firewall – I always say no, as I’m quite happy with either the Windows XP or Vista firewall. And once the software is installed, step through each section and turn it off – apart from real-time virus monitoring. All you want antivirus software to do, is to protect you against viruses – anything else will just get in your way and annoy you. If you’re using a desktop email client like Outlook, Outlook Express, Windows Mail, Thunderbird, etc, then you also need to select the antivirus option to scan your emails.

Antispyware Software

Antispyware software generally comes in two types – the basic editions require you to run a scan over your computer so that it can find all the nasties, and the more advanced editions run as a service on your computer like the anti-virus software and constantly monitors your system. Most antivirus software products today have at least some basic antispyware functions that can be enabled.

If you’re running Windows Vista, then you already have Windows Defender installed and running and you need to do nothing else. Defender runs in the background monitoring your computer and updates to the software are delivered through Windows Updates.

If you’re running Windows XP, then you can download and install Windows Defender for free, which you can’t go wrong with. More advanced users may want to use several different versions of antispyware software at the same time, tweaking each one to suite their needs, but an average home user will be well protected with Windows Defender.

Phishing Filter

A phishing filter monitors the web sites you visit and looks out for sites that attempt to deceive you into thinking that you are visiting another site. A common example is a site that looks just like your Internet banking site but is actually a site created by hackers to encourage you to give up important financial information like your account names, passwords, pin numbers, etc.

Hackers use clever techniques by crafting web addresses that are long and confusing to tell whether it is a valid address or not. Phishing filters attempt to identify these dodgy addresses and warn you that the site is not legitimate.

Unfortunately, phishing filters are not yet as advanced as antivirus scanners and lots of dodgy sites don’t get picked up. This means you can’t rely solely on the phishing filter as a means of defence. But Internet Explorer 7 and Firefox 2 both have phishing filters built-in and should be enabled for an added layer of defence.

Common Sense and Dancing Pigs

The last layer of defence should be your common sense. Don’t rely purely on the security software on your computer from protecting you. Don’t trust any attachment that is sent to you – even if it comes from someone you don’t know such as friends or family. Don’t forget that if a friend’s computer gets infected with a virus, there is a chance that the virus may email itself to that friend’s entire address book, making it look as if your friend sent you a joke email.

This is where the Dancing Pigs comes in. In computer security circles, dancing pigs refers to how users will always choose dancing pigs over computer security. Bruce Schneier explains the phenomenon as follows:

If J. Random Websurfer clicks on a button that promises dancing pigs on his computer monitor, and instead gets a hortatory message describing the potential dangers of the applet — he’s going to choose dancing pigs over computer security any day. If the computer prompts him with a warning screen like: "The applet DANCING PIGS could contain malicious code that might do permanent damage to your computer, steal your life’s savings, and impair your ability to have children," he’ll click OK without even reading it. Thirty seconds later he won’t even remember that the warning screen even existed.

If this sounds like something that you do on a daily basis – beware. But take heart in the fact that it’s not your own fault – software developers have made us ambivalent towards security messages over the years, as we get so damn many of them – most of which are safe to ignore, most of the time…

A classic example of this is Windows Vista’s new User Account Control (UAC) feature which is enabled by default on Microsoft’s new operating system. The theory behind this is that you are forced to run as a limited-rights user so that you aren’t able to do any accidental damage to your computer (like running dancing pigs applets.) This is a great idea, and is already implemented on both Macs and Linux, but the implementation of UAC was so poor, that from the first time you turn on your computer, you are bombarded with warning messages for even performing the most trivial of tasks. This forces you to become numb to the messages, and you just get into a routine of clicking "yes" for everything that pops up.

Microsoft won’t admit to UAC being a poor implementation, but they are changing the amount of alerts you receive in service pack 1, which is going through testing at the moment. So they must be aware of the problem.

Backups

Although backups aren’t strictly related to computer security, ensuring that have a good backup system could be priceless should your machine get so terribly broken from a virus that it can’t even boot up and needs to be reinstalled.

How many of you have your only copy of your digital photos sitting on the hard drive of your computers? Imagine how you would feel if that hard drive broke, or the contents got erased, or your computer got stolen.

I recommend a three-pronged approach to backing up your important data:

  • Keep your important data cleanly organised  on your computer and set up a backup routine either manually or using software such as the built-in backup software in Windows.
  • Backup all your important files to a separate, external hard drive, or DVDs/CDs, or to another computer or server in your house.
  • Then create another backup of your important files offsite – i.e. not in your house or possibly even your neighbourhood.

The third step seems a bit over the top at first, but keeping a backup of your photos on DVDs is no good if your house burns down or gets flooded. The best way to backup your photos to just upload them to a photo sharing site like Flickr – you get the added bonus of being able to show off your photos to friends and families. And if disaster ever strikes, your photos are preserved online and can be downloaded again in the future. For other important files, there are various online backup companies starting up but prices do vary so it’s worth shopping around.

In Summary

To summarise, here’s a check-list for safe computing:

  • Make sure you’re running a supported operating system. Windows Vista or Windows XP with service pack 2. Nothing earlier.
  • Make sure that your operating system is up to date with Windows Updates, and make sure that all other software is kept up to date too.
  • Use a firewall! The Windows built-in firewall is fine, only use a third party one if you know what you’re doing.
  • Use antivirus software – but don’t let it take over your whole system, this just causes more problems. Disable the bits you don’t want to run.
  • Use antispyware software – Windows Defender is good.
  • Use the phishing filter built into your browser, but don’t depend on it to be 100% accurate.
  • Use your common sense – treat all email attachments with caution.

Apart from purchasing antivirus software (Trend Micro Internet Security 2008 costs about $100), everything mentioned above is already built into your operating system or web browser and costs nothing extra to use.

Using a Mac or Linux

This post has focused on Windows only, but most of the same principals can be applied to either Macs or Linux computers. Historically there have been very few viruses found in the wild for either operating system, but as both Linux and Macs gain in popularity (as they are now) there will no doubt be more hackers targeting them. Don’t sit back and think that you’re secure just because you’re not running Windows.

Firefox plugin – Tabnail

The next version of IE has a feature that displays all of your open tabs as thumbnails in a seperate tab. Not to be outdone, a plugin has released which does the same thing for Firefox. It’s really cool – you can add the button to any toolbar or click on the icon in the status bar, and a new tab is opened that contains thumbnails of all the open tabs. You can switch to a tab by clicking on the thumbnail or close a tab by clicking on the close icon in the corner of each thumbnail.

Link here: AJAX Yahoo! Mail/foXpose/Tabnail – Viamatic Softwares

Firefox 1.5 Beta 2 has been released

News just in….

Firefox 1.5 Beta 2 is now available for download. This is the second Beta release of our next generation Firefox browser, to be released later this year, and it is being made available to our developer and testing community for compatibility testing and to solicit feedback.

Project page here: http://www.mozilla.org/projects/firefox/
Release notes: http://www.mozilla.org/products/firefox/releases/1.5beta2.html
Direct download here: http://download.mozilla.org/?product=firefox-1.5b2&os=win&lang=en-US

Thunderbird 1.5 Beta 1

Just noticed that Thunderbird 1.5 Beta 1 has also been released so I’ve downloaded and installed it and will give it a good testing over the next couple of weeks. First impressions:

  • Offline support has been removed from the installation options, this is now part of the standard build
  • Product version shows up as Thunderbird 1.4 after installation – this must be an internal product version.
  • Options dialog is the same as the new Firefox beta 1, with the category icons at the top of the box.
  • New feature – Spell as you type. Works very well, leaves a faint, dotted, red line beneath incorrectly spelled words – right-clicking the word presents the choices of new words.
  • While testing the new spelling feature, I downloaded the English (New Zealand) dictionary which comes in the form of an XPI extension. Interestingly, after installing the extension using the Extensions dialog box, Thunderbird didn’t need to be restarted for it to take effect. I wonder if Firefox works like this too..?
  • New feature – Email scams. “Thunderbird can analyze messages for possible email scams by looking for common techniques used to deceive you.” I guess this is also know as anti-phishing…
  • New feature – Anti-virus. “Thunderbird can make it easy for anti-virus software to analyze incoming mail messages for viruses before they are stored locally.” This sounds like an interesting new feature, not sure how it would work though?

Wow – some excellent new features in there and that was only after 10 minutes of poking around!

Firefox 1.5 Beta 1

I’ve been using the new beta 1 version of Firefox 1.5 since it came out and so far I’m impressed. It’s extremely stable for a beta 1 product, and although you don’t notice any significant changes at first, there’s definitely been a whole heap of changes made under the hood.

The first thing you notice when you install beta 1 is that you will probably get told that your existing plugins aren’t compatible with the new Firefox. I was running All-in-one Gestures and the official Google Toolbar, and neither were compatible. Once installed I headed straight for the Options to see what has changed there – and this is the first big sign of the new version as shown here:
New Firefox options dialogue

The actual options are all very similar to the previous version, but they are now laid out with the categories at the top. A new feature is the “Clear Private Data” locate under the tools menu. Clicking on this option opens the following box which is fairly self-explanatory:
Firefox Clear Private Data

Another new feature which I definitely like, is the new error pages for display on 404 errors and the like. This takes away the annoying pop-up boxes that show up in the previous version.
Firefox Server Not Found

Not sure what my favourite new feature is yet, but another cool feature which I love is the ability to drag and drop tabs so that you can change the order of them. I often have ten to twenty tabs open at a time and it really helps to be able to move them around. So far, I’m really enjoying the new beta 1 and I haven’t found anything wrong with yet – I definitely recommend downloading and testing it today!

At last… Plaxo for Thunderbird

I’ve been using Plaxo for a while now to manage my contacts, and apart from some of the quirks (like repeatedly spamming all your contacts with updates requests) I really like the service. My biggest complaint has been that it doesn’t support Thunderbird which I use at home with my IMAP accounts.

Well that has just changed with the release of Plaxo for Thunderbird (Beta) – first noticed on Mark Jen’s blog. I’ve already tested it and it does work well although not perfectly. The Plaxo toolbar which shows up in Thunderbird after installation is not customisable which means that the icons can’t be downsized to small icons which looks a bit odd with the theme I’m using (see below), but that apart it seems OK for a first release.

You can download it here: http://www.plaxo.com/downloads/tbird.

Thunderbird screenshot with Plaxo toolbar