Desktop CompSec Update (End of 2015)

You have to understand that computer security (CompSec) is a moving target. Every day something new appears to threaten our control over our systems and our sanity.

As always, we need to keep in mind that the primary issue is control of your system. This implies some measure of control over your data, but all the privacy absolutists are chasing a lie. Remember: Once digitized, forever public. Even more important than data privacy is data integrity, particularly in transmission. We want to make sure that no one has an easy time spoofing our identity and saying for us things we’d never say. In similar fashion, we want to make sure when we pull stuff down from the Net that we are getting what’s advertised.

Realistically, CompSec is properly system control and transmission integrity. One of the major elements of morality in technology is honesty. Reputation is a fundamental element of your online presence. It’s reciprocal; you rightly demand it from others. When you detect deception, you rightly become guarded with the source. Consistent deception justifies cutting them off as much as possible. Cynicism is a necessity online.

Given recent revelations that paint Google as not a whit better than Microsoft or any bureaucratic government, I’ve been moving away from using their products. Every big company compromises user wishes in favor of profits (particularly from advertising) to some degree, so it’s a matter of how much trust. Google has really gone way over the line, so when there’s a choice, you should look at other options.

I’ll use GMail because it’s just above the line of tolerance for me. Android? No freaking way. Chromebooks? Nope. Chrome browser? Absolutely not. Other browsers derived from their Blink browser engine (forked from WebKit)? Not if I can avoid it. I’ll keep Chromium around for sites where Firefox simply will not work. But we keep finding sneaky crap Google has done to compromise user control, particularly in snooping. Then they lie about it.

It’s not that Mozilla Project is wholly trustworthy, but they do offer the user somewhat better control. They tend to report honestly what they are doing and how you can control it. And lately their browsers are working better with a wider range of websites. Not just Firefox, but I can actually use Seamonkey on without any problems. It also appears to work well enough on the MS Office Online applications. And Seamonkey is the volunteer project that has no profit motive, so in keeping alive the original Mozilla Suite (which derived from the old Netscape Communicator) they offer an honest measure of user control.

You can also find the ESR version of Firefox (extended service release) which doesn’t pump in all the extra latest-n-greatest features that you may not like. The ESR channel caters to government-corporate environment, where sudden changes are unwelcome. This, by the way, is the basis for Debian’s Iceweasel rebrand of Firefox.

There are other browsers built on the same Mozilla framework. One that is growing in popularity is Pale Moon. It’s a little clunky running on your Linux desktop because the updates have to be installed manually. Their nifty installer script doesn’t work on every distro, and may not put things where you want them. Unless you know how to rewrite it to suit you, it’s easier just grabbing the zipped tarball and installing manually into your home directory. Firefox, Thunderbird (email) and Seamonkey all update in place on Linux if you install it in your home directory where your user account owns the file system. Just periodically check through the menu system: Help > About. If there’s an update, it’ll happen while you watch, then it directs you to restart the application.

Regular readers may recall I’ve often advised compartmentalizing between your various online activities. For example, I use Iceweasel for general surfing and research, Seamonkey for sites that require secure login and for email, and regular Firefox for blogging only. Because of how Mozilla stuff works, Firefox and Iceweasel would tend to grab the same user profile on my system, so I keep them compartmentalized by having multiple profiles. Then I create all my launchers with the proper commandline incantations to make each one use a different profile. It looks something like this:

/home/ed/firefox/firefox -P default --new-instance %u

Parsing: The executable binary is in a firefox folder in my home folder, and it’s name is “firefox” of course. The -P warns Firefox that I want to use a particular named profile; in this case, it’s named “default.” The --new-instance ensures that Firefox won’t recycle the currently running process if I have Iceweasel open at the same time. The Mozilla folks are trying to save your RAM, but it’s safer to create an entirely new process.

Unfortunately there’s no direct route to creating a new profile without using the commandline. You launch it this way on Debian, for example:

iceweasel --ProfileManager

This opens a tool that you can use to create as many profiles as you like, so long as you give each one a different name. Then you can create your launchers (“shortcuts”) as noted above for each profile. Similar language is used for Windows shortcuts, but I don’t have room to explain here how to do that. You can look it up easily enough…

Check out the addons (Tools > Add-ons). I always add the ublock advertising blocker. While Seamonkey has their own wiping tool (Tools > Clear Private Data), the one for Firefox doesn’t work quite the same. You can get a Click & Clean that does a better job for Firefox variants. I have no need for other extensions, and some of them may not be totally honest about what they do, but the two I named have never been caught in a lie yet.

Finally, I note that if you are running CentOS 7 (or some other Red Hat clone), you can always run the Mozilla stuff because either CentOS handles the update or the generic downloaded versions (select 64-bit only) are compiled on CentOS in the first place (last time I checked). Keep in mind that the primary reason for selecting any of the Red Hat clones is longevity; your OS will be supported — bug fixes and security updates — several years from now. Google is scornful about such goals and builds all their stuff on the latest-n-greatest, refusing to even advise Red Hat developers on how to make it build on their long-lived systems. If you just have to have that Blink engine on your Red Hat clone, maybe Opera will eventually offer something for you. Or, you can always try Slimjet if you get the generic 64-bit zipped package. You can install it the same as the generic Mozilla stuff in your home directory, but it’s a little clunky because every time you install or update (reinstall), you have to use the commandline and setup the sandbox (a required security feature) using root permissions.

At any rate, Mozilla stuff is the way to go right now if you need a full service browser, regardless of your OS.

About Ed Hurst

Avid cyclist, Disabled Veteran, Bible History teacher, and wannabe writer; retired.
This entry was posted in computers and tagged , , , , . Bookmark the permalink.

3 Responses to Desktop CompSec Update (End of 2015)

  1. Benjamin says:

    Thanks for the tip about an ESR channel. I hope to look into that soon and avoid all these frequent update messages I have been getting. The rest is good too… But I may be using it later rather than sooner. I’m still mostly on Win 7 but working toward more Linux in my house.


  2. Benjamin says:

    I have a refurbished (new to me) Win7 machine which comes with IE. I would like to install sea monkey on it or some other Mozilla based browser without opening IE to download it. I could probably download on a different machine and move the installer with a USB drive, but o would prefer to use FTP to download directly. Do you know of an FTP site that has a Mozilla-based browser for download? I have searched for one, but the references I have come across seem to be no longer up. It might be a better idea to download to a different system and just start saving to a resource DVD. Thoughts?


  3. Ed Hurst says:

    It is not well published but all of the Mozilla projects are available from direct FTP. The trick is to grasp their convoluted setup. You have to drill down into the right folder for the current release, the right language, the right OS, etc. Here is the link to the current release for Windows in US English:


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.