Which Moonchild Productions Browser Is Most Secure Today?

General discussion and chat (archived)
User avatar
JoeyG
Astronaut
Astronaut
Posts: 653
Joined: 2017-06-12, 13:27
Location: How can you be in two places at once, when you're not anywhere at all?

Which Moonchild Productions Browser Is Most Secure Today?

Unread post by JoeyG » 2018-12-14, 14:19

Today is 14 December 2018.

I just updated my portable version of the PM unstable build. The internal update worked fine, by the way.

While waiting for the program to restart, I started to wonder about the relative security of the very latest versions of PM release, PM unstable, and Basilisk.

I'll try to make my question as simple as I can: Today, right now, about 15.00 Central European Time, which of the three browsers is "most secure"?

Thanks.
"And you can believe me because I never lie - and I'm always right."
(Asserted by George Leroy Tirebiter* and my wife; only the latter is telling the truth.)
*Firesign Theater version

User avatar
Isengrim
Board Warrior
Board Warrior
Posts: 1325
Joined: 2015-09-08, 22:54
Location: 127.0.0.1
Contact:

Re: Which Moonchild Productions Browser Is Most Secure Today?

Unread post by Isengrim » 2018-12-14, 14:30

My guess is that they're about equal since they all build on relatively recent versions of the UXP platform.
a.k.a. Ascrod
Linux Mint 19.3 Cinnamon (64-bit), Debian Bullseye (64-bit), Windows 7 (64-bit)
"As long as there is someone who will appreciate the work involved in the creation, the effort is time well spent." ~ Tetsuzou Kamadani, Cave Story

User avatar
JoeyG
Astronaut
Astronaut
Posts: 653
Joined: 2017-06-12, 13:27
Location: How can you be in two places at once, when you're not anywhere at all?

Re: Which Moonchild Productions Browser Is Most Secure Today?

Unread post by JoeyG » 2018-12-14, 14:38

Isengrim wrote:My guess is that they're about equal since they all build on relatively recent versions of the UXP platform.
OK, thanks. Any other comments? Thanks.
"And you can believe me because I never lie - and I'm always right."
(Asserted by George Leroy Tirebiter* and my wife; only the latter is telling the truth.)
*Firesign Theater version

New Tobin Paradigm

Re: Which Moonchild Productions Browser Is Most Secure Today?

Unread post by New Tobin Paradigm » 2018-12-14, 16:09

Despite Basilisk being rolling release and Pale Moon being stable release they both get any sec updates at the same time because security fixes are top priority and those fixes are uplifted to the relevant branches and builds are pushed out.

The same goes for Interlink Mail & News which is a rolling stable release in which the platform follows Pale Moon's release branch but the "comm part" is not restricted to just that and is closer to the trunk so I can release more often if needed. Which is exactly what I did this morning. However, I will always release when Pale Moon does regardless of changes to the "comm-parts" or lack there of.

As for safety, Basilisk is development software and includes DRM capability and that means blackbox code we can't control if enabled. WebRTC gets security updates along with everything else but also can have privacy concerns if enabled but those while existant in Basilisk they are disabled by default and users will have to accept any risk of enabling them.

As such, I personally consider Pale Moon safer (but just as secure) than Basilisk when those are enabled because I see little personal benefit to Basilisk without intrest in Australis targeted extensions, webextensions that have almost completely progressed out of range, webrtc, and drm. So take that pure opinion of preference how you will.
Last edited by New Tobin Paradigm on 2018-12-14, 16:30, edited 8 times in total.

User avatar
JoeyG
Astronaut
Astronaut
Posts: 653
Joined: 2017-06-12, 13:27
Location: How can you be in two places at once, when you're not anywhere at all?

Re: Which Moonchild Productions Browser Is Most Secure Today?

Unread post by JoeyG » 2018-12-14, 18:22

New Tobin Paradigm wrote:... As such, I personally consider Pale Moon safer (but just as secure) than Basilisk when those are enabled ...
Thank you very much.
"And you can believe me because I never lie - and I'm always right."
(Asserted by George Leroy Tirebiter* and my wife; only the latter is telling the truth.)
*Firesign Theater version

User avatar
athenian200
Contributing developer
Contributing developer
Posts: 1498
Joined: 2018-10-28, 19:56
Location: Georgia

Re: Which Moonchild Productions Browser Is Most Secure Today?

Unread post by athenian200 » 2018-12-14, 18:39

I think Pale Moon itself is probably the most used and well-tested, so I would just stick with that for now.

But in my opinion, I see Pale Moon as a browser that's primarily focused on freedom rather than security (although security is definitely something they pay attention to). You need look no further than Chrome and Firefox to see what happens when a browser becomes so obsessed with security and locking everything down that users simply aren't allowed to have any real freedom. No plugins, very limited extensions, not allowing you to view sites without a particular kind of security certificate that costs money, fearfully relying on a service like Google Safe Browsing for "protection," etc. Privacy and freedom are done away with in the name of security, and most people just shrug and accept it.

In my opinion, security isn't something you should rely on a browser to provide for you. That's the mentality that created Chrome... people abdicating their responsibility to protect their own machines/devices and relying on OS/Browser vendors to do it for them by keeping up a constant arms race of updates that patch vulnerabilities faster than malware authors can exploit them. Instead, you should consider setting up a firewall, and perhaps subscribing to some kind of internet suite provided by an antivirus company. Use plugins that block dangerous or undesirable sites. Maybe even use something like OpenDNS as your DNS server. Perhaps run the browser in a VM and keep it as isolated as possible from the host OS. But most importantly, use common sense, be careful when entering sites you don't recognize, and type a site's URL manually rather than clicking a link in an e-mail when you get a strange-looking account alert. If you want real security and not just baseline protection anyway, you generally have to be careful, knowledgeable, and willing to pay for it.
"The Athenians, however, represent the unity of these opposites; in them, mind or spirit has emerged from the Theban subjectivity without losing itself in the Spartan objectivity of ethical life. With the Athenians, the rights of the State and of the individual found as perfect a union as was possible at all at the level of the Greek spirit." -- Hegel's philosophy of Mind

User avatar
JoeyG
Astronaut
Astronaut
Posts: 653
Joined: 2017-06-12, 13:27
Location: How can you be in two places at once, when you're not anywhere at all?

Re: Which Moonchild Productions Browser Is Most Secure Today?

Unread post by JoeyG » 2018-12-14, 18:52

athenian200 wrote:... If you want real security and not just baseline protection anyway, you generally have to be careful, knowledgeable, and willing to pay for it.
Thank you very much for your observation. What you've written is certainly correct: ultimately, the human link is pretty much always the weakest in the security chain.
"And you can believe me because I never lie - and I'm always right."
(Asserted by George Leroy Tirebiter* and my wife; only the latter is telling the truth.)
*Firesign Theater version

User avatar
therube
Board Warrior
Board Warrior
Posts: 1650
Joined: 2018-06-08, 17:02

Re: Which Moonchild Productions Browser Is Most Secure Today?

Unread post by therube » 2018-12-16, 17:30

You need look no further than ... Firefox to see what happens when a browser becomes so obsessed with security and locking everything down that users simply aren't allowed to have any real freedom.
Firefox has locked users out from having meaningful extensions, useful experiences.
Firefox may have also locked extensions out from accessing parts of the browser (maybe even OS) that they (perhaps) shouldn't.

But...

Firefox allows anything & everything in its wondrous webextensions mean that they can "steal" from you.
If you develop an extension - a webextension, one that is purposely malicious, feel free to put it up on AMO, as it's gleefully accepted.

Blocked Add-ons

Locked