if im using kmeleon as my main web browser how safe is the browser when it comes to expoites and any other problems that might accure. Is it safter then Internet Exploror? thanks for the help.

I have been using K-Meleon to buy things on eBay and perform bank operations online for years without an issue.

Just be sure to use a proper firewall, antivirus and anti-spy software, as everybody should do with any browser.

I recommend the Kaspersky Suite (antivirus and firewall) and Spybot (freeware anti spies).

Anything is safer than IE, which is the black sheep in the browser family

AFAIK K-Meleon and Opera have had the fewest known security problems the last few years of the windows browsers listed by the Alternative Browser Alliance. Source: Google "secunia k-meleon" Google "secunia Opera".

I use K-M for everything, have for years, and I seldom bother about the Micro$oft updates. But I use a firewall and various other good things. My malware scans are the world's most boring.

K-Meleon is very safe. I do banking, buy from E-Bay and some surfing the net. I use AVG anti-virus, Ad-Aware, and the XP firewall. Mostly the only thing I get flagged for is one tracking cookie. I have used KM since .7 or .8 and I love it. IE is loaded but I never use it. KM is set as default browser.

Just today I replaced RC2 and 1.02 with the just released 1.1 and I do not expect to have any issues of security at all.

With all do respect, I don't believe the original poster is looking for "i use it so it must be safe" reassurance.
Obviously, this browser is based on Mozilla and is well designed. My concern, and likely the concern of the original poster, is that the browser doesn't seem to be updated frequently when security issues are identified in the Mozilla family. For example, we just had a Firefox update at the end of May to fix various vulnerabilities. Do these same vulnerabilities extend to k-meleon? I don't know, but I would imagine they do. Shouldn't there be a security fix for k-meleon when new vulnerabiilities are identified?
I get the impression that this isn't an urgent concern.......therefore I don't think the average user can trust k-meleon. I would like to see more emphasis on security because I really like the lightness and speed of k-meleon.....

The latest Firefox vulnerability is not affecting K-Meleon.

All I know is about spoofing the url where Firefox must connect for the add-ons updates except those trough https.

There is another about the use of resource:// urls but if it is solved is solved in the 1.8.1.4 gecko version which K-meleon uses.

You must understand that K-meleon, if I'm not wrong, doesn't use the Firefox files but Seamonkey/Mozilla.

The new K-Meleon 1.1 has the same security level as Firefox 2.0.0.4,
as it uses the same Gecko engine 1.8.0.4. You can see that,
when you open the about: file of the two browsers in their
help menu. They have a build difference of four days only.
Official K-Meleon versions may appear a bit less frequently
than Firefox, but they are also less endangered, because
they are not completely based on XUL, while Firefox is.
Besides that, there are unofficial updates by forum people,
as soon as problems appear, as you can see for example
in this thread :
http://kmeleonbrowser.org/forum/read.php?1,70556

Fred

Quote
AlanK
My concern, and likely the concern of the original poster, is that the browser doesn't seem to be updated frequently when security issues are identified in the Mozilla family.

Alan,
Not all security issues affect K-Meleon, so it is not always needed to update GRE when the XUL based cousins of K-Meleon get a GRE update. But IMHO You are right we should always officially update K-Meleon's GRE when a new GRE is available - even if not needed technically - it is an advertisement


p. s. Why did I use "officially updated"?
Informations how to update K-Meleon's GRE and K-Meleons with updated GRE were always since 01.04.2005 available here via this Forum. That is since about the same time when they started to find new bugs every once in a while. So if anyone is/was concerned this is the place to ask for updated versions ( we users can not patch files but the files from Mozilla.org are sufficiant for most uses ).

The next most severe is Firefox Cross-site IFRAME hijacking where an attack against about:blank frames could allow malicious code execution. Zalewski also published two medium-threat vulnerabilities, one each for Firefox and Internet Explorer. Firefox file prompt delay bypass allows an "attacker to download or run files without user's knowledge or consent." And, finally, Internet Explorer 6 URL bar spoofing is a URL spoofing vulnerability. This last vulnerability does not affect Internet Explorer 7.

http://news.com.com/8301-10784_3-9725125-7.html?part=rss&subj=news&tag=2547-1023_3-0-5

When will K-Meleon feature anti-phishing security feature? Also I think other plugins such as searchbar plugin should be packaged within the K-Meleon executable. Since version 1.1, it's been working flawlessly with no bugs whatsoever. Good job on K-Meleon developers. Also download.com still hosting version 1.02. 1.1 is more stable than the previous version too. 1.02 occassionally crashed, but no more.

Quote
James
K-Meleon is very safe. I do banking, buy from E-Bay and some surfing the net. I use AVG anti-virus, Ad-Aware, and the XP firewall. Mostly the only thing I get flagged for is one tracking cookie. I have used KM since .7 or .8 and I love it. IE is loaded but I never use it. KM is set as default browser...

Even having IE on the computer is a security risk. Check out http://www.vorck.com/remove-ie.html
(Note that some of these people are quite... passionate... about IE removal. Bear that in mind.)

And don't rely too much on the XP firewall. Try Comodo firewall (http://www.personalfirewall.comodo.com/). Check out their overview pdf!

This isn't to tell you what to do; it's rather to inform you all of some other security issues. Research it yourself, then go with what's best. (Like K-Meleon!)

K-Meleon is safe, but I think - so sorry - that Opera Portable Oneuse is really safer and faster than any Trident or Gecko browser, including K-Meleon of course.
http://www.kejut.com/download/15

What? You say that Opera Portable Oneuse is safer and faster than K-Melon. If thats what you think, then you really have no idea of what fast is.

Quote
Mr Cooper
Check out [www.vorck.com]
having IE on the computer is a security risk
don't rely too much on the XP firewall

Last I recall it seems that slipstreaming updates/patches for Windows apps/OS's from any where other than MS is no longer legal.

Using IE browsers for nearly a decade and had been hit with one virus and few harmless spyware. Any browser or other app can be a security risk if it's user is a security risk. The only reason I choose to use KM is because of its great speed.

For a software firewall, the Windows Firewall excellently performs it's functions when permissions or exceptions are properly applied. The only big difference between the Windows Firewall and most other basic software firewalls is that the WF monitors only incoming traffic. I myself use the ZA product for two-way monitoring of traffic which is not a necessarily great improvement based on the practices of it's User. But whether the WF or any other software firewall, many parasites that do find their way onto a system many times are capable of disabling software firewalls and or anti-virus/spyware apps. The best firewall is that of hardware/Router. And while no one app of any nature offers complete or infallible security, any such app can always be rendered useless based on the knowledge and practices of it's User. In-built security is always helpful, but in nearly all cases security begins and ends with the user and users should certainly be aware of this. Just as we should not depend on strangers to lock our front doors at night.

Charlie

~~If it ain't broke, why screw it up?~~



Edited 1 time(s). Last edit at 11/05/2007 01:12PM by caktus.

The problem with IE is that even if you practice security you still get infected thanks to IE's holes. I'm talking from experience here. Never had any malware since moving to Mozilla/SeaMonkey.

Inspite of safe prcatices just picked up a virus yesterday and all I been using lately is KM. And been going nowhere but all usualy places. "Holes" are everywhere. Regardless how careful we are or what browser, OS, security or other software we use stuff happens. Nothing is impervious to trespass.

Charlie

~~If it ain't broke, why screw it up?~~

As caktus points out, there will always be holes. Some things, and it seems to be the gateway for most viruses, come through email, email attachments, or even the graphics in the email, not the browser. Sometimes it is not the browser but something in the interaction with a javascript that opens us up to problems - so, for example, even Firefox 2.0.0.9 has been "breached" in this way. Cookies are often used to track us and some may have an effect of spyware or even make up susceptible to spyware being installed. K-M has a pretty decent track record of not being quite so susceptible as the other Mozilla browsers, but when something is discovered, the needed correction is found by one or other of those who know the browser. It is a pretty safe browser.

Hey, guys, sorry if this sound a bit off-topic. But I guess you should take an interest at reading the posting about surfing protection layers under the topic "Surfing with javascript disabled". It's kind of related, I think. Sorry for any inconvenience.

"Surfing with javascript disabled" is and interesting topic.

BTW, turned out the virus was a false positve. this was my fix. Or rather seems to be, so far. I guess time will tell.

Charlie

~~If it ain't broke, why screw it up?~~

question: is k-meleon safe?

safe in which context? safe compared to internet explorer, yes. Internet Explorer is the founder of all spyware, because it is so easily exploited.

Why no updates? Where are those precious security updates? Think about it... In microsoft products, and ruined software like firefox, they are continually releasing security updates that just seem to make the program slower and introduce more complexities and even flaws. <ie the latest firefox has a horrendous memory leak>

K-meleon updates very rarely because they do not need too. It is not exploitable remotely. The only security issue that may exist is the user.

Surt without javascript enabled unless you need it, this language has become a standard despite many security flaws which is stoopid.

Dont download exe's without having a decent antivirus, and get them from a trustworthy source. Or even better ditch windoze altogether. cheerio chaps!

I think that it all comes down too common sense I only visit web pages which are in my bookmarks as I don't have the real need too visit any other sites, It's also advisable too do regular spyware scans, clean your history in relation too pages visited & the address bar, cookies ect then you should be right. If a website dose look suspect then get out of it the address would give you some indication depending on the colour.

k-meleon updates r sometimes less frequent than comparable softw. since they were reduced to the needed & Common sense. & Common sense = here no GRE update for optical flaws = some recent GRE updates for FFox only exist because a previous update produced undesirable side effects for XUL Interfaces (e.g k-meleon stayed with GRE rv:1.8.1.8 FFox moved to next higher revision). AFAIK k-meleon GREs are also altered to reduce unwanted optical side effects - but without visible version change [ that is why i prefer official K-Meleon GRE updates before inofficial ones which are normally not patched for k-m specific probs]



Edited 1 time(s). Last edit at 01/25/2008 04:58AM by guenter.