Mozilla raises Firefox security bar
Touts anti-malware site blocker, 'holistic' security as key additions to Firefox 3.0
Computerworld - Firefox 3.0's new anti-malware blocker, a tool that prevents some malicious pages from loading, is the browser upgrade's most important new security feature, Mozilla Corp.'s head of engineering said today.
Officially dubbed Malware Protection, the tool warns users when they steer Firefox to sites that are known to install viruses, spyware, Trojan horses and other malicious code. When a user tries to reach a site on the banned list, a large red warning appears in lieu of the page. The warning says that the intended destination "has been reported as an attack site and has been blocked based on your security preferences." A button labeled "Get me out of here!" returns Firefox to the browser's home page.
"Anti-malware is an evolution of Firefox 2.0's antiphishing," said Mike Schroepfer, Mozilla's vice president of engineering, adding that it was his first pick as Firefox 3.0's most important security addition. "This is part of our active defenses," he said.
"It's actually quite difficult to do this kind of checking well," Schroepfer said. "You have to stop a page load before it happens. And you have to be conscious of performance because the browser is doing extra work." Firefox 3.0, he said, runs its checks "without impacting performance at all."
Like the antiphishing blocker found in Firefox 2.0, the anti-malware tool relies on a list generated by Google Inc., the search company that provides most of Mozilla's revenue. Firefox 3.0 users can choose to have the browser either download an updated blacklist daily or query Google in real time for each page it tries to pull up.
"It's based on a blacklist," explained Schroepfer. "We're pulling that data similarly to antiphishing, checking the site against that [black]list and then putting up the malware warning if necessary."
The blacklist originates with the tests Google runs on sites that it crawls for its search index. Some of the criteria Google users to finger a site as dangerous -- and deserving a spot on the blacklist -- are based on findings by StopBadware.org, a group created by Google, Chinese computer maker Lenovo Group Ltd. and Sun Microsystems Inc. Google has made it clear, however, that it also applies its own criteria and procedures and relies on its own tools to spot sites that host or distribute malware.
Firefox's anti-malware tool first made news last summer, when developers posted information on the feature in Bugzilla, the management system Mozilla uses to track changes in its software. At the time, Window Snyder, Mozilla's chief security officer, refused to commit to getting the tool into Firefox 3.0. By September, however, the anti-malware blocker had been added to one of the Firefox 3.0 alpha builds.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts