Personal tools

Security/Features/Application Reputation

From MozillaWiki

Jump to: navigation, search
Please use "Edit with form" above to edit this page.

Status

Application Reputation
Stage Development
Status In progress
Release target `
Health OK
Status note Monica is working out the last follow-ups to enable verifying signed binaries on Windows to enable remote lookups. Local lookups are landed and shipping in FF 28.

Team

Product manager Sid Stamm
Directly Responsible Individual Monica Chew
Lead engineer Monica Chew
Security lead `
Privacy lead Sid Stamm
Localization lead `
Accessibility lead `
QA lead `
UX lead `
Product marketing lead `
Operations lead `
Additional members Doug Turner

Open issues/risks

ID Summary Status
837195 "Save Link As" should go through BackgroundFileSaver NEW
933432 Enable remote lookups for application reputation on Windows NEW
974018 expose redirect chain in HttpBaseChannel NEW
895508 propagate mime type from content-disposition header to the application reputation query interface NEW

Open; Resolved; Total (0% complete)


Stage 1: Definition

1. Feature overview

bug 662819

We warn on every application download, which causes warning fatigue and doesn't help users make good decisions. We should track the reputation of download URLs and hashes.

See Security/Features/Application_Reputation_Design_Doc for implementation details.

2. Users & use cases

Downloading popular, legitimate applications: warnings should become less severe and less redundant.

Downloading known malware or unknown applications: warnings should become more severe and clearer about the origin of the download. Perhaps more similar to the UI for installing Firefox addons (since the result is equivalent).

3. Dependencies

Google maintains an extension to Safe Browsing that tracks binary file reputation. We can harness their API to provide application reputation whitelisting for Firefox users.

4. Requirements

  • Preserve privacy as much as possible. This should only apply to downloaded applications, not documents. The URL should not be sent to Mozilla if the download is declined. Users should have the option to use this feature without contributing data to it.

Non-goals

  • Virus scanning.
  • Offering to sandbox untrusted native applications.
  • Preventing downgrade attacks.
  • Forcing application download sites to use https.
  • Foist AMO-style user reviews upon application download sites.

Stage 2: Design

5. Functional specification

`

6. User experience design

  • Checkbox to enable/disable in Security pref panel next to the phishing/malware stuff?
  • We should add a note to the download history that says, for binary downloads, what action was taken (e.g., "file whitelisted by google", or "requested analysis from Mozilla, might be malware".

Stage 3: Planning

7. Implementation plan

Lets do this in stages:

  1. Implement prefed-off support for downloading and updating Google's reputation whitelists
  2. Implement easier UI (or none) for downloads matching the whitelist
  3. Run tests to see how often unknown URLs are transmitted to the API
  4. Based on tests, perhaps enable the feature by default
  5. Eventually provide pluggable support for other reputation systems (like the search plugins)

8. Reviews

Security review

`

Privacy review

`

Localization review

`

Accessibility

`

Quality Assurance review

`

Operations review

`

Stage 4: Development

9. Implementation

`

Stage 5: Release

10. Landing criteria

`


Feature details

Priority P1
Rank 999
Theme / Goal Product Hardening
Roadmap Security
Secondary roadmap Platform
Feature list `
Project `
Engineering team Platform

Team status notes

  status notes
Products ` `
Engineering ` `
Security ` `
Privacy ` `
Localization ` `
Accessibility ` `
Quality assurance ` `
User experience ` `
Product marketing ` `
Operations ` `