Security/Features/Application Reputation

From MozillaWiki
Jump to: navigation, search
Please use "Edit with form" above to edit this page.

Status

Application Reputation
Stage Development
Status In progress
Release target `
Health OK
Status note Monica is working out the last follow-ups to enable verifying signed binaries on Windows to enable remote lookups. Local lookups are landed and shipping in FF 28.

Team

Product manager Sid Stamm
Directly Responsible Individual Monica Chew
Lead engineer Monica Chew
Security lead `
Privacy lead Sid Stamm
Localization lead `
Accessibility lead `
QA lead `
UX lead `
Product marketing lead `
Operations lead `
Additional members Doug Turner

Open issues/risks

Full Query
ID Summary Status
837195 "Save Link As" should go through BackgroundFileSaver NEW
1239094 Notification when downloading a malware binary NEW
1239836 Application Reputation should honor browser.safebrowsing.allowOverride REOPENED
1340836 Measure what percentage of users have Safe Browsing, download protection and unwanted software disabled REOPENED
1356426 We should check downloads against the goog-badbinurl-shavar list prior to downloading them REOPENED
1435923 The logging of remote lookup protocol buffer is truncate REOPENED
1475702 [meta] Download protection should look inside archive files NEW
1501974 Add telemetry to know the remote lookup result for archive files ASSIGNED
1502668 [meta] Information in download protection remote lookup is incomplete NEW
1505710 Ignore referrer-policy in download protection NEW
1510559 Add "desktop" to the list of executable extensions in download protection NEW

11 Total; 11 Open (100%); 0 Resolved (0%); 0 Verified (0%);


Stage 1: Definition

1. Feature overview

bug 662819

We warn on every application download, which causes warning fatigue and doesn't help users make good decisions. We should track the reputation of download URLs and hashes.

See Security/Features/Application_Reputation_Design_Doc for implementation details.

2. Users & use cases

Downloading popular, legitimate applications: warnings should become less severe and less redundant.

Downloading known malware or unknown applications: warnings should become more severe and clearer about the origin of the download. Perhaps more similar to the UI for installing Firefox addons (since the result is equivalent).

3. Dependencies

Google maintains an extension to Safe Browsing that tracks binary file reputation. We can harness their API to provide application reputation whitelisting for Firefox users.

4. Requirements

  • Preserve privacy as much as possible. This should only apply to downloaded applications, not documents. The URL should not be sent to Mozilla if the download is declined. Users should have the option to use this feature without contributing data to it.

Non-goals

  • Virus scanning.
  • Offering to sandbox untrusted native applications.
  • Preventing downgrade attacks.
  • Forcing application download sites to use https.
  • Foist AMO-style user reviews upon application download sites.

Stage 2: Design

5. Functional specification

`

6. User experience design

  • Checkbox to enable/disable in Security pref panel next to the phishing/malware stuff?
  • We should add a note to the download history that says, for binary downloads, what action was taken (e.g., "file whitelisted by google", or "requested analysis from Mozilla, might be malware".

Stage 3: Planning

7. Implementation plan

Lets do this in stages:

  1. Implement prefed-off support for downloading and updating Google's reputation whitelists
  2. Implement easier UI (or none) for downloads matching the whitelist
  3. Run tests to see how often unknown URLs are transmitted to the API
  4. Based on tests, perhaps enable the feature by default
  5. Eventually provide pluggable support for other reputation systems (like the search plugins)

8. Reviews

Security review

`

Privacy review

`

Localization review

`

Accessibility

`

Quality Assurance review

`

Operations review

`

Stage 4: Development

9. Implementation

`

Stage 5: Release

10. Landing criteria

`

Feature details

Priority P1
Rank 999
Theme / Goal Product Hardening
Roadmap Security
Secondary roadmap Platform
Feature list `
Project `
Engineering team Platform

Team status notes

  status notes
Products ` `
Engineering ` `
Security ` `
Privacy ` `
Localization ` `
Accessibility ` `
Quality assurance ` `
User experience ` `
Product marketing ` `
Operations ` `


http://monica-at-mozilla.blogspot.co.nz/2014/07/download-files-more-safely-with-firefox.html