CFA/Security-Research/MalwareDetection: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
No edit summary
Line 21: Line 21:
* Protected Mode - runs in isolation from other applications in the OS.  Restricts exploits and malware from writing to any location beyond Temporary Internet Files without explicit user consent - IE7
* Protected Mode - runs in isolation from other applications in the OS.  Restricts exploits and malware from writing to any location beyond Temporary Internet Files without explicit user consent - IE7
* Cross-domain barriers - prevent script on webpages from interacting with content from the other domains or windows; protects against malware by helping prevent malicious websites from manipulating flaws in other websites - IE
* Cross-domain barriers - prevent script on webpages from interacting with content from the other domains or windows; protects against malware by helping prevent malicious websites from manipulating flaws in other websites - IE
* Using virtual machine techniques - GreenBorder (bought by Google)


=== Additional features ===  
=== Additional features ===  

Revision as of 17:41, 1 August 2007

« Comparative Feature Analyses
« Security Notes
« Security Research

Current Capabilities

  • Notification whenever downloading or installing software
  • Warn me when sites try to install add-ons

Upcoming Capabilities

  • Tell me if a download is suspected malware - FF3

Features by 3rd parties or other browsers

  • Real-time with behavior-based profiling algorithms - Finjan SecureBrowsing FF extension, Haute Secure
    • Executable blocked
    • Embedded content blocked (ad, video, blog, photo, etc.)
    • Page blocked
    • Site blocked
  • URL Blacklist - StopBadware.org
  • Protected Mode - runs in isolation from other applications in the OS. Restricts exploits and malware from writing to any location beyond Temporary Internet Files without explicit user consent - IE7
  • Cross-domain barriers - prevent script on webpages from interacting with content from the other domains or windows; protects against malware by helping prevent malicious websites from manipulating flaws in other websites - IE

Additional features

  • Integrate sandboxing feature like Sandboxie or IE extension SpyWall Anti-Spyware; integrate virus scanning and malware protection for retrieved content/files - FF brainstorm
  • Ability to disable handling and downloading of certain file types - FF brainstorm
  • Extension installation - one click to permanently add site to whitelist - FF brainstorm

Screenshots

Haute Secure:

MalwareHauteSecureButton.PNG

MalwareHSembeddedContentBlocked.PNG

MalwareHSembeddedContentBlocked2.PNG

MalwareHSsiteBlocked.PNG

Search result malware detection:

File:MalwareFinjanFFext.PNG

Conclusions

  • Phishing information is displayed in the Address Bar, so it makes sense to display Malware information there as well. UI may take similar form
  • Security page should show up when the browser blocks a page (like Haute Secure)
  • Specific content blocking and other warnings should display an indicator in the Address Bar with more information upon user click (like Haute Secure)
  • We should make decisions for users where we can, and warn unobtrusively when we cannot
  • Finjan FF extension takes too long to load
Retrieved from "https://wiki.mozilla.org/index.php?title=CFA/Security-Research/MalwareDetection&oldid=64276"