MozillaWiki

CFA/Security-Research/MalwareDetection: Difference between revisions

Page Discussion

CFA/Security-Research/MalwareDetection (view source)

Revision as of 06:47, 8 August 2007

561 bytes added ,  8 August 2007
→‎Conclusions
 
(14 intermediate revisions by the same user not shown)
Line 10: Line 10:


=== Upcoming Capabilities ===  
=== Upcoming Capabilities ===  
* Tell me if a download is suspected malware - FF3
* Display error page when malware page is found - FF3
** Malware checking blocks page loads
** Check malware URL blacklist (like StopBadware.org)
** API to allow callers to determine if given URI is in the blacklist


=== Features by 3rd parties or other browsers ===  
=== Features by 3rd parties or other browsers ===  
Line 16: Line 19:
** Executable blocked
** Executable blocked
** Embedded content blocked (ad, video, blog, photo, etc.)
** Embedded content blocked (ad, video, blog, photo, etc.)
** Page blocked
** Page blocked (in FF3)
** Site blocked
** Site blocked
** One click to permanently add site to whitelist
* Protected Mode - runs in isolation from other applications in the OS.  Restricts exploits and malware from writing to any location beyond Temporary Internet Files without explicit user consent - IE7
* Protected Mode - runs in isolation from other applications in the OS.  Restricts exploits and malware from writing to any location beyond Temporary Internet Files without explicit user consent - IE7
* Cross-domain barriers - prevent script on webpages from interacting with content from the other domains or windows; protects against malware by helping prevent malicious websites from manipulating flaws in other websites - IE
* Cross-domain barriers - prevent script on webpages from interacting with content from the other domains or windows; protects against malware by helping prevent malicious websites from manipulating flaws in other websites - IE
* Removes spyware - IE extension SpyWall Anti-Spyware
* Integrate sandboxing feature like Sandboxie, GreenBorder, or IE extension SpyWall Anti-Spyware; integrate virus scanning and malware protection for retrieved content/files
* Using virtual machine techniques - GreenBorder (bought by Google)


=== Additional features ===  
=== Additional features ===  
* Integrate sandboxing feature like Sandboxie; integrate virus scanning and malware protection for retrieved content/files - FF brainstorm
* Ability to disable handling and downloading of certain file types - FF brainstorm
* Ability to disable handling and downloading of certain file types - FF brainstorm
* Extension installation - one click to permanently add site to whitelist - FF brainstorm


=== Screenshots ===
=== Screenshots ===


<b> "site:" lets you use google to search a specific site: </b>
<b> Haute Secure: </b>


[[Image:SBsiteGoogle.jpg]]
[[Image:MalwareHauteSecureButton.PNG]]


<b> Safari SnapBack button takes you back to search results: </b>
[[Image:MalwareHSembeddedContentBlocked.PNG]]


[[Image:SBsnapbackSafari.JPG]]
[[Image:MalwareHSembeddedContentBlocked2.PNG]]
 
[[Image:MalwareHSsiteBlocked.PNG]]
 
<b> Search result malware detection: </b>
 
[[Image:MalwareFinjanFFext.PNG]]


=== Conclusions ===
=== Conclusions ===
* We should make decisions for users where we can, and warn without being annoying when we cannot
* Specific content blocking and other warnings should display an indicator in the Address Bar with more information upon user click (like Haute Secure)
* Integrate sandboxing to perform real-time checking for malware.  Each malicious website is short-lived, so blacklists limit protection
* Finjan FF extension takes too long to load
Galen
455

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/64184...64848"