MozillaWiki

CFA/Security-Research/MalwareDetection: Difference between revisions

< CFA‎ | Security-Research
No edit summary
 
 
(17 intermediate revisions by the same user not shown)
Line 6: Line 6:


=== Current Capabilities ===  
=== Current Capabilities ===  
* Highlight entire search field when clicking in the box
* Notification whenever downloading or installing software
* Drag and drop search
* Warn me when sites try to install add-ons


=== Upcoming Capabilities ===  
=== Upcoming Capabilities ===  
* Resizable search bar (Neil Deakin) - FF3 P2
* Display error page when malware page is found - FF3
** Malware checking blocks page loads
** Check malware URL blacklist (like StopBadware.org)  
** API to allow callers to determine if given URI is in the blacklist


=== Features on other browsers ===  
=== Features by 3rd parties or other browsers ===  
* SnapBack - safari
* Real-time with behavior-based profiling algorithms - Finjan SecureBrowsing FF extension, Haute Secure
* Button to clear search field - safari
** Executable blocked
** Embedded content blocked (ad, video, blog, photo, etc.)
** Page blocked (in FF3)
** Site blocked
** One click to permanently add site to whitelist
* Protected Mode - runs in isolation from other applications in the OS.  Restricts exploits and malware from writing to any location beyond Temporary Internet Files without explicit user consent - IE7
* Cross-domain barriers - prevent script on webpages from interacting with content from the other domains or windows; protects against malware by helping prevent malicious websites from manipulating flaws in other websites - IE
* Integrate sandboxing feature like Sandboxie, GreenBorder, or IE extension SpyWall Anti-Spyware; integrate virus scanning and malware protection for retrieved content/files


=== Additional features ===
* Ability to disable handling and downloading of certain file types - FF brainstorm


=== Additional features ===  
=== Screenshots ===
 
<b> Haute Secure: </b>


* Support for multiple search boxes - Groowe Search Toolbar - FF add-on
[[Image:MalwareHauteSecureButton.PNG]]
* Targeted search options: audio/video podcast, photo, code, technorati searches


=== Screenshots ===
[[Image:MalwareHSembeddedContentBlocked.PNG]]


<b> "site:" lets you use google to search a specific site: </b>
[[Image:MalwareHSembeddedContentBlocked2.PNG]]


[[Image:SBsiteGoogle.jpg]]
[[Image:MalwareHSsiteBlocked.PNG]]


<b> Safari SnapBack button takes you back to search results: </b>
<b> Search result malware detection: </b>


[[Image:SBsnapbackSafari.JPG]]
[[Image:MalwareFinjanFFext.PNG]]


=== Conclusions ===
=== Conclusions ===
* A button to clear the search field isn't really necessary when clicking in the search box highlights its contents
* We should make decisions for users where we can, and warn without being annoying when we cannot
* The SnapBack functionality is very useful to control the number of tabs open in a browser
* Specific content blocking and other warnings should display an indicator in the Address Bar with more information upon user click (like Haute Secure)
* Integrate sandboxing to perform real-time checking for malware.  Each malicious website is short-lived, so blacklists limit protection
* Finjan FF extension takes too long to load

Latest revision as of 06:47, 8 August 2007

« Comparative Feature Analyses
« Security Notes
« Security Research

Current Capabilities

  • Notification whenever downloading or installing software
  • Warn me when sites try to install add-ons

Upcoming Capabilities

  • Display error page when malware page is found - FF3
    • Malware checking blocks page loads
    • Check malware URL blacklist (like StopBadware.org)
    • API to allow callers to determine if given URI is in the blacklist

Features by 3rd parties or other browsers

  • Real-time with behavior-based profiling algorithms - Finjan SecureBrowsing FF extension, Haute Secure
    • Executable blocked
    • Embedded content blocked (ad, video, blog, photo, etc.)
    • Page blocked (in FF3)
    • Site blocked
    • One click to permanently add site to whitelist
  • Protected Mode - runs in isolation from other applications in the OS. Restricts exploits and malware from writing to any location beyond Temporary Internet Files without explicit user consent - IE7
  • Cross-domain barriers - prevent script on webpages from interacting with content from the other domains or windows; protects against malware by helping prevent malicious websites from manipulating flaws in other websites - IE
  • Integrate sandboxing feature like Sandboxie, GreenBorder, or IE extension SpyWall Anti-Spyware; integrate virus scanning and malware protection for retrieved content/files

Additional features

  • Ability to disable handling and downloading of certain file types - FF brainstorm

Screenshots

Haute Secure:

 

 

 

 

Search result malware detection:

File:MalwareFinjanFFext.PNG

Conclusions

  • We should make decisions for users where we can, and warn without being annoying when we cannot
  • Specific content blocking and other warnings should display an indicator in the Address Bar with more information upon user click (like Haute Secure)
  • Integrate sandboxing to perform real-time checking for malware. Each malicious website is short-lived, so blacklists limit protection
  • Finjan FF extension takes too long to load
Retrieved from "https://wiki.mozilla.org/index.php?title=CFA/Security-Research/MalwareDetection&oldid=64848"