30
edits
Talk:Extension Blocklisting: Difference between revisions
m
→TBD & Open Questions
(→TBD & Open Questions: Further issue and comments) |
|||
| Line 38: | Line 38: | ||
Thoughts on these: | Thoughts on these: | ||
# Use a hash algorithm and '''not''' an extension ID to query any black or whitelist, since that way if we say an extension is good on the basis of a hash, we *known* what it is we're looking at (if found) and that it's unmodified. ID's can be trivially spoofed, hashes are designed to be extremely hard to spoof. | # Use a hash algorithm and '''not''' an extension ID to query any black or whitelist, since that way if we say an extension is good on the basis of a hash, we *known* what it is we're looking at (if found) and that it's unmodified. ID's can be trivially spoofed, hashes are designed to be extremely hard to spoof. | ||
# When it comes to malware, unless it's very simple, you're immediately into signature detection. | # When it comes to malware, unless it's very simple, you're immediately into signature detection. Signature analysis is a whole area all by itself, and usually the territory of A/V software. Do we have to reinvent the wheel? Is there some way to get A/V software to identify mal-extension sigs before install? | ||
# Since extensions are basically scripts, can a mal-script detector be borrowed from some other o/s project and detection of script functions that are typical of malware be added to FF, so unknown extensions are background-checked for script function concerns upon install? | |||
2 quick thoughts, hope they help. | 2 quick thoughts, hope they help. | ||