CFA/Security-Research/MalwareDetection: Difference between revisions
< CFA | Security-Research
Jump to navigation
Jump to search
No edit summary |
|||
| Line 10: | Line 10: | ||
=== Upcoming Capabilities === | === Upcoming Capabilities === | ||
* | * Display error page when malware page is found - FF3 | ||
** Malware checking blocks page loads | |||
** Check Malware URL Blacklist (like StopBadware.org) | |||
** API to allow callers to determine if given URI is in the blacklist | |||
=== Features by 3rd parties or other browsers === | === Features by 3rd parties or other browsers === | ||
| Line 16: | Line 19: | ||
** Executable blocked | ** Executable blocked | ||
** Embedded content blocked (ad, video, blog, photo, etc.) | ** Embedded content blocked (ad, video, blog, photo, etc.) | ||
** Page blocked | ** Page blocked (in FF3) | ||
** Site blocked | ** Site blocked | ||
** One click to permanently add site to whitelist | ** One click to permanently add site to whitelist | ||
* Protected Mode - runs in isolation from other applications in the OS. Restricts exploits and malware from writing to any location beyond Temporary Internet Files without explicit user consent - IE7 | * Protected Mode - runs in isolation from other applications in the OS. Restricts exploits and malware from writing to any location beyond Temporary Internet Files without explicit user consent - IE7 | ||
* Cross-domain barriers - prevent script on webpages from interacting with content from the other domains or windows; protects against malware by helping prevent malicious websites from manipulating flaws in other websites - IE | * Cross-domain barriers - prevent script on webpages from interacting with content from the other domains or windows; protects against malware by helping prevent malicious websites from manipulating flaws in other websites - IE | ||
Revision as of 18:14, 1 August 2007
« Comparative Feature Analyses
« Security Notes
« Security Research
Current Capabilities
- Notification whenever downloading or installing software
- Warn me when sites try to install add-ons
Upcoming Capabilities
- Display error page when malware page is found - FF3
- Malware checking blocks page loads
- Check Malware URL Blacklist (like StopBadware.org)
- API to allow callers to determine if given URI is in the blacklist
Features by 3rd parties or other browsers
- Real-time with behavior-based profiling algorithms - Finjan SecureBrowsing FF extension, Haute Secure
- Executable blocked
- Embedded content blocked (ad, video, blog, photo, etc.)
- Page blocked (in FF3)
- Site blocked
- One click to permanently add site to whitelist
- Protected Mode - runs in isolation from other applications in the OS. Restricts exploits and malware from writing to any location beyond Temporary Internet Files without explicit user consent - IE7
- Cross-domain barriers - prevent script on webpages from interacting with content from the other domains or windows; protects against malware by helping prevent malicious websites from manipulating flaws in other websites - IE
- Integrate sandboxing feature like Sandboxie, GreenBorder, or IE extension SpyWall Anti-Spyware; integrate virus scanning and malware protection for retrieved content/files
Additional features
- Ability to disable handling and downloading of certain file types - FF brainstorm
Screenshots
Haute Secure:
Search result malware detection:
Conclusions
- Phishing information is displayed in the Address Bar, so it makes sense to display Malware information there as well. UI may take similar form
- Security page should show up when the browser blocks a page (like Haute Secure)
- Specific content blocking and other warnings should display an indicator in the Address Bar with more information upon user click (like Haute Secure)
- We should make decisions for users where we can, and warn unobtrusively when we cannot
- Finjan FF extension takes too long to load