CFA/Security-Notes

From MozillaWiki
Jump to navigation Jump to search

« Comparative Feature Analyses
« Security Research

Purpose

Examine a bunch of browsers, existing Firefox Add-ons, and web services to generate a report that describes:

  • Which capabilities each has
  • A summary of where each is different/unique
  • Some conclusions about which aspects seem most innovative and interesting that we might want to consider for Firefox

Research

General capabilities

The following will be done in a table with notes and observations following as footnotes.

  • - include malware detection and anti-phishing as security categories
  • - identify capabilities before diving in
  • - exclude "private browsing"/privacy
  • -openID
  • - users click through warnings dialogs, ignore security indicators, and focus on completing tasks. security indicators are out of the way and hard to interpret, terminology is confusing
  • - security UI must balance obviousness with unintrusiveness, convey clarity in reasonable size, and reflect complexity with simplicity - talk to Jonathan Nightingale


  • bookmarklets
  • blacklisting
  • whitelisting
  • AJAX
  • surf by ip protection
  • download actions - don't downloda
  • security preferences
  • phishing protection
    • make easier to report phishing sites
    • implementing phishing filter that learns automatically - integration w/ phishTank
  • script execution
  • pop ups
  • secure defaults/ no security pop-ups
  • restricted javascript
  • cookies
  • extension installation
  • virus/malware protection
  • highlight URL domain name in address bar


  • Phishing Protection - warn users of suspected forgery (phishing) sites, and offer to take user to search page to find the real Web site they were looking for.
  • Automated Update - always checks to see if you’re running the latest version, and notifies you when a security update is available.
  • Protection from Spyware - notification whenever downloading or installing software
  • Clear Private Data - ability to clear all your private Web browsing data
  • Downloads - if web page uses script to try to pop up a download box and force you to deal with it, IE intercepts the script and displays a prompt in the Info bar instead. (IE screenshot)
  • Digital Signature Information - provides more information about the publisher of a program as well as whether the program is digitally signed (IE screenshot)

Malware detection

Anti-phishing

Other

Browsers to investigate

  • Firefox 2
  • Camino
  • Flock
  • iCab
  • IE 7
  • Maxthon
  • Netscape
  • OmniWeb
  • Opera
  • Safari
  • SeaMonkey
  • Shiira

Add-ons to investigate

Firefox

  • Adblock
  • NoScript
  • CookieCuller
  • CookiePie

Safari

Web services/apps to investigate

Desktop apps to investigate

Results

Summary of unique and/or innovative features

Conclusions

References

Retrieved from "https://wiki.mozilla.org/index.php?title=CFA/Security-Notes&oldid=62016"