MozillaWiki

User:DCamp/Malware Security Review

< User:DCamp
Revision as of 19:12, 15 January 2008 by DCamp (talk | contribs) (→‎Status)

Status

Feature tracking bug

Has a design review been completed?

Not formally.

When do you anticipate the feature landing

See "Schedule" below.

Overview

XXX

Use Cases

Describe the primary use cases for the feature here.

Requirements

List functional and non-functional requirements for the feature here, with links back to any relevant product PRD. These requirements should be prioritized.

Schedule

  • Version 2.0 protocol landed in M7.
  • Version 2.1 protocol landing in beta3.

UI Design Documentation

XXX

Design Impact

Security and Privacy

What security issues do you address in your project?

  • Malware and phishing URIs are blocked during docshell loads (browser
 tabs and iframes).
  • Malware and phishing URIs will be blocked in <object> loads (bug 394485)


Is system or subsystem security compromised in any way if your project's configuration files / prefs are corrupt or missing?

If the database is corrupted or missing, the user will be at risk while the database is repopulated.

Include a thorough description of the security assumptions, capabilities and any potential risks (possible attack points) being introduced by your project.

XXX

Exported APIs

Please provide a table of exported interfaces (APIs, ABIs, protocols, UI, etc.)

Exported to XPCOM: nsIUrlClassifierDBService - Manages the url-classifier database. nsIUrlClassifierStreamUpdater - Streams updates from the server to the dbservice. nsIURIClassifier - The main lookup API used by the docshell.

Protocols:

  • The main updating protocol is at [1]

Does it interoperate with a web service? How will it do so?

There are two web services: the main update server from which truncated hashes are fetched, and the gethash server from which complete hashes are fetched after a match.

Explain the significant file formats, names, syntax, and semantics.

The hashes are stored in a sqlite3 database.

Are the externally visible interfaces documented clearly enough for a non-Mozilla developer to use them successfully?

Hopefully!

Does it change any existing interfaces?

nsIUrlClassifierDBService and nsIUrlClassifierStreamUpdater were changed.

Web Compatibility

Does the feature had any impact on Web compatibility?

No.

Performance

How will the project contribute (positively or negatively) to "perceived performance"?

Lookup involves queries against a large sqlite database, which incurs disk penalties. This lookup occurs after the request is sent to the server, but before the response is read from the socket, so the performance impact is hidden a bit by network latency.

What are the performance goals of the project? How were they evaluated? What is the test or reference platform and baseline results?


Will it require large files/databases (for example, browsing history)?

urlclassifier3.sqlite.

Reliability

What failure modes or decision points are presented to the user?

XXX

Can its files be corrupted by failures? Does it clean up any locks/files after crashes?

We rely on sqlite for data file reliability. If the sqlite file is corrupted at startup, we remove it and repopulate it from the server.

l10n and a11y

are any strings being changed or added?

Yes (see UI section).

are all UI elements available through accessibility technologies?

The UI additions are interstitial xhtml pages.

Installation, Upgrade/Downgrade/Sidegrade, and platform requirements

Does it equally support all Tier-1 platforms?

Yes.

Does is have a hardware requirement (or increase minimum requirements)?

No, short of disk space for the DB.

Does it require changes to the installer?

No.

Does it impact updates?

No.

List the expected behavior of this feature/function when Firefox is upgraded to a newer minor release, downgraded by installation of an earlier revision, or re-installed (same version)

Upgrades between major versions use different classifier databases.

Upgrades between minor versions without schema changes will continue to use existing databases.

Upgrades between minor versions with schema changes will start the database from scratch, but this isn't expected to happen.

configuration

Can the end user configure settings, via a UI or about:config? Hidden prefs? Environment variables?

There are prefs for:

  • Blocking malware.
  • Blocking phishing.

Are there build options for developers? [#ifdefs, ac_add_options, etc.]

No.

What ranges for the tunable are appropriate? How are they determined?

What are its on-going maintenance requirements (e.g. Web links, perishable data files)

  • The google safebrowsing server.
  • its-an-attack.html and its-a-trap.html

Relationships to other projects - are there related projects in the community?

If so, what is the proposal's relationship to their work? Do you depend on others' work, or vice-versa?

Are you updating, copying or changing functional areas maintained by other groups? How are you coordinating and communicating with them? Do they "approve" of what you propose?

We are working closely with google's safebrowsing team.

Documentation

  • Do built-in Help pages need modified?
  • Documentation for developer.mozilla.org?

Other

any other implementation or design related documentation

Discussion & Implications

Caveats / What We've Tried Before

links to previous design documents, discussions, etc.

References

Retrieved from "https://wiki.mozilla.org/index.php?title=User:DCamp/Malware_Security_Review&oldid=79872"