Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Spyware for Firefox Coming This Year?

Zonk posted more than 9 years ago | from the deeply-unsettling dept.

Bug 630

EvilCowzGoMoo writes "One of the main reasons for the Firefox browser's successful seizure of market share from Microsoft's Internet Explorer is the desire to escape the inundation of PC-slowing spyware. However, spyware experts indicate that with its increased popularity, Firefox itself will become a target for spyware creators." From the article: "Basically, if you use Firefox today, you're not susceptible to any spyware, other than what you download when you're on Kazaa...The spyware writers target mostly Explorer users because that's the most fertile feeding ground for piranha-like (spyware) attacks. They'll watch as Firefox becomes mainstream, they'll see opportunity there and start targeting them."

cancel ×

630 comments

Sorry! There are no comments related to the filter you selected.

Malicious XPI's exist already (5, Interesting)

flyingace (162593) | more than 9 years ago | (#11606925)

Spyware already exists for firefox in XPI form. Please lookout of malicious XPI's More information on this can be found here. http://forums.mozillazine.org/viewtopic.php?t=6434 1

Re:Malicious XPI's exist already (-1, Flamebait)

essreenim (647659) | more than 9 years ago | (#11607019)

On that note might I add:

What a shit story for /.

Thankyou

-end-

Re:Malicious XPI's exist already (4, Insightful)

Acts of Attrition (635948) | more than 9 years ago | (#11607021)

In the immortal words of G.W.
"Bring it on"

How's Firefox supposed to get even more resistant to exploits if hackers aren't sitting there trying the exploit the heck out of it?
Trial by fire. There's a reason it started out as Phoenix.

Re:Malicious XPI's exist already (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11607102)

In the immortal words of G.W.

Let's not get carried away here. I voted for him over the other guy, but I don't think I would describe anything he's ever said as "immortal."

Typographical Errors in High Places (5, Funny)

handy_vandal (606174) | more than 9 years ago | (#11607121)

Let's not get carried away here. I voted for him over the other guy, but I don't think I would describe anything he's ever said as "immortal."

Typographical error -- should read "immoral words" ....

-kgj

IE and Firefox have different problems (5, Insightful)

Anonymous Coward | more than 9 years ago | (#11606927)

IE's spyware problems were largely due to exploits. Someone not up to date with patches could visit a website and have something remotely installed pretty easily.

For Firefox, though, it'll take social engineering. The place to look for the spyware threats is in the brand new extension you WANT to install. Most Firefox users have at least one extension, and many have a dozen. How do you know what each of those is doing behind your back? Most people don't bother to scan the code, and while some may do so and report problems publicly, will you find out about them? A firewall won't even help you in this situation since you've probably given Firefox free access to port 80 (plus 443, etc).

Mozilla should probably create some sort of permission system for extensions. Can it connect to a remote server? Can it write to disk?

Re:IE and Firefox have different problems (5, Informative)

maskedbishounen (772174) | more than 9 years ago | (#11607037)

This is why Mozilla Update [mozilla.org] exists. A safe haven for users to find extentions that won't screw them over.

Supposedly.

If nothing else, at least it has a rating and feedback system, so you'll have a heads up from others.

Re:IE and Firefox have different problems (5, Insightful)

j-turkey (187775) | more than 9 years ago | (#11607076)

IE's spyware problems were largely due to exploits. Someone not up to date with patches could visit a website and have something remotely installed pretty easily.

For you and I, I'd say that exploits are the issue...but in my experience, most average users don't get a malware infestation via browser exploits (mainly because when you and I see the words Gator or Newnet, we say hell no). They simply click "yes" when asked if they'd like to install a piece of software. I don't know if the mentality is "yeah I want more functionality" or "yeah yeah, just show me the damn webpage!". One way or the other (antecdotally), most of the users whom I deal with tend to install the malware themselves. FWIW, these users tend to be on the low end of the learning curve.

It would be interesting to see a permission based system for this...maybe even registering approved plugins with a crypto signature/hash.

NO way!! (2, Funny)

Anonymous Coward | more than 9 years ago | (#11606929)

because I use linux.

Re:NO way!! (-1, Troll)

Anonymous Coward | more than 9 years ago | (#11607009)

Yep :D

Ahhh Linux, free from the bs.

How so? (0)

Anonymous Coward | more than 9 years ago | (#11607108)

As another poster noted, potential spyware will come from an XPI. Someone can easily be social engineered to allow installation of an XPI that installs to one's local profile.

Re:NO way!! (5, Funny)

maskedbishounen (772174) | more than 9 years ago | (#11607095)

Pfft.

I use GNU/Linux, so the only spyware I install on my system is GNU/Spyware!

fp (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11606932)

FROST PISS

Duh. (2, Insightful)

Anonymous Coward | more than 9 years ago | (#11606936)

How is this news? If Linux was the #1 desktop operating system in the world, spyware authors would be targeting it, too.

Re:Duh. (2, Informative)

numbski (515011) | more than 9 years ago | (#11606971)

FUD.

FreeBSD, Linux, and MacOS X would still be a less vulnerable target. Worst cast scenario, delete ~/.mozilla/firefox (~/Library/Application Data/Firefox), start over.

The reason Windows is such a mess is that there's no 'easy' way to clean up the mess. You could wipe out the user's entire home directory on Windows and still be screwed. On a *nix based system, wiping out the home directory would usually fix you right up.

Re:Duh. (3, Insightful)

owlclownish (553387) | more than 9 years ago | (#11607045)

Oh, yes. Let's remove a spyware infection by "wiping out the home directory" because that "would usually fix you right up." Excellent solution. It's like using a flamethrower to get at that pesky mosquito. No, the proper solution is anti-virus style threat control systems for Web browsers. Systems that scan incoming traffic and look for malicious code, then say something like "I've detected what looks like malicious code. Please think carefully, and go forward only if you trust the site sending you this code." It won't be easy, but it's not a bad option. Snort provides an excellent model. Think of a browser or browser add-on that constantly updates threat signatures from a central repository. Or just think of the current anti-virus software model.

Re:Duh. (1)

numbski (515011) | more than 9 years ago | (#11607098)

Two thoughts:

1) I was thinking as a last resort.

2) Have you ever tried to kill a pesky mosquito with a flamthrower? You're going to tell me it's not more fun that way? :)

Re:Duh. (1)

mirko (198274) | more than 9 years ago | (#11606974)

It's more secure by design : A Windows user is "root" most of the time while a decent Linux user is not.

Re:Duh. (1)

rainman_bc (735332) | more than 9 years ago | (#11607073)

Actually, in XP a Windows user is in the administrator group, and the Administrator user is actually prevented from an easy login on most XP machines. So the user you log into a XP machine with is in the equivalent of a user in the root or wheel group IMO...

...and.... (4, Insightful)

numbski (515011) | more than 9 years ago | (#11606937)

Since xpi's are blocked by default, they're going to get there how? By a javascript dialogue that says "You must allow this installation to continue."?

Hmm. That's probably exactly how it'll happen. :(

Re:...and.... (5, Informative)

arkanes (521690) | more than 9 years ago | (#11606989)

Current versions of firefox don't allow this, unlike the (annoyingly easy to mis-click) ActiveX install dialog in IE. There's a whitelist for sites permitted to install extensions, which (by default) is limited to the offical Mozilla update site. Sites not in the whitelist won't even get a dialog, instead a yellow bar at the top of the screen appears, with a button you can use to access the whitelist and add the site. A site on the whitelist gets the standard dialog, which has a time-delay OK button to help prevent mis-clicks. There's no absolute way to prevent people from installing malicious extensions, but (assuming there's no bugs in, say, the whitelist implementation) Firefoxes current model is about as good as you could get.

Note that older versions of Firefox (and Mozilla) don't have the whitelist, and even older ones don't even have the dialog and are in fact vulnerable.

Re:...and.... (1)

badriram (699489) | more than 9 years ago | (#11607092)

By the that yellow bar you talk about is actually how the activex stuff comes up in IE w/ XPSP2 which moz devs liked and copied...

Re:...and.... (0)

anpe (217106) | more than 9 years ago | (#11607001)

Security holes _will_ be found (some have been found already see the url spoofing). And some firefox users specially non-savvy ones (a portion that will grow as firefox goes mainstream), will not upgrade.
Spywares will exploit this

YES. (1, Interesting)

Anonymous Coward | more than 9 years ago | (#11607043)

Security holes _will_ be found (some have been found already see the url spoofing). And some firefox users specially non-savvy ones (a portion that will grow as firefox goes mainstream), will not upgrade.
Spywares will exploit this


The security of Firefox is an illusion. Security through obscurity is not a viable plan for security permanence - if your product is good enough and marketed aggressively enough (and I do count word-of-mouth marketing in this), it will spread and be targeted. It is that simple. It's not until you have the full force of virus/spyware writers coming against you that you know whether all your previous big-talking statements about your security will stand up for crap. My belief? Firefox is going to find itself besieged and it will be a huge test for the OSS community, to see if they can really handle these problems as well as they always say they can.

Re:...and.... (2, Insightful)

slungsolow (722380) | more than 9 years ago | (#11607012)

The article does state that adware would be "invited in". This doesn't really suprise me. There will be some users who will think that they are protected by default and won't be afraid to click "yes" (or in some cases click "no" or hell, just click on the ad itself).

Security is only as good as the person keeping watch. Sure, having all the bells and whistles is grand, but in the end human interaction (or lack thereof) can bring the biggest ship down.

Re:...and.... (1)

frankie (91710) | more than 9 years ago | (#11607035)

Yep. The majority of computer users are dangerously oblivious to the possible consequences of installing something. Remember that many viruses in the Klez family require an absurdly long chain of user actions...
  1. receive infected email on an unprotected PC
  2. believe its contents
  3. download the attached zip file
  4. extract the zip (sometimes even password protected)
  5. run the resulting executable
...and these buggers infected hundreds of thousands of PCs.

So yes, if a web site promises all sorts of cool stuff if only the user will add their site to the XPI trusted list, then install, plenty of people will do it.

And it will be Firefox's fault of course.

Re:...and.... (0)

Anonymous Coward | more than 9 years ago | (#11607041)

Pretty much, yes. A big chunk of IE's spyware comes from programs that users have to agree to install, and it's well known that most people don't even read what they're clicking "OK" to.

The same is even more likely to be true when someone is using a browser (or, for that matter, an OS) that is widely believed to be spyware and virus free.

Re:...and.... (1)

jong99 (848508) | more than 9 years ago | (#11607087)

If a user downloads and runs a malicious executable then that could easily install a Firefox extension bypassing the XPI whitelisting functionality.

This could be used for all sorts of nasty things such as homepage hijacking and redirecting search results through sponsored sites.

It would be easy to remove these however using the extensions menu, but I believe that even that may be too complex for the average user to grasp (especially those who would get caught out in the first place).

How? (1, Interesting)

Anonymous Coward | more than 9 years ago | (#11606940)

Can someone explain how this is possible?

On IE there is the mess that is called ActiveX. Are we talking up XUL? Or perhaps malicious plug-ins?

Re:How? (1)

numbski (515011) | more than 9 years ago | (#11607059)

So far I've seen an XPI that installs and then exploits a vulnerability in IE.

So...basically IE still plagues Firefox users. Granted, with more recent version of Firefox, this is not really an issue.

cool (1, Insightful)

Anonymous Coward | more than 9 years ago | (#11606942)

good, help to improve it

Open Source Disadvantage (1, Insightful)

Illuminati Member (541846) | more than 9 years ago | (#11606943)

Imagine a whole company full of coders looking into code to find loopholes to exploit. [Tt]hat's what they'll end up doing! Sure, the firefox developers will be fast about plugging holes the minute they find them, but people are bound to get a little upset by getting hammered (ie) once every week, then having to patch their browser weekly...

Re:Open Source Disadvantage (0)

Anonymous Coward | more than 9 years ago | (#11606977)

Given the slow pace that Internet Explorer patches have come out for well-known vulnerabilities, can you really consider it a 'Disadvantage' if a new Firefox patch is available every week?

Re:Open Source Disadvantage (3, Interesting)

bashbrotha (41617) | more than 9 years ago | (#11607011)

Sure, there will probably be companies like that. That's the risk you take when you use open source software.

At least I have a better chance of less exploits created because there are so many eyes on the code.
I've heard that openBSD developers have founded and fixed other security bugs while working to fix exploits, so I still don't see an inherent disadvantage to using FireFox vs. Explorer.

Re:Open Source Disadvantage (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#11607014)

And hence we have the inherant security weakness in anything open source.

Re:Open Source Disadvantage (1)

rokzy (687636) | more than 9 years ago | (#11607039)

this is different to internet explorer how?

at least with firefox I have confidence that it won't have total OS access, unlike IE where, for example, it can silently trigger arbitrary hard drive access just by clicking on a scrollbar (even with SP2) [finding the article about this example is left as an exercise for the reader/karma-whores].

I am also confident that the patch will actually come in a reasonable time. yes it may be opinion and not fact, but it's still true that I have infinitely more faith in firefox than microsoft.

I doubt it ... (4, Insightful)

NitroWolf (72977) | more than 9 years ago | (#11606947)

While the spyware makers may initially try to target Firefox... the fact is, Firefox is written to prevent just these sort of things. Is it possible there will be bugs that allow unauthorized code to run? Yeah... but they will be patched, and patche quickly.

Overall, no matter how you slice it, Firefox is more secure and is designed from the ground up to prevent the "fertile feeding ground" that IE offers Spyware writers.

So no, you aren't going to see the same rampant irresponsibility that you see with IE, and the threat is a tempest in a teapot.

Of course, nothing is going to protect your computer from your own stupidity when opening executables, etc... that's all on the user whether or not they authorize code to run or not.

More secure? Really? (1)

Anonymous Coward | more than 9 years ago | (#11606997)

Overall, no matter how you slice it, Firefox is more secure

Prove it. If you're going to make a grand sweeping statement like that, I want specific examples and logical arguments that don't rely on Firefox being a niche product. Otherwise I, we, have no reason to believe you.

Re:More secure? Really? (0)

Anonymous Coward | more than 9 years ago | (#11607113)

Niche product? Until Firefox gets more than 50% of the market you will keep using that excuse to explain why it has fewer security problems than IE. So what is the point of trying to prove it to you?

Firefox is what, 10% now (or close)? That is plenty popular enough to make it a target for the spyware/virus/etc writers. And how many exploits do you see?

Same goes for Linux. It is more than popular enough to be a target. The fact is, IE and Windows are much easier targets. THAT is why they get exploited more often, not because they are used by end users more. /Next excuse please?

Re:I doubt it ... (0)

Anonymous Coward | more than 9 years ago | (#11606999)

yeah because they work so with the patching machine :/

Re:I doubt it ... (1)

Mick Ohrberg (744441) | more than 9 years ago | (#11607024)

While the spyware makers may initially try to target Firefox... the fact is, Firefox is written to prevent just these sort of things. Is it possible there will be bugs that allow unauthorized code to run? Yeah... but they will be patched, and patche (sic) quickly.

How quickly would a Firefox security hole be patched compared to a similar hole in IE? Not trying to troll, just genuinely curious if someone in the know could give an insight into the patching/debugging procedures for IE and FF, and compare the two.

Re:I doubt it ... (0)

Anonymous Coward | more than 9 years ago | (#11607115)

I presume it would be the same for both.

1) Exploit Found
2) Patch Written
3) Patch Deployed*
4) Profit**

*Firefox only
**IE only

Easy to see this coming (1, Insightful)

Anonymous Coward | more than 9 years ago | (#11606948)

As soon as Firefox supports ActiveX, it supports spyware.

Solution: don't enable ActiveX (duh)

What people don't understand is this... (5, Insightful)

Anonymous Coward | more than 9 years ago | (#11606949)

Security is a process, not a product. There is no magical one product or suite of products that will protect you while online. Security is risk mitigation, plain and simple. Far less people would be vulnerable to the tricks of the miscreants out there trying to do people harm if they would just employ a little common sense. But, alas, common sense isn't that common.

Agreed, agreed! (0)

Anonymous Coward | more than 9 years ago | (#11607079)

There is no magical one product or suite of products that will protect you while online.

I wish people would realize this. Firefox is not a magic bullet, Linux is not a magic bullet. You can't just switch to one thing and assume invulnerability against everything out there. You need to maintain good practices and be aware of incoming threats no matter what OS or browser you use, despite what some zealots would have you believe.

But is firefox as vulnerable? (0)

Anonymous Coward | more than 9 years ago | (#11606950)

While there've been a few complaints about the default install of firefox 1.0 having some unpatched holes, I don't believe firefox is as vulnerable as IE to spyware in the first place. Sensible defaults, coupled with things like popup blocking (which will prevent accidental clicks which may install spyware..I know IE has this now) and image/site blocking will help as well.

Re:But is firefox as vulnerable? (0)

Anonymous Coward | more than 9 years ago | (#11607003)

Yes, it is. People need to understand that EVERY piece of code ever written is vulnerable, but the question to be asked is "Is there an exploit for a given piece of code?"
There is no such thing as perfect network security, barring not plugging your machine onto the network, thus rendering it not only secure, but rather useless as well.

Exploit to every piece of code? (1)

hp46168 (740846) | more than 9 years ago | (#11607123)

Exploit to every piece of code?

10 PRINT "HELLO WORLD"
20 GOTO 10

Exploits?

I got spyware from Firefox (1)

teshuvah (831969) | more than 9 years ago | (#11606953)

I haven't used IE at all in months. Never once clicked it. Yesterday I ended up with a piece of spyware called "ISTbar". I don't know how it could have got there other than through Firefox.

Re:I got spyware from Firefox (1)

rainman_bc (735332) | more than 9 years ago | (#11606982)

I think I got hit by the same thing actually... I never use IE on my XP box...

Well I'm on Linux now. Let's see them get spyware on this laptop lol...

Re:I got spyware from Firefox (1)

arkanes (521690) | more than 9 years ago | (#11607033)

Windows Media Player is also an infection vector for spyware, especially WMVs. Perhaps thats where it came from?

Re:I got spyware from Firefox (1)

eseiat (650560) | more than 9 years ago | (#11607025)

Are you using any software for downloading files? Perhaps you downloaded something that installed the spyware? I'm not trying to say Firefox is impossible to get hit with spyware, but there are other means of getting spyware than just through your web browser.

Re:I got spyware from Firefox (2, Informative)

The Grey Clone (770110) | more than 9 years ago | (#11607042)

Huh, that's funny. A quick search on Google says that ISTbar is an Internet Explorer toolbar, homepage, and search engine hijacker and will pop up porn advirtisements. I didn't see anything about Firefox, but, like I said, it was just a quick Google search. It doesn't make sense, why would someone deliver spyware that only effects IE through Firefox? Are you sure that you guys are the only one using your computer?

Re:I got spyware from Firefox (1, Informative)

Anonymous Coward | more than 9 years ago | (#11607046)

From here [doxdesk.com] ...

"ISTbar is an IE toolbar, homepage- and search-hijacker provided by Integrated Search Technologies/CDT Inc."

It was probably installed by an application that is using embedded IE (ie. an activex object). Why would someone target firefox only to install an IE only browser 'helper'

Re:I got spyware from Firefox (1)

Frankablu (812139) | more than 9 years ago | (#11607052)

Errrr....... No (need I say more?)

Re:I got spyware from Firefox (3, Informative)

Misch (158807) | more than 9 years ago | (#11607067)

ISTbar's "infection vector" is ActiveX [simplythebest.net] .

Probably didn't come through Firefox.

Re:I got spyware from Firefox (1, Informative)

Anonymous Coward | more than 9 years ago | (#11607094)

I got hit with that one a while back at work. I managed to remove it and then watched it reinstall itself. It would appear on my computer within minutes of booting up. I don't remember what vulnerability in Windows it exploits, but running Firefox was 100% not required to get it. Until the sysadmin got me patched up, I stopped it from coming back by creating a read-only file with its name where it tried to install.

Re:I got spyware from Firefox (1)

teshuvah (831969) | more than 9 years ago | (#11607106)

I'm the entire IT department, and I assure you that nobody has access to my pc. It's locked down as tight as you can get it. And I don't have any programs on here for downloading files, because it's my work computer.

Re:I got spyware from Firefox (2, Informative)

Anonymous Coward | more than 9 years ago | (#11607114)

Look here:

http://securityresponse.symantec.com/avcenter/venc /data/trojan.wimad.html [symantec.com]

or here:

http://securityresponse.symantec.com/avcenter/venc /data/adware.istbar.html [symantec.com]

for information about that spyware program. It's very likely that you contracted it in another way than some unknown exploit in FireFox. What email program are you using for example? Outlook Express maybe?

Can't wait. (1)

nberardi (199555) | more than 9 years ago | (#11606955)

Oh boy I can't wait. :) But I don't think FireFox is going to have anywhere near the problems of spyware that IE has. But I think the bigger threat is phishing attacks. I have already received e-mails from spammers trying to give my information to PayPal. And this was only announced yesterday. What is this world comming too. Can't anybody make an honest dollar anymore.

The record keeps skipping. . . (1)

Augie De Blieck Jr. (13716) | more than 9 years ago | (#11606962)

The more I follow the world of computing, the more repetitive it gets. I've heard this argument for Linux and Mac and others, as well. "They're only safe because they're such a small target."

While this is no doubt true, I think it vastly underestimates the community reactions to combat the malicious hackers. One of the reason Firefox, for example, is so strong is that it can fix a loophole within 24 hours of finding it. There are enough eyeballs to catch the problem, as it were. An open source project can have a patch to fix a problem inside of a day. Something like Windows is a giant security hole because nobody's updating it nearly that fast, if ever at all.

Fiddlesticks. Popularity is only part of it. (4, Insightful)

Shayde (189538) | more than 9 years ago | (#11606963)

The issue isn't really how many people are using it. That certainly does figure into it, but the very basic design philosophy of IE allows spyware to propogate easily.

Firefox has far better controls on what programs can be installed and can't be. Also, the very multi-platform nature of the code makes it harder to write an app that will work well.

I'm not worried. On the IE side, the only people who can fix the code are microsoft drones, and they won't do it. On the firefox side, the people who fix the code are the people who use it, namely us.

Planet-Geek [planet-geek.com]

This just in... (1)

octaene (171858) | more than 9 years ago | (#11606964)

... from the "no shiat" department.

The popularity argument again (4, Insightful)

gatesh8r (182908) | more than 9 years ago | (#11606968)

"The only reason why X has $BAD_THING is because the system is popular. I'm 100% certain when Y has such popularity it too will have such problems." -- while ignoring any design differences that make Y less suceptable to $BAD_THING. Firefox is better designed from the ground up. Not saying that it's bullet-proof (it's not...), just less suceptable and less desirable to target. Would you rather target a locked door with an alarm system, or a door that's wide open and no security measures taken?

its about time (0, Offtopic)

GatesGhost (850912) | more than 9 years ago | (#11606969)

i was getting tired of not having my computer taken over by spyware. man i hate stable pc's...

Signed java applets (1, Interesting)

Anonymous Coward | more than 9 years ago | (#11606975)

What about all those signed java applets out there all ready?
The user only needs to press 'OK'(which they usually do) and the applet gets full system access(because of the signing).
Doesn't look very safe to me.

I know you can configure this, but normal users doesn't do that

Already happening (1)

palad1 (571416) | more than 9 years ago | (#11606976)

Ever saw one of those nice signed applets from toolbarz.foo.com which requested UtterAndCompleteControlOverComputerPermission when browsing with firefox?

Have you noticed how easy it is to click 'ok' without even reading the dialog box?

The JRE plugin should include a time-delayed OK button, just as firefox does when installing plugins.

Re:Already happening (1)

liquidpele (663430) | more than 9 years ago | (#11607107)

The time-delayed crap isn't enough for most people...

Put a big "DANGER!" message there too to get the blockheads' attention.

Of course (-1, Redundant)

Anonymous Coward | more than 9 years ago | (#11606979)

So Obvs.

This is why.. (1)

Nichotin (794369) | more than 9 years ago | (#11606984)

This is why it is important to have default settings that do not even ask you to install something unless you put the site in an allow list.

Spy vs Spy (3, Interesting)

Doc Ruby (173196) | more than 9 years ago | (#11606985)

How about a program that takes the cryptohash of the virgin final installed code, and checks against that hash periodically (every 5 minutes, every new website, every app launch)? When spyware strikes, it changes the app fingerprint, and this sentinel could keep a log of recent traffic for analysis, and offer to reinstall. Our desktop immune system should take advantage of our "known good" info to detect these cancers when they start, and track them to their source.

I've already seen some... (4, Informative)

eno2001 (527078) | more than 9 years ago | (#11606986)

...being a 100% full time user of Firefox, I was surprised to find a site in a random web search a week or two ago that actually got a pop-up window going, but also appeared to attempt to execute some code as Firefox popped open a dialog asking me what I wanted to do with the file that was being downloaded. Thankfully, I have it ask me what I want to do, but if I was a typical user, I would have already associated the *.DOT file with MS Word and god knows what would have happened. Keep in mind that I didn't actually click on any links that indicated a download, I only clicked on a Google search result which took me to a site that displayed a blank screen and then the pop-up. I have to wonder what would have happened if I had associated OpenOffice.org with the *.DOT file since I run Linux. Probably not much... but it definitely indicates that Firefox will be targetted. The real question is: will the Mozilla project be able to keep up any better than MS has with IE? I'm guessing that they will.

Re:I've already seen some... (1)

arkanes (521690) | more than 9 years ago | (#11607090)

Firefox (and IE) download in the background while it's waiting for you to say what you want to do with the file. Unless you have a specific extensions explicitly set up to open without asking, though, it never should.

You don't have to click on a link to download a file, by the way (in either IE or Firefox, or indeed in any web browser). A JavaScript or even an HTTP redirect can be used to push a file to you.

Explain yourself... (0)

Anonymous Coward | more than 9 years ago | (#11607105)

will the Mozilla project be able to keep up any better than MS has with IE? I'm guessing that they will.

What's the reasoning behind your guess? The old argument that simply because the open-source community has more coders, they're bound to fix problems more quickly and get it right the first time? What guarantee do we have that the people looking at the code are even qualified to review? What insurance do we have against their work if it goes wrong? Who's accountable?

Java spyware? (1)

KivlE (547859) | more than 9 years ago | (#11606988)

Well, lately I've been noticing that a lot of the crack sites around (of course I never use them... uhh..) have started with Java spyware... Instead of the regular accept this activex crap dialog, I instead get one for a java-applet. I guess if I'd accept them they'd have the same access as a regular desktop java-app?



Luckily they're very easy to block with the adblock plugin. Just click the underlined adblock keyword down to the right, and select it from the list.

It's possible (1)

Realistic_Dragon (655151) | more than 9 years ago | (#11606994)

This months browser stats:

Firefox No 1231 50.4 %
Mozilla No 953 39 %
MS Internet Explorer No 237 9.7 %
Safari No 10 0.4 %
Opera No 7 0.2 %
Unknown ? 2 0 %

Starting to look like a tempting target, no?

(FWIW the same month last year was 72% IE for rougly the same number of hits.)

The numbers game (1, Redundant)

stinky wizzleteats (552063) | more than 9 years ago | (#11606995)

The presumption in the article is that, from a security standpoint, the only thing separating IE from Firefox is popularity. Doesn't ActiveX, etc. etc. etc. represent a serious qualitative difference in security problems?

As this begins to unfold... (1)

William_Lee (834197) | more than 9 years ago | (#11607004)

The Mozilla Foundation has a very big opportunity to prove WHY people should switch to Firefox from IE by making security the number one priority.

If the Firefox development community responds quickly to these threats as they arise, they will continue to win away informed users from the headaches of IE through word of mouth among other avenues.

There is always going to be a war going on between spyware makers and browsers. The browser maker who can respond quickly will continue to grow marketshare.

Features aren't enough, and complacency is dangerous. They need to respond to security vulnerabilities and spyware exploits in a rapid manner to stay ahead of M$.

If they don't already have one in place, I think the Mozilla Foundation should form a rapid response SWAT team to patch vulnerabilities and battle spyware with truth and justice for all!

I'll still stick with Firefox (1)

Adrilla (830520) | more than 9 years ago | (#11607008)

as it's bound to be a less frequent occurance and a faster more effective response. So when it's all said and done, "Viva la Firefox!"

Use = more potential for *ware? (0)

Anonymous Coward | more than 9 years ago | (#11607010)

Spyware is often propagated through holes in ActiveX or other pieces of Internet Explorer. Gecko (Mozilla Core) was designed from the ground up with security in mind. With few security vulnerabilities hitting Mozilla, and the fact that even the NSA recommends using an alternative to IE such as Mozilla, wouldn't it mean that there would be less spyware for it?

Mind you, Mozilla is probably as big as IE in terms of codebase, but it probably has more people working on it than IE. But saying that 'if more people use it than more people will want to crack it' isn't neccessarily true - look at OpenBSD. They're used in many places, but have yet to have a single remotely-exploitable security vulnerability in over ten years.

Sure, more people would hack at the code and try to exploit it, but if the software was designed with Security in mind, wouldn't it eliminate most threats by default? Linux may have it's flaws as well, but that doesn't mean that it is any less secure - and 90% of the vulnerabilities come out of third-party (non-core) software, which can be disabled. Windows is a different story, with everything all hardcoded into the kernel. Turn off those services, and Linux can run for up to a year without patching.

Not as bad (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#11607013)

While we certainly will begin to recieve spyware as Firefox becomes more popular, it will never be anywhere as bad as with Internet Explorer. Using ActiveX or creating a buffer overflow, an attacker can take over an Internet Explorer user's computer machine as soon as the user visits a hostile page. Firefox is not perfect, but at least it does not suffer from the blaring security hole that is ActiveX or allow buffer overflows as easily.

Attacking MS products because they are the biggest (1)

i_want_you_to_throw_ (559379) | more than 9 years ago | (#11607015)

is in part a bunch of Hooey. They are attacked because they are vulnerable and buggy. There are sevral products that dominate their respective areas that don't happen to be MS products and they are extremely secure compared to their MS counterpart. Like Apache....

"We are the subject of attacks because we're the biggest" is just so much horn blowing on the part of MS.

Defensive Measures (1)

Nom du Keyboard (633989) | more than 9 years ago | (#11607018)

Firefox should implement defensive measures. For example, I use a standalone utility that lists all the current plug-ins for IE. I can disable anything I wish from it. Be nice if Firefox included a built-in list to allow managing of plug-ins.

Maybe it even does, and I just haven't found it yet.

Re:Defensive Measures (1)

liquidpele (663430) | more than 9 years ago | (#11607124)

tools -> extentions
wow.

This will be a good test (1)

Lysol (11150) | more than 9 years ago | (#11607022)

I'm not completely skeptical of this statement and will actually be interested in seeing how Firefox will hold up. After all, it's not perfect, flaws exist. But, I have to believe that the approach behind the development of the Mozilla/Geko/etc has differed substantially from IE. After all, it's well known how tied to the os IE is and the fact that Moz/FF have (obviously for more than one reason) steered clear of this, I tend to think that user error/judgement will be a more likely cause of any kind of malware installation.

But regardless if there are any kind of infections for now, the OS community will respond with much quicker zeal than MS. However, how long will it take for the vendors to offer patched versions? What good is secure Firefox when Redhat or Novell (or any others) don't offer patched version? Remember, there are more and more comapnies who expect this - expect not to have to go out and fish for a download from some ftp server themselves. So it'll be interesting to see how that plays out.

Finally, PROOF! (1)

sampowers (54424) | more than 9 years ago | (#11607027)

I am so goddamn sick of the argument that Things Which Are Not Windows are only virus/malware free because they don't have the market share of Windows, and are therefore somehow not as valuable a target!

I didn't believe it about Mac OS, I don't believe it about Linux, and I am excited to see where it's going to go with Mozilla. People will realize that IE isn't just picked on because it's the most popular browser, it's also so easy to exploit, no wonder it's #1.

To prevent it... (1)

FunnyLookinHat (718270) | more than 9 years ago | (#11607036)

better than microsoft should be the new goal of firefox. Microsoft left clear holes in their program by giving it too much access in certain unrestricted ways (Cough, Active X, Cough) that made it so vulnerable.

Although Firefox may become popular, if the maintainers and coders do it right, they can keep it spyware-proof. Let's also not forget that most vilanous spyware requires no specific browser and instead is run secretly in the background of the computer's processes. That's a windows problem.

This should not be allowed to happen (1)

ballsmccoy (304705) | more than 9 years ago | (#11607038)

Why isn't spyware legally treated like viruses yet anywhere in the world?

I say that we do some whois queries and walk into those offices with AK-47's and take care of the problem. Guaranteed, a few of these incidents take place, and companies will think twice about making money off of spyware and adware. You can't spend the money in hell!!!

However, its just a suggestion. Otherwise go buy a Mac....Pussy

hahahahaha

It will be interesting to see (0)

Anonymous Coward | more than 9 years ago | (#11607040)

how susceptible FireFox turns out to be.

On the one hand, the bad guys can look at the source;

On the other, it wasn't designed by Microsoft several years ago and more or less abandoned since except for fresh eye candy and emergency patches.

If FireFox turns out to be less prone to trouble than IE, it won't tell us anything we don't already know but it will sure be funny the next time Gatesmer says OSS is inherently less secure.

This is the same argument about Macs and viruses (1, Insightful)

Anonymous Coward | more than 9 years ago | (#11607047)

Fact is, things won't be exactly the same if FF gets a bigger market share. It's not the same product. Articles like these are written by Microsoft apologists.

"Expert"? (5, Informative)

Kupek (75469) | more than 9 years ago | (#11607048)

Their expert is the Vice President of Threat Research at Webroot [webroot.com] . That much is from the article. The article doesn't take the next logical step, however, and point out that Webroot is in the business of developing and selling software to prevent, detect and eleminate spyware. So it's certainly in this guy's interest for people to think that spyware is still a problem.

Their other expert is also from a company that makes similar software. So people who make anti-spyware software agree: you need anti-spyware software.

I'll be more concerned when independent parties think spyware in Firefox is an issue.

Low hanging fruit ... (1)

YankeeInExile (577704) | more than 9 years ago | (#11607051)

If we posit that Firefox is a more difficult environment for malware, and I believe this to be true; then malware authors will continue to go after the low-hanging fruit of IE, even as its marketshare falls.

Infecting 60% of the population with a small amount of work, is far easier than infecting 40% of the population with an enormous outlay of effort.

Of course I'm living in a fantasy world, because I think that FF will reach 40% market penetration.

Been here a while (1)

pommaq (527441) | more than 9 years ago | (#11607068)

Some sites will try to foist an unsigned xpi on you, and this goes way back... can't remember when I first saw it but I'd wager it was almost a year ago. Example is here [cracks.am] (NSFW), try to download a file if you want to see what I mean. It's a cracking site so maybe you deserve what you get, but I've had some seemingly harmless lyrics sites try it as well. Us moz users have had a nice free ride for a while and things are certainly going to get worse - we all know the huge window saying "warning, this might be unsafe" won't do a bit of good - but at least now your mother's spyware-infested wreck of a browser will have proper PNG support!

Why more than just two browsers is a good thing. (5, Insightful)

hkmwbz (531650) | more than 9 years ago | (#11607077)

Sometimes it sounds like the new browser war is between Internet Explorer and Firefox, and only those. But people often forget that there are other browsers out there, such as Opera and Safari/Konqueror (when will we get a decent KHTML browser for Windows?).

If the market is indeed split into two major parts, this is actually a bad thing, because it gives you only two huge targets. That makes it easier and less expensive to create viruses, or take over computers for monetary purposes.

What we need is several browsers that each have a significant part of the market. Not just IE and Firefox/Gecko based browsers, but also Opera and KHTML based browsers. Maybe there would be room for even more as well.

It is good that an alternative browser is growing rapidly, but monoculture or duoculture makes life easier for virus makers. With four browsers, it would take four times the effort to get as much "bang for your buck" for virus authors looking to make money by infecting people.

Linux virus anyone? (-1, Flamebait)

TrickyTrinary (857439) | more than 9 years ago | (#11607081)

I think this same idea can be applied to virii and operating systems. Specifically why there are not many virii written for Linux enviroments as there are for Windows enviroments. People say linux is more secure, and that is true to a certain extent, but I believe the bigger reason is exposure. The larger the group of people who start using linux and Firefox (I use both), the more tempting a target they become to virus or spyware writers. This is why there are few virii for the mac world, why write a virus when its only going to effect 4.5% of the PC market share??

When will the first major worm targeted at Firefox (0)

Anonymous Coward | more than 9 years ago | (#11607083)

After switching to Firefox for more than a year now, I find IE to be the more stable one in terms of normal daily activity. On average, my Firefox crashes two times a week, as for IE, close to zero if I am not running Java or ActiveX sites. The main reason I am using Firefox: better security and various useful extensions.

Having said that, I completely agree with this article. I fear that Firefox may become more susceptible to worms than IE once it gets started. The only question remains is when...

Vested interest in keeping you scared (2, Insightful)

penginkun (585807) | more than 9 years ago | (#11607085)

Don't forget-these dire predictions come from AV software makers, who have an interest in keeping you scared.

Underestimating the community (1)

turboflux (781551) | more than 9 years ago | (#11607089)

Evidently these experts are underestimating the community behind Firefox. One of the big reasons behind spyware in IE is how slow Microsoft is to close up these bugs.

The Firefox decelopers on the otherhand would obviously make patching these types of things a prioity. Without ActiveX and the likes, there are alot fewer potential ways to infect someone running Firefox.

I realize that not everyone is going to be up to date with these patches, but are spyware writers really going to continue to try and come up with new exploits for Firefox when their hard work is sealed up within a day? I honestly can't see huge amounts of Firefox spyware, even if they do start to find a few holes.

A Grand Day For Firefox (2, Insightful)

blueZhift (652272) | more than 9 years ago | (#11607110)

Heh, when spyware makers really do begin to actively target Firefox users en masse, maybe a toast is in order. Pop open the bubbly! Why? Because spyware and spam are playing a numbers game. Of all the spam sent out and machines infested with spyware, only about 1 percent of those are going to make any money for the exploiter. But because we're talking about total numbers in the tens of millions at least, that 1 percent is good money.

So when Firefox becomes worth the effort, the folks in Redmond will really have to worry. In this game, nothing flags success like being the target of abuse! Tens of millions of Firefox users might just mean ten of millions of people considering something other than Windows. And that affects the bottom line for Microsoft. Hmmm, anyone heard of any OpenOffice exploits yet?

firefox still safer! (1, Troll)

black_city (856108) | more than 9 years ago | (#11607118)

firefox is clearly still safer, there are still open holes in IE6 even if you patch it up!
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>