Firefox and Google Team to Block Malware
ComputerWorld reports Mozilla and Google are working together to block malicious code sites in Firefox 3.0. The new features are ranked at priority 2, which are important but not guaranteed to be in the release.
Firefox would use blacklists created by Google identifying sites that host malicious software. (Google's security blog includes a recent post on the distribution of malware).
"Similar to how Firefox 2 blocks Web sites that are potentially going to try to steal your personal information, Firefox 3 will block Web sites that we believe are going to try to install malicious programs on your computer," said Alex Faaborg, a user experience designer in a blog entry last week. "Mozilla is coordinating with Google on this feature."See The Ghost in the Browser: Analysis of Web-based Malware for Google's research on the extent of the problem and the difficulties in detecting obfuscated malware.
Blacklists would likely be maintained locally to improve performance:
"I think the plan for malware is to only use the local lists so we don't have to slow down page load or unload a page (which would probably be too late anyway)," replied Tony Chang, one of the Google software engineers who works full-time on Firefox.
There are still questions about the criteria for blocking sites. Will the blacklists include just viruses, Trojans, worms, keyloggers and video frame grabbers or will adware be included? Will Internet Explorer-specific malware be included in Google's lis?
Mozilla is taking on the challenge of creating new countermeasures to adapt to changes in malware distribution. Will Microsoft, Opera and Apple follow suit?
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
