Open
Bug 1022471
Opened 10 years ago
Updated 2 years ago
Conduit SearchProtect disables the blocklist
Categories
(Core :: General, defect)
Tracking
()
NEW
Tracking | Status | |
---|---|---|
firefox30 | --- | affected |
People
(Reporter: away, Unassigned)
Details
Attachments
(1 file)
1.09 KB,
patch
|
Details | Diff | Splinter Review |
No description provided.
The latest version of SearchProtect is disabling the DLL blocklist by using a helper binary SPVC32Loader.dll to reset LdrLoadDll's prologue. I've confirmed this with a memory breakpoint. It started happening sometime around: Timestamp: Fri May 23 19:20:46 2014 (537EF6CE) File version: 2.13.3.38 This is causing a number of DLLs that we've recently blocked to appear in crash reports again. That includes SPVC32.dll, libinject.dll, and the MovieMode family. As a reactive fix we could block SPVC32Loader, but it may not hold up in the long term.
Comment 3•10 years ago
|
||
requesting tracking to get on Rel-Man's radar for consideration.
status-firefox30:
--- → affected
tracking-firefox30:
--- → ?
Comment 4•10 years ago
|
||
FWIW, http://www.conduit.com/searchprotect even describes the software as legitimately protecting the user from unwanted search changes. Maybe someone from our side should contact them - http://www.conduit.com/aboutus/contactus - about not undoing our blocking mechanisms as that makes people crash with malware instead?
Comment 5•10 years ago
|
||
Could someone from release management take a look at this? We may need to contact SearchProtect. Thanks!
Flags: needinfo?(release-mgmt)
Comment 6•10 years ago
|
||
I've emailed the addresses in bugzilla that have conduit.com in them (including addons@conduit.com) and will wait to see if we hear back from them soon. This isn't specific to FF30 since it's an addon and is out of band with release versions. We'll give Conduit a day or two to get back to us but if crash volume rises on issues we know to be resolved with DLL blocking, we can look at taking that SearchProtect DLL block to mitigate the issue, even temporarily, while trying to work this out with them.
tracking-firefox30:
? → ---
Flags: needinfo?(release-mgmt)
Comment 7•10 years ago
|
||
(In reply to Robert Kaiser (:kairo@mozilla.com) from comment #4) > FWIW, http://www.conduit.com/searchprotect even describes the software as > legitimately protecting the user from unwanted search changes. Well, it "protects" users from others changing the settings that the installer just set. We forbid including such services with add-ons and we have been blocking Conduit products for a while. > Maybe someone > from our side should contact them - http://www.conduit.com/aboutus/contactus > - about not undoing our blocking mechanisms as that makes people crash with > malware instead? Some former Conduit products are now managed by a different company. I also sent them a message and am waiting for a reply.
While investigating another bug, I found a copy of Search Protect from June 23. Now they are disabling the blocklist just long enough to load their own software, and re-enabling it afterward. Sigh. I guess it's an improvement.
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•