Closed Bug 1062966 Opened 10 years ago Closed 10 years ago

Breakdown: Implement new handling of malware downloads in download panel

Categories

(Firefox :: Downloads Panel, defect)

Product:
Firefox
Component:
Downloads Panel
Type:
defect
Priority:
Not set
Severity:
normal
Points:
1

Tracking

()

Status:
RESOLVED FIXED
Iteration:
35.2

People

(Reporter: sevaan, Assigned: Paolo)

References

(Depends on 2 open bugs)

Details

This is the implementation bug for the UX work carried out in Bug 1053890 regarding how downloads flagged as "malware", "potentially unwanted", or "uncommon" are handled in Firefox.

More information:
- https://bugzilla.mozilla.org/attachment.cgi?id=8481334
- https://bugzilla.mozilla.org/show_bug.cgi?id=1053890#c38
Flags: firefox-backlog+
Flags: qe-verify?
Depends on: 1063105
Flags: qe-verify? → qe-verify+
Release Note Request (optional, but appreciated)
[Why is this notable]: This is something I think we should note and document for users, maybe in the support knowledgebase, since it will affect potentially a large percentage of user downloads.
[Suggested wording]: User warnings defined for downloads that may be malware.
[Links (documentation, blog post, etc)]:  (Still needed)

Tyler I'm cc-ing you because I'm not sure if there's someone specific in SUMO who might want to do this.
relnote-firefox: --- → ?
OS: Mac OS X → All
Hardware: x86 → All
Paolo: you had mentioned this being complicated. Does it need to be broken down?
Flags: needinfo?(paolo.mozmail)
Depends on: 1068656
Depends on: 1068660
Depends on: 1068664
(In reply to :Gavin Sharp [email: gavin@gavinsharp.com] from comment #5)
> Paolo: you had mentioned this being complicated. Does it need to be broken down?

I did the breakdown and added my own estimates directly on the bugs.
Flags: needinfo?(paolo.mozmail)
Assignee: nobody → paolo.mozmail
Status: NEW → RESOLVED
Iteration: --- → 35.2
Points: --- → 1
Closed: 10 years ago
Flags: qe-verify+ → qe-verify-
Resolution: --- → FIXED
Summary: Implement new handling of malware downloads in download panel → Breakdown: Implement new handling of malware downloads in download panel
What version is this fixed in? You gave it an "iteration," but that number doesn't correspond to any Firefox version, AFAIK

This need to be implemented quickly, to prevent users from turning off the feature entirely to get around a false positive. And Google's methodology of using multiple antiviruses is highly prone to false positives.
Marco, you morphed this bug from a metabug into a breakdown, but now there's no meta bug left to see when the feature is complete? On top of that it's very confusing as there were already loads of bugs duplicated to this one, which are now showing as RESOLVED FIXED, even though the bug isn't fixed yet.

(In reply to Terrell Kelley from comment #7)
> This need to be implemented quickly, to prevent users from turning off the
> feature entirely to get around a false positive. And Google's methodology of
> using multiple antiviruses is highly prone to false positives.

Note that we already partially disabled this feature in release Firefox to reduce the number of false positives.
Flags: needinfo?(mmucci)
Turned into a breakdown based on Comment #6.  Bug 1068664 and Bug 1068660 are currently assigned and being worked on in IT 36.1  Bug 1068656 is blocked by Bug 1068664.

(In reply to Gian-Carlo Pascutto [:gcp] from comment #8)
> Marco, you morphed this bug from a metabug into a breakdown, but now there's
> no meta bug left to see when the feature is complete? On top of that it's
> very confusing as there were already loads of bugs duplicated to this one,
> which are now showing as RESOLVED FIXED, even though the bug isn't fixed yet.
> 
> (In reply to Terrell Kelley from comment #7)
> > This need to be implemented quickly, to prevent users from turning off the
> > feature entirely to get around a false positive. And Google's methodology of
> > using multiple antiviruses is highly prone to false positives.
> 
> Note that we already partially disabled this feature in release Firefox to
> reduce the number of false positives.
Flags: needinfo?(mmucci)
Is there something landed in 35 that should get noted here?  I'm not clear on which of the bugs landed or in progress actually have user-facing impact worth noting.
Flags: needinfo?(paolo.mozmail)
(In reply to Lukas Blakk [:lsblakk] use ?needinfo from comment #10)
> Is there something landed in 35 that should get noted here?  I'm not clear
> on which of the bugs landed or in progress actually have user-facing impact
> worth noting.

No, bug 1068656 is the visible front-end work. I've added the "relnote" keyword there.
Flags: needinfo?(paolo.mozmail)
Depends on: 1141257
Do you have any telemetry data on people disabling the feature in about:config? I thought maybe you might need to force the option back on upon release, if disabling was common enough.
You need to log in before you can comment on or make changes to this bug.