Closed
Bug 262762
Opened 20 years ago
Closed 16 years ago
Method to keep adware and malicious extensions and plugins from being added without user's knowledge
Categories
(Core :: Security, enhancement)
Core
Security
Tracking
()
RESOLVED
DUPLICATE
of bug 346960
People
(Reporter: netdragon, Assigned: dveditz)
References
Details
At the time of writing, an installation program can place additional browser plugins in the plugins directory without the user being aware of it. This could install handlers for file types that allow malicious behavior. Mozilla can keep a register of existing plugins, such as java plugins, and warn a user if a new one has been added. This register should not be accessible to outside applications (should use a user-held key for encryption or some other method).
Reporter | ||
Comment 1•20 years ago
|
||
So I don't get flamed, I realize extensions and plugins are different. I made this one bug since the same lockdown method might be used for both. This could also be applied to extensions that were installed by a 3rd party application by copying their files to the profile directory. With Firefox's market share increasing, it will increasingly become a target for spyware and browser hijackers. See also http://forums.mozillazine.org/viewtopic.php?t=39266 The perfect scenario for extensions is to make it so they could only be installed with the help of Mozilla and thus the user would be prompted. This scenario is probably unrealistic. There is no sure-fire way to block adware who has access to the same disk and our source code from getting in. Through deterrents, and working with makers of programs like Norton Security and Adaware, we should be able to get the number of adware programs that put the effort in to get through the deterrents to a manageable number. That's the best we can probably hope to accomplish when these programs would already be installed and have access to the same system. Beyond that, it'd be some cat and mouse game we'd invariably lose. Deterrents, though, are probably worth the effort. I think a good start in solving the issue of extensions being inserted without our knowledge is simply to have a way to view ALL extensions that are installed and loaded, such that a user can eyeball whether there is a malicious extension installed. They would see malicious plugins in about:plugins, if most users knew about it. Bug 16489 is about password protection for the profile. I don't know if this is a good route to travel down. Any means of key encrypting a list of plugins and extensions would require either a password upon startup (inhibiting usage), or for the user to be expected to run a check every so often, along with a password required when installing extensions. I'm aware that currently security extensions are not seen by the users. This needs to change, because malicious extensions could utilize this method to remain invisible to the user. If you want to make them not ugly up the extensions dialog, they could be placed at the end of the list, with a divider in between. All this being said, there is still no way to guarantee that, as Callek said, applications couldn't hack into the device context for the Window through the Windows API, or modify the chrome folder.
Summary: Warn me on insertion of new plugins → Method to keep adware and malicious extensions and plugins from being added without our knowledge
Reporter | ||
Updated•20 years ago
|
Summary: Method to keep adware and malicious extensions and plugins from being added without our knowledge → Method to keep adware and malicious extensions and plugins from being added without user's knowledge
Comment 2•20 years ago
|
||
Couldn't the spyware installer just patch out the protection in the Mozilla executable and then do whatever it likes?
Reporter | ||
Comment 3•20 years ago
|
||
There is no foolproof protection, but anything that would do that is more than spyware, it's a trojan. The only way to combat that would be to have the executables register their MD5SUM to a key-encrypted file when first run, and give the user a tool to check to see if the MD5SUM changed. The user would know the key, because it'd be in his head, and spyware cannot read minds (yet). This could actually be made as an extension in and of itself.
Comment 4•18 years ago
|
||
This will never work. If the md5sum changes, then what? You're hoping that the extension is still working... but if malware patched the executable it also patched the extension (or wherever the md5sum-validating code was).
Comment 5•18 years ago
|
||
What if each browser is given a unique key on install (stored in the app folder where hopefully only root/sysadmin has write priv), and extensions installed through the browser are signed after the user validates the install. When starting the browser if an unsigned, or incorrectly signed, extension is found, the user is notified/warned, and can choose to delete, or sign, or whatever. This would be done in the main browser code, not modifiable through anything in the profile directories. Hopefully the main browser code can be kept somewhere only root/sysadmin can modify. Just a thought, lee
Updated•18 years ago
|
Updated•16 years ago
|
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•