Closed Bug 694683 Opened 13 years ago Closed 11 years ago

Consider blocking some versions of F-Secure's Browser Protection addon

Categories

(Toolkit :: Blocklist Policy Requests, defect)

Product:
Toolkit
Component:
Blocklist Policy Requests
Platform:
x86
Windows 7
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED WONTFIX
Tracking Flags:
Tracking Status
firefox8 + ---
firefox9 + ---

People

(Reporter: smaug, Unassigned)

Details

It seems that F-Secure's Browser Protection is causing quite a few problems. [1]
We should contact F-Secure and ask them to fix the problems and/or
perhaps block some versions of the addon.

[1] http://community.f-secure.com/t5/Protection/Browser-Protection-is-making-Firefox-sluggish/td-p/2355

(I started to investigate why FF was in not-responding state way too often on my
brother's laptop, and it looks like Browser Protection is causing the problems.)
Severity: normal → major
I installed the trial version of F-Secure (Browsing Protection Toolbar Version 1.10) and I have already experienced this. In my case I just kept loading some tabs until I hit it - nytimes.com was the charm. Not a very good user experience in my opinion especially if it keeps happening for end users.

I also noted on their website that a 2012 version of their software is out soon so I sent an email to request it since I am curious to see if the same thing will be happening with the new version.
The version I was testing was also 1.10.
Here is what I got from the support team:

First, we have to know if this is Browsing Protection issue:
Please ensure that you do the following:
-	disable Deepguard
-	disable advanced process monitoring
-	disable web traffic scanning

If browser still freezes, please provide the following information: 
1)	What website that caused the hang?
2)	How many tabs has open?
3)	Memory consumption
4)	CPU usage
5) 	Generate FSdiag, you can get the instructions from this page(http://www.f-secure.com/en/web/home_gb/support/contact/fsdiag)

I also have some license keys if anyone wants to help test this.
As discussed with smaug on IRC, I will do some investigation of this using Firefox 7, Firefox 8 and beyond today and report back. We do have a contact at the company.
interesting that the form page at http://forum.f-secure.com/default.asp has a special link to a forum for:

   F-Secure Online Scanner
   Discuss the Online Scanner here. 

but the link there redirects to a product page.  I wonder if this is even a supported product at f-secure anymore.
Might be because they are working on the 2012 version. There are a few other links on that forum page that led to 404s and said they were working on the site.

(In reply to chris hofmann from comment #5)
> interesting that the form page at http://forum.f-secure.com/default.asp has
> a special link to a forum for:
> 
>    F-Secure Online Scanner
>    Discuss the Online Scanner here. 
> 
> but the link there redirects to a product page.  I wonder if this is even a
> supported product at f-secure anymore.
I was previously testing on the the same machine using  Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1, but for some reason today I am not seeing the issue on the same machine. But as smaug notes there are enough reports in the forums and with his brother's machine for this to be a concern. I am going to try on an XP machine next.

As far as what they suggest in Comment 3, that is fine but most end users won't be savvy enough to understand what you have to turn on and off.
I started typing in this comment box again and I experienced the freeze.

Right now F Secure Browsing Protection Toolbar Version 1.10 is not compatible with Firefox 8, so it is tough to see what will happen there unless I force it to be compatible.
I noticed this
http://community.f-secure.com/t5/Protection/Browser-Protection-is-making-Firefox-sluggish/td-p/2355/page/5

"
a week ago

Hi,
I'm representative from R&D.
We are currently working on this issue at the top most priority now. Please be patience as there are many scenarios mentioned in this thread. We will come back to you with our findings.
Thanks for your report and please continue to update us if you have new findings at your end."


Maybe they are updating something...maybe.
Now testing with : Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1, using the same version of the addon.

Results:

1. Issue seems much worse on this machine. Happens randomly and gets worse the more tabs I have open. But it even happened with about 5-6 tabs opened.
2. I turned off Deep Guard and Advanced Process monitoring and the issue still manifested itself.
3. I tried to use their support tool to submit data but it seemed like the tool itself was either hanging or taking very long to finish generating data.

It is good if they are working on the problem, but probably the better short term solution is to softblock this version and improve the user experience for Firefox users who have to suffer through these non-responsive periods.

In the interim I need to get a copy of their 2012 suite in order to see if the same thing is happening (I thought I got a license key for that but apparently the keys are for the 2011 version).
(In reply to Marcia Knous [:marcia] from comment #10)
> It is good if they are working on the problem, but probably the better short
> term solution is to softblock this version and improve the user experience
> for Firefox users who have to suffer through these non-responsive periods.
I agree.
During the Beta triage meeting today we discussed this bug. It was decided that the next steps would be to contact the FSecure devs and let them know of our findings. I sent them an email this afternoon pointing them to this bug so they could review my test results. 

Right now this is an an issue for Firefox 8 because it is not compatible, but if they bump the compatibility then there could be issues there too.

I will report back in the bug when I hear back from them.
I received a response back from the dev team indicating that they aware of the root cause of the problem and are working on fixing it. However, they mentioned they will release FF8 support next week but the update does not include the fix.

I emailed them back asking if they have an ETA for the fix.
[triage comment]

We are going to track this for 8 and 9 as it could affect the perceived quality of the releases.
tracking-firefox8: ?+
tracking-firefox9: ?+
I heard back from the dev team and they said they may be able to get us a fix to test this week.
(In reply to Marcia Knous [:marcia] from comment #15)
> I heard back from the dev team and they said they may be able to get us a
> fix to test this week.

Do we have an idea of the extension version range and affected platforms we'd be blocklisting for? It'd be good to have that info nailed down in preparation for a possible blocklisting recommendation.
I received the binaries from them today so I will be performing some testing. I will see if the revised version improves the issue.

If not I will come back with version info.
I have been testing the updated binary they sent me today. So far things seem better, at least on Windows XP during my initial testing. I still want to check on Windows 7 as well.

We would also need to find out from FSecure how fast this fix could be deployed on their end.
I was advised via email that they have rolled out the fix I tested and it should work with Firefox 8. This fix is only applicable for IS2011 and not for IS2012 since that has fewer users. They advised they will roll out the fix for IS2012 at a later date.
(In reply to Marcia Knous [:marcia] from comment #19)
> This fix is only applicable for IS2011 and not
> for IS2012 since that has fewer users. They advised they will roll out the
> fix for IS2012 at a later date.

Then we should block it until they fix it, right? We've got to start being more aggressive about other software destroying our product. :(
I just got the license keys for the 2012 version and will do some testing in the lab to see if I encounter the same problem. We would need to get the version number for that new version if we want to consider blocking 2012.
FSecure reached out to me by both IRC and phone and assured me that they are working on a fix for the 2012 version. We agreed to touch base on Tuesday via email to see where they are with their work. They emphasized that they don't have a large user base on the 2012 version yet.

They would like us not to block anything for that 2012 version until next week when they contact us.
I just heard yet few different cases when F-Secure is causing problems.
We must block F-Secure now! I really mean now!
I don't want all my friends to move to other browsers.
(F-Secure is popular in Finland.)

I don't care what F-Secure thinks about us, but they must not destroy our product.
Is there a reason we couldn't block the versions that are currently causing problems for our users? If they haven't rolled out a fix yet, it should be possible for them to do so using a new version identifier such that they get unblocked once that happens.
Yeah, I seriously think that once we know an addon is causing serious problems and we find out it'll take a week to get anything done about it we should just go ahead and blacklist until the fix is in place....
Please include the needed information from https://wiki.mozilla.org/Blocklisting to block this:

Extension name: 
Extension UUID: 
Extension versions to block: 
Applications, versions, and platforms affected affected: 
Block severity: (hard/soft)

Homepage, AMO listing, other references and contact info: 

Reasons:
Sounds like F-Secure will release some automatic updates on Tuesday to fix the problem.
In that case, IMO, there wouldn't be need to block the addon - if it is guaranteed that all the
addon users get the update.

In general, I think we need to test certain addons more often. Skype did cause major problems and
it took some time to figure that out (and block some versions). This bug has been open for a month, and
the bug is/was so bad that we should have blocked the addon almost immediately.
We should also test other common addons.
Before deciding not to block, I think we should check that the update is actually going to be automatic.
Sure, and make sure it works well.
So please attach the information fligtar asked for in the meantime.
Two versions are out there now: 2011 and 2012. My understanding is that the issue was fixed in the 2011 version if you updated to the most recent version (see Comment 18). They are working on a fix for the 2012 version according to the email thread I have seen.

smaug also mentioned to me in an email that there could be an issue specific to connectivity.
Yes, my understanding is also that 2011 should be fixed but 2012 is not yet.

And the Not Responding problem should happen more often with high latency network connection, so
when testing the addons, better to use not so high quality connections.
Need to remember to test the addon also with 3.6.x
Closing old blocklist bugs. Please reopen if the problem still exists.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → WONTFIX
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.