Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spyware for Firefox Coming This Year?

Posted by Zonk on from the deeply-unsettling dept.

EvilCowzGoMoo writes "One of the main reasons for the Firefox browser's successful seizure of market share from Microsoft's Internet Explorer is the desire to escape the inundation of PC-slowing spyware. However, spyware experts indicate that with its increased popularity, Firefox itself will become a target for spyware creators." From the article: "Basically, if you use Firefox today, you're not susceptible to any spyware, other than what you download when you're on Kazaa...The spyware writers target mostly Explorer users because that's the most fertile feeding ground for piranha-like (spyware) attacks. They'll watch as Firefox becomes mainstream, they'll see opportunity there and start targeting them."

7 of 630 comments (clear)

  1. I've already seen some... by eno2001 · · Score: 4, Informative

    ...being a 100% full time user of Firefox, I was surprised to find a site in a random web search a week or two ago that actually got a pop-up window going, but also appeared to attempt to execute some code as Firefox popped open a dialog asking me what I wanted to do with the file that was being downloaded. Thankfully, I have it ask me what I want to do, but if I was a typical user, I would have already associated the *.DOT file with MS Word and god knows what would have happened. Keep in mind that I didn't actually click on any links that indicated a download, I only clicked on a Google search result which took me to a site that displayed a blank screen and then the pop-up. I have to wonder what would have happened if I had associated OpenOffice.org with the *.DOT file since I run Linux. Probably not much... but it definitely indicates that Firefox will be targetted. The real question is: will the Mozilla project be able to keep up any better than MS has with IE? I'm guessing that they will.

    --
    -"...bad old ideas look confusingly fresh when they are packaged as technology" - Jaron Lanier (Digital Maoism on Edge.o
  2. Re:...and.... by arkanes · · Score: 5, Informative
    Current versions of firefox don't allow this, unlike the (annoyingly easy to mis-click) ActiveX install dialog in IE. There's a whitelist for sites permitted to install extensions, which (by default) is limited to the offical Mozilla update site. Sites not in the whitelist won't even get a dialog, instead a yellow bar at the top of the screen appears, with a button you can use to access the whitelist and add the site. A site on the whitelist gets the standard dialog, which has a time-delay OK button to help prevent mis-clicks. There's no absolute way to prevent people from installing malicious extensions, but (assuming there's no bugs in, say, the whitelist implementation) Firefoxes current model is about as good as you could get.

    Note that older versions of Firefox (and Mozilla) don't have the whitelist, and even older ones don't even have the dialog and are in fact vulnerable.

  3. Re:IE and Firefox have different problems by maskedbishounen · · Score: 5, Informative

    This is why Mozilla Update exists. A safe haven for users to find extentions that won't screw them over.

    Supposedly.

    If nothing else, at least it has a rating and feedback system, so you'll have a heads up from others.

    --
    "An infinite number of monkeys typing into GNU emacs would never make a good program."
  4. "Expert"? by Kupek · · Score: 5, Informative

    Their expert is the Vice President of Threat Research at Webroot. That much is from the article. The article doesn't take the next logical step, however, and point out that Webroot is in the business of developing and selling software to prevent, detect and eleminate spyware. So it's certainly in this guy's interest for people to think that spyware is still a problem.

    Their other expert is also from a company that makes similar software. So people who make anti-spyware software agree: you need anti-spyware software.

    I'll be more concerned when independent parties think spyware in Firefox is an issue.

  5. Re:IE and Firefox have different problems by iabervon · · Score: 4, Informative

    One significant difference is that Firefox (1.0) uses a non-modal section for this sort of thing, so the user is much more likely to completely ignore it. Additionally, the section appears in the same area that the browser offers to let you see pop-ups, so users will quickly be trained to ignore that section as being for getting ads. It won't stop users from getting spyware, but the users will actually have to pay attention to figure out how to get it, rather than being bombarded with offers for it and having to refuse them intentionally.

  6. Re:Malicious XPI's exist already by jwilcox154 · · Score: 4, Informative
    heck, even IE since it was based on Netscape, but it just shows a blue screen

    Internet Exploder was not based upon Netscape, but it was based upon the Mosaic Web Browser.

    Here's what it says in the "About Internet Explorer" dialog
    Based on NCSA Mosaic. NCSA Mosaic(TM); was developed at the National Center for Supercomputing Applications at the University of Illinois at Urbana-Champaign.


    They got the term for the Open source project Mozilla from Netscape's Original code name which is a contraction of Mosaic + Godzilla (i.e. Mosaic killer), and was coined by Jamie Zawinski (jwz) when Netscape's primary competition was Spyglass Mosaic.">

    In other words, Mozilla/Netscape and Mosaic/Internet Explorer are not based on one another, they have nothing to do with one another except they're competing web browsers.
  7. Re:Malicious XPI's exist already by Magic+Thread · · Score: 4, Informative

    2o7.net is a web analysis company, used explicitly by the BBC and other sites. See the replies on the freebsd-chat mailing list where the parent message was posted:

    1 2