Firefox 2.0 Update To Remove Phishing Detection

← Back to Stories (view on slashdot.org)

Firefox 2.0 Update To Remove Phishing Detection

Posted by kdawson on Sunday December 7, 2008 @07:50AM from the way-past-time-to-update dept.

An anonymous reader writes "Computerworld and others are reporting that Firefox 2.0.0.19, the last security update to be released before 2.0 goes end-of-life, will remove the phishing detection at the request of Google. The browser is using an older version of the Safe Browsing protocol that Google will discontinue. According to the latest NetApplications report, about 25% of all Firefox users were still on version 2.0. This move ought to result in an increased adoption of Firefox 3.0 and other browsers, unless it goes unnoticed by most users."

12 of 351 comments (clear)

A security update that reduces security by mysidia · 2008-12-07 07:53 · Score: 5, Interesting

Hrm.. I don't think that's the intended use of security updates that causes users to be willing to accept and enable such updates.
In a way, it's a breach of trust if they were intentionally holding back on upgrading to 3.0. Users would be in slightly better shape if they refused to accept this update (at least until Google finally does turn it off).
I anticipate not necessarily a massive increase in users updating to Firefox 3.0, but more likely a massive increase in phishing targetting 2.0 users who still think they're protected (they didn't pay attention to the update release notes).
1. Re:A security update that reduces security by dafrazzman · 2008-12-07 08:05 · Score: 4, Insightful
  
  Even a minor increase in 3.0 adoption would be worth it, as the phishing detection won't matter once google turns it off. I think Mozilla is doing well by making one last effort to move people towards Firefox 3.
  At least the version 2 users are being given some warning, as opposed to just being left out to dry without any heads up at all.
  
  --
  My preferred name is frazz, but someone keeps taking it. If you see him, tell him I said hi.
2. Re:A security update that reduces security by theaveng · 2008-12-07 08:42 · Score: 4, Insightful
  
  I disagree. I already tried Firefox 3 and it ran very poorly, so that's why I went back to Firefox 2.
  IMHO rahter than disable the feature, thereby making users vulnerable to scams, the correct solution is to upgrade the anti-phishing to v2. Toturn it off completely is somewhat akin to a AntiVirus 2.0.0.19 program deciding to turn-off its scanner, to force users to move to AntiVirus 3. The ends do NOT justify leaving users vulnerable to attack.
  
  --
  FOX NEWS.com should be BANNED from television and internet. Have the Congress take it over and give us Truespeak.
3. Re:A security update that reduces security by gparent · 2008-12-07 08:46 · Score: 4, Informative
  
  It's going to End of Life. They won't upgrade an obsolete product. Either they turn it off in the next update and get some people to upgrade, or they leave it on giving a false sense of security since it won't even work.
4. Re:A security update that reduces security by Tubal-Cain · 2008-12-07 08:58 · Score: 4, Insightful
  
  Uhhh... Google's turning off the servers.
  Your FF 2.0.18 won't have any phishing protection, either.
5. Re:A security update that reduces security by TheRealMindChild · 2008-12-07 10:44 · Score: 5, Insightful
  
  I still don't see why they're pushing people so hard to upgrade to 3.0.
  
  Because they are going to stop working on that version. I hate to point out the obvious, but this isn't really a complicated question.
  
  --
  
  "When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
6. Re:A security update that reduces security by Ramze · 2008-12-07 11:05 · Score: 4, Insightful
  
  I think the idea is that since they aren't going to offer any more updates to the software, anyone using FF 2.0 is going to be vulnerable to future browser exploits and rendering issues which will not ever be patched (unless someone forks the code), so from a user-safety perspective and a public relations perspective, Mozilla needs to strongly persuade people to move away from the old version.
  The reasons to upgrade are the same as for any software. Sooner or later, FF3 or higher will have features that FF2 does not have and that you will need or wish you had. Whether that's patches, plug-ins, or new features, I can't say... but it is coming. Maybe a new version of HTML or a new scripting language... maybe a plugin that only works with 3.0 or higher for web pages you need access to -- who knows.
  As for why they choose to turn the anti-phishing off rather than move to the next version, I think it's fair to say that turning off something is easier than re-coding it to work with something new. Also, why code it to work with the new Google version when you're discontinuing support? At some point, Google's API will change and FF 2 users will be left without a working anti-phishing engine again -- only without any warning because Mozilla will have moved on to FF 4 or beyond by then.
  You are, of course, welcome to continue to use FF 2 if you enjoy the product, but it is not Mozilla's responsibility to continue to support it once they've moved on to a newer version.
  You are correct that Mozilla could wait until Google discontinues its service to turn off the feature, but that is only prolonging the inevitable. They likely want the upgrade in place before Google shuts down its service so that users have advanced warning. If I were Mozilla, I'd even put up a splash screen upon installing the update to warn people that the anti-phishing no longer works and to upgrade to FF 3 if they wish to continue using the feature.
  I'm not exactly sure what you're arguing. It sounds as if you're upset that Mozilla is "pushing" people to FF3 by discontinuing a feature in FF2, but really it's Google that's changing and Mozilla is reacting to that change by turning off the feature in advance in an effort to control the situation. It's not as if Mozilla turned off FF2's ability to use tabs or plugins or other features to intentionally cripple FF2.
  Honestly, your post sounds a bit like a rant that eventually you'll have to move to something other than FF2 and you're upset that the reasons to move have only just begun to pile up. I can understand that you like the software and believe it is still worth supporting and/or forking to continue updating, but apparently Mozilla isn't going to be the one to do that for you.
7. Re:A security update that reduces security by gparent · 2008-12-07 11:54 · Score: 4, Informative
  
  I still don't see why they're pushing people so hard to upgrade to 3.0.
  Because they won't work on 2.0 anymore. It will not be supported and will no longer receive security updates. How hard is that to understand?
  
  The version 3.0 still seems slower and more buggy than the version of 2.0 I have been using for some time.
  Except it's faster. Java Script improvements, less memory leaks, a garbage collector of sorts, etc. FF 3.0 requires less resources.
  
  I would argue that FF 2.0 is not and obsolete product
  By definition, it is. It will reach End of Life.
Re:Why would anyone use FF2? by mysidia · 2008-12-07 08:13 · Score: 4, Insightful

You just gave a reason for Firefox 2 users not to upgrade to Firefox 3.
The reason not to switch from Firefox 2 to Opera instead (for older systems) is the same reason for Windows '98 users to not switch from MSIE to Firefox.
They are more familiar with their chosen browser, and there is an inherent resistance to switching.
It's ashame the last major, tried and true, stable release of Firefox is EOL'ed so rapidly, in favor of the bleeding-edge FF 3.
What would you think of Microsoft if they had discontinued further security updates for Windows XP in 2007, one year after the release of Vista?
Will anyone notice? by drew · 2008-12-07 08:40 · Score: 5, Insightful

I'm fairly certain that anyone who actually needs phishing detection probably won't even notice that it's gone, or won't know what it means. For example, people like my parents who only have Firefox because some well meaning geek installed it for them a year and a half ago...

--
If I don't put anything here, will anyone recognize me anymore?
Re:Why would anyone use FF2? by i.of.the.storm · 2008-12-07 08:41 · Score: 5, Insightful

Not sure what's so bleeding-edge about FF 3, it's a lot more stable and faster than Firefox 2 was. I think your word choice is a bit disingenuous and designed to make FF 3 look bad. And the situation is a bit different since upgrading from XP to Vista costs money, whereas unless you're on Windows 98 upgrading from Firefox 2 to 3 doesn't cost a thing.

--
All your base are belong to Wii.
People on older distros by sentientbrendan · 2008-12-07 08:45 · Score: 5, Informative

can't upgrade.
On Linux Firefox doesn't distribute RPM's or DEB's for the various major platforms, and most vendor's don't provide new software for distros once they've been released.
Also, getting firefox 3 compiled from source on older distros is incredibly difficult due to version skew of various libraries. I got most of the way there, and gave up.
People who use linux for work are often stuck on older distros due to long corporate maintanance cycle's. It costs them a lot of money to roll out a major update to thousands of machines, especially if you are developing software on top of them.
Thus, it really sucks that there is no way to put newer software on older linux OS's without running into library version hell. Especially since this is so easy on other platforms. After all, who has trouble getting software working on XP?