Firefox 2 To Have Anti-Phishing Technology 229
Mitchell Bronze writes "Mozilla's Mike Shaver said in an interview that the upcoming Firefox 2 will have anti-phishing capability using technology that might come from Google." From the article: "With the continued rise in online attacks, security tools have become something Web browser makers can use to try to stand out. Microsoft plans to include features to protect Web surfers against online scams in Internet Explorer 7, due later in 2006. Similar functionality is already in Netscape 8 and Opera 8, both released last year. 'It is another example of the energy that has returned to the browser market,' Shaver said."
An opportunity, a threat... (Score:5, Interesting)
Vulnerabilities aside, the user is what is responsible for over 90 percent of the infections monitored. This starts with Mails that urge him to open something "really urgently", covers various plugins for Browsers that come filled with spyware (which, in turn, is a perfect door for other malware) and goes to bogus files on various P2P networks that claim to be some crack, hack or other "goodie" to lure the P2P user into starting it.
Now, you can walk the same way that antivirus companies go, you wait for the threat to unfold and grab it at its neck when you find it lurking in the system once your update covers it. That's fine as long as your releases at least match the speed of trojan development, if there is some intersection between the moment you update your anti-trojan signatures and the moment the trojan goes into a new generation.
And that window is closing. Fast. We're now facing trojans with update cycles that make you wonder when and how they create them. Currently, you face about weekly updates of some trojans. For the simple reason that there is no reason to update them more often. It is technically no problem to have them update twice a day. That's already a rate that no antivirus company could match. The AV company first of all needs to get a hold of the trojan, develop reliable signatures, create an update for the sigs and send them towards you.
Currently, AV companies can keep up with development. The trojan writers have enough clueless people without any antivirus protection who click everything and anything and allow every program to do whatever it pleases on the web, so they don't care about "us", those who have av tools and/or know how to keep their computer clean.
As soon as a browser like this hits the market, the race is on. It does no longer matter if you're clueless or an IT-pro, your browser will keep you out of way's harm on everything it knows. So, to be successful, the phishers have to be faster (or develop a new strategy, whichever is easier to do).
I'm not sure if AV companies can win that game if it becomes one of update speeds. A trojan writer has to push one update for one trojan. The AV company has to push a few 100 for about as many malware programs. Not a good position for the AV guys.
My hope is that Firefox will have a different approach to the problem. Self-checking processes (to avoid injections), close scrutiny of its BHOs, etc. I hope they will not try to use AV techniques, but instead concentrate on the entry points for such a program, and try to detect it there.
Smart move (Score:5, Interesting)
Is this a free alternative to Verisign? (Score:5, Interesting)
Verisign [verisignsecured.com] already has this kind of techology, the question is, will Firefox 2 make Verisign obsolete?
Verisign's advice: [verisignsecured.com] The best way to avoid becoming a victim of phishing is to never respond to unsolicited emails asking for personal information or directing you to a Web site where you are asked to enter personal information--even if it looks TOTALLY official.
Privacy concerns? (Score:5, Interesting)
Re:Good on ya (Score:5, Interesting)
And I cannot emphasize enough how great it is for my parents. By switching them to Fox and Bird, I have stopped my monthy trip up to remove all new spyware/viruses... now I just go for dinner. That gets an A+ in my book.
Damnit (Score:5, Interesting)
Seriously, I'll tell you the only anti-phishing technology we need: our damn heads, with a side of common sense.
I don't want my browser to have stupid coddling features like this that will just get in the way of a decent, savvy surfer. That's the problem with popularity - it leads to diluting the quality. I'd rather have a *good* browser only used by 3% of the people out there. Hell, the mere minority status might even make it *better* - now that Firefox is popular, more and more sites are finding ways of advertising specifically to it.
If Firefox 2 does have this, then it better be easy to fully disable, otherwise I'm definitely not upgrading.
Good (Score:3, Interesting)
Open source a problem here? (Score:3, Interesting)
(Seriously. If not, please post why not and educate me.)
Re:More appropriate as an extension? (Score:1, Interesting)
Re:anti-phishing == no passwords (Score:2, Interesting)
Re:Damnit (Score:1, Interesting)
Time for a fork.
Go right ahead. Let us know how that turns out for you and the 2 other users. The rest of us will continue to use Firefox.
Re:It already is an extension... (Score:3, Interesting)
So it reports my surfing to google's database? Thanks but no thanks. I've never fallen pray to phishing attacks, and don't want a feature like that logging all the pr0n sites I visit. Wait, the only pr0n site I need is google images now anyway haha!
Why should we trust google? They are looking out for their shareholder, not the end user.
Re:Damnit (Score:2, Interesting)
Re:More appropriate as an extension? (Score:3, Interesting)
Re:Good on ya (Score:3, Interesting)