Firefox 32 Download Security Feature/Annoyance

Now, for whatever reason I have not seen any reference to this new feature (or annoyance as Mozilla makes it rather difficult to allow the download if you understand the risks) in the Firefox 32.x release notes. From the Mozilla Security Blog:

Until recently, we only had access to lists of reported malicious web sites, now the Safe Browsing service monitors malicious downloaded files too. The latest version of Firefox (as of July 22) will protect you from more malware by comparing files you download against these lists of malicious files, and blocking them from infecting your system.

The next version of Firefox (released in September) will prevent even more malicious downloads on Windows. When you download an application file, Firefox will verify the signature. If it is signed, Firefox then compares the signature with a list of known safe publishers. For files that are not identified by the lists as “safe” (allowed) or as “malware” (blocked), Firefox asks Google’s Safe Browsing service if the software is safe by sending it some of the download’s metadata. Note this online check will only be performed in Firefox on Windows for those downloaded files that don’t have a known good publisher. Most of the common and safe software for Windows is signed and so this final check won’t always need to happen.

Thanks to Claus (grand stream dreams) for bring this to my attention.


Comments

Firefox 32 Download Security Feature/Annoyance — 5 Comments

    • Not necessarily. In my case it is preventing download of sysadmin-type utilities from NirSoft.

      Those and quite a few other Windows admin type tools often get considered as malicious/potentially-unwanted-programs because of what they “could” do in wrong hands.

      My concern (right now) is that the lower-level published workaround to keep the base “safebrowsing” features in play but to disable the “I’m chosing to download it myself” option broke in v32.0.x It was introduced in v 31.

      I can still totally disable the “safebrowsing” feature but right now it’s an all-or-nothing option, not like documented.

      And many others have expressed concerns about the type of meta data that file-check hands off to Google…as well as the fact that we are even deeper trusting Google to be our gatekeeper on the Web….especially on the Firefox browser. I guess you would expect as much on the Chrome/Chromium ones.

      Cheers!

      • But, at least you pointed out that Chrome will allow you to go ahead and download said software with the understanding that if anything happens as a result of you doing this “we told you so!”.

        • I dont think chrome beta allowed me, i had to actually start IE in order to download from nirsoft or disable the “feature” in FF or Chrome

Leave a Reply