[go: up one dir, main page]
|
|
Log in / Subscribe / Register

A trojan in a Firefox security add-on

A trojan in a Firefox security add-on

Posted Jul 22, 2010 4:58 UTC (Thu) by elanthis (guest, #6227)
Parent article: A trojan in a Firefox security add-on

Summary: download random shit from the web and get saddled with malware because humans are fallible. The end.

There's a reason that anti-malware software on Windows is so popular. It's not because Windows is a crappy OS, it's because people tend to download far more third-party software there than on Linux. Sort of. Except that pretty much all your software on Linux is every last bit a huge hodge-podge of random third-party apps as it is on Windows, it's just that Linux distributions (and Mozilla, as it happens) funnel all that third-party software through some over engineered, time wasting, bureaucratic software repository process with the assumption that that somehow magically means all that code is clean and friendly.

In the end, either the user has to be responsible for reviewing what runs on his computer (and who the hell has the time for that, much less the know-how, given the massive amount of highly complex code that makes up the simplest of modern computing systems?) or rely on very sophisticated tools to help catch or stop misbehaving software.

For example, why does Firefox allow any ol' plugin to connect out to any ol' site without first asking the user to confirm that the plugin is allowed to do so? I mean, I know the reason is "nobody thought of putting in the extra effort to make it do that," which is really the same reason why we're just now starting to see sandboxed processes for individual sites instead of doing it that way from the very start. The result though is the same: either the environment has the tools and smarts to protect the user or the user eventually gets fucked, and it turns out our environments don't have all that many tools or smarts.

Simply pretending that the user can never get malicious software in the first place is a never-ending journey along Failure Way. I don't care what kind of review process or approval system or trust web you put in place. The user will eventually get malicious software, either because your system fails or because he just decided to go around it.

Assume he absolutely is going to end up with some malware, and then figure out how to make sure that malware can either be automatically detected and removed (as with most malware scanners) or just manage to muzzle it so it can't do any harm (for example, as with many Windows firewall packages, including even the rather limited default firewall on Windows Vista/7 which goes way beyond what any Linux setup I've ever seen offers in terms of protection from locally-installed malware).

to post comments

A trojan in a Firefox security add-on

Posted Jul 22, 2010 10:01 UTC (Thu) by nye (subscriber, #51576) [Link] (1 responses)

I wonder if it would be worth an Android-app-style 'this addon is requesting the following capabilities' dialogue. I know most users would just click through without reading it, but it makes it a lot less likely to go unnoticed if some addon suddenly starts trying to do something completely unexpected.

A trojan in a Firefox security add-on

Posted Jul 23, 2010 3:53 UTC (Fri) by zooko (guest, #2589) [Link]

The Mozilla Jetpack project is an attempt to make a framework for add-ons which is auditable and confinable. If successful, Jetpack will make it easy to prevent this sort of backdoor without requiring auditors to carefully pick apart reams of confusing code and without popping up annoying and useless "Is it OKAY?" dialog boxes that the user will learn to autoclick.

Honestly, I'm pretty damned excited about Jetpack. Long-time readers of LWN.net might notice that I always post a comment after one of these articles bemoaning the futility of combatting malware by controlling authorship of code and by auditing enormous codebases. I've often alluded to the possibility of a better system based on confinement and dynamic access controls (i.e. capabilities). Jetpack is finally an attempt to do it that way.

Disclosure: Jetpack is being designed by my good friend and long-time collaborator (on the Tahoe-LAFS project) Brian Warner. Even if I didn't already think the basic idea was super great I would be biased towards liking Jetpack just because Brian Warner is awesome.

REPOs do serve a purpose.

Posted Jul 22, 2010 11:47 UTC (Thu) by alex (subscriber, #1355) [Link]

"through some over engineered, time wasting, bureaucratic software repository process with the assumption that that somehow magically means all that code is clean and friendly"

The Linux repo model isn't all that bad. There is an implied chain of trust from (hopefully) upstreams signed packages to distributions QA and their signing and provisions of sources related to the package your installing. You should be able to update your copy of Apache with reasonable confidence it's not got a backdoor in it, doubly so if your using an enterprise distro where your actually paying for support.

That's not to say the flaws you point out are don't apply if all the packager has done is downloaded a random cool looking tarball and just whacked a "configure/make/make install" into the package.

A trojan in a Firefox security add-on

Posted Jul 22, 2010 12:03 UTC (Thu) by nix (subscriber, #2304) [Link] (1 responses)

For example, why does Firefox allow any ol' plugin to connect out to any ol' site without first asking the user to confirm that the plugin is allowed to do so?
Because users would immediately be bombarded by so many of these messages that they'd soon learn to just click 'yes' at all times? (Hell, they've been well-trained to do that already by other equally useless 'security' warning dialogs.)

security policy

Posted Jul 22, 2010 15:30 UTC (Thu) by tialaramex (subscriber, #21167) [Link]

Also, this a plugin to a _web browser_. So, suppose we "forbid" the plugin from sending data to a web site. Instead, it finds an IMG in a web page and rewrites it to be an indirect, sending the data to a web site and returning the original image. Of course there are a million variations on this theme, many of which look (to a machine anyway) indistinguishable from legitimate actions.

The big problem with security policies is finding something that users can understand correctly. This is a big research topic. It is often possible to create something which _technically_ works but which almost no-one will operate correctly, for an end user application like Firefox this is plainly useless (whether it is useless in more specialised applications is up for debate).

A trojan in a Firefox security add-on

Posted Jul 22, 2010 18:04 UTC (Thu) by RobSeace (subscriber, #4435) [Link]

It's not because Windows is a crappy OS

Well, it's not just because of that, you mean... ;-)


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds