The next version of Firefox will identify malware on Web sites and make users stop and think about it.
With the number of malicious Web pages mushrooming over the past several months, the Mozilla Foundation is looking to help users defend themselves. Window Snyder, who is Mozilla's "chief security something-or-other," says the company is taking a two-pronged approach.
First, Mozilla developers are working on giving Firefox 3.0, the next version of the open source browser due later this year, the ability to detect malicious code on Web sites that users are trying to access. "In Firefox 2, there's no mechanism that identifies if malware is present," says Snyder.
Second, developers are working on creating an interface that will warn users that the pages they're trying to call up are dangerous. "We don't want to just pop up an alert that gives them an OK or cancel option," says Snyder. "We want to create a warning that users won't mistake. ... It's going to be a different kind of warning, and it's not going to be a click-through."
Security company Sophos reported last month that the number of malicious Web sites has skyrocketed over the past few months, from 5,000 new ones a day in April to nearly 30,000 a day in early July. One reason, according to Sophos researchers, is that hackers are increasingly turning away from e-mail as their preferred method of spreading malware and putting their focus on malicious sites. In some cases, they're creating their own sites, but in most cases they're hacking into legitimate sites and embedding malware into them.
The mock-up of the alert appears as a red-letter warning that doesn't have a click-through option, and the malicious page wouldn't be able to load. It's still a work in progress, and it could change dramatically before Firefox 3.0 ships, Snyder says. Technicians are debating whether there should be an override mechanism that lets users go to malicious pages regardless of the danger.
http://www.informationweek.com/security/showArticle.jhtml?articleID=201400213&subSection=Spam/Spyware
No comments:
Post a Comment