Security/Download Protection: Difference between revisions
< Security
Jump to navigation
Jump to search
(→Prefs: add new pref layout) |
(link to CAMP paper) |
||
| Line 40: | Line 40: | ||
* API Documentation available internally under NDA | * API Documentation available internally under NDA | ||
* [http://www.internetsociety.org/doc/camp-content-agnostic-malware-protection Content-Agnostic Malware Protection] (paper describing how the whole system is implemented) | |||
* [https://code.google.com/p/chromium/codesearch#chromium/src/chrome/common/safe_browsing/csd.proto&q=csd&sq=package:chromium&l=229 Chromium source code] | * [https://code.google.com/p/chromium/codesearch#chromium/src/chrome/common/safe_browsing/csd.proto&q=csd&sq=package:chromium&l=229 Chromium source code] | ||
* [http://monica-at-mozilla.blogspot.co.nz/2014/07/download-files-more-safely-with-firefox.html Announcement blog post] | * [http://monica-at-mozilla.blogspot.co.nz/2014/07/download-files-more-safely-with-firefox.html Announcement blog post] | ||
Revision as of 22:22, 29 September 2015
Description
We warn on every application download, which causes warning fatigue and doesn't help users make good decisions. We should track the reputation of download URLs and hashes.
See Security/Features/Application_Reputation_Design_Doc for implementation details.
Prefs
- browser.safebrowsing.downloads.enabled: enables application reputation checks for downloaded files
- browser.safebrowsing.downloads.remote.enabled: enables remote lookups (requires the previous pref)
- browser.safebrowsing.downloads.remote.timeout_ms: timeout for the remote lookups
- browser.safebrowsing.malware.enabled: enables malware checks (required by application reputation)
- urlclassifier.downloadAllowTable
- urlclassifier.downloadBlockTable: list of URLs serving malware binaries
Firefox 42 and earlier:
- browser.safebrowsing.appRepURL: server endpoint for remote lookups
Firefox 43 and later:
- browser.safebrowsing.provider.google.appRepURL: server endpoint for remote lookups
- browser.safebrowsing.provider.google.lists: list of tables coming from the Google Safe Browsing service
Engineering
Most of the code lives in toolkit/components/downloads/ApplicationReputation.cpp.
QA
To turn on debugging output, export the following environment variable:
NSPR_LOG_MODULES="ApplicationReputation:5"
Documentation
- API Documentation available internally under NDA
- Content-Agnostic Malware Protection (paper describing how the whole system is implemented)
- Chromium source code
- Announcement blog post