Confirmed users
238
edits
Security/Features/Application Reputation Design Doc: Difference between revisions
Security/Features/Application Reputation Design Doc (view source)
Revision as of 19:20, 23 July 2014
, 23 July 2014→Remote lookup (present in FF 32)
| Line 52: | Line 52: | ||
Thus every for every certificate chain of length n, n-1 whitelist strings are constructed. In Chrome, certificate whitelist strings are constructed in CertificateChainIsWhitelisted [https://code.google.com/p/chromium/codesearch#chromium/src/chrome/browser/safe_browsing/download_protection_service.cc&rcl=1392695364&l=703]. | Thus every for every certificate chain of length n, n-1 whitelist strings are constructed. In Chrome, certificate whitelist strings are constructed in CertificateChainIsWhitelisted [https://code.google.com/p/chromium/codesearch#chromium/src/chrome/browser/safe_browsing/download_protection_service.cc&rcl=1392695364&l=703]. | ||
== Remote lookup (present in FF 32) == | == Remote lookup (present in FF 32, Windows-only) == | ||
These lookups are Windows-only, because we rely on signature information in order to suppress remote lookups and signature APIs are only available on Windows. | |||
The user-agent encodes file metadata into a ClientDownloadRequest protocol buffer and sends it to the remote service. If a MALWARE verdict is received, the downloaded file should not be saved and the UI should report that the download may be malware. In Chrome, this occurs in CheckClientDownloadRequest::SendRequest [https://code.google.com/p/chromium/codesearch#chromium/src/chrome/browser/safe_browsing/download_protection_service.cc&rcl=1392695364&l=612]. In Firefox, this happens in ApplicationReputation::PendingLookup::SendRemoteQuery [http://mxr.mozilla.org/mozilla-central/source/toolkit/components/downloads/ApplicationReputation.cpp] and in the JS DownloadIntegration.shouldBlockForApplicationReputation [http://mxr.mozilla.org/mozilla-central/source/toolkit/components/jsdownloads/src/DownloadIntegration.jsm#491]. | The user-agent encodes file metadata into a ClientDownloadRequest protocol buffer and sends it to the remote service. If a MALWARE verdict is received, the downloaded file should not be saved and the UI should report that the download may be malware. In Chrome, this occurs in CheckClientDownloadRequest::SendRequest [https://code.google.com/p/chromium/codesearch#chromium/src/chrome/browser/safe_browsing/download_protection_service.cc&rcl=1392695364&l=612]. In Firefox, this happens in ApplicationReputation::PendingLookup::SendRemoteQuery [http://mxr.mozilla.org/mozilla-central/source/toolkit/components/downloads/ApplicationReputation.cpp] and in the JS DownloadIntegration.shouldBlockForApplicationReputation [http://mxr.mozilla.org/mozilla-central/source/toolkit/components/jsdownloads/src/DownloadIntegration.jsm#491]. | ||