Security/Download Protection: Difference between revisions
< Security
Jump to navigation
Jump to search
(→Documentation: moved internal docs from Intranet to Mana) |
(→Telemetry: removed APPLICATION_REPUTATION_COUNT in bug 1381704) |
||
Line 41: | Line 41: | ||
'''Alerts are sent to [https://mail.mozilla.org/listinfo/safebrowsing-telemetry safebrowsing-telemetry@mozilla.org].''' | '''Alerts are sent to [https://mail.mozilla.org/listinfo/safebrowsing-telemetry safebrowsing-telemetry@mozilla.org].''' | ||
* [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2016-06-06&keys=__none__!__none__!__none__&max_channel_version=nightly%252F49&measure=APPLICATION_REPUTATION_LOCAL&min_channel_version=null&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2016-04-25&table=1&trim=1&use_submission_date=0 APPLICATION_REPUTATION_LOCAL]: results of the local checks (whitelist and blacklist) | * [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2016-06-06&keys=__none__!__none__!__none__&max_channel_version=nightly%252F49&measure=APPLICATION_REPUTATION_LOCAL&min_channel_version=null&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2016-04-25&table=1&trim=1&use_submission_date=0 APPLICATION_REPUTATION_LOCAL]: results of the local checks (whitelist and blacklist) | ||
* [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2016-08-20&keys=__none__!__none__!__none__&max_channel_version=nightly%252F51&measure=APPLICATION_REPUTATION_REMOTE_LOOKUP_TIMEOUT&min_channel_version=nightly%252F51&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2016-08-20&table=0&trim=1&use_submission_date=0 APPLICATION_REPUTATION_REMOTE_LOOKUP_TIMEOUT]: whether or not a client timed out while contacting the remote lookup server | * [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2016-08-20&keys=__none__!__none__!__none__&max_channel_version=nightly%252F51&measure=APPLICATION_REPUTATION_REMOTE_LOOKUP_TIMEOUT&min_channel_version=nightly%252F51&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2016-08-20&table=0&trim=1&use_submission_date=0 APPLICATION_REPUTATION_REMOTE_LOOKUP_TIMEOUT]: whether or not a client timed out while contacting the remote lookup server |
Revision as of 20:07, 23 August 2017
Description
This feature protects users against malware downloads. It is based on Safe Browsing.
See Security/Features/Application_Reputation_Design_Doc for implementation details.
Prefs
- browser.safebrowsing.downloads.enabled: enables application reputation checks for downloaded files
- browser.safebrowsing.downloads.remote.enabled: enables remote lookups (requires the previous pref)
- browser.safebrowsing.downloads.remote.timeout_ms: timeout for the remote lookups
- browser.safebrowsing.downloads.remote.url: server endpoint for remote lookups
- browser.safebrowsing.malware.enabled: enables malware checks (required by application reputation)
- browser.safebrowsing.provider.google.lists: list of tables coming from the Google Safe Browsing service
- urlclassifier.downloadAllowTable: list of trusted certificates which suppress remote lookups (Windows-only)
- urlclassifier.downloadBlockTable: list of URLs serving malware binaries
Engineering
Product/Component: Toolkit/Safe Browsing
Most of the code lives in toolkit/components/downloads/ApplicationReputation.cpp. The lookup is requested from within toolkit/components/jsdownloads/src/DownloadIntegration.jsm.
Upstream list of file extensions:
- Shipped to Chrome via a "File Type Policies" Chrome extension (see chrome://components)
- Binary protobuf extractor
- Source protobuf
QA
To turn on debugging output, export the following environment variable:
MOZ_LOG_FILE=/tmp/apprep.log MOZ_LOG="ApplicationReputation:5"
Telemetry
Alerts are sent to safebrowsing-telemetry@mozilla.org.
- APPLICATION_REPUTATION_LOCAL: results of the local checks (whitelist and blacklist)
- APPLICATION_REPUTATION_REMOTE_LOOKUP_TIMEOUT: whether or not a client timed out while contacting the remote lookup server
- APPLICATION_REPUTATION_SERVER: whether the response from the remote server was valid, invalid (failed to parse as a protobuf) or failed in some other way
- APPLICATION_REPUTATION_SERVER_VERDICT: results (verdict) we got back from the remote server lookup
- APPLICATION_REPUTATION_SHOULD_BLOCK: whether or not a download has been blocked due to an application reputation lookup (local or remote)
Documentation
- Security/Features/Application_Reputation_Design_Doc
- Google API documentation (internal access only)
- Content-Agnostic Malware Protection (paper describing how the whole system is implemented)
- Chromium source code
- Announcement blog post