Security/Download Protection

Description

We warn on every application download, which causes warning fatigue and doesn't help users make good decisions. We should track the reputation of download URLs and hashes.

See Security/Features/Application_Reputation_Design_Doc for implementation details.

Prefs

browser.safebrowsing.appRepURL: server endpoint for remote lookups
browser.safebrowsing.downloads.enabled: enables application reputation checks for downloaded files
browser.safebrowsing.downloads.remote.enabled: enables remote lookups (requires the previous pref)
browser.safebrowsing.downloads.remote.timeout_ms: timeout for the remote lookups
browser.safebrowsing.malware.enabled: enables malware checks (required by application reputation)
urlclassifier.downloadAllowTable: list of trusted certificates which suppress remote lookups (Windows-only)
urlclassifier.downloadBlockTable: list of URLs serving malware binaries

Firefox 43 and later:

browser.safebrowsing.provider.google.lists: list of tables coming from the Google Safe Browsing service

Engineering

Tracking bug

Most of the code lives in toolkit/components/downloads/ApplicationReputation.cpp.

QA

Test page

To turn on debugging output, export the following environment variable:

NSPR_LOG_MODULES="ApplicationReputation:5"

Documentation

API Documentation available internally under NDA
Content-Agnostic Malware Protection (paper describing how the whole system is implemented)
Chromium source code
Announcement blog post

Security/Download Protection

Contents

Description

Prefs

Engineering

QA

Documentation

Navigation menu

Security/Download Protection

Description

Prefs

Engineering

QA

Documentation

Navigation menu

Search