Security/Download Protection

From MozillaWiki
< Security
Revision as of 20:36, 7 January 2016 by Fmarier (talk | contribs) (→‎Prefs: appRepURL renaming was reverted)
Jump to navigation Jump to search

Description

We warn on every application download, which causes warning fatigue and doesn't help users make good decisions. We should track the reputation of download URLs and hashes.

See Security/Features/Application_Reputation_Design_Doc for implementation details.

Prefs

  • browser.safebrowsing.appRepURL: server endpoint for remote lookups
  • browser.safebrowsing.downloads.enabled: enables application reputation checks for downloaded files
  • browser.safebrowsing.downloads.remote.enabled: enables remote lookups (requires the previous pref)
  • browser.safebrowsing.downloads.remote.timeout_ms: timeout for the remote lookups
  • browser.safebrowsing.malware.enabled: enables malware checks (required by application reputation)
  • urlclassifier.downloadAllowTable: list of trusted certificates which suppress remote lookups (Windows-only)
  • urlclassifier.downloadBlockTable: list of URLs serving malware binaries

Firefox 43 and later:

  • browser.safebrowsing.provider.google.lists: list of tables coming from the Google Safe Browsing service

Engineering

Most of the code lives in toolkit/components/downloads/ApplicationReputation.cpp.

QA

To turn on debugging output, export the following environment variable:

NSPR_LOG_MODULES="ApplicationReputation:5"

Documentation