Firefox 3.0 may block sites fingered by Google

Mozilla Corp. is considering adding a tool to Firefox 3.0 that would automatically block Web sites thought to harbor malicious downloads, but the company's security chief refused to spell out details, saying Mozilla is "not ready to talk about the feature." Even so, there are numerous details to be found on a blog by a Firefox designer and in a back-and-forth discussion of the feature in Bugzilla, the management system that Mozilla uses to track changes in its software. Together, the two offer a behind-the-scenes look into Mozilla's open-source development process.

"Similar to how Firefox 2 blocks Web sites that are potentially going to try to steal your personal information, Firefox 3 will block Web sites that we believe are going to try to install malicious programs on your computer," said Alex Faaborg, a user experience designer in a blog entry last week. "Mozilla is coordinating with Google on this feature." And in a Bugzilla entry that offers comments from Mozilla and Google employees -- including Chris Hofmann, Mozilla's director of engineering, and Mike Shaver, its director of ecosystem development -- information is even more free-flowing about malicious site blocking in the next major update to Firefox.

View: Full Story
News source: ComputerWorld

Report a problem with article
Previous Story

Intel's mobile chip for gamers coming soon

Next Story

Microsoft Search Head Denies New Project


View more comments

305 said,
People tend to think synonymously of the two words "blocking", and "censorship". That's what it is in the end. Stupid move, and would turn anyone off to the browser, or any at that, that would take such actions.

I'd like to retain the right to make the decision for myself as to what "malware" is.

Not to mention that Google blocks a lot of sites this way that don't even have anything on them remotely malware. There was someone here on Neowin just in the last week or two that had a problem with Google blocking his site like this actually. Nothing on the site was harmful at all.

I agree that it would turn off people to the browser. Even if you are still given a choice, it's a bad move.

NightmarE D said,
Not to mention that Google blocks a lot of sites this way that don't even have anything on them remotely malware. There was someone here on Neowin just in the last week or two that had a problem with Google blocking his site like this actually. Nothing on the site was harmful at all.

I agree that it would turn off people to the browser. Even if you are still given a choice, it's a bad move.

*tinfoil hat* Even further, I sure hope that Google is providing a raw flat file of all the domains/URLs to block... Since else, you're sending your entire surfing life to Google. (Since I really doubt it'll 'not' check https URLs as well...)

Oh, and I only mention this since Google is well known to keep records of your accesses to their system for "future service enhancements" for an undisclosed amount of time...

drygnfyre said,
If it's done like in Firefox 2, where it RECOMMENDS you don't visit the site, that's an entirely different matter. But if it's physically blocking access, I can't say this is a good thing.

Agreed. I think that it'd be best if it gives a recommendation/warning similar to how Firefox 2 does. As long as it provides a clear & concise warning of some sort, but allows someone to willingly proceed after the warning at their own risk.

Because despite best intentions there will always be the chance that a legitimate website gets blocked accidentally. While the chance of that occurring is small, it's always good to allow the user a choice (after providing a warning) on what actions they wish to take instead of forcing the decision on them.

Google wants Firefox by default to notify them of every site you visit, which will be added to your psychological profile and permanent record that they are building on you.

Its a good idea provided theres a switch for people who dont want it. As with a lot of things. I'm sure there will be a switch

i was thinking why would we "need" another update of firefox cause version 2 is already "good enough" ... but i think i remember seeing the developers have "speed" of the browser in mind when making it... so if they keep it simple and fast hopefully bloat will never be a issue since the regular mozilla suite is already the bloated one... so lets hope they keep the bloat in that and keep it FAR away from firefox.

people are never happy ... oh well.. I think its a great idea... those of you who dont like it can turn it off.

Sorry I don't trust computerworld ever since they posted Adblock plus and Noscript in the group of worse Firefox extensions. I'll wait and get info somewhere else. I realize that they have links, but there is a spin and interpretation computerworld is putting on this story that makes it seem like a bad idea. We don't yet know how it's going to work or if it's going to be on by default or, really anything about it yet. It's mostly speculation, something computerworld is known for.

Funny, I was just reading that article just last night. Adblock/NoScript worst extensions/addons my ass. They're actually the only 2 I have installed on my FF. Fcuk what THEY say.

Just a little quote I remember from a few years back:

Today Google is the white hat and everybody cheers for them
but in very few years they can be in a position to dictate, to
everybody using a computer, what they can see or what sites
they can visit.

All capitalistic entities will change hats when the dollar is at stake.
They may be white hats now but that will change.

Google is a politician running for office. They talk a great platform
but after election day they will always side with the almighty dollar.

There are no "good-guys".
Only those who haven't been corrupted YET.
"Mister Smith Goes to Washington" was a work of fiction with no
basis in real life.

why are you guys complaining? it will be an option that you can turn off at any time

yes, it might be on by default, but that's understandable. Mozilla is getting more and more of the market share, and if they want to continue expanding they have to take into account all the "average users" that are using IE that don't know anything about malware and such

why would they switch from IE that, although restricts you severley, still does protect you like f'ing crazy, to firefox were they can get infected 9 ways from sunday only to be given utilities and options that they don't even know how to use?

don't get me wrong, i love firefox. been usin it for 2 years. but they gotta look at what the average customer will see through the marketing of competitors. all that spin actually works on the stupid people

sadly, as firefox gets more of the market share it will become more and more bloated with features that us power users don't need nor want.

Sounds like a good idea, but only if firefox pops up a warning screen rather than block the site completely. Too many false positives out there.

Anyways, good idea - a lot of non-techie users out there will end up on such sites unless explicitly advised not to...

Its going to be a warning or a setting just like every other similar feature, but per usual people will wig out and zomg without reason.

I concur with #12. It'll certainly be a warning that does give you the option to continue at your own risk. The warning will prevent any non-savvy web users from accidentally downloading malware. For the rest of us, there'll be a setting that turns off this warning.

Of course this feature will be an option, just like Safe Browsing (anti-phishing). The goal of firefox is still to be a browser for noobs who can have a good browsing experience and be safe straight out of the box. This will help that cause greatly.

But naturally, for the more advanced (when 'more advanced' read 'someone who knows what a browser is' ) user, you will be able to turn this feature off; great if you, for example, visit a lot of warez sites that often have viruses in with the files they provide.

And I'm pretty sure, just like Safe-Browsing, it is possible for companies other than Google to provide firefox with a list of sites to block. At the moment it seems no one has done this yet, but the ability for someone to do that is certainly available. (ie: google isn't hardcoded into the code-base, you can change where it looks up such files in about:config, or the vendor could repackage the browser with their links as default, or provide an extension to do the changes, etc)

Also, if it's like the Safe Browsing feature, you'll have the option to either send every link you click on to google for verification, or you'll be able to choose to have a local list stored. Firefox will ask google the length of their list every 30 minutes, and if google's list is longer than yours, google will send you the new links it has to be added to your local list.

I see no issue with this. It's not using it's own detection engine from the way it's described, it's running off a confirmed list maintained by Google. This means there should be no false positives, and therefore won't affect you unless you were going to be tricked into accessing a malicious site.

This feels too much like Internet Explorer. Yes I know you can turn it off, and that was my problem when I installed IE7. I had to spend about an hour fiddling with the settings to get rid of all the crap for noobs. You wouldn't want Firefox to become cluttered like NS7. (that's of course a tremendous exageration, NS7 was unbeleivable.)

Commenting is disabled on this article.