Mozilla Corp.'s next update to Firefox will sport several new safer surfing features, the company's chief of security said Wednesday, but users won't see the most important changes. On track and expected to make it into the final version of Firefox 3.0 when it ships later this year is a tool that would automatically block sites suspected of harboring malware. The Web browser will also offer support for the extended validation Secure Sockets Layer (EV SSL) certificates, said Window Snyder, Mozilla's chief security officer.
The malware blocker, which relies on site blacklists generated by Google Inc., has been publicly debated by Mozilla and Google developers, with mock-ups of the on-screen warnings debuting in early June. Then, Snyder refused to get specific about the feature, saying there was no guarantee the tool would be wrapped up in time to add to Firefox 3.0.
View: the full story
News source: PCWorld
The malware blocker, which relies on site blacklists generated by Google Inc., has been publicly debated by Mozilla and Google developers, with mock-ups of the on-screen warnings debuting in early June. Then, Snyder refused to get specific about the feature, saying there was no guarantee the tool would be wrapped up in time to add to Firefox 3.0.
View: the full story News source: PCWorld
That's an awesome name!
Why? Because I've seen sites blocked by Google not because of being bad, but because some company contacted Google and TOLD them to remove the site from their listings.
When searching for some things, you may get a message like this:
In response to a complaint we received under the US Digital Millennium Copyright Act, we have removed 1 result(s) from this page. If you wish, you may read the DMCA complaint that caused the removal(s) at ChillingEffects.org.
Or you may get this one:
Warning - the site you are about to visit may harm your computer!
Getting a message like that puzzled me, because it was a site I had been to many times, and never had any issues.
The sites may not be harmful to you or have anything to do with piracy. If a big company doesn't want a page to exist because it offers modifications to their product(s), they can send a letter to Google, claiming the site is violating the DMCA by having anything to do with their product.
In most cases, this won't be an issue, but I'd rather have some smaller independent company, who doesn't do what it does for a PROFIT, decide what pages are bad.
Or you may get this one:
Warning - the site you are about to visit may harm your computer!
...
Therefore, a site that is normally "trusted" can be temporarily used as a malware vector.
But the problem can be that all these prompts get annoying. Whenever I reformat one of PCs I work with, the first thing I do is turn off some of the security prompts in IE7, such as phishing filter and that little message it gives you when you leave/enter a secure zone. I hate those little messages. I know they're designed to keep malware off of computers, but 99% of the time it's just another box to click through in order to get work done.
If Mozilla does put some kind of auto-block system into Firefox 3, it ought to be able to be turned off or at least customized.
I don't like the pop-up messages, too. Because they interrupt me. I want to see the messages but not in a way that they make me stop what I am doing just to click OK.
Maybe the messages can be shown in a non-forcible manner so I can see them while the pages are nevertheless loading, like the pop-up block messages or the java script error log.
A page written in a certain way would prompt IE to install ActiveX controls (which many users may click to allow without even thinking about it), produce non stop popups, resize and move the window, or do a bunch other annoying things - when Firefox would just display it as a normal page.
So if there is a "bad" web site out there, I would be afraid to view it with IE. Firefox (or Opera) wouldn't have any issue with it, so why would Firefox try to block it?
Let it be known, that too much "automation" is a BAD THING!! Intentions start off good,....the thought of a perfect computing environment in which there is little to know interaction between the safe guards and the user. Microsoft does this all the time, and it's the first thing users learn, is how to turn the damn "security" feature off.
So.... go for it!! Just give the option to have the site blocked to the user. Similar to AdBlock. Maybe a window of information the security feature could use to inform the user of malware content that could be activated because it's part of the site's page code. Then...the user has the option to block the site.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.