Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Firefox Adds Improved Download Protection

Mozilla on Monday announced that download protection in Firefox 48 has ben expanded to include potentially unwanted software and uncommon downloads.

Mozilla on Monday announced that download protection in Firefox 48 has ben expanded to include potentially unwanted software and uncommon downloads.

Mozilla introduced download protection two years ago in Firefox 31 on Windows, then added it to Mac and Linux releases in Firefox 39. Designed to warn users when they were about to download harmful files, the feature is powered by the Google Safe Browsing API, and is meant to complement the already available warnings on potentially malicious websites.

Now, because Google has expanded the Safe Browsing service to cover more types of malicious files, Firefox is expanding its security capabilities too, Francois Marier, Security and Privacy Engineer, Mozilla, explains in a blog post.

Starting in Firefox 48, users will be alerted when they attempt to download an application that could make unexpected changes to the computer, otherwise known as potentially unwanted program (PUP) or application (PUA). Such applications could collect user information, display ads, install toolbars or other applications with questionable intentions, or use various techniques to make them difficult to uninstall. 

Uncommon downloads, on the other hand, are downloads that might not be malicious nor would they fall in the unwanted category, but which aren’t usually downloaded. According to Mozilla, Firefox will display a warning on this type of downloads so that users are alerted on the fact that they might not be downloading the file they believe they are.

For example, when a user attempts to download a popular application and the warning appears, chances are they might have been tricked into downloading a malicious file instead, possibly from a phishing site that hasn’t been yet identified as dangerous by Google’s Safe Browsing service. It also means that the user should re-check the downloaded package before opening it.

Following these improvements, users will also notice a series of interface changes in Firefox, meant to help them better notice and understand the aforementioned warnings. A confirmation dialog will popup, to help users understand the risks involved. Furthermore, users will also have the option to remove the offending files directly from the browser.

Firefox 48 will also provide users with increased control over download and browsing protection. Users can block all dangerous and deceptive content, which will warn them when visiting pages that contain malware or deceptive content, but can also opt to block only dangerous downloads, which are usually malicious executable files, or only to be warned about unwanted and uncommon software.

Advertisement. Scroll to continue reading.

“While we believe that the vast majority of our users will prefer to keep all of the protections that Safe Browsing offers, we understand that some users may choose to disable parts of the Safe Browsing service based on the privacy guarantees they offer. Our new options aim to give concerned users the necessary level of control and to enable them to retain as much of the Safe Browsing service as they are comfortable with,” Marier says.

Related: Firefox Blocks Flash Content to Improve Security

Related: Microsoft Unveils Protection Against Potentially Unwanted Applications

Related: Google Improves Safe Browsing for Network Admins

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.