Firefox Security: It's A Question Of Trust - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Mobile & Wireless
Commentary
12/10/2008
01:40 AM
50%
50%

Firefox Security: It's A Question Of Trust

Should you worry about a new breed of Firefox-specific malware getting loose on your company's PCs? Not if you're already practicing a software security policy based on a solid common-sense foundation.

Should you worry about a new breed of Firefox-specific malware getting loose on your company's PCs? Not if you're already practicing a software security policy based on a solid common-sense foundation.According to a recent post on the Trend Micro malware blog, a new Trojan has appeared that targets Firefox Web browsers. The Trojan poses as a legitimate Firefox browser extension; once installed, it drops several malware files on a victim's PC and then monitors users' Web browsing activities.

When a user visits an "interesting" site, such as an online banking site, the malware captures the user's login info and then sends it along to a remote malicious Web site.

What does all of this really mean? First, it means that people who run PCs -- and especially Windows PCs -- without anti-virus software are playing Russian Roulette with a fully-loaded gun. Of course, Trend Micro, which sells anti-virus software, never misses a chance to make this rather obvious point.

Yet this particular malware report illustrates another very important point.

Almost every Firefox user takes advantage of the hundreds of extensions that third-party developers have created over the years. Used correctly, Firefox extensions are safe, reliable, and so convenient that many people literally cannot stand to browse the Web without them. (Anyone who relies upon extensions such as Adblock, Adblock Plus, and Flashblock knows exactly what I mean.)

By default, Firefox will only allow users to install browser extensions from approved Web sites. And by default, the only approved site on Firefox's list is Mozilla's own secure add-on repository. Before Firefox users can install extensions from any other source, they must explicitly add the new download site to the browser's "approved" list.

It goes without saying that users who give Firefox the green light to install browser extensions from untrusted Web sites don't have anyone but themselves to blame when things go horribly wrong.

Firefox is a fantastic small-business Web browser, and it has earned every bit of its hard-won success. If your company uses Firefox, however, then enforce a very strict, very simple extensions policy: Only allow pre-approved browser extensions, and never install extensions or updates from anywhere except Mozilla's own add-on site. Period.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
News
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
Slideshows
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Slideshows
Flash Poll