I still don't get how you think it will be effective. Either all pages with listeners on forms will trigger your warning (much more often than once a year), or the protection is trivially circumvented.
On Monday, December 13, 2010, thorsten <thorsten.s...@email.de> wrote: > On 12 Dez., 17:17, Boris Zbarsky <bzbar...@mit.edu> wrote: >> On 12/12/10 4:48 AM, thorsten wrote: >> >> > The main costs I can see is at the moment: >> > * Annoying the user (FPs, PopUps, forcing him to decide) >> > * Maybe privacy issues if I go cloud >> > * Maintainance (if there are to many FPs that must be fixed using the >> > cloud-feature) >> >> The one antivirus writers never seem to think about: performance impact. >> Maybe it's ok to make everything 10x slower for a slight marginal >> safety increase, as AV software has a tendency to do. But maybe not! >> >> -Boris > > Hi > > I am an AV writer and we definetely do think about performance. But > today you need lots of tools to get the Malware detected. > Scanning the whole file for signatures (millions of signatures), > extracting of archives, generics, emulation of binary stuff, parsing > of HTML/Javascript,decryption... > We try very hard but reality is just against us. > > There will always be some impact and you will always have to trade > security for other things like performance. I will try to get this one > as fast as possible, and I even think that with some smart pre- > selection there are not many online lookups, resulting in only a very > small performance impact. > I think annoying the user is the thing thats more likely to happen > than performance trouble. If I do not manage to reduce the user > decisson fallback to (almost) zero the project fails. People are just > not able to do any security decissions (especially when they are > social engineered). > > But I promise: as soon as my large fear (annoying the user) is away > and cared for I will measure the performance impact. > > Thanks > Thorsten > _______________________________________________ > dev-security mailing list > dev-security@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security > _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
