On 13 Dez., 16:19, Adrienne Porter Felt <a...@berkeley.edu> wrote: > I still don't get how you think it will be effective. Either all pages > with listeners on forms will trigger your warning (much more often > than once a year), or the protection is trivially circumvented. > > On Monday, December 13, 2010, thorsten <thorsten.s...@email.de> wrote: > > On 12 Dez., 17:17, Boris Zbarsky <bzbar...@mit.edu> wrote: > >> On 12/12/10 4:48 AM, thorsten wrote: > > >> > The main costs I can see is at the moment: > >> > * Annoying the user (FPs, PopUps, forcing him to decide) > >> > * Maybe privacy issues if I go cloud > >> > * Maintainance (if there are to many FPs that must be fixed using the > >> > cloud-feature) > > >> The one antivirus writers never seem to think about: performance impact. > >> Maybe it's ok to make everything 10x slower for a slight marginal > >> safety increase, as AV software has a tendency to do. But maybe not! > > >> -Boris > > > Hi > > > I am an AV writer and we definetely do think about performance. But > > today you need lots of tools to get the Malware detected. > > Scanning the whole file for signatures (millions of signatures), > > extracting of archives, generics, emulation of binary stuff, parsing > > of HTML/Javascript,decryption... > > We try very hard but reality is just against us. > > > There will always be some impact and you will always have to trade > > security for other things like performance. I will try to get this one > > as fast as possible, and I even think that with some smart pre- > > selection there are not many online lookups, resulting in only a very > > small performance impact. > > I think annoying the user is the thing thats more likely to happen > > than performance trouble. If I do not manage to reduce the user > > decisson fallback to (almost) zero the project fails. People are just > > not able to do any security decissions (especially when they are > > social engineered). > > > But I promise: as soon as my large fear (annoying the user) is away > > and cared for I will measure the performance impact. > > > Thanks > > Thorsten > > _______________________________________________ > > dev-security mailing list > > dev-secur...@lists.mozilla.org > >https://lists.mozilla.org/listinfo/dev-security
Hi Adrienne I can not guarantee success. This one is an experiment. If it blows up I just have to make sure no one is harmed and I learn something. I wrote phising detection in our AV product with my own HTML Parser. The only information I got was the parsed HTML content ( something like the DOM tree specialised for detection) and it worked quite well. Not 100 % detection but only 1 or 2 FPs a year. On a global scale with >100M customers. Pluging something into a browser will ge me more and better information to base the decission on. Adding some cloud/Reputation/ Statistics backend will enable it to be even more accurate. But I am glad I can develop this as an extension, so no harm will be done. The extension will be marked "experimental" till I am satisfied with the results. These results will be available as soon as I got statistics. I will be away for a few weeks. See you next year. And again: Thank you guys. Without you I would have stumbled into some hazards unaware. Thorsten _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security