On Dec 13 2010, 4:33 pm, thorsten <thorsten.s...@email.de> wrote: > On 13 Dez., 16:19, Adrienne Porter Felt <a...@berkeley.edu> wrote: > > > > > I still don't get how you think it will be effective. Either all pages > > with listeners on forms will trigger your warning (much more often > > than once a year), or the protection is trivially circumvented. > > > On Monday, December 13, 2010, thorsten <thorsten.s...@email.de> wrote: > > > On 12 Dez., 17:17, Boris Zbarsky <bzbar...@mit.edu> wrote: > > >> On 12/12/10 4:48 AM, thorsten wrote: > > > >> > The main costs I can see is at the moment: > > >> > * Annoying the user (FPs, PopUps, forcing him to decide) > > >> > * Maybe privacy issues if I go cloud > > >> > * Maintainance (if there are to many FPs that must be fixed using the > > >> > cloud-feature) > > > >> The one antivirus writers never seem to think about: performance impact. > > >> Maybe it's ok to make everything 10x slower for a slight marginal > > >> safety increase, as AV software has a tendency to do. But maybe not! > > > >> -Boris > > > > Hi > > > > I am an AV writer and we definetely do think about performance. But > > > today you need lots of tools to get the Malware detected. > > > Scanning the whole file for signatures (millions of signatures), > > > extracting of archives, generics, emulation of binary stuff, parsing > > > of HTML/Javascript,decryption... > > > We try very hard but reality is just against us. > > > > There will always be some impact and you will always have to trade > > > security for other things like performance. I will try to get this one > > > as fast as possible, and I even think that with some smart pre- > > > selection there are not many online lookups, resulting in only a very > > > small performance impact. > > > I think annoying the user is the thing thats more likely to happen > > > than performance trouble. If I do not manage to reduce the user > > > decisson fallback to (almost) zero the project fails. People are just > > > not able to do any security decissions (especially when they are > > > social engineered). > > > > But I promise: as soon as my large fear (annoying the user) is away > > > and cared for I will measure the performance impact. > > > > Thanks > > > Thorsten > > > _______________________________________________ > > > dev-security mailing list > > > dev-secur...@lists.mozilla.org > > >https://lists.mozilla.org/listinfo/dev-security > > Hi Adrienne > > I can not guarantee success. This one is an experiment. If it blows up > I just have to make sure > no one is harmed and I learn something. > I wrote phising detection in our AV product with my own HTML Parser. > The only information I got was > the parsed HTML content ( something like the DOM tree specialised for > detection) and it worked quite well. > Not 100 % detection but only 1 or 2 FPs a year. On a global scale with>100M > customers. Pluging something into a browser will ge me more and > > better > information to base the decission on. Adding some cloud/Reputation/ > Statistics backend will enable it to be even more accurate. > > But I am glad I can develop this as an extension, so no harm will be > done. The extension will be marked "experimental" till > I am satisfied with the results. These results will be available as > soon as I got statistics. > > I will be away for a few weeks. See you next year. > > And again: Thank you guys. Without you I would have stumbled into some > hazards unaware. > Thorsten
Hi I am back. To keep you informed: I got a day each week for this project and I will get a server for a "Cloud" soonish. With this server I will be able to reduce FPs and especially generate statistics to improve the plugin (how many people had to decide, ...). I will try to make these statistics public as a better foundation for discussion. My goal is to get this research into the public space. The ideas/risks I got from you have already proven me right. Thanks Thorsten Sick _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
