On 6/8/2012 3:02 PM, Sid Stamm wrote:
Hi All,
I think we should implement a windows application reputation extension
to Safe Browsing -- to help detect malicious binaries users download and
for those we know are safe, stop prompting users.
== Background ==
Last year, Google started experimenting[0] with an extension to Safe
Browsing that helps protect users from malware downloads. This is a
binary-file reputation system based on a whitelist of binaries and
domains, and identifies benign executables as windows users attempt to
download them. Benign executables can bypass any "are you sure" UI,
making it less annoying to users.
There are many malware blacklists available. Here's
a site that has a list of blacklists:
http://www.selectrealsecurity.com/public-block-lists
Building Google's list into Mozilla seems an inappropriate
tie to a single vendor.
Whitelisting has problems of its own. At one point,
the Google Toolbar was widely considered spyware. Google would
be unlikely to blacklist their own product.
John Nagle
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
