Re: Malware Protection

[EE]

David E. Ross wrote:

On 10/30/2014 3:07 PM, »Q« wrote:

In <news:ieodncuturekns_jnz2dnuu7-imdn...@mozilla.org>,
Ray_Net  wrote:


David E. Ross wrote, On 30/10/2014 20:02:

On 10/30/2014 10:16 AM, Ray_Net wrote:

David E. Ross wrote, On 30/10/2014 18:12:

On 10/30/2014 10:06 AM, Ray_Net wrote:

David E. Ross wrote, On 30/10/2014 16:19:

On 10/30/2014 3:02 AM, Ray_Net wrote:

David E. Ross wrote, On 30/10/2014 01:47:

The Web page
<http://www.itisatrap.org/firefox/its-a-trap.html> provides a
test of Gecko's protection of users against phishing Web
sites.  Is there a corresponding Web page for testing Gecko's
protection against sites containing malware?


I can see this page normally, so i am not protected :-)
User agent: Mozilla/5.0 (Windows NT 6.1; rv:29.0)
Gecko/20100101 Firefox/29.0 SeaMonkey/2.26.1
Win7 pro SP1 up to date


I, too, am still using 2.26.1 because I want auto-fill for
passwords. See bug #1064639 at
<https://bugzilla.mozilla.org/show_bug.cgi?id=1064639>.

On the left side of the Preferences window, select Privacy &
Security. There are two checkboxes under Safe Browsing.  The
phishing checkbox does indeed block
<http://www.mozilla.org/firefox/its-a-trap.html> for 2.26.1,
but the malware checkbox does not block
<http://www.itisatrap.org/firefox/its-an-attack.html>.  Since
this might be something implemented for 2.30, I have not
submitted a bug report.


OK, I have both boxes checked true:
<http://www.mozilla.org/firefox/its-a-trap.html> is blocked
But <http://www.itisatrap.org/firefox/its-a-trap.html> is NOT
blocked.


That is a difference between 2.26.1 and 2.30.  I have been using
Netscape > Mozilla Suite > SeaMonkey for about 20 years and have
done okay without the malware protection.  I can do without it
for the time it takes to fix bug #1064639.


Both are test page for phishing not for malware ...
2.26.1 should work for phishing and 2.30 should work for phishing
and malware.
So what ? Is the page
<http://www.itisatrap.org/firefox/its-a-trap.html> not a test for
phishing evenwhile the text say so ?


Earlier in this thread -- in response to my original question -- we
were told that "It's a trap" at
<http://www.mozilla.org/firefox/its-a-trap.html> is a test for
protection against phishing and "It's an attack" at
<http://www.itisatrap.org/firefox/its-an-attack.html> is a test for
protection against malware.  The text within the former (if you
disable the protection) clearly indicates the page is only about
phishing.  The text within the latter is not so clear, but I
inferred from the first sentence that it is about malware and not
phishing.


Yes, i have clearly understand BUT for this one:
<http://www.itisatrap.org/firefox/its-a-trap.html>

what is it ? a test for phishing or for malware ?


Here's the way the Firefox 3.0 release notes introduced the two
pages in 2008:

* Malware Protection: malware protection warns users when they arrive at
   sites which are known to install viruses, spyware, trojans or other
   malware.
   (Try it here! <http://www.mozilla.org/firefox/its-an-attack.html>)

* New Web Forgery Protection page: the content of pages suspected as web
   forgeries is no longer shown.
   (Try it here! <http://www.mozilla.org/firefox/its-a-trap.html>)



Very interesting!!

If I select the link to "It's an attack" from Thunderbird (i.e., from
the above reply) or paste the URI in the SeaMonkey address area, the Web
page is blocked.  If I select the link from my SeaMonkey bookmarks, the
page is NOT blocked.

The page block works for me.  All I get is the warning.  I have 
SeaMonkey 2.30.


___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Malware Protection

[Geoff Welsh]

David E. Ross wrote:


That is a difference between 2.26.1 and 2.30.  I have been using
Netscape > Mozilla Suite > SeaMonkey for about 20 years and have done
okay without the malware protection.  I can do without it for the time
it takes to fix bug #1064639.



bugs get fixed?  None of the ones I am following have been, and they 
certainly precede that one.


GW
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Malware Protection

[David E. Ross]

On 10/30/2014 3:07 PM, »Q« wrote:
> In <news:ieodncuturekns_jnz2dnuu7-imdn...@mozilla.org>,
> Ray_Net  wrote:
> 
>> David E. Ross wrote, On 30/10/2014 20:02:
>>> On 10/30/2014 10:16 AM, Ray_Net wrote:
>>>> David E. Ross wrote, On 30/10/2014 18:12:
>>>>> On 10/30/2014 10:06 AM, Ray_Net wrote:
>>>>>> David E. Ross wrote, On 30/10/2014 16:19:
>>>>>>> On 10/30/2014 3:02 AM, Ray_Net wrote:
>>>>>>>> David E. Ross wrote, On 30/10/2014 01:47:
>>>>>>>>> The Web page
>>>>>>>>> <http://www.itisatrap.org/firefox/its-a-trap.html> provides a
>>>>>>>>> test of Gecko's protection of users against phishing Web
>>>>>>>>> sites.  Is there a corresponding Web page for testing Gecko's
>>>>>>>>> protection against sites containing malware?
>>>>>>>>>
>>>>>>>> I can see this page normally, so i am not protected :-)
>>>>>>>> User agent: Mozilla/5.0 (Windows NT 6.1; rv:29.0)
>>>>>>>> Gecko/20100101 Firefox/29.0 SeaMonkey/2.26.1
>>>>>>>> Win7 pro SP1 up to date
>>>>>>>>
>>>>>>> I, too, am still using 2.26.1 because I want auto-fill for
>>>>>>> passwords. See bug #1064639 at
>>>>>>> <https://bugzilla.mozilla.org/show_bug.cgi?id=1064639>.
>>>>>>>
>>>>>>> On the left side of the Preferences window, select Privacy &
>>>>>>> Security. There are two checkboxes under Safe Browsing.  The
>>>>>>> phishing checkbox does indeed block
>>>>>>> <http://www.mozilla.org/firefox/its-a-trap.html> for 2.26.1,
>>>>>>> but the malware checkbox does not block
>>>>>>> <http://www.itisatrap.org/firefox/its-an-attack.html>.  Since
>>>>>>> this might be something implemented for 2.30, I have not
>>>>>>> submitted a bug report.
>>>>>>>
>>>>>> OK, I have both boxes checked true:
>>>>>> <http://www.mozilla.org/firefox/its-a-trap.html> is blocked
>>>>>> But <http://www.itisatrap.org/firefox/its-a-trap.html> is NOT
>>>>>> blocked.
>>>>>>
>>>>> That is a difference between 2.26.1 and 2.30.  I have been using
>>>>> Netscape > Mozilla Suite > SeaMonkey for about 20 years and have
>>>>> done okay without the malware protection.  I can do without it
>>>>> for the time it takes to fix bug #1064639.
>>>>>
>>>> Both are test page for phishing not for malware ...
>>>> 2.26.1 should work for phishing and 2.30 should work for phishing
>>>> and malware.
>>>> So what ? Is the page
>>>> <http://www.itisatrap.org/firefox/its-a-trap.html> not a test for
>>>> phishing evenwhile the text say so ?
>>>>
>>> Earlier in this thread -- in response to my original question -- we
>>> were told that "It's a trap" at
>>> <http://www.mozilla.org/firefox/its-a-trap.html> is a test for
>>> protection against phishing and "It's an attack" at
>>> <http://www.itisatrap.org/firefox/its-an-attack.html> is a test for
>>> protection against malware.  The text within the former (if you
>>> disable the protection) clearly indicates the page is only about
>>> phishing.  The text within the latter is not so clear, but I
>>> inferred from the first sentence that it is about malware and not
>>> phishing.
>>>
>> Yes, i have clearly understand BUT for this one:
>> <http://www.itisatrap.org/firefox/its-a-trap.html>
>>
>> what is it ? a test for phishing or for malware ?
> 
> Here's the way the Firefox 3.0 release notes introduced the two
> pages in 2008:
> 
> * Malware Protection: malware protection warns users when they arrive at
>   sites which are known to install viruses, spyware, trojans or other
>   malware. 
>   (Try it here! <http://www.mozilla.org/firefox/its-an-attack.html>) 
> 
> * New Web Forgery Protection page: the content of pages suspected as web
>   forgeries is no longer shown. 
>   (Try it here! <http://www.mozilla.org/firefox/its-a-trap.html>)
> 

Very interesting!!

If I select the link to "It's an attack" from Thunderbird (i.e., from
the above reply) or paste the URI in the SeaMonkey address area, the Web
page is blocked.  If I select the link from my SeaMonkey bookmarks, the
page is NOT blocked.

-- 
David E. Ross

I am sticking with SeaMonkey 2.26.1 until saved passwords can
be used when autocomplete=off.  See
<https://bugzilla.mozilla.org/show_bug.cgi?id=1064639>.
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Malware Protection

[»Q«]

In <news:ieodncuturekns_jnz2dnuu7-imdn...@mozilla.org>,
Ray_Net  wrote:

> David E. Ross wrote, On 30/10/2014 20:02:
> > On 10/30/2014 10:16 AM, Ray_Net wrote:
> >> David E. Ross wrote, On 30/10/2014 18:12:
> >>> On 10/30/2014 10:06 AM, Ray_Net wrote:
> >>>> David E. Ross wrote, On 30/10/2014 16:19:
> >>>>> On 10/30/2014 3:02 AM, Ray_Net wrote:
> >>>>>> David E. Ross wrote, On 30/10/2014 01:47:
> >>>>>>> The Web page
> >>>>>>> <http://www.itisatrap.org/firefox/its-a-trap.html> provides a
> >>>>>>> test of Gecko's protection of users against phishing Web
> >>>>>>> sites.  Is there a corresponding Web page for testing Gecko's
> >>>>>>> protection against sites containing malware?
> >>>>>>>
> >>>>>> I can see this page normally, so i am not protected :-)
> >>>>>> User agent: Mozilla/5.0 (Windows NT 6.1; rv:29.0)
> >>>>>> Gecko/20100101 Firefox/29.0 SeaMonkey/2.26.1
> >>>>>> Win7 pro SP1 up to date
> >>>>>>
> >>>>> I, too, am still using 2.26.1 because I want auto-fill for
> >>>>> passwords. See bug #1064639 at
> >>>>> <https://bugzilla.mozilla.org/show_bug.cgi?id=1064639>.
> >>>>>
> >>>>> On the left side of the Preferences window, select Privacy &
> >>>>> Security. There are two checkboxes under Safe Browsing.  The
> >>>>> phishing checkbox does indeed block
> >>>>> <http://www.mozilla.org/firefox/its-a-trap.html> for 2.26.1,
> >>>>> but the malware checkbox does not block
> >>>>> <http://www.itisatrap.org/firefox/its-an-attack.html>.  Since
> >>>>> this might be something implemented for 2.30, I have not
> >>>>> submitted a bug report.
> >>>>>
> >>>> OK, I have both boxes checked true:
> >>>> <http://www.mozilla.org/firefox/its-a-trap.html> is blocked
> >>>> But <http://www.itisatrap.org/firefox/its-a-trap.html> is NOT
> >>>> blocked.
> >>>>
> >>> That is a difference between 2.26.1 and 2.30.  I have been using
> >>> Netscape > Mozilla Suite > SeaMonkey for about 20 years and have
> >>> done okay without the malware protection.  I can do without it
> >>> for the time it takes to fix bug #1064639.
> >>>
> >> Both are test page for phishing not for malware ...
> >> 2.26.1 should work for phishing and 2.30 should work for phishing
> >> and malware.
> >> So what ? Is the page
> >> <http://www.itisatrap.org/firefox/its-a-trap.html> not a test for
> >> phishing evenwhile the text say so ?
> >>
> > Earlier in this thread -- in response to my original question -- we
> > were told that "It's a trap" at
> > <http://www.mozilla.org/firefox/its-a-trap.html> is a test for
> > protection against phishing and "It's an attack" at
> > <http://www.itisatrap.org/firefox/its-an-attack.html> is a test for
> > protection against malware.  The text within the former (if you
> > disable the protection) clearly indicates the page is only about
> > phishing.  The text within the latter is not so clear, but I
> > inferred from the first sentence that it is about malware and not
> > phishing.
> >
> Yes, i have clearly understand BUT for this one:
> <http://www.itisatrap.org/firefox/its-a-trap.html>
> 
> what is it ? a test for phishing or for malware ?

Here's the way the Firefox 3.0 release notes introduced the two
pages in 2008:

* Malware Protection: malware protection warns users when they arrive at
  sites which are known to install viruses, spyware, trojans or other
  malware. 
  (Try it here! <http://www.mozilla.org/firefox/its-an-attack.html>) 

* New Web Forgery Protection page: the content of pages suspected as web
  forgeries is no longer shown. 
  (Try it here! <http://www.mozilla.org/firefox/its-a-trap.html>)
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Malware Protection

[Ray_Net]

David E. Ross wrote, On 30/10/2014 20:02:

On 10/30/2014 10:16 AM, Ray_Net wrote:

David E. Ross wrote, On 30/10/2014 18:12:

On 10/30/2014 10:06 AM, Ray_Net wrote:

David E. Ross wrote, On 30/10/2014 16:19:

On 10/30/2014 3:02 AM, Ray_Net wrote:

David E. Ross wrote, On 30/10/2014 01:47:

The Web page <http://www.itisatrap.org/firefox/its-a-trap.html> provides
a test of Gecko's protection of users against phishing Web sites.  Is
there a corresponding Web page for testing Gecko's protection against
sites containing malware?


I can see this page normally, so i am not protected :-)
User agent: Mozilla/5.0 (Windows NT 6.1; rv:29.0) Gecko/20100101
Firefox/29.0 SeaMonkey/2.26.1
Win7 pro SP1 up to date


I, too, am still using 2.26.1 because I want auto-fill for passwords.
See bug #1064639 at
<https://bugzilla.mozilla.org/show_bug.cgi?id=1064639>.

On the left side of the Preferences window, select Privacy & Security.
There are two checkboxes under Safe Browsing.  The phishing checkbox
does indeed block <http://www.mozilla.org/firefox/its-a-trap.html> for
2.26.1, but the malware checkbox does not block
<http://www.itisatrap.org/firefox/its-an-attack.html>.  Since this might
be something implemented for 2.30, I have not submitted a bug report.


OK, I have both boxes checked true:
<http://www.mozilla.org/firefox/its-a-trap.html> is blocked
But <http://www.itisatrap.org/firefox/its-a-trap.html> is NOT blocked.


That is a difference between 2.26.1 and 2.30.  I have been using
Netscape > Mozilla Suite > SeaMonkey for about 20 years and have done
okay without the malware protection.  I can do without it for the time
it takes to fix bug #1064639.


Both are test page for phishing not for malware ...
2.26.1 should work for phishing and 2.30 should work for phishing and
malware.
So what ? Is the page <http://www.itisatrap.org/firefox/its-a-trap.html>
not a test for phishing evenwhile the text say so ?


Earlier in this thread -- in response to my original question -- we were
told that "It's a trap" at
<http://www.mozilla.org/firefox/its-a-trap.html> is a test for
protection against phishing and "It's an attack" at
<http://www.itisatrap.org/firefox/its-an-attack.html> is a test for
protection against malware.  The text within the former (if you disable
the protection) clearly indicates the page is only about phishing.  The
text within the latter is not so clear, but I inferred from the first
sentence that it is about malware and not phishing.


Yes, i have clearly understand BUT for this one:
<http://www.itisatrap.org/firefox/its-a-trap.html>

what is it ? a test for phishing or for malware ?

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Malware Protection

[David E. Ross]

On 10/30/2014 10:16 AM, Ray_Net wrote:
> David E. Ross wrote, On 30/10/2014 18:12:
>> On 10/30/2014 10:06 AM, Ray_Net wrote:
>>> David E. Ross wrote, On 30/10/2014 16:19:
>>>> On 10/30/2014 3:02 AM, Ray_Net wrote:
>>>>> David E. Ross wrote, On 30/10/2014 01:47:
>>>>>> The Web page <http://www.itisatrap.org/firefox/its-a-trap.html> provides
>>>>>> a test of Gecko's protection of users against phishing Web sites.  Is
>>>>>> there a corresponding Web page for testing Gecko's protection against
>>>>>> sites containing malware?
>>>>>>
>>>>> I can see this page normally, so i am not protected :-)
>>>>> User agent: Mozilla/5.0 (Windows NT 6.1; rv:29.0) Gecko/20100101
>>>>> Firefox/29.0 SeaMonkey/2.26.1
>>>>> Win7 pro SP1 up to date
>>>>>
>>>> I, too, am still using 2.26.1 because I want auto-fill for passwords.
>>>> See bug #1064639 at
>>>> <https://bugzilla.mozilla.org/show_bug.cgi?id=1064639>.
>>>>
>>>> On the left side of the Preferences window, select Privacy & Security.
>>>> There are two checkboxes under Safe Browsing.  The phishing checkbox
>>>> does indeed block <http://www.mozilla.org/firefox/its-a-trap.html> for
>>>> 2.26.1, but the malware checkbox does not block
>>>> <http://www.itisatrap.org/firefox/its-an-attack.html>.  Since this might
>>>> be something implemented for 2.30, I have not submitted a bug report.
>>>>
>>> OK, I have both boxes checked true:
>>> <http://www.mozilla.org/firefox/its-a-trap.html> is blocked
>>> But <http://www.itisatrap.org/firefox/its-a-trap.html> is NOT blocked.
>>>
>> That is a difference between 2.26.1 and 2.30.  I have been using
>> Netscape > Mozilla Suite > SeaMonkey for about 20 years and have done
>> okay without the malware protection.  I can do without it for the time
>> it takes to fix bug #1064639.
>>
> Both are test page for phishing not for malware ...
> 2.26.1 should work for phishing and 2.30 should work for phishing and 
> malware.
> So what ? Is the page <http://www.itisatrap.org/firefox/its-a-trap.html> 
> not a test for phishing evenwhile the text say so ?
> 

Earlier in this thread -- in response to my original question -- we were
told that "It's a trap" at
<http://www.mozilla.org/firefox/its-a-trap.html> is a test for
protection against phishing and "It's an attack" at
<http://www.itisatrap.org/firefox/its-an-attack.html> is a test for
protection against malware.  The text within the former (if you disable
the protection) clearly indicates the page is only about phishing.  The
text within the latter is not so clear, but I inferred from the first
sentence that it is about malware and not phishing.

-- 
David E. Ross

I am sticking with SeaMonkey 2.26.1 until saved passwords can
be used when autocomplete=off.  See
<https://bugzilla.mozilla.org/show_bug.cgi?id=1064639>.
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Malware Protection

[Ray_Net]

David E. Ross wrote, On 30/10/2014 18:12:

On 10/30/2014 10:06 AM, Ray_Net wrote:

David E. Ross wrote, On 30/10/2014 16:19:

On 10/30/2014 3:02 AM, Ray_Net wrote:

David E. Ross wrote, On 30/10/2014 01:47:

The Web page <http://www.itisatrap.org/firefox/its-a-trap.html> provides
a test of Gecko's protection of users against phishing Web sites.  Is
there a corresponding Web page for testing Gecko's protection against
sites containing malware?


I can see this page normally, so i am not protected :-)
User agent: Mozilla/5.0 (Windows NT 6.1; rv:29.0) Gecko/20100101
Firefox/29.0 SeaMonkey/2.26.1
Win7 pro SP1 up to date


I, too, am still using 2.26.1 because I want auto-fill for passwords.
See bug #1064639 at
<https://bugzilla.mozilla.org/show_bug.cgi?id=1064639>.

On the left side of the Preferences window, select Privacy & Security.
There are two checkboxes under Safe Browsing.  The phishing checkbox
does indeed block <http://www.mozilla.org/firefox/its-a-trap.html> for
2.26.1, but the malware checkbox does not block
<http://www.itisatrap.org/firefox/its-an-attack.html>.  Since this might
be something implemented for 2.30, I have not submitted a bug report.


OK, I have both boxes checked true:
<http://www.mozilla.org/firefox/its-a-trap.html> is blocked
But <http://www.itisatrap.org/firefox/its-a-trap.html> is NOT blocked.


That is a difference between 2.26.1 and 2.30.  I have been using
Netscape > Mozilla Suite > SeaMonkey for about 20 years and have done
okay without the malware protection.  I can do without it for the time
it takes to fix bug #1064639.


Both are test page for phishing not for malware ...
2.26.1 should work for phishing and 2.30 should work for phishing and 
malware.
So what ? Is the page <http://www.itisatrap.org/firefox/its-a-trap.html> 
not a test for phishing evenwhile the text say so ?

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Malware Protection

[David E. Ross]

On 10/30/2014 10:06 AM, Ray_Net wrote:
> David E. Ross wrote, On 30/10/2014 16:19:
>> On 10/30/2014 3:02 AM, Ray_Net wrote:
>>> David E. Ross wrote, On 30/10/2014 01:47:
>>>> The Web page <http://www.itisatrap.org/firefox/its-a-trap.html> provides
>>>> a test of Gecko's protection of users against phishing Web sites.  Is
>>>> there a corresponding Web page for testing Gecko's protection against
>>>> sites containing malware?
>>>>
>>> I can see this page normally, so i am not protected :-)
>>> User agent: Mozilla/5.0 (Windows NT 6.1; rv:29.0) Gecko/20100101
>>> Firefox/29.0 SeaMonkey/2.26.1
>>> Win7 pro SP1 up to date
>>>
>> I, too, am still using 2.26.1 because I want auto-fill for passwords.
>> See bug #1064639 at
>> <https://bugzilla.mozilla.org/show_bug.cgi?id=1064639>.
>>
>> On the left side of the Preferences window, select Privacy & Security.
>> There are two checkboxes under Safe Browsing.  The phishing checkbox
>> does indeed block <http://www.mozilla.org/firefox/its-a-trap.html> for
>> 2.26.1, but the malware checkbox does not block
>> <http://www.itisatrap.org/firefox/its-an-attack.html>.  Since this might
>> be something implemented for 2.30, I have not submitted a bug report.
>>
> OK, I have both boxes checked true:
> <http://www.mozilla.org/firefox/its-a-trap.html> is blocked
> But <http://www.itisatrap.org/firefox/its-a-trap.html> is NOT blocked.
> 

That is a difference between 2.26.1 and 2.30.  I have been using
Netscape > Mozilla Suite > SeaMonkey for about 20 years and have done
okay without the malware protection.  I can do without it for the time
it takes to fix bug #1064639.

-- 
David E. Ross

I am sticking with SeaMonkey 2.26.1 until saved passwords can
be used when autocomplete=off.  See
<https://bugzilla.mozilla.org/show_bug.cgi?id=1064639>.
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Malware Protection

[Ray_Net]

David E. Ross wrote, On 30/10/2014 16:19:

On 10/30/2014 3:02 AM, Ray_Net wrote:

David E. Ross wrote, On 30/10/2014 01:47:

The Web page  provides
a test of Gecko's protection of users against phishing Web sites.  Is
there a corresponding Web page for testing Gecko's protection against
sites containing malware?


I can see this page normally, so i am not protected :-)
User agent: Mozilla/5.0 (Windows NT 6.1; rv:29.0) Gecko/20100101
Firefox/29.0 SeaMonkey/2.26.1
Win7 pro SP1 up to date


I, too, am still using 2.26.1 because I want auto-fill for passwords.
See bug #1064639 at
.

On the left side of the Preferences window, select Privacy & Security.
There are two checkboxes under Safe Browsing.  The phishing checkbox
does indeed block  for
2.26.1, but the malware checkbox does not block
.  Since this might
be something implemented for 2.30, I have not submitted a bug report.


OK, I have both boxes checked true:
 is blocked
But  is NOT blocked.
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Malware Protection

[Paul B. Gallagher]

David E. Ross wrote:


On the left side of the Preferences window, select Privacy &
Security. There are two checkboxes under Safe Browsing.  The phishing
checkbox does indeed block
 for 2.26.1, but the
malware checkbox does not block
.  Since this
might be something implemented for 2.30, I have not submitted a bug
report.


On my 2.30, the second URL is indeed blocked. I have both boxes checked 
in my prefs.


--
War doesn't determine who's right, just who's left.
--
Paul B. Gallagher

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Malware Protection

[David E. Ross]

On 10/30/2014 3:02 AM, Ray_Net wrote:
> David E. Ross wrote, On 30/10/2014 01:47:
>> The Web page  provides
>> a test of Gecko's protection of users against phishing Web sites.  Is
>> there a corresponding Web page for testing Gecko's protection against
>> sites containing malware?
>>
> I can see this page normally, so i am not protected :-)
> User agent: Mozilla/5.0 (Windows NT 6.1; rv:29.0) Gecko/20100101 
> Firefox/29.0 SeaMonkey/2.26.1
> Win7 pro SP1 up to date
> 

I, too, am still using 2.26.1 because I want auto-fill for passwords.
See bug #1064639 at
.

On the left side of the Preferences window, select Privacy & Security.
There are two checkboxes under Safe Browsing.  The phishing checkbox
does indeed block  for
2.26.1, but the malware checkbox does not block
.  Since this might
be something implemented for 2.30, I have not submitted a bug report.

-- 
David E. Ross

I am sticking with SeaMonkey 2.26.1 until saved passwords can
be used when autocomplete=off.  See
.
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Malware Protection

[Daniel]

On 30/10/14 21:02, Ray_Net wrote:

David E. Ross wrote, On 30/10/2014 01:47:

The Web page  provides
a test of Gecko's protection of users against phishing Web sites.  Is
there a corresponding Web page for testing Gecko's protection against
sites containing malware?


I can see this page normally, so i am not protected :-)
User agent: Mozilla/5.0 (Windows NT 6.1; rv:29.0) Gecko/20100101
Firefox/29.0 SeaMonkey/2.26.1
Win7 pro SP1 up to date


I get the reported forgery page on my Linux 2.30b1.

--
Daniel

User agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0) Gecko/20100101 
SeaMonkey/2.29 Build identifier: 20140829003846

or
User agent: Mozilla/5.0 (X11; Linux x86_64; rv:33.0) Gecko/20100101 
SeaMonkey/2.30 Build identifier: 20141009214701

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Malware Protection

[Ray_Net]

David E. Ross wrote, On 30/10/2014 01:47:

The Web page  provides
a test of Gecko's protection of users against phishing Web sites.  Is
there a corresponding Web page for testing Gecko's protection against
sites containing malware?


I can see this page normally, so i am not protected :-)
User agent: Mozilla/5.0 (Windows NT 6.1; rv:29.0) Gecko/20100101 
Firefox/29.0 SeaMonkey/2.26.1

Win7 pro SP1 up to date
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Malware Protection

[»Q«]

In ,
"David E. Ross"  wrote:

> The Web page 
> provides a test of Gecko's protection of users against phishing Web
> sites.  Is there a corresponding Web page for testing Gecko's
> protection against sites containing malware?

Yes, .



___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Malware Protection

[WaltS48]

On 10/29/2014 10:51 PM, Geoff Welsh wrote:

WaltS48 wrote:


On 10/29/2014 08:47 PM, David E. Ross wrote:

The Web page provides
a test of Gecko's protection of users against phishing Web sites.


Interesting. When I open that link in Firefox34.0b4, I get a "Reported
Web Forgery This web page at www.itisatrap.org has been reported as a
web forgery and has been blocked based on your security preferences."
warning.


Pretty sure it's supposed to do that, since I see:

 "If you're using Firefox 30 or later, you should have been warned 
away from this page."


withOUT using modern FF or SM

GW


Thanks Geoff. :-)
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Malware Protection

[Geoff Welsh]

WaltS48 wrote:


On 10/29/2014 08:47 PM, David E. Ross wrote:

The Web page  provides
a test of Gecko's protection of users against phishing Web sites.


Interesting. When I open that link in Firefox34.0b4, I get a "Reported
Web Forgery This web page at www.itisatrap.org has been reported as a
web forgery and has been blocked based on your security preferences."
warning.


Pretty sure it's supposed to do that, since I see:

 "If you're using Firefox 30 or later, you should have been warned away 
from this page."


withOUT using modern FF or SM

GW
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Malware Protection

[Paul B. Gallagher]

WaltS48 wrote:


On 10/29/2014 08:47 PM, David E. Ross wrote:

The Web page<http://www.itisatrap.org/firefox/its-a-trap.html>  provides
a test of Gecko's protection of users against phishing Web sites.  Is
there a corresponding Web page for testing Gecko's protection against
sites containing malware?



Interesting. When I open that link in Firefox34.0b4, I get a "Reported
Web Forgery This web page at www.itisatrap.org has been reported as a
web forgery and has been blocked based on your security preferences."
warning.


If you click the button in the warning, "Why was this page blocked?" you 
are taken to 
<https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work>, 
which has a lot of good explanations.


--
War doesn't determine who's right, just who's left.
--
Paul B. Gallagher

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Malware Protection

[WaltS48]

On 10/29/2014 08:47 PM, David E. Ross wrote:

The Web page  provides
a test of Gecko's protection of users against phishing Web sites.  Is
there a corresponding Web page for testing Gecko's protection against
sites containing malware?




Interesting. When I open that link in Firefox34.0b4, I get a "Reported 
Web Forgery This web page at www.itisatrap.org has been reported as a 
web forgery and has been blocked based on your security preferences." 
warning.

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Malware Protection

[David E. Ross]

The Web page  provides
a test of Gecko's protection of users against phishing Web sites.  Is
there a corresponding Web page for testing Gecko's protection against
sites containing malware?

-- 
David E. Ross

I am sticking with SeaMonkey 2.26.1 until saved passwords can
be used when autocomplete=off.  See
.
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Phishing and Malware Protection

[Rob]

MCBastos  wrote:
> Interviewed by CNN on 30/01/2013 14:35, Rob told the world:
>> MCBastos  wrote:
>>> So...
>>> Antivirus: missed it
>>> Other antivirus: about 75% chance of missing it.
>>> Google Safe Browsing: missed it
>>> ISP spam filter: flagged it as spam, but did nothing else. Not that it
>>> helps much, since this particular filter has a high rate of false
>>> positives. One of the myriad reasons I'm migrating to another ISP...
>>> Seamonkey spam filter: missed it (probably because it had my full name)
>> 
>> Filtering proxy looking at file type: would probably have caught it.
>> Software restriction policy at computer (AppLocker): would have caught it.
>> Operating as a nonprivileged user: would most likely have made the
>> malware fail to install in system directories.
>
> Sure, those are fine tools, but some of them are not practical for most
> home users or small business. I mean, AppLocker is an Enterprise-level
> tool, and how many homes do you know that have *any kind* of proxy? Not
> to mention notebooks that connect to public wi-fi?
>
> And even so, you qualified your claims with "probably" and "likely". As
> I said, there are no absolute guarantees. There are no magical silver
> bullets that will kill *all* attacks, surely, with zero false positives.
>
> Every security tool must achieve a balance between the security it
> offers and its shortcomings. In the case of the Firefox blacklist, the
> choice between real-time blacklist checks and batch-downloaded updates
> has to consider the following:
>
> - Pro real-time checks: somewhat elevated security
> - con: privacy concerns, increased latency

The reason I mention those three other methods is that I prefer
methods that work by fixed yes/no checks over methods that use
dynamically updated patterns and blacklists.  A rule that prevents
driveby downloads is better than a virus scanner or site blacklist,
in my opinion.

Sure it requires effort to implement those things, that is why
almost nobody is doing it.  But then, don't complain when you are
hacked.

I am not in the Windows software development business, but seeing that
current security products already scan for viruses in internet download
streams, either by pushing a proxy inbetween or by watching all TCP
streams, it should be trivial to add a feature that just blocks any
executable download for users that are not designated as administrators.
That should be much more effective than scanning for malware.

When our users are on public WiFi, they can only setup a VPN to the
company network and access the internet using the standard security
in place.  This also prevents wiretapping of the activities of the user.
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Phishing and Malware Protection

[MCBastos]

Interviewed by CNN on 30/01/2013 14:35, Rob told the world:
> MCBastos  wrote:
>> So...
>> Antivirus: missed it
>> Other antivirus: about 75% chance of missing it.
>> Google Safe Browsing: missed it
>> ISP spam filter: flagged it as spam, but did nothing else. Not that it
>> helps much, since this particular filter has a high rate of false
>> positives. One of the myriad reasons I'm migrating to another ISP...
>> Seamonkey spam filter: missed it (probably because it had my full name)
> 
> Filtering proxy looking at file type: would probably have caught it.
> Software restriction policy at computer (AppLocker): would have caught it.
> Operating as a nonprivileged user: would most likely have made the
> malware fail to install in system directories.

Sure, those are fine tools, but some of them are not practical for most
home users or small business. I mean, AppLocker is an Enterprise-level
tool, and how many homes do you know that have *any kind* of proxy? Not
to mention notebooks that connect to public wi-fi?

And even so, you qualified your claims with "probably" and "likely". As
I said, there are no absolute guarantees. There are no magical silver
bullets that will kill *all* attacks, surely, with zero false positives.

Every security tool must achieve a balance between the security it
offers and its shortcomings. In the case of the Firefox blacklist, the
choice between real-time blacklist checks and batch-downloaded updates
has to consider the following:

- Pro real-time checks: somewhat elevated security
- con: privacy concerns, increased latency


-- 
MCBastos

This message has been protected with the 2ROT13 algorithm. Unauthorized
use will be prosecuted under the DMCA.

-=-=-
... Sent from my Odyssey2.
* Added by TagZilla 0.7a1 running on Seamonkey 2.15 *
Get it at http://xsidebar.mozdev.org/modifiedmailnews.html#tagzilla
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Phishing and Malware Protection

[Rob]

MCBastos  wrote:
> So...
> Antivirus: missed it
> Other antivirus: about 75% chance of missing it.
> Google Safe Browsing: missed it
> ISP spam filter: flagged it as spam, but did nothing else. Not that it
> helps much, since this particular filter has a high rate of false
> positives. One of the myriad reasons I'm migrating to another ISP...
> Seamonkey spam filter: missed it (probably because it had my full name)

Filtering proxy looking at file type: would probably have caught it.
Software restriction policy at computer (AppLocker): would have caught it.
Operating as a nonprivileged user: would most likely have made the
malware fail to install in system directories.
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Phishing and Malware Protection

[MCBastos]

Interviewed by CNN on 30/01/2013 06:57, Daniel told the world:

> So I could still be visiting phishing sites because my database could, 
> in part, be a week out of date!!

There's no guarantees of a complete database anywhere.

For instance:

I have just received a phishing e-mail, trying to induce me to download
and open some sort of malware. I found it mildly interesting (as scams
go) because they actually included my full name, instead of sending a
generic message. Not that's hard to buy lists of e-mails with full user
names...

Anyway, I decided to amuse myself giving it a check. First thing: copied
the link to GetLinkInfo.com to see what they could tell about it. Not
much, it turned out -- even the Google Safe Browsing check gave the
website a clean bill of health. (Apparently the site -- some sort of
Chinese name in a .com domain -- is an image host, and the malware
distributor uploaded the crap as if it were an image)

Next step: check the malware itself. Yes, I know what I'm doing, I
routinely have to disinfect virus-possessed computers from clients, I
know how to keep from actually running a file. So I disabled plugins and
Javascript and very carefully opened the link. Turns out it it was a
.cpl file, which is a big red flag for malware.

Anyway, my antivirus didn't complain. I uploaded it to Jotti.com and
Virustotal.com, and it got only about 25% hits, suggesting that it's
pretty new.

So...
Antivirus: missed it
Other antivirus: about 75% chance of missing it.
Google Safe Browsing: missed it
ISP spam filter: flagged it as spam, but did nothing else. Not that it
helps much, since this particular filter has a high rate of false
positives. One of the myriad reasons I'm migrating to another ISP...
Seamonkey spam filter: missed it (probably because it had my full name)

So there are no guarantees, you have to keep a sharp eye anyway.
Automated tools (antivirus, antispam, website black lists and such) help
by essentially cutting down on the volume of mail you have to actually
read and analyse. They won't ever get everything.

-- 
MCBastos

This message has been protected with the 2ROT13 algorithm. Unauthorized
use will be prosecuted under the DMCA.

-=-=-
... Sent from my Bugatti Veyron.
* Added by TagZilla 0.7a1 running on Seamonkey 2.15 *
Get it at http://xsidebar.mozdev.org/modifiedmailnews.html#tagzilla
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Phishing and Malware Protection

[Rob]

Daniel  wrote:
>> It is the same with virus scanners.  That is why it is always better
>> to setup the system in such a way that software cannot be installed
>> or run as downloaded by the logged-in user.  Use a separate account
>> for surfing and for administering the system (installing software).
>
> or use Linux and *don't* run it as Root!

Actually, Windows provides more and better mechanisms to guard the non-admin
user against unwilling execution of malware than Linux does.

The problem is that some of the mechanisms are not enabled by default,
and others are enabled but are often turned off by users because they
are considered too invasive.

The only real advantages a Linux user has over a Windows user are the
smaller number of Linux systems and hence less attraction from people
who want to break in, and the lack of standardization which makes it
difficult to develop portable applications (both for hackers and for
normal software developers).
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Phishing and Malware Protection

[Paul B. Gallagher]

Rob wrote:


Yes.  That is how it always is.  You can never get total protection
from a system like this.

Even with a system that queries an online server, you have the
problem that you may visit a site that is not yet known to serve
malware, so the server says "OK" and you get infected anyway.

It is the same with virus scanners.  That is why it is always better
to setup the system in such a way that software cannot be installed
or run as downloaded by the logged-in user.  Use a separate account
for surfing and for administering the system (installing software).


Antivirus publishers nowadays try to defeat the malware writers by 
incorporating heuristic algorithms that are supposed to recognize 
patterns even if the malware doesn't precisely match a known specimen. 
The downside of that, as we've seen here, is a certain percentage of 
false positives -- legitimate programs that are flagged because they 
kinda sorta look like malware.


--
War doesn't determine who's right, just who's left.
--
Paul B. Gallagher

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Phishing and Malware Protection

[Daniel]

Rob wrote:

Daniel  wrote:

MCBastos wrote:

Interviewed by CNN on 29/01/2013 10:47, Daniel told the world:

Rob wrote:

Ray_Net  wrote:

2. A firefox guy is complaining about lag when accessing web pages ..
could this feature slow firefox.


This is not very likely.  The feature works by downloading a list
of infected sites at a certain interval, then storing this list
in a local file.  The file is then consulted during browsing.

So there is no extra query to a single server that has to reply before
a page is shown, like in some competing system.


Hey, Rob, in your first para, you say that a list is downloaded, so in
your second para, you *must be wrong* when you state there is "no extra
query to a single server that has to reply".

Of course, this extra wait time will depend on how often SM has to
download the list of infected sites, daily, weekly, whatever.


No, you missed the rest of the sentence: "...that has to reply before a
page is shown."

What Rob meant is that Firefox won't stop loading the page you want to
visit while checking a particular server to see if that page is clean.
Instead, it has a previously-downloaded blacklist of problem sites.


So, e.g. Yesterday SM downloaded a list. The site I am now visiting was
not on that list, however this site may have been added to the list
overnight, so I've been phished/spammed/whatever, even though I was
doing the right thing!!

Some protection, maybe, but not total!!


Yes.  That is how it always is.  You can never get total protection
from a system like this.

Even with a system that queries an online server, you have the problem
that you may visit a site that is not yet known to serve malware, so
the server says "OK" and you get infected anyway.

It is the same with virus scanners.  That is why it is always better
to setup the system in such a way that software cannot be installed
or run as downloaded by the logged-in user.  Use a separate account
for surfing and for administering the system (installing software).


or use Linux and *don't* run it as Root!

--
Daniel

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Phishing and Malware Protection

[Rob]

Daniel  wrote:
> MCBastos wrote:
>> Interviewed by CNN on 29/01/2013 10:47, Daniel told the world:
>>> Rob wrote:
 Ray_Net  wrote:
> 2. A firefox guy is complaining about lag when accessing web pages ..
> could this feature slow firefox.

 This is not very likely.  The feature works by downloading a list
 of infected sites at a certain interval, then storing this list
 in a local file.  The file is then consulted during browsing.

 So there is no extra query to a single server that has to reply before
 a page is shown, like in some competing system.
>>>
>>> Hey, Rob, in your first para, you say that a list is downloaded, so in
>>> your second para, you *must be wrong* when you state there is "no extra
>>> query to a single server that has to reply".
>>>
>>> Of course, this extra wait time will depend on how often SM has to
>>> download the list of infected sites, daily, weekly, whatever.
>>
>> No, you missed the rest of the sentence: "...that has to reply before a
>> page is shown."
>>
>> What Rob meant is that Firefox won't stop loading the page you want to
>> visit while checking a particular server to see if that page is clean.
>> Instead, it has a previously-downloaded blacklist of problem sites.
>
> So, e.g. Yesterday SM downloaded a list. The site I am now visiting was 
> not on that list, however this site may have been added to the list 
> overnight, so I've been phished/spammed/whatever, even though I was 
> doing the right thing!!
>
> Some protection, maybe, but not total!!

Yes.  That is how it always is.  You can never get total protection
from a system like this.

Even with a system that queries an online server, you have the problem
that you may visit a site that is not yet known to serve malware, so
the server says "OK" and you get infected anyway.

It is the same with virus scanners.  That is why it is always better
to setup the system in such a way that software cannot be installed
or run as downloaded by the logged-in user.  Use a separate account
for surfing and for administering the system (installing software).
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Phishing and Malware Protection

[Daniel]

Philip Chee wrote:

On Tue, 29 Jan 2013 23:47:18 +1100, Daniel wrote:

Rob wrote:

Ray_Net  wrote:

2. A firefox guy is complaining about lag when accessing web pages ..
could this feature slow firefox.


This is not very likely.  The feature works by downloading a list
of infected sites at a certain interval, then storing this list
in a local file.  The file is then consulted during browsing.

So there is no extra query to a single server that has to reply before
a page is shown, like in some competing system.


Hey, Rob, in your first para, you say that a list is downloaded, so in
your second para, you *must be wrong* when you state there is "no extra
query to a single server that has to reply".

Of course, this extra wait time will depend on how often SM has to
download the list of infected sites, daily, weekly, whatever.


The Gecko backend downloads the phishing and malware data in "chunks" at
a low priority. I think it takes up to a week for the complete tables to
be downloaded. After that, any updates are also download in chunks.


So I could still be visiting phishing sites because my database could, 
in part, be a week out of date!!



Back in the Triassic when the safe browsing code was still a separate
Google Safe Browsing extension, there was code to do online lookups if
the local copies of the databases didn't have information on a
particular URL, but that functionality was removed a long time ago.

Phil


--
Daniel

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Phishing and Malware Protection

[Daniel]

MCBastos wrote:

Interviewed by CNN on 29/01/2013 10:47, Daniel told the world:

Rob wrote:

Ray_Net  wrote:

2. A firefox guy is complaining about lag when accessing web pages ..
could this feature slow firefox.


This is not very likely.  The feature works by downloading a list
of infected sites at a certain interval, then storing this list
in a local file.  The file is then consulted during browsing.

So there is no extra query to a single server that has to reply before
a page is shown, like in some competing system.


Hey, Rob, in your first para, you say that a list is downloaded, so in
your second para, you *must be wrong* when you state there is "no extra
query to a single server that has to reply".

Of course, this extra wait time will depend on how often SM has to
download the list of infected sites, daily, weekly, whatever.


No, you missed the rest of the sentence: "...that has to reply before a
page is shown."

What Rob meant is that Firefox won't stop loading the page you want to
visit while checking a particular server to see if that page is clean.
Instead, it has a previously-downloaded blacklist of problem sites.


So, e.g. Yesterday SM downloaded a list. The site I am now visiting was 
not on that list, however this site may have been added to the list 
overnight, so I've been phished/spammed/whatever, even though I was 
doing the right thing!!


Some protection, maybe, but not total!!

--
Daniel

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Phishing and Malware Protection

[Philip Chee]

On Tue, 29 Jan 2013 23:47:18 +1100, Daniel wrote:
> Rob wrote:
>> Ray_Net  wrote:
>>> 2. A firefox guy is complaining about lag when accessing web pages ..
>>> could this feature slow firefox.
>>
>> This is not very likely.  The feature works by downloading a list
>> of infected sites at a certain interval, then storing this list
>> in a local file.  The file is then consulted during browsing.
>>
>> So there is no extra query to a single server that has to reply before
>> a page is shown, like in some competing system.
> 
> Hey, Rob, in your first para, you say that a list is downloaded, so in 
> your second para, you *must be wrong* when you state there is "no extra 
> query to a single server that has to reply".
> 
> Of course, this extra wait time will depend on how often SM has to 
> download the list of infected sites, daily, weekly, whatever.

The Gecko backend downloads the phishing and malware data in "chunks" at
a low priority. I think it takes up to a week for the complete tables to
be downloaded. After that, any updates are also download in chunks.

Back in the Triassic when the safe browsing code was still a separate
Google Safe Browsing extension, there was code to do online lookups if
the local copies of the databases didn't have information on a
particular URL, but that functionality was removed a long time ago.

Phil

-- 
Philip Chee , 
http://flashblock.mozdev.org/ http://xsidebar.mozdev.org
Guard us from the she-wolf and the wolf, and guard us from the thief,
oh Night, and so be good for us to pass.
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Phishing and Malware Protection

[Rob]

Daniel  wrote:
> Rob wrote:
>> Ray_Net  wrote:
>>> 2. A firefox guy is complaining about lag when accessing web pages ..
>>> could this feature slow firefox.
>>
>> This is not very likely.  The feature works by downloading a list
>> of infected sites at a certain interval, then storing this list
>> in a local file.  The file is then consulted during browsing.
>>
>> So there is no extra query to a single server that has to reply before
>> a page is shown, like in some competing system.
>
> Hey, Rob, in your first para, you say that a list is downloaded, so in 
> your second para, you *must be wrong* when you state there is "no extra 
> query to a single server that has to reply".
>
> Of course, this extra wait time will depend on how often SM has to 
> download the list of infected sites, daily, weekly, whatever.

No.  There is no extra wait time.  The download proceeds in the background
while you are working on your computer, not at the time you click a link.
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Phishing and Malware Protection

[MCBastos]

Interviewed by CNN on 29/01/2013 10:47, Daniel told the world:
> Rob wrote:
>> Ray_Net  wrote:
>>> 2. A firefox guy is complaining about lag when accessing web pages ..
>>> could this feature slow firefox.
>>
>> This is not very likely.  The feature works by downloading a list
>> of infected sites at a certain interval, then storing this list
>> in a local file.  The file is then consulted during browsing.
>>
>> So there is no extra query to a single server that has to reply before
>> a page is shown, like in some competing system.
> 
> Hey, Rob, in your first para, you say that a list is downloaded, so in 
> your second para, you *must be wrong* when you state there is "no extra 
> query to a single server that has to reply".
> 
> Of course, this extra wait time will depend on how often SM has to 
> download the list of infected sites, daily, weekly, whatever.

No, you missed the rest of the sentence: "...that has to reply before a
page is shown."

What Rob meant is that Firefox won't stop loading the page you want to
visit while checking a particular server to see if that page is clean.
Instead, it has a previously-downloaded blacklist of problem sites.



-- 
MCBastos

This message has been protected with the 2ROT13 algorithm. Unauthorized
use will be prosecuted under the DMCA.

-=-=-
... Sent from my BBC Micro.
* Added by TagZilla 0.7a1 running on Seamonkey 2.15 *
Get it at http://xsidebar.mozdev.org/modifiedmailnews.html#tagzilla
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Phishing and Malware Protection

[Daniel]

Rob wrote:

Ray_Net  wrote:

2. A firefox guy is complaining about lag when accessing web pages ..
could this feature slow firefox.


This is not very likely.  The feature works by downloading a list
of infected sites at a certain interval, then storing this list
in a local file.  The file is then consulted during browsing.

So there is no extra query to a single server that has to reply before
a page is shown, like in some competing system.


Hey, Rob, in your first para, you say that a list is downloaded, so in 
your second para, you *must be wrong* when you state there is "no extra 
query to a single server that has to reply".


Of course, this extra wait time will depend on how often SM has to 
download the list of infected sites, daily, weekly, whatever.


--
Daniel

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Phishing and Malware Protection

[Rob]

Ray_Net  wrote:
> 2. A firefox guy is complaining about lag when accessing web pages .. 
> could this feature slow firefox.

This is not very likely.  The feature works by downloading a list
of infected sites at a certain interval, then storing this list
in a local file.  The file is then consulted during browsing.

So there is no extra query to a single server that has to reply before
a page is shown, like in some competing system.
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Phishing and Malware Protection

[Paul B. Gallagher]

WaltS wrote:


Ray_Net wrote:

I read here http://www.mozilla.org/en-US/firefox/phishing-protection/

Firefox 3 or later contains built-in Phishing and Malware Protection to
help keep you safe online.

The questions are:
1. Would this feature also implemented in SM ?
2. A firefox guy is complaining about lag when accessing web pages ..
could this feature slow firefox.


Upon investigation of Firefox and SeaMonkey.

I do not see the "Warn me when sites try to install add-ons", "Block
reported attack sites", or "Block reported web forgeries", under
Security preferences, or any corresponding "browser.safebrowsing"
preferences in about:config in SeaMonkey 2.15.1.

Firefox has these prefs. SeaMonkey does not.

browser.safebrowsing.enabled
browser.safebrowsing.malware.enabled

They probably would not slow down Firefox.


You might look at Edit | Preferences | Advanced | Software Installation.

The first option is
[ ] Allow websites to install add-ons and updates
and if you click "Allowed websites," it opens the Permissions tab of the 
Data Manager. From there, you can specify that a particular site does or 
does not have permission to install software.


So that's a start. Philip Chee obviously knows more than I about this.

--
War doesn't determine who's right, just who's left.
--
Paul B. Gallagher

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Phishing and Malware Protection

[Philip Chee]

On Tue, 29 Jan 2013 01:02:16 +0100, Ray_Net wrote:
> I read here http://www.mozilla.org/en-US/firefox/phishing-protection/
> 
> Firefox 3 or later contains built-in Phishing and Malware Protection to 
> help keep you safe online.
> 
> The questions are:
> 1. Would this feature also implemented in SM ?

I have a fully working patch in:
Bug 477718 - Implement Phishing Protection (a.k.a. Safe Browsing)
support in SeaMonkey
<https://bugzilla.mozilla.org/show_bug.cgi?id=477718>

Currently undergoing reviews.

Phil

-- 
Philip Chee , 
http://flashblock.mozdev.org/ http://xsidebar.mozdev.org
Guard us from the she-wolf and the wolf, and guard us from the thief,
oh Night, and so be good for us to pass.
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Phishing and Malware Protection

[WaltS]

Ray_Net wrote:
> I read here http://www.mozilla.org/en-US/firefox/phishing-protection/
> 
> Firefox 3 or later contains built-in Phishing and Malware Protection to
> help keep you safe online.
> 
> The questions are:
> 1. Would this feature also implemented in SM ?
> 2. A firefox guy is complaining about lag when accessing web pages ..
> could this feature slow firefox.

Upon investigation of Firefox and SeaMonkey.

I do not see the "Warn me when sites try to install add-ons", "Block
reported attack sites", or "Block reported web forgeries", under
Security preferences, or any corresponding "browser.safebrowsing"
preferences in about:config in SeaMonkey 2.15.1.

Firefox has these prefs. SeaMonkey does not.

browser.safebrowsing.enabled
browser.safebrowsing.malware.enabled

They probably would not slow down Firefox.


-- 
Fedora 17 (64-bit) KDE 4.9.4
SeaMonkey Release
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Phishing and Malware Protection

[PhillipJones]

Ray_Net wrote:

I read here http://www.mozilla.org/en-US/firefox/phishing-protection/

Firefox 3 or later contains built-in Phishing and Malware Protection to
help keep you safe online.

The questions are:
1. Would this feature also implemented in SM ?
2. A firefox guy is complaining about lag when accessing web pages ..
could this feature slow firefox.


Should be in the later versions.

--
Phillip M. Jones, C.E.T.  "If it's Fixed, Don't Break it"
http://www.phillipmjones.netmailto:pjones...@comcast.net
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Phishing and Malware Protection

[Ray_Net]

I read here http://www.mozilla.org/en-US/firefox/phishing-protection/

Firefox 3 or later contains built-in Phishing and Malware Protection to 
help keep you safe online.


The questions are:
1. Would this feature also implemented in SM ?
2. A firefox guy is complaining about lag when accessing web pages .. 
could this feature slow firefox.

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey