Mozilla security chief on protecting Firefox users

Window Snyder says browser vendors must work together -- and not blame users

IT keeps warning users to be cautious and not open attachments from unknown senders, for example. But users keep on doing it. Are users just dumb, as some experts say?

Users are not dumb. I get upset when I hear that. They're trying to accomplish a task. If the security interface gets in the way, or if the security interface isn't easy to understand, they're going to go around it, whether it's clicking through a certificate warning or trying to follow an e-mail link that says your bank account is going to be frozen if you don't confirm your personal information details on this page. For all these things, the user is trying to accomplish a task. The attacker has created a sense of urgency. The easiest thing in front of them is to click on the link right in front of them.

What needs to be done about it?

We can build mechanisms into browsers and e-mail software that will mitigate users being hurt by these attacks. Firefox 3 has antiphishing and antimalware mechanisms that identify that a site has malware on it and blocks the user from visiting it. Currently, it just throws up a UI [user interface] that is pretty hard to confuse that something serious has happened here. The UI will change until the product ships, but it will make it clear that this is a site that has malware on it, and it doesn't let you click through. It's not done until it ships, so it might look different in the final version. It depends on the feedback from the beta and from the community.

What change in Firefox 3 are you the most excited about?

I'm pretty excited about the malware-protection feature. And this is not a feature that users can feel. There's a lot of security work that goes in under the hood. Anytime you rewrite a piece of software with the security knowledge you have in 2007 compared to the knowledge you had in 2005 or 2006, it's going to be a stronger piece of software because you know more. Different threats have emerged, and [there are] different mechanisms for protecting them. A lot of memory management stuff has changed. That will be a pretty significant enhancement to overall security. A lot of security issues are memory management issues. Anything that mitigates those is a benefit to the entire application, as opposed to a single feature.

Last year, you had to deal with some bugs in the Firefox protocol handler. What did you learn from that whole experience?

One of the most interesting trends in application security is the interaction between multiple applications. We saw some of that this summer with the URI [Uniform Resource Identifier] issues. We saw that with Safari to Firefox, and IE to Firefox, and IE to Outlook and multiple applications. The URI stuff is just an example of a larger trend -- interactions between multiple applications and vulnerabilities between them. It creates a situation where both vendors need to put protection in place to keep it from happening.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Sharon Gaudin

Show Comments


Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >


Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >


HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >


Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles


GGG Evaluation Team

Kathy Cassidy


First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni


For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell


The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi


The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott


My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?