Mozilla security chief on protecting Firefox users

Window Snyder says browser vendors must work together -- and not blame users

IT keeps warning users to be cautious and not open attachments from unknown senders, for example. But users keep on doing it. Are users just dumb, as some experts say?

Users are not dumb. I get upset when I hear that. They're trying to accomplish a task. If the security interface gets in the way, or if the security interface isn't easy to understand, they're going to go around it, whether it's clicking through a certificate warning or trying to follow an e-mail link that says your bank account is going to be frozen if you don't confirm your personal information details on this page. For all these things, the user is trying to accomplish a task. The attacker has created a sense of urgency. The easiest thing in front of them is to click on the link right in front of them.

What needs to be done about it?

We can build mechanisms into browsers and e-mail software that will mitigate users being hurt by these attacks. Firefox 3 has antiphishing and antimalware mechanisms that identify that a site has malware on it and blocks the user from visiting it. Currently, it just throws up a UI [user interface] that is pretty hard to confuse that something serious has happened here. The UI will change until the product ships, but it will make it clear that this is a site that has malware on it, and it doesn't let you click through. It's not done until it ships, so it might look different in the final version. It depends on the feedback from the beta and from the community.

What change in Firefox 3 are you the most excited about?

I'm pretty excited about the malware-protection feature. And this is not a feature that users can feel. There's a lot of security work that goes in under the hood. Anytime you rewrite a piece of software with the security knowledge you have in 2007 compared to the knowledge you had in 2005 or 2006, it's going to be a stronger piece of software because you know more. Different threats have emerged, and [there are] different mechanisms for protecting them. A lot of memory management stuff has changed. That will be a pretty significant enhancement to overall security. A lot of security issues are memory management issues. Anything that mitigates those is a benefit to the entire application, as opposed to a single feature.

Last year, you had to deal with some bugs in the Firefox protocol handler. What did you learn from that whole experience?

One of the most interesting trends in application security is the interaction between multiple applications. We saw some of that this summer with the URI [Uniform Resource Identifier] issues. We saw that with Safari to Firefox, and IE to Firefox, and IE to Outlook and multiple applications. The URI stuff is just an example of a larger trend -- interactions between multiple applications and vulnerabilities between them. It creates a situation where both vendors need to put protection in place to keep it from happening.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Struggling for Christmas presents this year? Check out our Christmas Gift Guide for some top tech suggestions and more.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Sharon Gaudin

Computerworld

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?