Firefox spyware installs

How Spyware Tricks Users Into Installing It

The Firefox browser offers at least four ways to install new forms of software, Howes says. He feels two of these ways are fairly safe, while the other two are open to abuse by spyware authors.

• Setup programs. These are the most traditional kind of software install. Using a browser, an executable file is downloaded, saved to disk, and then run once to install an application. While any program poses potential risks, Howes says, traditional setup programs at least make themselves visible to the user, who much choose to run them.

• Browser plug-ins. Plug-ins are programs, such as Macromedia Flash, that enable a browser to display special content, such as multimedia files. These are also fairly safe in Firefox, Howes says, because users are presented with information about the plug-in before installing it, and can read any end-user license agreement (EULA) associated with it.

• Extensions. Firefox extensions, small programs that may, for example, add a menu item to the browser, present a more serious problem, Howes maintains. Once a user clicks a yellow “information bar” at the top of the browser window that offers to install an extension, they see a dialog box that prompts them to allow the software to install. This dialog, Howes says, provides no information about the source of the software, nor does it provide any link to a EULA.

• Java applets. The greatest risk, Howes warns, comes from the ability of Java applets to display dialog boxes that look exactly like ordinary Windows notices. Many users are accustomed to clicking “Yes” when they see a dialog box informing them that, for example, an updated media player or “codec” is required to play some requested content. Since Firefox currently displays nothing but the name of a possibly obscure software company, all too often users click “Yes” without even reading the information.

To install as many software programs as possible, some adware companies even make up company names such as “Click Here To Continue.” This name shows up prominently in Windows dialog boxes, making many users believe they have no choice but to click “Yes” to complete their task, according to an article by Ben Edelman, a spyware researcher who is currently studying at Harvard Law School.

polonus

You forgot the link, Polonus! :wink:

http://itmanagement.earthweb.com/columns/executive_tech/article.php/3505571

Hi FwF,

You young rascal, you beat them all. Hats off, well done,

pol

What Mozilla might have to worry about some day is extensions. There have been talk about signed extensions but they probably will be faked as well. No more safety about extension than any other software. Mozilla do not gurantee quality or safety in extensions from Add-on site. Their only focus is Firefox, rest is 3rd party. As I understand site if only half-official, probably paid by Mozilla.

Ive not seen any evil extension though some is stepping on privacy issues. But as long as policy is stated they are normally approved. Those who review extensions at Add-on site are often just regular users, they do not check code itself but merely if extension works as promised, can uninstall etc. So possible there will be some spyware thingy one day - will not be alive for long but definitely make site consider policy of how to review.

So some web code can imitate regular window and then people click away? I think user will have to consider what to click… Most likely also which site to visit! Cant really blaim any browser for that. Users who click are doomed anyway, live and learn. At least Firefox wont let you run an exe-file right from internet - many consider than an inconvenience but probably put in to make it appear safer than IE6. There is an extension which can fix this.

Hi dk70,

Extensions can be tricky with FF or Flock, but so also are BHO in IE, therefore there is toolbarcop. But some extensions are almost that good, that they deserve to be part of this default browser, at least I cannot do without some of these security extensions, well just my personal style.
Browser security is part of an attitude. On the one part of the spectrum there are userrs that use a computer as it comes out of the box, and run it down until it does not function anymore, and call the repairman or buy another computer. To those people, if they do not change their attitudes this discussion does not pay off. When you start to have two accounts from the start, one admin account for downloading, patching, scanning etc, and one as a normal user, being more secure to surf, have your anti spyware programs installed, a good AV and firewall, and tweaked your browser to the type of security you like, we have quite another story. A computer is as safe as the user of this computer is educated to be.

polonus

Sure but you could still unknowingly download and install a spyware infected “Never safer than this” extension from Add-on site 8) You can scan all you like, it wont tricker any warning. Would be birth of new danger but may be it will happen. For now there is little to worry about, in theory security blows. Im not so sure those who enjoy the daily doses of new extensions would love a requirement of “Signed by Mozilla”. Would kill interest for makers Im afraid.

Greasemonkey scripts are perhaps equally powerful - I doubt they are checked at all. Think you just upload to userscripts.org

You can also download other scripts which could do harm, may be a batchfile or windows script file. Cant check everything. Having a sense of what is ok or not beats every scanner.

Hi dk70,

Yes my friend, and they can even create a designed attack against the extensions you have installed, after scanning them with fex
http://www.gnucitizen.org/projects/fex/

Of course this fex can be applied inside the AttackAPI.

Security as you say is only relative, and you should also have time to do nice recreational things with a PC without having to worry about all that is possible to-day/
But there is a heavy fight going on who own your browser or machine.

polonus

Probably but then seek to sources you trust, or trust the most. Except a few extension which has, and clearly state they have, datamining and user tracking, all of them are pure as snow. No chance people using Mozilla connected sites like Add-on, Mozillazine will ever accept real harmful extensions to be part of Firefox environment. Matter of definition, I know there are many toolbars on add-on site which is made by a toolbar generator and is blaimed for user tracking. www.conduit.com Check it yourself. Some are trying to get them out but hard. They do state what extension does. Problem is again lack of trust. Quite nice toolbars actually, loads of features and all it takes it point and click - then you become extension author 8) Why there are so many of them. I dont think they should accept even 1 because “author” has zero to do with code, has no access to it either - and so how can he state policy and represent extension? They are all the same, just different setup. Conduit make money from searching of course, their own search engine I believe. Probably the worst example that the more annoying part of internet has shown itself even if not directly evil.

At one point they were taken down but that was not because of intentions but bad coding. They make use of cross site scripting. When they changed code to not walk over good coding practice they were accepted again. There is a Bugzilla entry about this. Also every click you make on toolbar is send back to HQ, that is every click! Still nice features and useful for smaller community, build in chat, author can send out messages, direct people to links he make money of and so on :wink:

Hi dk70,

And this is the patent: http://www.freepatentsonline.com/6704031.html, I would call a toolbar from the Conduit Community Toolbar Gallery trickware. It is a customization trick to lure you into using trackware, and it is all going through their multiplexers to the desk of the man or woman who pays to see your clicks: Äll your searching are belong to us, that is the bottom line, which is the bottom line of all spyware, which is the bottomline of all adware, the bottomline of all spam, feeding the “greed-lines”, and it is becomning harder and harder to evade it, the Internet is slowly becoming one sleep-inducing long advert trail.

polonus

If you have told Google to remember your searches but forgotten about I think you will get a strange feeling seeing that site. Like what the h… http://www.google.com/searchhistory/ Their toolbar also send every url you visit home if you have active phishing enabled. But you trust Google and not Conduit. Well you probably dont but you dont see same type of protests against Google machine. Ad-sense is to be expected. Im sure they also have a patent or two.