Firefox security features

Firefox has several security features that help to keep you safer when you are browsing the web.

This chapter covers two of these features and lists some extra ideas that help you to be safer while on-line.

The Firefox Phishing and Malware protection feature will warn you when a page you visit has been reported as a Web Forgery of a legitimate site (sometimes called “phishing” pages) or as an Attack Site designed to harm your computer (otherwise known as malware).

There are a number of things you can do to help in the battle against bad sites and fight against malware. A section below provides some of these ideas.

The Site Identity Button feature also helps you to identify the owner of any particular site to ensure you are not handing out credit card and personal information to imposter sites.

Phishing and Malware Protection

Web Forgery (also known as “Phishing”) is a form of identity theft that occurs when a malicious Web site impersonates a legitimate one in order to trick you into logging in or filling out a web form, in order to steal this information. The sensitive information might be in the form of user IDs, passwords, bank account details, or credit card numbers. Phishing usually starts with email messages sent to you from an attacker. The email message includes a link that attempts to lure you to the attack site. If you click on the link and visit the site, it might look just like your bank web site, or another legitimate site, but if it is part of a phishing attack, danger is lurking.

Where a phishing attack tries to get you to type in private information to a bad site, malware is software designed to harm your computer by infecting it with attack programs that run on your computer. These programs might also steal your personal information, but without your knowledge. The programs might also take control of your browser, open websites and popups that you don't want to visit, and generally make a mess of your system. The Stop Badware site has a good list of the symptoms you might see if you're computer has been infected by malware (http://www.stopbadware.org/home/badware_symptoms). The Mozilla Support Site also has some good information about how to recover if your computer is ever attacked (http://support.mozilla.com/en-US/kb/Is+my+Firefox+problem+a+result+of+malware)

Attackers might set up their own websites to propagate these phishing and malware exploits, or they might break into legitimate websites to host the bad code. Site owners might not even know about these break-ins. It's estimated that there are well over 10 billion web pages on the Internet, and around 180,000 pages might be trying to attack your computer or steal private information at any one time. In percentage terms, that is a very small chance that you might visit one of these websites, but if you ever do, the effects can be devastating and long lasting.

So, with these dangers lurking how does Firefox help to keep you safe?

When you see this web page appear while surfing the web, Firefox has worked in conjunction with the Stopbadware database of bad sites to identify a site that might put you at risk.

Phishing and Malware Protection works by checking the sites that you visit against lists of reported phishing and malware sites. There are two times when Firefox checks the phishing and malware protection database and web service. The first is during the regular updates to the lists of reporting phishing and malware sites. The list on your PC is automatically updated every 30 minutes or so when the Phishing and Malware Protection feature is enabled. The second is in the event that you encounter a reported phishing or malware site. Before blocking the site, Firefox requests a double-check to ensure that the reported site has not been removed from the list since your last update.

You can test to see if Phishing Protection is active by trying to visit the phishing test site (http://www.mozilla.com/firefox/its-a-trap.html) or the malware test site (http://www.mozilla.com/firefox/its-an-attack.html) to confirm that Firefox is blocking attack sites. With Phishing and Malware Protection turned on, these sites should be blocked from loading and a page should open like the one shown above.

The Phishing and Malware Protection feature is turned on by default, so unless your security preferences have been changed, you are likely already using them. Phishing and Malware Protection options can be found on the Security Preferences pane. On Windows, go to Firefox > Preferences > Security. On Mac OS X, go to Firefox > Preferences > Security. On Linux, go to Tools > Options > Security.

Helping in the fight against malware and maintaining the list of bad websites

There are number of ways that you can help fight the spread of malware on the Internet. The first step is to protect yourself.

Be a conscientious browser. Use the Firefox Phishing and Malware Protection feature to help keep away from bad sites.

Keep Firefox, all addons, plugins, and other software on your computer up-to-date. Attackers often take advantage of security flaws in old versions of software to create their exploits, so if you always stay up-to-date, you reduce your exposure.

You should also consider installing anti-virus and anti-spyware from a trusted source as a back up system if the malware gets though other protections. Read reviews and pick this software wisely. Attackers also ofter rogue versions of anti-virus programs as the way to actually install viruses and malware. Think carefully before installing any software on your computer.

Create safe passwords that might be hard for an attacker to guess or use to break into a website. Like your toothbrush, don't share passwords, even with family and friends. Try to use different passwords for different sites, just like you have different keys for your car, house, and safety deposit box at the bank.

Stay up-to-date on kinds of deception patterns used by bad websites and techniques used by attackers to steal private information. TV, newspapers, books and other forms of media are publishing more of this kind of information and making it easier to understand. Keeping informed helps you to stay ahead of the bad guys.

As you can see, a constant shell game is played out between malware attackers and those trying to develop protections to help keep users safe. Maintaining the list of bad sites can be challenging.

What if the web site isn't malicious?

If you happen to own a site or blog page that was attacked and you have since repaired it, or if you feel that your site was reported in error, you can request that it be removed from the lists. Mozilla encourages site owners to investigate any such report thoroughly, though; a site can often be turned into an attack site without any visible change. To request removal from the list of reported phishing sites, use the form provided by Google at http://www.google.com/safebrowsing/report_error/?tpl=mozilla. To request removal from the list of reported malware sites, use the form at http://www.stopbadware.org/home/reviewinfo, provided by stopbadware.org.

You can also help StopBadware, regulatory agencies, and security companies fight malware, regardless of your level of technical skill. The Stopbadware website has some great resources for addtional ways to get involved ( http://www.stopbadware.org/home/action ).

Site Identity Button

The Site Identity Button is another Firefox security feature that gives you more information about every site you visit. Using the Site Identity Button, you can find out who owns the website, and who verified that ownership, and if the communication channel between you and and the site is encrypted. This provides one more protection to help you avoid malicious websites and protect sensitive information while on-line.

The Site Identity Button is in the Location bar to the left of the web address in the location bar.

siteidbutton_location

When viewing a website, the Site Identity Button will display in one of three colors - gray, blue, or green. Clicking on the Site Identity Button displays more details security and identity information about the website and a gray, blue, or green "Passport Officer" icon, which helps you to understand how much security and identity is available for the site.

siteidbutton_larries

Gray - No identity information

When the Site Identity button is gray, that indicates that the site doesn't provide any identity information at all. Also, the connection between Firefox and the server is either unencrypted or only partially encrypted. This means it should not be considered safe against possible eavesdroppers that might be watching your browser session on the web.

Most websites have the gray button, because they don't involve passing sensitive information back and forth. A video viewing site like YouTube or your favorite news site really doesn't need to have verified identities or encrypted connections. For sites that don't require any personal information, a lack of identity information is fine. siteidbutton_grey2

However, if you are sending any sort of sensitive information (bank information, credit card data, Social Security Numbers, etc.) the Site Identity Button should not be gray.

If you click on the Site Identity button when it is gray, you then see something like the picture on the right:

Blue - Basic identity information

When the Site Identity button is blue, that indicates that the site's domain has been verified, and the connection between Firefox and the server is encrypted and protected against eavesdroppers.

When a domain has been verified, it means that the people who are running the site have bought a certificate proving that they own the domain and it is not being spoofed. For example, the TD Canada Trust website has this sort of certificate and an encrypted connection, so the Site Identity Button displays as blue. When you click on the Site Identity Button, it tells you that the easyweb.tdcanadatrust.com site is verified to be part of tdcanadatrust.com, as certified by RSA Data Security Inc. It also assures you that the connection is encrypted so no one can eavesdrop on the connection and steal your bank login information that way.

However, it is not verified who actually owns the domain in question. There is no guarantee that tdcanadatrust.com is actually owned by the Toronto Dominion Bank. The only things that are guaranteed is that the domain is a valid domain, and that the connection to it is encrypted.

If you are still leery about a site's identity when the Site Identity Button is blue, you can see more information about the site by clicking the More Information button on the Site Identification dialog. This button opens the Privacy panel of the Page Info window, where you can view the site's identity certificate, see if you've visited the site before, and if you have any cookies or passwords stored for the site. For more information on the Page Info window, see http://support.mozilla.com/kb/Page+Info+window.

Green - Complete identity information

When the Site Identity button is green, that indicates that the site provides fully verified identity information about its owner, and that the connection is encrypted.

If a site makes the Site Identity Button turn green, it means that it is using a new Extended Validation (EV) certificate (for more info, see http://en.wikipedia.org/wiki/Extended_Validation_Certificate). An EV certificate is a special type of site validation that requires a significantly more rigorous identity verification process than other types of certificates. While the blue Site Identity Button indicates that a site's uses a secure connection, the green Site Identity Button indicates that the connection is secure and that the owners of the domain are who you would expect them to be.

With the EV certificate, the Site Identity Button assures you that paypal.com is owned by Paypal Inc., for example. Not only does the Site Identity Button turn green on the Paypal site, it also expands and displays the name of the owner in the button itself. The Site Identification dialog contains further information.