Security Watch

Keeping Track of patches and hacks in the IT security world.

Firefox 3.0 to Include 'Get Me Outta Here' Malware Protection

In the upcoming Firefox 3.0 browser, the Mozilla Foundation is going beyond Firefox 2.0's protection of users' personal information to actually blocking Web sites that it thinks are planning to plant malware.

Alex Faaborg blogged on Mozilla's site on June 1 that the open-source project is coordinating with Google on this feature.

According to the Google Operating System blog, the list of malware-hosting sites is managed by StopBadware. The organization calls itself a "neighborhood watch" campaign aimed at fighting "badware"—its terms for spyware, malware and deceptive adware.

"We aim to become a central clearinghouse for research on badware and the bad actors who spread it, and become a focal point for developing collaborative, community-minded approaches to stopping badware," StopBadware says. The organization is headed up by Harvard Law School's Berkman Center for Internet & Society and Oxford University's Oxford Internet Institute, as well as being supported by Google, Lenovo and Sun.

Both Google Desktop and Google already alert users when a search result that may install malware is returned. Google Operating System suggests that Firefox 3.0 will work the same, with a list of suspicious or malicious sites automatically updated by Google's servers.

Firefox 3.0 is due at year's end. For those who don't mind gambling, the alpha version can be downloaded here.

In terms of other security updates coming in Firefox 3.0, Mozilla is considering removing the favicon from the location bar. The favicon, aka a page icon or urlicon, is an icon associated with a particular site or Web page. Web browsers that support favicons display them in the URL bar, next to the site's name in bookmark lists and next to a page title in a tabbed document interface. Mozilla may change the URL bar so that everything except "public suffix + 2" is greyed out, thus preventing malicious sites from placing visual cues in the URL bar.

Mozilla is also considering instituting a temporary state in which it would change the appearance of the URL bar in order to prevent it from displaying information about a user's browsing session—what it's referring to as "private browsing."

Beyond potential security upgrades, Firefox 3.0 will also include interfaces to quickly tag pages and to store bookmarks, history and other Web page information.