Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Experts predict Firefox spyware will show up this year

  1. #1
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126

    Experts predict Firefox spyware will show up this year

    One of the main reasons for the Firefox browser's successful seizure of market share from Microsoft's Internet Explorer is the desire to escape the inundation of PC-slowing spyware. However, spyware experts indicate that with its increased popularity, Firefox itself will become a target for spyware creators, who are already poking at the open source browser alternative.

    Webroot Vice President of Threat Research Richard Stiennon said he expects there will be spyware for Firefox this year, adding that while the browser was designed to be immune from the spyware infecting IE, Firefox will face a new breed of spyware tailored specifically for it.

    "Basically, if you use Firefox today, you're not susceptible to any spyware, other than what you download when you're on Kazaa," Stiennon said. "The spyware writers target mostly Explorer users because that's the most fertile feeding ground for piranha-like (spyware) attacks. They'll watch as Firefox becomes mainstream, they'll see opportunity there and start targeting them."

    Spyware action and reaction

    Stiennon said while spyware for Explorer has become widespread and relatively easy to create, it will be the more advanced spyware writers who turn their sites on Firefox.

    "It'll be the more sophisticated guys that'll write Firefox spyware," he said. "I predict that by the middle of the year, we'll start to see it."

    Stiennon also said Firefox was created specifically, in part, to avoid the kind of spyware that has riddled Explorer along with worms and adware.

    "Firefox was written for the existing world of Internet Explorer exploits, but it has its own vulnerabilities that will be exploited," he said.

    Stiennon said while a computer running Firefox will still not be as good of a machine to infect with spyware and it takes the malicious software some time to have an impact, the Mozilla browser will come under fire as it nears and surpasses 10 percent market share.

    Nevertheless, Stiennon also indicated the creators, maintainers, and even users of Firefox will quickly and aggressively step up their anti-spyware efforts along with the increased threat.

    "The people who use Firefox -- their reaction to any spyware-type attacks will be pretty vehement," he said. "There'll be fast reaction from both Firefox developers and users."

    Not so fast for Firefox

    Despite Stiennon's prediction, other experts are not convinced that spyware will besiege Firefox as soon as this year. Computer Associates Director of Malicious Content Research Roger Thompson said although spyware for Firefox this year is possible, it is unlikely.

    "It's possible," Thompson wrote in an email to NewsForge. "While user numbers would need to be pretty big to present a more attractive target than something known to be on about every desktop by default, I don't believe the botherds (a bot gives the botherd complete control over a "zombied" machine) are actually doing their own research. They are merely following the security lists closely, and quickly implementing those exploits, and vulnerability researchers probably do subject Firefox to scrutiny, and probably do find things, so it is possible.

    "But unlikely," Thompson continued. "The preponderance of Internet Explorer users is simply too good a target. And in any case, it's just not necessary and only a small percentage of spyware plants via an exploit -- most relies on social engineering to 'talk' people into installing it, or by allying itself with some 'desirable' service or product, such as the various P2P networkers."

    Thompson, however, said some typical spyware vectors may be open for Firefox, too. To infect and run on machines, for example, much of today's spyware either talks directly via port 80, or inserts itself as a Layered Service Provider (LSP), "which will nail Firefox too," Thompson said.

    The expert also said with increased spyware competition, which he is seeing already, anything is possible. Thompson said while Firefox and other "non-IE" browsers avoid exploits, ActiveX control issues and browser helper object (BHO) issues, the alternatives are not necessarily immune to keyloggers, LSP injectors, remote administration tools, and adware that is "invited in."

    In terms of the Firefox spyware tipping point, Thompson said he believed 10 percent market share might be too low, but again emphasized that increased spyware competition will put other browsers to the spyware test.

    Working on it now

    For his part, Stu Sjouwerman -- founder and COO of Counterspy maker Sunbelt Software -- agreed that Firefox spyware is likely in 2005.

    "I'm pretty sure you can expect one or two Firefox (spyware) exploits before the end of the year," Sjouwerman said. "The more popular a platform gets, the more likely it is to come under attack. Firefox -- which I use myself -- I don't think is going to be immune from that. If you go wide like this, you have to expect that your product will be exposed to a trial by fire."

    Sjouwerman reported that his company's research on Firefox revealed some Explorer-like situations that may draw spyware.

    "We looked into it and found that the security of Firefox had similar openings or vectors where spyware can be utilized to exploit or bypass protection," he said.

    Adding that the spyware exploits would have to be changed to target Firefox, Sjouwerman said once the alternative browser has around 15 percent of the browser market, it will be "commercially interesting" for spyware creators to target. In response to spyware for Firefox, Sjouwerman said developers and other backers of the alternative browser will fix the holes that allow it. Third-party companies, such as Sunbelt, will also provide protection against spyware for Firefox, he added. There is not yet a Firefox version of Sunbelt's CounterSpy anti-spyware, but it is coming, the company has said.

    Sjouwerman indicated spyware writers are likely already playing with other, non-IE browsers and the first spyware for Firefox -- the most likely browser to "break through" with significant market share -- is probably coming soon.

    "I wouldn't be surprised if a couple of Russian spyware writers were turning Firefox inside out," he said. "In the next couple of months, we'll see the first exploits."
    Source : http://internet.newsforge.com/articl...tid=144&tid=78
    -Simon \"SDK\"

  2. #2
    Oh well, I guess it's time to try Opera.

  3. #3
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    Another perfect example of what happens when you band-aid a problem rather than solve the root cause. Of course spyware will show up for Firefox. Why wouldn't it? The root problem hasn't been addressed and until it is, spyware is going to be just another part of daily life on the internet.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  4. #4
    Senior Member
    Join Date
    Dec 2001
    Posts
    1,193
    Installing one of firefox's updates recently, gave me one. My anti spy programs caught it right away so I would say expect more.
    Trappedagainbyperfectlogic.

  5. #5
    Senior Member
    Join Date
    Oct 2003
    Posts
    268
    But by the time a bunch of spyware shows up for Firefox peopel will already be updated to 1.1 or even Googles browser if they finish it.
    Perhaps the times have changed to a point where we will just update our browser every few months and stay ahead of the spyware developers.

  6. #6
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,534
    Originally posted here by Aden
    Googles browser
    You might call me sarcastic, but a Google browser will most likely come with pre-packaged spyware (althoug they won't call it spyware, couse it is well defined in their EULA)..
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  7. #7
    Let's discuss how spyware would get through... I expect one of a few ways

    1. Abusing the "allow websites to install software" checkbox
    2. Javascript abuse
    3. Java Abuse
    4. Some exploit (overflow or whatever you want)

    I know that FireFox has good practice of warning you when you download software that could be malicious, if there are ways around that you could cause some trouble as well.

    Don't even mention Google spyware... The data mining potential they have is sickening, and if they do it already I wouldn't be suprised.

  8. #8
    So what would you say is the root problem Horse?

    My hunch is the answer would be "the user"...

    I think that's what it comes down to...uneducated people surfing the Net...that's the root to the vast majority of our problems...

  9. #9
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Originally posted here by gold eagle
    Installing one of firefox's updates recently, gave me one. My anti spy programs caught it right away so I would say expect more.
    Really? Do you recall what? Or was it one of the extensions you've installed?

    Of course firefox will be susceptible. As will Opera, Timmy77. thehorse13 has it right, you can bandaid the problem all you want, but if heal the source of the problem, the bandaids become unnecessary.

    Turning on the 'ultraparanoid mode' for Firefox will help, a lot. So will using spyware scanners, antivirus, etc. But the real solution is user education. And we all know how easy that is to accomplish.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  10. #10
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Originally posted here by Soda_Popinsky
    Don't even mention Google spyware... The data mining potential they have is sickening, and if they do it already I wouldn't be suprised.
    Depending on your perspective, they already do. Ad Words by Google ring a bell? Their position is, IIRC, the Ad's are generated entirely by computer, which is just looking at what you've queried and comparing it within their search engine, tweaked by their Ad division, to display results. User info is not kept or tracked, and it's a 'per search' thing.

    The question is, do you believe them? Personally, I tend to. I've read a lot of the write ups and interviews about Larry and Sergey, and I think they are sincere when they say "Don't be evil" is their motto.

    Yes, many people have contested this, and there is a huge potential for abuse, but it comes down to who do you choose to trust, and why? Even paranoids have enemies, but the worst of conspiracies have a positive goal (even if its only positive from their own point of view.)
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •