Safe browsing: Difference between revisions

From MozillaZine Knowledge Base
Jump to navigationJump to search
(some additions based on feedback in the KB thread)
m (picked the wrong categories, didn't want that on top level)
Line 76: Line 76:


[[Category:Privacy and security]]
[[Category:Privacy and security]]
[[Category:Firefox]]
[[Category:Issues (Firefox)]]
[[Category:SeaMonkey]]
[[Category:Issues (Mozilla Suite)]]

Revision as of 01:53, 1 April 2013

Browsing the web can be dangerous, some websites have malicious content and may harm your computer or your privacy. The term "Safe Browsing" combines protection against

  • attack sites distributing malware (e.g., to plant a virus or distribute spam), and
  • web forgeries containing phishing attempts to steal personal information (e.g., passwords).

Mozilla applications offer some protection against such websites since Firefox 2.0 (malware protection since 3.0) and SeaMonkey 2.18. If the feature is enabled, a list of domains which have been reported as being malicious is downloaded in regular intervals. The address (URL) of each website the user is about to visit is compared against these lists and a warning issued before the content of that website is actually loaded. In this way, the user has the opportunity to cancel the loading process before any potential harm is done.

Note: The scope of this article is restricted to the Safe browsing feature in Mozilla browsers, not the general scope of good practices when browsing the web.

General considerations

  • No system is entirely complete and free of errors. If you do see a warning, it means that the site in question has been reported to provide malicious content, and you should be careful loading that site. If you don't see a warning, it won't guarantee that browsing the site is safe; it only means that it hasn't been reported (yet).
  • While small, there is a delay between a malicious website being reported, then listed, and eventually recognized by the browser after updating the list from the provider. That delay may range from a few hours to a couple of days.
  • Websites may be compromised by hackers and transformed to an attack or phishing site, frequently without the owner of that site or its provider knowing about it. Thus, even a site which was considered safe when visited just recently may have turned malicious and blocked until the issue is resolved by the provider.
  • Anti-virus software frequently offers its own scanning system for malicious websites. There is no general rule whether or not you should keep them both enabled or just one of them. In multiple redundant systems one may catch an instance which the other didn't, thus making the detection better overall, at the cost of performance.

Preference settings

Depending on the application you are using, the settings are in different preference panels:

There are two checkboxes associated with warnings for malware and phishing sites to enable the respective features:

  • Block reported attack sites
  • Block reported web forgeries

Both are checked by default, thus in general there is nothing you need to do to stay protected.

When a website is listed

If you enter the address of a website reported as malicious, or try to visit it from a link provided in another website or from an e-mail or news messages, one of the following warnings will be shown:

Reported Attack Page

→ The website has been reported as containing potentially harmful content to distribute malware (e.g., viruses or spam engines).

Reported Attack Page

→ The website has been reported as pretending to be another website (e.g., of a banking institution) in order to obtain personal information from the user (most frequently username and password to the site which is imitated).

No harm has been done up to this point.

Options to proceed

There are three ways to proceed when a warning has been triggered:

  • Get me out of here!
forget about loading the website, instead go straight to the browser's start page
  • Why was this page blocked?
if further information is available from the provider of the list why the page has been reported, it will show in open a respective web page of that provider; otherwise, a generic page is shown.
  • Ignore this warning
clicking this option will load the website, thus you should be very certain that indeed it is safe to open that page! (keep in mind that this website may have been compromised by hackers, and even if it was considered safe when visited just recently, it may have turned malicious since and is hence blocked now.)

Reporting errors in the list

After clicking "Ignore this warning" an information bar is shown on top of the web page:

Reported Attack Page

The infobar can be dismissed with the [x] in its corner. It also provides a "Get me out of here!" button to leave that web page after it has loaded (keep in mind that at this time, malicious content may already have been loaded).

If you are sure that this is a false warning, the provider can be informed using the "This isn't an attack site" or "This isn't a web forgery" button (depending on the type of the warning). This will open a tab at http://www.stopbadware.org/ (for malware) or http://www.google.com/ (for phishing attempts) where you can enter details to consider removing that site from the respective list.

Mail & news messages

Neither Thunderbird nor SeaMonkey have to date extended the Safe browsing feature to e-mail and newsgroup messages. The Scam alert is strictly rule based and not tied into the phishing list provided by Google (or any other provider). However, when following a link which turns out to be pointing to a malicious site, the browser should catch such a site at this time.

It is a different case with build-in or add-on provided browsing capabilities in Thunderbird. Using the Search the Web function or an add-on like Thunderbrowse will not provide the same safety as opening the link in the actual browser, given that Thunderbird will not verify the web page against either malware or phishing lists.

Related preferences

External links