Safe browsing: Difference between revisions

From MozillaZine Knowledge Base
Jump to navigationJump to search
(first cut on a new article on malware and phishing protection)
(No difference)

Revision as of 23:17, 30 March 2013

Browsing the web can be dangerous, some websites have malicious content and may harm your computer or your privacy. The term "Safe Browsing" combines protection against

  • attack sites distributing malware (e.g., to plant a virus or distribute spam), and
  • web forgeries containing phishing attempts to steal personal information (e.g., passwords).

Mozilla applications offer some protection against such websites since Firefox 2.0 and SeaMonkey 2.18. If the feature is enabled, a list of domains which have been reported as being malicious is downloaded in regular intervals. The address (URL) of each website the user is about to visit is compared against these lists and a warning issued before the content of that website is actually loaded. In this way, the user has the opportunity to cancel the loading process before any potential harm is done.

Note: No system is entirely complete and free of errors. If you do see a warning, it means that the site in question has been reported to provide malicious content, and you should be careful loading that site. If you don't see a warning, it won't guarantee that browsing the site is safe; it only means that it hasn't been reported (yet).

Preference settings

Depending on the application you are using, the settings are in different preference panels:

There are two checkboxes associated with warnings for malware and phishing sites to enable the respective features:

  • Block reported attack sites
  • Block reported web forgeries

Both are checked by default, thus in general there is nothing you need to do to stay protected.

When a website is listed

If you enter the address of a website reported as malicious, or try to visit it from a link provided in another website or from an e-mail or news messages, one of the following warnings will be shown:

Reported Attack Page

The website has been reported as containing potentially harmful content to distribute malware (e.g., viruses or spam engines).

Reported Attack Page

The website has been reported as pretending to be another website (e.g., of a banking institution) in order to obtain personal information from the user (most frequently username and password to the site which is imitated).

No harm has been done up to this point.

Options to proceed

There are three ways to proceed when a warning has been triggered:

  • Get me out of here!
forget about loading the website, instead go straight to the browser's start page
  • Why was this page blocked?
if further information is available from the provider of the list why the page has been reported, it will show in open a respective web page of that provider; otherwise, a generic page is shown.
  • Ignore this warning
clicking this option will load the website, thus you should be very certain that indeed it is safe to open that page!

Reporting errors in the list

After clicking "Ignore this warning" an information bar is shown on top of the web page:

Reported Attack Page

The infobar can be dismissed with the [x] in its corner. It also provides a "Get me out of here!" button to leave that web page after it has loaded (keep in mind that at this time, malicious content may already have been loaded).

If you are sure that this is a false warning, the provider can be informed using the "This isn't an attack site" or "This isn't a web forgery" button (depending on the type of the warning). This will open a tab at http://www.stopbadware.org/ (for malware) or http://www.google.com/ (for phishing attempts) where you can enter details to consider removing that site from the respective list.

(to be continued)