Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Signing and Binary Replacement
94 views
Skip to first unread message
J. Ryan Stinnett
Aug 21, 2015, 10:50:32 PM8/21/15
to mozilla-addons-...@lists.mozilla.org
>From what I recall of past signing discussions, the central argument
has been that the signing system would force malware authors (such as
installers bundling unwanted add-ons) to move clearly into "evil"
territory by altering the Firefox binary, etc. to allow the add-on,
which is then an action that anti-virus vendors would be willing to
detect and block.
However, what if malware were to just wholly replace the existing
Firefox install with Nightly / some build that allows the singing pref
to be disabled? Average users may not notice, as long as they can
still go to their expected websites. Is there any way to guard against
that? It seems like it would be tough for anti-virus to detect that
change as a virus.
- Ryan
has been that the signing system would force malware authors (such as
installers bundling unwanted add-ons) to move clearly into "evil"
territory by altering the Firefox binary, etc. to allow the add-on,
which is then an action that anti-virus vendors would be willing to
detect and block.
However, what if malware were to just wholly replace the existing
Firefox install with Nightly / some build that allows the singing pref
to be disabled? Average users may not notice, as long as they can
still go to their expected websites. Is there any way to guard against
that? It seems like it would be tough for anti-virus to detect that
change as a virus.
- Ryan
Jorge Villalobos
Aug 25, 2015, 5:54:22 PM8/25/15
to mozilla-addons-...@lists.mozilla.org
supports the pref. It would also need to install the malicious add-on. I
think that combination should be easily detectable. Even replacing the
Firefox binaries that way should raise some warning signs in AV software.
Jorge
Robert Kaiser
Aug 26, 2015, 3:47:12 PM8/26/15
to mozilla-addons-...@lists.mozilla.org
J. Ryan Stinnett schrieb:
Firefox process is enough (and might cause Firefox to crash on startup
after an update, but who cares - except me and a few other assorted
people who would like to get rid of all startup crashes).
KaiRo
> However, what if malware were to just wholly replace the existing
> Firefox install with Nightly / some build that allows the singing pref
> to be disabled?
Oh, they don't need to go that far anyhow. Just hooking a DLL into the
> Firefox install with Nightly / some build that allows the singing pref
> to be disabled?
Firefox process is enough (and might cause Firefox to crash on startup
after an update, but who cares - except me and a few other assorted
people who would like to get rid of all startup crashes).
KaiRo
0 new messages