A new version of the popular Firefox web browser could help to end the recent spate of infections caused by visiting hacked websites.
Firefox 3, currently available as a pre-release beta version, uses an anti-malware feature that works using a blacklist of known hacked sites; it will refuse to open such a site if the user tries to visit it. The list used by Firefox 3 is generated by the Stopbadware initiative led by Harvard Law and Oxford University, and is updated every 30 minutes.
Mike Schroepfer, Vice President of Engineering at Mozilla, the organisation that develops Firefox, told Computeractive that this tool could prevent the recent attacks that exploit faults in other software to gain access a user’s computer.
“This is a technology that, even if there’s a bug in your operating system, in Quicktime, Java, Flash, or Firefox, will stop access to these sites before you get attacked. It’s like putting a lock on your door”, he said.
The new technology was given a cautious welcome by David Emm, Senior Technology Consultant at security firm Kaspersky Lab, who described it as “a positive move”, adding that “anything that reduces someone’s exposure to cyber threats can only be a good thing”.
However he warned that “a filter doesn’t offer a panacea for all ills. It depends on who is providing the filtering and how good they are at it”.
Mr Schroepfer also told Computeractive that regular updates to Firefox make it a less attractive target for online fraudsters than Microsoft's Internet Explorer.
“The overwhelming statistical and anecdotal data shows that people are safer with Firefox than with any other browser”, he said.
“Because we fix things and because we’re open, not only do we have less vulnerabilities, but also when we do have them people are less likely to try to attack us. Attacks are mostly financially motivated these days and criminals know that we’re so quick at fixing things, it’s not worth it for them”.
He added that by exploiting a bug in Internet Explorer instead, criminals could “crank out money for three months”.
Kaspersky’s Mr Emm, however, told Computeractive that “even if one were to accept the point that people are safer with Firefox, it’s not clear whether this is because it’s intrinsically more secure, or because it’s less well used”.
He also suggested that as Firefox becomes more popular, attacks against it could increase.
“Firefox’s growing popularity in the past year has meant that it has attracted more attention from hackers. If a platform or application is well used, it gives the bad guys a bigger bang for their buck”, he said.
We asked Microsoft to comment on Mr Schroepfer’s comments that Firefox users are safer online and that Microsoft's slower response to vulnerabilities makes Internet Explorer more attractive to hackers.
A spokesperson told us that: “We don’t comment on competitors but we listen to our customers and are excited about the value Internet Explorer 8 provides. This includes the fundamentals that end users care most about: security, performance, reliability and accessibility.”
Internet Explorer 8 is Microsoft's next web browser, which like Firefox 3 is available as a pre-release beta version. It also includes new features including a safety filter that, according to Microsoft, blocks access to "confirmed phishing or deceptive sites".
