Firefox 3.0 security moves
| 上一篇:« 百度联手Firefox 牵制微软IE还是一石多鸟? |
| 下一篇:« 20个必备Firefox扩展 |
Mozilla Corp. is still wrestling with adding a security feature to Firefox that its browser rival, Microsoft Corp.’s Internet Explorer 7, uses on Windows Vista to keep malware from hijacking computers.
In Vista, IE7 uses a technique Microsoft calls Protected Mode — another name for “low rights” — that blocks disk access to all but a temporary-files folder. The idea is that if an exploit — a drive-by download, for instance — attacks IE7 through a browser vulnerability, it can’t install code on the PC’s drive.
Last October, after Firefox developers had spent several days at Microsoft’s Redmond, Wash., headquarters with the Vista team, a Mozilla engineer said they had come away with thoughts on how Firefox might take advantage of Vista’s low-rights features. “We spent a while talking to members of both the UAC team and the IE team about ideas on how to structure our app for the lowest permission level,” Vladimir Vukićević wrote at the time in a blog entry.
Now, however, Mozilla seems uncertain about whether that security strategy is smart.
“We’re still trying to figure out the mechanics of what we can do and we can’t do,” acknowledged Mike Conner, director of Firefox development. “And there are two sides to this idea of Protected Mode. Microsoft said it’s not a complete security sandbox, and some people are saying if [attackers] can work around it, it’s not worth doing.
