Enhancing Download Protection in Firefox

Protection against malicious downloads was added in Firefox 31 on Windows and in Firefox 39 on Mac and Linux. Thanks to Google’s expansion of their Safe Browsing service, Firefox 48 now extends our existing protection to include two additional kinds of downloads: potentially unwanted software and uncommon downloads.

Expanded protection

The first new category, potentially unwanted software, is meant to flag software that makes unexpected changes to your computer, as explained in the Google policy. It is usually best to avoid this kind of software since it could (for example) collect your personal information without your consent and use techniques to make it difficult to uninstall.

The second category, uncommon downloads, covers downloads which may not be malicious or unwanted but that are simply not commonly downloaded. The purpose of this warning is to draw users’ attention to the fact that this may not be the download they think it is. For example, if you are looking to download a new version of Firefox or a popular software package such as VLC and get this warning, it is possible that you have been tricked into downloading a malicious file from a phishing site which has not yet been identified as such by the Google Safe Browsing service. You may want to double-check the address of the site where you downloaded this file and proceed with caution.

Improved user interface

In addition to the new categories described above, we have made improvements to the user interface to make it easier for users to notice and understand these warnings.

Here is what the download button now looks like when a download has been flagged by download protection:

Yellow exclamation mark

Potentially unwanted or uncommon downloads

Red exclamation mark

Malicious downloads

Depending on the category, the default action button will be either “open” or “remove”:

Door hanger with yellow triangle and open button

Potentially unwanted downloads

Door hanger with blue "i" and open button

Uncommon downloads

Door hanger with red "x" and close button

Malicious downloads

and the following confirmation dialog was added to help users understand the risks involved:

Confirmation dialog box defaulting to "Remove file"

Potentially unwanted downloads

Confirmation dialog box defaulting to "Open"

Uncommon downloads

Confirmation dialog box defaulting to "Cancel"

Malicious downloads

We have retained the ability for users to override all of these warnings via the contextual menu if they are convinced that the warning is erroneous:

Menu with "Allow Download" selected using the mouse

Contextual menu

More control for users

The security options in Firefox had remained the same since browsing protection was first introduced in Firefox 3. This is what they looked like in Firefox 47:

Security options showing two Safe Browsing options

Security options prior to Firefox 48

and this is how they changed in Firefox 48 to give users more control around download and browsing protection:

Security options showing three Safe Browsing options

Security options in Firefox 48

While we believe that the vast majority of our users will prefer to keep all of the protections that Safe Browsing offers, we understand that some users may choose to disable parts of the Safe Browsing service based on the privacy guarantees they offer. Our new options aim to give concerned users the necessary level of control and to enable them to retain as much of the Safe Browsing service as they are comfortable with.

Here are what the new options mean:

  • Block dangerous and deceptive content: This enables warnings when visiting pages which contain malware or deceptive content. It is required by the rest of the Safe Browsing functionality.
  • Block dangerous downloads: This enables the download protection feature which may use a remote server to detect malicious executable files.
  • Warn me about unwanted and uncommon software: This extends the download protection feature to also warn about potentially unwanted and uncommon downloads.

Expert users are always welcome to explore (at their own risk) the additional internal configuration settings which are not exposed through the user interface.