{"id":2076,"date":"2016-08-01T08:55:53","date_gmt":"2016-08-01T15:55:53","guid":{"rendered":"https:\/\/blog.mozilla.org\/security\/?p=2076"},"modified":"2016-08-01T08:55:53","modified_gmt":"2016-08-01T15:55:53","slug":"enhancing-download-protection-in-firefox","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/security\/2016\/08\/01\/enhancing-download-protection-in-firefox\/","title":{"rendered":"Enhancing Download Protection in Firefox"},"content":{"rendered":"

Protection against malicious downloads was added in Firefox 31<\/a> on Windows and in Firefox 39<\/a> on Mac and Linux. Thanks to Google’s expansion of their Safe Browsing service<\/a>, Firefox 48 now extends our existing protection to include two additional kinds of downloads: potentially unwanted software<\/i> and uncommon downloads<\/i>.<\/p>\n

Expanded protection<\/h2>\n

The first new category, potentially unwanted software<\/i>, is meant to flag software that makes unexpected changes to your computer, as explained in the Google policy<\/a>. It is usually best to avoid this kind of software since it could (for example) collect your personal information without your consent and use techniques to make it difficult to uninstall.<\/p>\n

The second category, uncommon downloads<\/i>, covers downloads which may not be malicious or unwanted but that are simply not commonly downloaded. The purpose of this warning is to draw users’ attention to the fact that this may not be the download they think it is. For example, if you are looking to download a new version of Firefox<\/a> or a popular software package such as VLC<\/a> and get this warning, it is possible that you have been tricked into downloading a malicious file from a phishing site which has not yet been identified as such by the Google Safe Browsing service. You may want to double-check the address of the site where you downloaded this file and proceed with caution.<\/p>\n

Improved user interface<\/h2>\n

In addition to the new categories described above, we have made improvements to the user interface to make it easier for users to notice and understand these warnings.<\/p>\n

Here is what the download button now looks like when a download has been flagged by download protection:<\/p>\n\n\n\n
\n
\"Yellow

Potentially unwanted or uncommon downloads<\/p><\/div><\/td>\n

\n
\"Red

Malicious downloads<\/p><\/div><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Depending on the category, the default action button will be either “open” or “remove”:<\/p>\n

\"Door

Potentially unwanted downloads<\/p><\/div>\n

\"Door

Uncommon downloads<\/p><\/div>\n

\"Door

Malicious downloads<\/p><\/div>\n

and the following confirmation dialog was added to help users understand the risks involved:<\/p>\n

\"Confirmation

Potentially unwanted downloads<\/p><\/div>\n

\"Confirmation

Uncommon downloads<\/p><\/div>\n

\"Confirmation

Malicious downloads<\/p><\/div>\n

We have retained the ability for users to override all of these warnings via the contextual menu if they are convinced that the warning is erroneous:<\/p>\n

\"Menu

Contextual menu<\/p><\/div>\n

More control for users<\/h2>\n

The security options in Firefox had remained the same since browsing protection was first introduced in Firefox 3<\/a>. This is what they looked like in Firefox 47:<\/p>\n

\"Security

Security options prior to Firefox 48<\/p><\/div>\n

and this is how they changed in Firefox 48 to give users more control around download and browsing protection:<\/p>\n

\"Security

Security options in Firefox 48<\/p><\/div>\n

While we believe that the vast majority of our users will prefer to keep all of the protections that Safe Browsing offers, we understand that some users may choose to disable parts of the Safe Browsing service based on the privacy guarantees<\/a> they offer. Our new options aim to give concerned users the necessary level of control and to enable them to retain as much of the Safe Browsing service as they are comfortable with.<\/p>\n

Here are what the new options mean:<\/p>\n