Saturday, October 04, 2014

Firefox Updates, Nirsoft Changes, and Evil Add-Ons

Regular readers may recall a few weeks ago I was beating my head against the desk struggling with Mozilla’s SafeBrowsing changes; particularly when trying to download files from NirSoft.

I’m still not sure why the behavior ceased, but as the FF Extension Guru pointed out in the comments, Nir Sofer had made changes to the software in an attempt to reduce false malware identification rates.

Or it could have been a change buried in one of the rapid-fire Firefox updates released after my original posts:

Regardless, I’ve been able to download all the NirSoft apps I need/want for updating since then with no ill effects.

Also this week, Scott Hanselman found “evil” behavior in a Google Chrome extension he downloaded recently.

It’s another great post on a long-running theme that you can’t automatically trust any browser add-on, be it from Mozilla, Chrome, or IE.

As usual with most Hanselman blog posts, the comments were filled with germane information and additional resources:

And for context, while this can impact you as an individual/private web-browser user, it could also impact enterprise browser deployments if the sysadmin policy allows for end-user installation of add-ons/browsers.

What would be the impact if a “harmless” add-on surreptitiously was serving additional ad content in the background of web-pages? Annoyance and bandwidth impact? Probably, but if that ad content was exploited to serve malware--regardless of the add-on developer’s knowledge or not -- it could have serious implications for the security landscape at your organization!

Just sayin’…

Claus Valca

2 comments:

FF Extension Guru said...

Hmm...Evil Add-Ons...yeah I am dealing with one of those in Chrome. It installed some type of tracker which I have not been able to get rid of with SoyBot, CCleaner, Hitman Plus, etc. It is only in Chrome as not had this issue in Firefox. I will see a message in the status bar when a site is loading.

FF Extension Guru said...

Hmm..I think I got rid of it. Could've been one of three TamperMonkey (Greasemonkey for Chrome), Facebook Disconnect or Microsoft Smart Screen bypass. Whatever it was...it was also causing my secure connections not to be secure. After some research I discovered that Chrome likes to cache stuff and do a restart via the address bar (chrome://restart) which seemed to have done the trick. My secure connections are secure again and everything seems to be loading smoothly now.