If you think you're safe with Firefox, think again...

[Nick29]

I have always believed that the weak spot in Mozilla Firefox was in its 3rd-party plug-ins, and this has just been confirmed in a shocking revelation....

"Two Firefox add-ons available for months on Mozilla's website infected users with malware that stole passwords and opened a backdoor on Windows machines, the open-source browser maker has confirmed.

The add-ons, available on an experimental section of Mozilla's official add-on download site carried trojans that have been detected since 2008 by commercial anti-virus products. And yet they weren't removed until late January and earlier this week because a scanning tool used to vet add-ons during upload failed to catch the malicious files.

If a user installs one of these infected add-ons, the trojan would be executed when Firefox starts and the host computer would be infected by the trojan," a note on Mozilla's add-on blog stated.

Uninstalling these add-ons does not remove the trojan from a user's system.

http://www.theregister.co.uk/2010/02/05/malicious_firefox_extensions/

[LizzieW]

Hmm - But what are the add-ons?  The article doesn't name them and in any case, anyone with  decent security/firewall wouldn't be able to download any infected things anyway.

Lizzie

[Nick29]

Hmm - But what are the add-ons?  The article doesn't name them and in any case, anyone with  decent security/firewall wouldn't be able to download any infected things anyway.

Lizzie

Sadly, the vast majority of people have minimal virus protection and no firewall (other than the weak one within Windows).  A virus checker would only find the virus after it had been "dropped" by the Firefox plug-in, and a firewall would be of no use at all, if it used a browser which already had internet access.

[mike175]

Lizzie,

To quote from the site linked above, "Mozilla removed Master Filer on January 25 and nixed Sothink on Tuesday.". Can't say I've ever heard of them 

Sadly, the more popular Firefox becomes, the more it attracts attackers. And the same might be said for Linux, although that has other safeguards built in.

It's hard to imagine why anyone who uses the internet would not bother with anti-virus software, though of course the odd one might still slip through.

[stevieuk]

Nick29

If thats the best security breech you can find, then People should rush to install Firefox...Its far more secure & their at far less risk using Firefox than IE....

Steve

[Berlin-Bob]

Its far more secure & their at far less risk using Firefox than IE....

Unfortunately this isn't always true.  Depending on which "test" you read, every browser gets to be top or bottom of the best/worst securitiy risks at some time.

Sadly, the more popular Firefox becomes, the more it attracts attackers. And the same might be said for Linux, although that has other safeguards built in.

This is very true.  If no one is using a program then there is not much point in hacking it.  The more popular any program is, the more likely it is to attract hackers.


Rather than getting into the "best program"/"browser wars" yet again, every one should try and learn more about computer security, generally, and install the software that meets with their own personal security wishes and requirements.

Bob

[downside]

Sadly, the more popular Firefox becomes, the more it attracts attackers. And the same might be said for Linux, although that has other safeguards built in.

Can't agree with that statement in respect of Linux.  Can you provide an example of any Linux system having its security compromised by a Firefox browser?

It's hard to imagine why anyone who uses the internet would not bother with anti-virus software

I'm guilty of not using an anti-virus program and guess what, I have not been infected once since I stopped using one back in April-2009.  As I suspected most talk of viruses is paranoid hysteria used by software companies to sell products.

[stevieuk]

Sadly, the more popular Firefox becomes, the more it attracts attackers. And the same might be said for Linux, although that has other safeguards built in.

Can't agree with that statement in respect of Linux.  Can you provide an example of any Linux system having its security compromised by a Firefox browser?

I`d be interested to see any links/examples as well.

It's hard to imagine why anyone who uses the internet would not bother with anti-virus software

I'm guilty of not using an anti-virus program and guess what, I have not been infected once since I stopped using one back in April-2009.  As I suspected most talk of viruses is paranoid hysteria used by software companies to sell products.

Whilst I do agree in part with your sentiments, I still run A/V & a few other security programs, for most (majority) it is wise to run A/V software. I presume you still have a F/W installed & use other safe-guards?

Most PC security is almost common sense, but sadly many get taken in by criminals with phising emails or "Too good to be true offers".....

I`d also presume you`d recommend that the majority run an A/V program?

Steve

[downside]

I have a Firewall and I manually run a scan using MalwareBytes Anti Malware about every 7-10 days (if I remember).

Does phising come under anti-virus programs?

I just use my common sense and experience and it seems to work.

What worries me is that some people put too much faith in these so-called security programs and think they offer 100% protection - which they don't.  Every forum I look at people with Norton and McAfee installed are always getting problems - normally trojans though.  I haven't met anyone who has been infected specifically by a virus (in the strict sense of the word).

I don't normally recommend software and if people get 'peace of mind' through buying an expensive security program then I don't criticise them.

Ultimately if I do get infected then I know I can rely of sites like Bleeping Computer for help and guidance.  Malware is just a set of files and all you have to do is remove them.