Friday, 1 May 2009

Is firefox secure enough? Have you considered the add-ons?

Firstly: I am a Firefox user. I have been involved in the Mozilla community nearly since its early inception. (not greatly but slightly). So I am using Firefox nearly exclusively on each machine and OS.

Yes Opera, Google Chrome, Apple Safari are today very good as well, and even Internet Explorer have caught up. But I am happy to keep using Firefox.

But how secure is Firefox?

No, there is no need to lecture me the benefits of Open-Souce versus properietary. The huge number of users and developers involved with Firefox make the core browser very secure. Critical security bugs are frequently found, but with being open-source these are squashed swiftly. So the core browser is very secure in my mind.

But Firefox is shopped around as a very powerful browser due to its adaptability ability via extensions/add-ons [1]. They certainly make Firefox easy to use, and fit well with the varied usage that people require. The majority may not use add-ons, as they are happy with just a simple browser. However still a large number of people use one or two and many use several add-ons. Add-ons is the perhaps the main reason I am using Firefox over other browsers, as they make my day so much easier and pleasant.

But how secure are these add-ons?

The core browser is trusted due to its share number of peer reviewers and contributors, so trust it to be secure. But each tiny add-ons have few developers, and not too many reviews. Not sure how "open-source" their actual deployed code is either?

So do these add-ons basically make the Firefox browser brittle?

I think so, and other people are trying to warn us about the risks.

How big are these risks? What may have spared the add-ons is that they are so many and the install base is so varied, that targeting a specific add-on may not be worth it. (Similar to why Firefox itself was not targeted until more recently.) However this is a bit naïve, and some add-ons are now installed by hundreds of thousands, if not more.

So what can we or Mozilla do?

Simple solution is to not install any add-ons. Certainly safe. However that is being paranoid, and does not progress the world.

What I think is needed are ways to harden the code and increase trust in specific add-ons. Closed source extensions such as Flash, Silverlight and Java is out of scope (but Gnash, Moonlight and Open-JDK may not be?)

How we achieve this I don't know the answer to, but I hope there will be more and open discussions about it. Ways of increasing peer-reviews, ways of making it clearer to the add-ons website users how many and whom trust the relevant add-on, by some voting mechanism perhaps (and the opposite). Sharing code bases to minimise risk and increase peer reviews must be advantageous. Ways of Mozilla to scan code for common risks is perhaps already done? If not should definetly be implemented.

As it stand I will still use add-ons and a loads of them really. However I wish there was an easy status on the add-ons website that indicated how risky the add-on is? A simple chrome style change, may be completelt different risk than a powerfull GreaseMonkey script with a variety of code elements.

No comments: