Yesterday the long awaited fourth version of Mozilla Firefox was publicly released and the Mozilla download counter already hit more than six millions of downloads in less than 24 hours. Mozilla Firefox 4 arrived a bit later than the other major competitors - Microsoft and Google - who already updated their relative browsers a couple weeks ago.
Among the top three browsers, Firefox is the latest one that achieved the full compatibility to the HTML5 standard - even though at this time HTML5 could be considered all but a definitive standard. It features a new JavaScript engine called J�gerMonkey, full hardware acceleration, crash protection feature implemented by keeping all the various browser plugins out of the main browser process and putting them in a separate process called plugin-container.exe, a brand new user interface and other interesting features.
The Firefox roadmap has been quite long, with the release of twelve beta builds and two release candidates. Today, Firefox is ready to fight against Chrome 10 and Internet Explorer 9 in the surfing performance, system performance, web page compatibility and user customization fields. Sadly, in the security field Firefox lacks of what in my opinion can be considered a really critical feature: a proactive security sandbox. By looking at the browser process architecture, it's easy to spot that Firefox inherited the old architecture of Firefox 3.x, without any major change.
We focused many times in our blog about the potential risk when surfing the web, the high chance to run into a fake or compromised webpage containing an exploit able to execute malicious code on the victim PC. Last, but not least, the 0day flaw discovered in Adobe Flash Player fixed a couple days ago by Adobe with a new update to the player.
One of the challenges in the security industry is preventing exploit codes from getting executed and mitigate them whether they are able to get executed. I usually like to think about this concept this way: the big challenge is the proactive prevention of exploit code from damaging the system, then I usually think about two sub levels in this field, a proactive step and a reactive step. In the proactive step I usually put all the techniques that try to prevent exploits from getting executed, like Data Execution Prevention, Address Space Layout Randomization, SafeSEH, GS cookie protection. In the reactive step I put technologies able to handle the potential executed exploit and mitigate it so that it can't harm the system.
We have seen many times how a misconfigured proactive layer together with a poor software coding style helped attackers to infect victim's PC with nasty malware. Even if the user is running in a limited account, banking trojans like SpyEye, old ZeuS, Carberp can still infect the system and steal sensitive data.
This is why during these years there has been a huge development of tools able to put the browser session in a sandbox, a monitored section which would be able to prevent potential malware dropped by exploit to get outside the limited sandbox.
Google has been the first company to implement a sandbox feature in its Google Chrome, a sandbox framework compatible with Windows 2000 to Windows 7. All the browser tab sessions are divided in separate processes, each one of these stripped of all user privileges and put in a limited job object. This effectively helps Chrome in protecting the user from possible exploits that could be run against Chrome or browser plugins like Adobe Flash Player.
Then Microsoft implemented a sandbox-like feature starting from Internet Explorer 7, by using the new User Account Control and Mandatory Integrity Control features included in Windows Vista and Windows 7. The browser starts in protected mode and every browser process is run at low integrity level. All browser extensions and ActiveX controls run inside the low-integrity process. All processes run at low integrity level have highly limited access to system resources, registry and disk locations. This means that a potential malware dropped by an exploit could still be executed, but it couldn't easily go too far in the system because of the highly reduced privileges.
What about Firefox? I expected to see something similar in this fourth release, though as far I can see nothing about it has been implemented by Mozilla. Firefox sets up the main browser process firefox.exe and another child process called plugin-container.exe, which will contain all the browser plugins. Both processes are executed at medium integrity level, with the privileges of the user who executed the browser session. This could result in a situation where a possible malware executed by an exploit would run with standard user privilege, not so good actually.
While I think the proactive step based on exploit prevention is important, I strongly consider the reactive step a critical feature that should be implemented as well, in a perspective of a multi layered protection system able to mitigate as much as possible a potential malware. Mozilla had a project called Electrolysis (also known as e10s) already scheduled, that should allow Firefox running separate processes to display browser's tabs. The sandbox feature looks scheduled inside this project, though the roadmap is still to be defined.
Moreover, Firefox 4 is compatible with Windows XP and this is a very good news. The problem is that, while Windows XP can take advantage of Data Execution Prevention (DEP), XP lacks the more important Address space layout randomization (ASLR) feature from later versions of Windows, which helps DEP work more effectively. This means that a sandbox would be really useful to protect customers against web exploits.
Sure, there are a huge number of Firefox extensions that could help the browser in mitigating exploit attacks, most notably the very effective NoScript extension. NoScript actively helps in preventing exploits from working because it acts as a script firewall, preventing scripts from unauthorized Web sites from loading. Though I must admit that it's hard to me thinking about the average Joe using NoScript extension.
I think that Firefox 4 is a great browser, totally able to compete with Internet Explorer 9 and Google Chrome. I would have like to have seen in Firefox 4 a sandbox-like approach like Chrome and Internet Explorer, that would definitely help users stay safe while surfing the web.
没有评论:
发表评论