Posted on 02/07/2005 8:15:52 PM PST by scab4faa
One of the main reasons for the Firefox browser's successful seizure of market share from Microsoft's Internet Explorer is the desire to escape the inundation of PC-slowing spyware. However, spyware experts indicate that with its increased popularity, Firefox itself will become a target for spyware creators, who are already poking at the open source browser alternative.
Webroot Vice President of Threat Research Richard Stiennon said he expects there will be spyware for Firefox this year, adding that while the browser was designed to be immune from the spyware infecting IE, Firefox will face a new breed of spyware tailored specifically for it.
"Basically, if you use Firefox today, you're not susceptible to any spyware, other than what you download when you're on Kazaa," Stiennon said. "The spyware writers target mostly Explorer users because that's the most fertile feeding ground for piranha-like (spyware) attacks. They'll watch as Firefox becomes mainstream, they'll see opportunity there and start targeting them."
Spyware action and reaction
Stiennon said while spyware for Explorer has become widespread and relatively easy to create, it will be the more advanced spyware writers who turn their sites on Firefox.
"It'll be the more sophisticated guys that'll write Firefox spyware," he said. "I predict that by the middle of the year, we'll start to see it."
Stiennon also said Firefox was created specifically, in part, to avoid the kind of spyware that has riddled Explorer along with worms and adware.
"Firefox was written for the existing world of Internet Explorer exploits, but it has its own vulnerabilities that will be exploited," he said.
Stiennon said while a computer running Firefox will still not be as good of a machine to infect with spyware and it takes the malicious software some time to have an impact, the Mozilla browser will come under fire as it nears and surpasses 10 percent market share.
Nevertheless, Stiennon also indicated the creators, maintainers, and even users of Firefox will quickly and aggressively step up their anti-spyware efforts along with the increased threat.
"The people who use Firefox -- their reaction to any spyware-type attacks will be pretty vehement," he said. "There'll be fast reaction from both Firefox developers and users."
Not so fast for Firefox
Despite Stiennon's prediction, other experts are not convinced that spyware will besiege Firefox as soon as this year. Computer Associates Director of Malicious Content Research Roger Thompson said although spyware for Firefox this year is possible, it is unlikely.
"It's possible," Thompson wrote in an email to NewsForge. "While user numbers would need to be pretty big to present a more attractive target than something known to be on about every desktop by default, I don't believe the botherds (a bot gives the botherd complete control over a "zombied" machine) are actually doing their own research. They are merely following the security lists closely, and quickly implementing those exploits, and vulnerability researchers probably do subject Firefox to scrutiny, and probably do find things, so it is possible.
"But unlikely," Thompson continued. "The preponderance of Internet Explorer users is simply too good a target. And in any case, it's just not necessary and only a small percentage of spyware plants via an exploit -- most relies on social engineering to 'talk' people into installing it, or by allying itself with some 'desirable' service or product, such as the various P2P networkers."
Thompson, however, said some typical spyware vectors may be open for Firefox, too. To infect and run on machines, for example, much of today's spyware either talks directly via port 80, or inserts itself as a Layered Service Provider (LSP), "which will nail Firefox too," Thompson said.
The expert also said with increased spyware competition, which he is seeing already, anything is possible. Thompson said while Firefox and other "non-IE" browsers avoid exploits, ActiveX control issues and browser helper object (BHO) issues, the alternatives are not necessarily immune to keyloggers, LSP injectors, remote administration tools, and adware that is "invited in."
In terms of the Firefox spyware tipping point, Thompson said he believed 10 percent market share might be too low, but again emphasized that increased spyware competition will put other browsers to the spyware test.
Working on it now
For his part, Stu Sjouwerman -- founder and COO of Counterspy maker Sunbelt Software -- agreed that Firefox spyware is likely in 2005.
"I'm pretty sure you can expect one or two Firefox (spyware) exploits before the end of the year," Sjouwerman said. "The more popular a platform gets, the more likely it is to come under attack. Firefox -- which I use myself -- I don't think is going to be immune from that. If you go wide like this, you have to expect that your product will be exposed to a trial by fire."
Sjouwerman reported that his company's research on Firefox revealed some Explorer-like situations that may draw spyware.
"We looked into it and found that the security of Firefox had similar openings or vectors where spyware can be utilized to exploit or bypass protection," he said.
Adding that the spyware exploits would have to be changed to target Firefox, Sjouwerman said once the alternative browser has around 15 percent of the browser market, it will be "commercially interesting" for spyware creators to target. In response to spyware for Firefox, Sjouwerman said developers and other backers of the alternative browser will fix the holes that allow it. Third-party companies, such as Sunbelt, will also provide protection against spyware for Firefox, he added. There is not yet a Firefox version of Sunbelt's CounterSpy anti-spyware, but it is coming, the company has said.
Sjouwerman indicated spyware writers are likely already playing with other, non-IE browsers and the first spyware for Firefox -- the most likely browser to "break through" with significant market share -- is probably coming soon.
"I wouldn't be surprised if a couple of Russian spyware writers were turning Firefox inside out," he said. "In the next couple of months, we'll see the first exploits."
Unlike Microsoft, however, the folks who develop Firefox will not spend a year in denial about it, and if a company's business requirements don't permit the wait they can fix it themselves on their own schedule.
Can we just take the spyware developers outside and shoot them? Okay, j/k but how many work hours are wasted every day just removing spyware or installing the latest IE updates to fix the holes? Many productive hours down the tubes.
I use Firefox but I figured it would be a target someday if it continued to grow.
bttt
This isnt right, I use mozilla and get spyware all the damn time when I use AdAward-SE or Search & Destroy to clean my computer
I found out about FireFox here on FR and I think it's great
You make it sound like every business is on dialup. I downloaded and installed SP2 on my sister's computer over the Thanksgiving holiday weekend, and it took no more than 20 minutes to download, and 2 minutes to install and reboot.
It took an overnight download on dialup on my system. I rebooted the next morning when I got up.
Will M$ pay some Hungarian hackers to find and exploit security holes in FireFox? They are happy to take $100 bills, American dollars over there
Until then, I'm glad the competition is forcing certain companies (::hack:: MS ::koff::) to improve
A no brainer PING!
Any tech-savy person know why when I go to "File > Import" in Firefox the bookmarks in IE do not transfer to Firefox, as they should? Thanks.
MS is prolly leading the charge on developing spyware for Firefox...
LOL
Thank you for the warning Mr. Gates.
I'm using Mozilla on Linux right now, and hope to God that it dosen't become a major malware target.
I partitioned my HD and bought the SuSE Linux distro just so I could go online safely.
Spyware should be made illegal.
I get plenty of notices to update security holes in IE between major updates and throw on top of that having to run Ad-Aware and Spybot S & D on a regular basis to get rid of the browser exploits and hijackers on IE. I know I've wasted plenty of working time messing with IE and the problems just stopped once I started using Firefox several months ago. I'm glad you like IE but I've had nothing but problems with it.
*BINGO*!
Just in case you took my advice...
I just downloaded and installed Firefox today. I think I like it. I hope it keeps all the spycrap out.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.