News
News
10/6/2006
01:23 PM
50%
50%

Mozilla Strategizes With Microsoft On Security

Mozilla developers trekked to Microsoft's Redmond, Wash., campus this week to powwow about security, considering limiting Firefox's ability to install software on Windows Vista.

Mozilla developers who spent several days this week with the Windows Vista team at Microsoft's Redmond, Wash. campus said that they're considering implementing a security feature in the upcoming OS to better protect future versions of Firefox from attack.

Vladimir Vukievi, who was one of the Mozilla team to take up Microsoft's August offer of Vista assistance, said that Vista's "Low Integrity Mode" might make Firefox less susceptible to exploits.

Low Integrity Mode, which is part of the Vista User Account Control (UAC) technologies that are meant to make it more difficult for attackers to install their code on PCs, is similar to "sandbox" techniques that wall off an application from the rest of the operating system. By reducing the browser's rights, Low Integrity Mode prevents a compromised or vulnerable application from making changes to the OS or other apps. Internet Explorer 7 in Vista will make use of Low Integrity Mode as part of what Microsoft calls "Protected Mode." "We spent a while talking to members of both the UAC team and the IE team about ideas on how to structure our app for the lowest permission level," wrote Vukievi on his blog. "I have some ideas on how we could do this in a cross-platform way, taking advantage of UAC on Vista, and dropping privileges on Linux/Mac OS."

Vukievi said that Mozilla's developers will consider if this is possible for the next major version of Firefox, v. 3.0, which is currently on the planning board for a 2007 release. "I think that it would force us to evaluate exactly where the browser touches the rest of the system, and to figure out how to tighten the security around those interactions," he added.

Even before the three-day confab in Redmond, Mozilla was talking about beefing up Firefox security. In an interview last month, Window Snyder, the new head of security at Mozilla, said that the company would look for Firefox to "have fewer entry points into the system."

"Implementing this is very much a mitigation to reduce the impact of vulnerabilities rather than reducing the vulnerabilities themselves," said Vukievi. "But that's a pretty important goal."

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 7, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program!
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.