News
News
10/6/2006
01:23 PM
Connect Directly
RSS
E-Mail
50%
50%

Mozilla Strategizes With Microsoft On Security

Mozilla developers trekked to Microsoft's Redmond, Wash., campus this week to powwow about security, considering limiting Firefox's ability to install software on Windows Vista.

Mozilla developers who spent several days this week with the Windows Vista team at Microsoft's Redmond, Wash. campus said that they're considering implementing a security feature in the upcoming OS to better protect future versions of Firefox from attack.

Vladimir Vukievi, who was one of the Mozilla team to take up Microsoft's August offer of Vista assistance, said that Vista's "Low Integrity Mode" might make Firefox less susceptible to exploits.

Low Integrity Mode, which is part of the Vista User Account Control (UAC) technologies that are meant to make it more difficult for attackers to install their code on PCs, is similar to "sandbox" techniques that wall off an application from the rest of the operating system. By reducing the browser's rights, Low Integrity Mode prevents a compromised or vulnerable application from making changes to the OS or other apps. Internet Explorer 7 in Vista will make use of Low Integrity Mode as part of what Microsoft calls "Protected Mode." "We spent a while talking to members of both the UAC team and the IE team about ideas on how to structure our app for the lowest permission level," wrote Vukievi on his blog. "I have some ideas on how we could do this in a cross-platform way, taking advantage of UAC on Vista, and dropping privileges on Linux/Mac OS."

Vukievi said that Mozilla's developers will consider if this is possible for the next major version of Firefox, v. 3.0, which is currently on the planning board for a 2007 release. "I think that it would force us to evaluate exactly where the browser touches the rest of the system, and to figure out how to tighten the security around those interactions," he added.

Even before the three-day confab in Redmond, Mozilla was talking about beefing up Firefox security. In an interview last month, Window Snyder, the new head of security at Mozilla, said that the company would look for Firefox to "have fewer entry points into the system."

"Implementing this is very much a mitigation to reduce the impact of vulnerabilities rather than reducing the vulnerabilities themselves," said Vukievi. "But that's a pretty important goal."

Comment  | 
Print  | 
More Insights
IT's Reputation: What the Data Says
IT's Reputation: What the Data Says
InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and community news at InformationWeek.com.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.