News
News
10/6/2006
01:23 PM
Connect Directly
RSS
E-Mail
50%
50%

Mozilla Strategizes With Microsoft On Security

Mozilla developers trekked to Microsoft's Redmond, Wash., campus this week to powwow about security, considering limiting Firefox's ability to install software on Windows Vista.

Mozilla developers who spent several days this week with the Windows Vista team at Microsoft's Redmond, Wash. campus said that they're considering implementing a security feature in the upcoming OS to better protect future versions of Firefox from attack.

Vladimir Vukievi, who was one of the Mozilla team to take up Microsoft's August offer of Vista assistance, said that Vista's "Low Integrity Mode" might make Firefox less susceptible to exploits.

Low Integrity Mode, which is part of the Vista User Account Control (UAC) technologies that are meant to make it more difficult for attackers to install their code on PCs, is similar to "sandbox" techniques that wall off an application from the rest of the operating system. By reducing the browser's rights, Low Integrity Mode prevents a compromised or vulnerable application from making changes to the OS or other apps. Internet Explorer 7 in Vista will make use of Low Integrity Mode as part of what Microsoft calls "Protected Mode." "We spent a while talking to members of both the UAC team and the IE team about ideas on how to structure our app for the lowest permission level," wrote Vukievi on his blog. "I have some ideas on how we could do this in a cross-platform way, taking advantage of UAC on Vista, and dropping privileges on Linux/Mac OS."

Vukievi said that Mozilla's developers will consider if this is possible for the next major version of Firefox, v. 3.0, which is currently on the planning board for a 2007 release. "I think that it would force us to evaluate exactly where the browser touches the rest of the system, and to figure out how to tighten the security around those interactions," he added.

Even before the three-day confab in Redmond, Mozilla was talking about beefing up Firefox security. In an interview last month, Window Snyder, the new head of security at Mozilla, said that the company would look for Firefox to "have fewer entry points into the system."

"Implementing this is very much a mitigation to reduce the impact of vulnerabilities rather than reducing the vulnerabilities themselves," said Vukievi. "But that's a pretty important goal."

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A UBM Tech Radio episode on the changing economics of Flash storage used in data tiering -- sponsored by Dell.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.