Starting with Firefox 32, Mozilla will check file downloads against Google's application reputation database which is powering Chrome's Safe Browsing feature since 2012.
If you have read the release notes of Firefox 31, you may have noticed the entry "block malware from downloaded files" under What's New.
The integration of the feature in Firefox 31 is the first step in the implementation which will be completed when Firefox 32 is released to the public in six weeks.
In Firefox 31, a local list is used to determine whether a downloaded file is malicious or not. This downloaded list is updated regularly, ans whenever a download is being made, that download is checked against the list to make sure it is not malicious in nature.
Note: Firefox will only check executable files and not other file types.
From Firefox 32 on, downloads are checked against the local list and a remote list if the local list does not return a hit. This remote list is maintained by Google, and to access it, information about the download are submitted in the process.
While the file itself does not get transferred, its SHA-256 hash value as well as other information such as the suggested file name for the download, the length of the file in bytes and the url the file was downloaded from are.
Example screenshot of a download that Chrome blocked as malicious
How to block the sending of information to Google
While the implementation of download checks in Firefox may help some users avoid malware downloads, others may dislike the integration of the feature.
A core reason is privacy since information about file downloads are submitted to Google. Not only are information submitted, but the request itself will reveal additional information such as the IP address of the computer the request came from.
If you have deployed antivirus software on your system, it may also be unnecessary to use the Firefox implementation as the software may protect the system from malicious downloads automatically.
Last but not least, false positives are also a possibility.
To disable the application reputation check in Firefox, do the following:
Removing the address from the preference blocks the sending of information to Google.
It is alternatively possible to disable Safe Browsing completely.
Additional features about the application reputation feature are available on Mozilla's Wiki.
Now Read: An in-depth Firefox security guideAdvertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.