Firefox's Malicious Download Checker gets Bypass option - gHacks Tech News

Firefox's Malicious Download Checker gets Bypass option

Mozilla implemented Google's Safe Browsing technology for downloads in Firefox some time ago. The feature checks downloads that you make in the browser using Google to determine if a file is malicious.

The browser maintains a local copy of the blocklist and checks the file against that list to verify it. If it is flagged by Google, a blocked message is displayed in the download manager and the download is not saved to the local system.

Improving user protection in Firefox is certainly positive but the system is not free of issues. While Safe Browsing catches malicious files, it is plagued by false positives as well.

If you try to download a password program from Nirsoft for instance, a respected and acclaimed developer of Windows software, you will notice that some are blocked by Safe Browsing even though they are not malicious.

This raises validity concerns especially if Google's own Virustotal service reports a program as clean. Even if some services report them as malicious, it does not necessarily mean that they are.

False positives are quite common and while Google is blocking downloads in Chrome as well, it offers an option to unlock the download to bypass the flag and get access to the file anyway on the computer.

Firefox up until now does not offer a bypass option. That's a problem, especially if you know that a file is clean, trust the developer or want to continue because you know what you are doing.

Say, you download the file because you want to run it in a sandbox or a virtual machine. That's perfectly fine but not possible currently if you are using Firefox because it does not offer a bypass option.

This changes in Firefox 39 which ships with an option to unblock files that were blocked by the browser.

firefox unblock download

The new feature becomes available when you right-click on a file in the browser's download manager.

A click on unblock displays a confirmation prompt that claims that the file in question contains a virus or other malware which I dislike a lot because it is a claim that is not always true.

firefox unblock file

It reads:

Are you sure you want to unblock this file?

This file contains a virus or other malware that will harm your computer.

You can search for an alternate download source or try to download the file again later.

The message is not overly helpful. First and already mentioned, it claims something that may not be true all the time.

Second, if you have downloaded the file from a trusted source, downloading it from an alternate source or again won't fix a thing.

Considering that this just landed in Nightly versions of Firefox, it may be reworded before it is released in stable versions of the browser.

All in all though, it is a good thing that the unblock option comes to Firefox even though I wished it would have landed with the feature and not months later. (via Sören)

Summary
Firefox's Malicious Download Checker gets Bypass option
Article Name
Firefox's Malicious Download Checker gets Bypass option
Description
Mozilla plans to launch a bypass option for blocked downloads in the Firefox browser allowing users to download files even if they are blocked.
Author

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. mouser said on March 7, 2015 at 8:14 pm
    Reply

    This is not a minor thing: saying that an unknown file “WILL” hurt your computer is completely irresponsible, unacceptable, misleading, and harms the reputation of the website it is shown for.

    And this isn’t a simple matter of blocking a single download — if you show a message to a user who visits a website saying that the website is trying to get them to install software that “WILL HURT YOUR COMPUTER” you are irrevokably tarnishing that website as dangerous to the user, and many users will run from the website and never return and tell their friends to avoid it because it’s a malicious website.

    Even as someone who views lawsuits as the devil’s work — I really hope someone with some money will sue any browser that is being so irresponsible as to show someone a message like this.

    I have always maintained, if a browser wants to show someone a message that tells the truth: “This file has not been tested by us and we don’t know anything about it” and gives user a choice of what to do, I have no objection to that. But saying that an unknown file “WILL” harm your computer is a blatant lie designed to scare — and has no place in this world.

  2. Caspy7 said on March 7, 2015 at 9:18 pm
    Reply

    If you’re dissatisfied with the text, try filing a bug suggesting that it read “may contain” while pointing out that the (already approved?) text in the download manager says “may contain”.

    1. Martin Brinkmann said on March 7, 2015 at 10:06 pm
      Reply

      The confirmation prompt does not say may.

  3. Boris said on March 7, 2015 at 11:23 pm
    Reply

    I disabled Google Safe Browsing a while ago and instead use mandatory Anti-virus scan of all downloaded exe/rar/zip/iso and other executable files. I trust my AntiVirus way more than Google.

  4. rickxs said on March 7, 2015 at 11:27 pm
    Reply

    Caspy7 March 7, 2015 at 9:18 pm #

    If you’re dissatisfied with the text, try filing a bug suggesting that it read “may contain” while pointing out that the (already approved?) text in the download manager says “may contain”.

    er? I cannot follow what your saying ” may contain” & ” may contain”

  5. Nebulus said on March 8, 2015 at 12:44 am
    Reply

    I always disable this kind of setting in Firefox. IMO it is not the browser’s job to tell you if a file is malicious or not; I expect this kind of warning from a dedicated security solution (i.e. antivirus), not from my browser.

  6. rxantos said on March 8, 2015 at 6:39 am
    Reply

    “will harm” your computer?

    That’s an unfounded accusation. Libelous.

    If they went to “may harm” they could get of. But by using “will harm” they are accusing. If the accusation is unfounded, then is libelous, all someone needs is a way to prove loss revenue and those behind Firefox are open to a lawsuit. I like the Mozilla Foundation, but if they do not change that wording, I see a series of lawsuits in their future.

  7. Xibula said on March 8, 2015 at 7:14 am
    Reply

    That’s it!
    I’m moving to Google Chrome.

    1. Sören Hentzschel said on March 8, 2015 at 3:45 pm
      Reply

      You’re moving to Chrome because Firefox gets a bypass function which gives the user more contral than before? Wow, that makes sense. Not.

      1. Boris said on March 8, 2015 at 9:55 pm
        Reply

        What also does not make sense is that you do not understand humor.

    2. ilev said on March 8, 2015 at 8:29 pm
      Reply

      You are moving to Chrome because Firefox is using Google’s function first installed in Chrome ?

    3. PatchPanel said on March 10, 2015 at 2:48 am
      Reply

      You forgot the “/sarc.”

  8. Doc said on March 8, 2015 at 3:29 pm
    Reply

    The “alternate download source” appears to apply to scam sites that repackage software with viruses, so that explains that text – a different download from a trusted site just *may* be safer.
    However, I’m not so happy with the “will harm” your computer text, as there are many tools (like Nirsoft’s apps or ZIP password finders, to name a few) that are considered “potentially unwanted programs” because they bypass security, “sniff” TCP/IP packets, or can otherwise be used maliciously as well as for legitimate reasons.

    1. Martin Brinkmann said on March 8, 2015 at 7:20 pm
      Reply

      The alternate download text should not be displayed when you download from the author’s website, e.g. Nirsoft.

  9. All Things Firefox said on March 13, 2015 at 12:06 am
    Reply

    Finally, Firefox returns more control to the user. I never use Safe Browsing since it is provided by Google, but it would be really frustrating to try to download a known clean file only to have it blocked by the browser, with no way around except disabling protection. Now if Mozilla would just let us install unverified addons. Also, the message seriously needs to be reworded.

  10. tanaka said on March 31, 2015 at 4:37 am
    Reply

    Firefox 39?! Try to push it firefox 37 will you!

    1. malc01m said on April 6, 2015 at 2:55 pm
      Reply

      I don’t think this new bypass option is going to be very useful in the case of downloading from file hosts like “uploaded.to” if you are using their free option. The file once blocked cannot be restarted for 3 hours, and then to be blocked again.
      Even with this new option the blocked files once stopped cannot be restarted, or downloaded at all…

      It remains that the only option is to again resort to disable/unticking the “blocked reported ……” in security options. So in these cases this new option is a “non-starter” (pun intended)

      Or am I missing something here?

      1. malc01m said on April 6, 2015 at 3:11 pm
        Reply

        I have had downloading from the filehost “uploaded.to” blocked before, this isn’t just theoretical.

        My question here is aimed at the author of this article, Martin Brinkmann.

  11. malc01m said on April 6, 2015 at 3:50 pm
    Reply

    Does this bypass option create a url whitelist, or does it, as I suspect, only create a path to recover the download from the temp folder?
    Even with a whitelist, with urls like uploaded.net there is still the pesky 3 hour wait.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.