Go Back   Cyber Tech Help Support Forums > Operating Systems > Linux

Notices

Linux Problem solving for all open source distributions of Linux, such as Debian/Ubuntu, Fedora, RedHat, Suse, Mandriva and other proprietary unixes such as Solaris, SGI Irix. Newbie friendly too!

Reply
 
Topic Tools
  #1  
Old February 19th, 2010, 04:14 PM
Total Noob Total Noob is offline
Senior Member
 
Join Date: Sep 2007
Posts: 578
Firefox Extensions -- are they safe?

Open query:

I use Ubuntu 9.10.

I saw some interesting FireFox extensions (there are a handful of them) and installed them using the tabs within the browser for doing so.

I was surprised that they installed without me being asked for an installation password first, as customarily the case when installing Linux apps via the package manager or with programs obtained elsewhere.

I thought the supposed imperviousness of Linux to viruses was password/root protection before software could be installed, as opposed to Windows where bad stuff may install from email attachments or poisoned websites without the user having any idea it was doing that.

But with FireFox, apparently the Linux norm is bypassed somehow, and maybe it is allowing malware in under the same process. So is this a flaw in security?

I like the idea of package management because I assume that Canononical is checking the programs out before putting them in its repositories. I hope my assumption is correct.

I also know to use discretion when installing third party programs -- that it could be infected or just bad.

But now I don't know what to think about Firefox and its motives or its safety record, especially with its placement in the market somewhere between a large company's and some unemployed college kid working in his basement.

Is Firefox certifying the extensions before they allow them to go into its repositories? Is it taking responsibility if an app is poison? Why did it override the password protection?

Comments invited.
Reply With Quote
  #2  
Old February 19th, 2010, 10:28 PM
kage's Avatar
kage kage is offline
CTH Subscriber
 
Join Date: Apr 2004
O/S: Linux
Posts: 1,644
Firefox extensions are installed locally into the user home directory and as such, do not require elevated privileged to be installed. Firefox does have a degree of security and extensions cannot automatically be installed without some interaction from the user.

Since the extensions are installed locally, they cannot compromise your operating system in the same way that Windows malware does, since they only have access to /home/$USER and not your entire system.
Reply With Quote
  #3  
Old February 23rd, 2010, 09:12 PM
Total Noob Total Noob is offline
Senior Member
 
Join Date: Sep 2007
Posts: 578
Extensions

Quote:
Originally Posted by kage View Post
Firefox extensions are installed locally into the user home directory and as such, do not require elevated privileged to be installed. Firefox does have a degree of security and extensions cannot automatically be installed without some interaction from the user.
When you say Firefox as a degree of security, does this mean that the manufacturer is verifying and our vouching for the extensions, as, say, Apple does with the iPhone apps?

Quote:
Originally Posted by kage View Post
Since the extensions are installed locally, they cannot compromise your operating system in the same way that Windows malware does, since they only have access to /home/$USER and not your entire system.
OK, I don't know what you mean by "locally," but I accept the premise. Yet, does that mean that the Firefox extensions simply can't keylog, email out files by themselves, or do other noxious things like deleting data folders?
Reply With Quote
  #4  
Old February 23rd, 2010, 10:57 PM
kage's Avatar
kage kage is offline
CTH Subscriber
 
Join Date: Apr 2004
O/S: Linux
Posts: 1,644
Quote:
Originally Posted by Total Noob View Post
When you say Firefox as a degree of security, does this mean that the manufacturer is verifying and our vouching for the extensions, as, say, Apple does with the iPhone apps?
What I said was Firefox has some built-in security to prevent extensions from being installed without the users permission (malicious installations).

For information on the process of creating an extension, take a look at this link. It is not easy to "slip something by" and push it via a Firefox extension.

Quote:
Originally Posted by Total Noob View Post
OK, I don't know what you mean by "locally," but I accept the premise. Yet, does that mean that the Firefox extensions simply can't keylog, email out files by themselves, or do other noxious things like deleting data folders?
Technically Firefox extensions can have malicious properities, but Firefox has a rather large user base so if a Firefox extension were acting in a malicious way, people would be very vocal about it. Also, there is testing done on extensions before they are allowed to be downloaded.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
5 Firefox extensions you can't live without degsy Internet / Browsers 118 October 24th, 2020 08:12 PM
Do extensions slow down firefox ? WindowsXPer Internet / Browsers 1 August 6th, 2008 03:10 AM
Firefox Settings, Extensions, etc. gone Pi rules Internet / Browsers 2 August 3rd, 2005 01:03 AM
Manual file extensions in Firefox tut2234 Internet / Browsers 1 July 4th, 2005 08:52 PM
Firefox extensions brb The Anything Else Board 4 December 22nd, 2004 03:43 PM


All times are GMT +1. The time now is 11:00 PM.