Experts believe silent update proposal for Firefox can result in security breach

Saturday, December 10th, 2011 5:22:49 by

Experts believe silent update proposal for Firefox can result in security breach

To speed up the updating process Mozilla Firefox browser without concerning or troubling the consumer, the Mozilla engineers are now pondering over a new mechanism to install the updates
instantly and silently into the browser’s update feature.

This new updating system will work undercover automatically without notifying or asking the consumer, which, a security expert believes, can open a window for security breach by the hackers.
The expert reckons that the hackers, during the process of silent update, can infiltrate into the channel and can inject a malware through the process of reverse engineering.

At present, on the availability of an update, Firefox asks the user, via a message box, to either install or just ignore the update and if he agrees to install it, the browser starts the
updating process launching its updater program.

The updater program downloads the latest update and after applying it to the old browser, it simply restarts Firefox with newly updated version. The updating process proceeds in the foreground,
making the user wait and watch the updating progress bar on the computer screen, while tapping his fingers on the table.

The Firefox team is now working on this new alternative mechanism of “silent” installation of updates to skip the hectic process of updating. Now, upon detecting any new update, the browser
will start its updating automatically in the background, downloading and installing, without the consent of its user, instead of performing the update in the foreground.

After the automatic update of the browser is complete, Firefox will be swapped with the new version the first time the consumer launches it.

Firefox Engineer Ehsan Akhgari recently wrote in a Mozilla blog, “In this scenario (after the automatic update), you likely won’t notice that Firefox has applied an update as no UI is
shown. Now, the reason that this approach fixes the problem is that swapping the directories, unlike the actual process of applying the update, is really fast.”

On the other hand, Philip Lieberman, founder and president of Lieberman Software located in Los Angeles, believes the new process of updating can be really dangerous despite being fast.

He wrote in Business Computing World, “While many IT security systems will have to be reconfigured to allow background updates to Firefox–which is not a good thing in the first place–there
is danger that hackers could subvert the update system to allow them back-door access to the users’ computer.”

Liberman reckons that despite the benefits of silent updating, which are more convenient to consumers, there is still a security risk involved in that too, as it will invite hackers to
exploit the process.

He added, “If, as I think appears quite likely, hackers start reverse engineering the Firefox background updating system–and remember we are talking about open source software here–then
it is only a matter of time before they subvert this auto-updating mechanism to inject malware.”

Reverse Engineering is a process of breaking something down in order to understand it, duplicate it or improve it. What Liberman believes is that, if any hacker enters the open source
of automatic update process, he not only can rebuild the programming but can also inject any threat into the database, which will result in his infiltration into the system.

Liberman states that the authority of updating the browser on a computer should be in the hands of the users, who have administrative privileges. This is the only way they can secure their
systems from malicious infiltration of the hackers.

Tags: , , , , ,

Short URL: https://www.newspakistan.pk/?p=5839

Posted by on Dec 10 2011. Filed under Sci-Tech. You can follow any responses to this entry through the RSS 2.0. You can leave a response or trackback to this entry

You must be logged in to post a comment Login

Join WishFree.com

Photo Gallery

Unique Auction UAE
Log in