Protect Firefox (and Opera, etc) settings

Defense+ currently only protects browser settings for Internet Explorer by default.
Please (please!) add settings protection for Mozilla Firefox* (and other major browsers like Opera, Google Chrome, and Apple Safari) to the default installation.
Thanks for listening and for CIS,
~John

  • Since Firefox does not store settings in the Registry, and since the settings file (prefs.js, in user’s Firefox profile directory) is frequently modified during normal use of Firefox, providing protection would seem to require significant enhancement of Defense+.

I think it is a good idea to add additional protection to browsers.
+1

More likely it will require the addition of related entries (eg ?:\Documents and Settings*\Mozilla* ) to My protected files but indeed it will remove the need to configure CIS manually :-TU

Since that file is updated normally and frequently, just protecting the file is unworkable.
This would take new functionality in Defense+.

John

I can only but disagree with any claims of an eventual lack of functionality whereas an alternative functionality has not been explicitly described.

File protection like registry protection works at application level thus obviously how frequently Firefox will write its preference file (which also can be explicitly specified) is not really relevant.

Please clarify further what this new functionality should be like possibly from a technical implementation standpoint.

As I wrote, the settings file is normally and frequently updated. Thus an alert based on any change to the file, as you apparently suggested, would be very annoying and unworkable, just like alerting on any change to the Registry (not just particular items). :-TD

What’s needed is something like monitoring of the Registry, protecting just the critical items within the settings file that don’t normally get changed, ignoring other items, and ideally ignoring changes to critical items made by the user through the standard interface, as opposed to changes made by malware. :-La

One of the biggest vulnerabilities in Firefox is the use of a simple flat settings file with no permission granularity, a throwback to the bad old days of INI files. :-TD

John

Update: File protection and Registry protection are both target based. Certain entire files are protected (My Protected Files); others are not. Certain Registry keys are protected (My Protected Registry Keys); others are not. The difference is that only an entire file can be protected, not just parts of files, unlike Registry keys.

I don’t see any point to alert users if firefox itself is changing a single line of text in its preference files and likewise I don’t see the need any external 3rd party app would need to modify firefox private settings.

Is there any specific scenario anybody should consider?

Either you’re not reading what I wrote, or I’m not able to write clear English.
I give up.

Nope I did, but I don’t like to argue for the sake of it.
So as it is not ulikely I was not able to understand some subtle implications in absence of an explicit reasonable scenario I assume I was not able to fully understand your point which is neither of the above quoted cases.

You have me fooled.
I’m done.
Have the last word.

How about letting Firefox access those protected keys, and block other apps?

http://qgs8sq.bay.livefilestore.com/y1pvRXBcanwVqNFS6npmnqfrHC_OuxxEGniFmEBaGkU3aT1ZDtD3NvYKvnTxFKXLTL0J9BdESTlpx1RiP2LuTQYtA/2009-01-15_181714.png

Gibran always wins. 88)

The problem with that (as I try to explain in other posts) is that Firefox settings (both critical and non-critical) are stored in a Firefox data file, not the Registry.

John

Then just do the same thing in my SS, except click the “Modify” button for “Protected Files/Folders”. 88)

The problems with using Protected File for Firefox settings are that

  • It’s all or nothing – you can’t just protect important things.
  • Firefox itself may be hosting the malware.

I want granular and specific protection, like there is now for Internet Explorer.
(You may want to actually look at this protection before responding further.;))

I may be going stupid in my young age 88), but I can’t find where to look for this. Is it in the window in the SS I posted above, or in the help file, or in some setting I can’t find? (:SHY)

To see default Internet Explorer settings protection:

  • Start CIS GUI
  • Click Defense+
  • Click Common Tasks
  • Click My Protected Registry Keys
  • Click Groups…
  • Scroll down to Internet Explorer Keys

John

p.s. Unfortunately, there’s no good way to copy or export them for posting here. :frowning:

Hallo Jeremy,

CIS protection is enforced at application level and AFAIK there is no alternative 3rd party product that enforces a sub-application (eg thread-aware) protection nor that enforces a sub-file (byte range) protection, which will likely drown the user with countless alerts.

IMHO the hypothetical scenario that see CIS operating on already infected Firefox installation would be stretching D+ HIPS operative design and purpose although D+ can already protects again a good deal of malicious behaviors eventually carried on a system.

The granular protection for Internet explorer settings is carried for 3rd-party processes. Internet explorer itself have full unrestricted access.

Likewise the addition Firefox of related entries (eg ?:\Documents and Settings*\Mozilla* ) to My protected files to the default CIS config will allow the users to be alerted as soon there is an unlikely chance a 3rd party process have to access Firefox settings.

On a related account CIS design implementation allow the user themselves to block IE from accessing some protected resources (including IE own registry keys) but this is something more than anti malware protection.

That you don’t know how to do it doesn’t mean it can’t be done, and your assessment suffers from some serious errors, but I’m not going to waste any more time trying to educate you, and it’s not up to you to assess in any event – that’s up to Comodo. Just vote “no”, even if just out of spite, and move on, to mind your own business. Thank you.

John

This topic is locked during moderator review !