PDA

View Full Version : Firefox Intrusion Detection/Prevention


davidh
April 9th, 2007, 07:51 AM
Firekeeper is an Intrusion Detection and Prevention System for Firefox. It is able to detect, block and warn the user about malicious sites. Firekeeper uses flexible rules similar to Snort ones to describe browser based attack attempts. Rules can also be used to effectively filter different kinds of unwanted content.
Other features of Firekeeper include:

* Ability to scan incoming Firefox traffic - HTTP(S) response headers, body and URL and to cancel processing of suspicious responses.
* HTTPS and compressed responses are scanned after decryption/decompression.
* Very fast pattern matching algorithm (taken directly from Snort).
* Interactive alerts that give an ability to choose a response to detected attack attempt.
* Ability to use any number of files with rules and to automatically load files from remote locations.

http://firekeeper.mozdev.org/

Even tho' it's still "alpha", I was and am willing to install this in my FF since my stepson recommended it to me. He works for Novell as sys admin type or something like that.

DH

Judy G. Russell
April 9th, 2007, 10:03 AM
it's still "alpha"Lemme know when it hits beta (or even release version!).

jdh
April 9th, 2007, 11:43 AM
Lemme know when it hits beta (or even release version!). There is a chance I might remember.

David H

Judy G. Russell
April 9th, 2007, 02:05 PM
There is a chance I might remember.I'd appreciate it!

jdh
April 9th, 2007, 05:20 PM
there do I rush in, perhaps.

However, because AFAIK all FF extensions are both subject to DISABLE and UNINSTALL and ALSO because "firefox.exe -safe-mode" will allow start up FF with no extensions (so that one can remove the "offenders"), I don't feel as threatened as I would when installing regular MS Windows apps (such as AOL 9.0).

DH

Judy G. Russell
April 9th, 2007, 08:48 PM
However, because AFAIK all FF extensions are both subject to DISABLE and UNINSTALL and ALSO because "firefox.exe -safe-mode" will allow start up FF with no extensions (so that one can remove the "offenders"), I don't feel as threatened as I would when installing regular MS Windows apps (such as AOL 9.0).Now there I agree with you entirely. I feel safer with ANYTHING Firefox than anything MS!

sidney
April 9th, 2007, 09:09 PM
I feel safer with ANYTHING Firefox than anything MS!

Read this blog entry (http://www.websnark.com/archives/2007/03/i_think_jim_bre.html) about the experience this person with a web comic critique blog had with Internet Explorer's anti-phishing feature, and then read this week-long web comic story line that it inspired. The web comic is called Help Desk, and it is about a software giant monopoly named Ubersoft that was founded by a Demon From Hell as the best way to spread evil and torture throughout the world selling its Nifty Doorways operating system. Any resemblance to a real software giant monopoly is strictly coincidental, I'm sure.

Day 1 (http://www.ubersoft.net/d/20070402.html)
Day 2 (http://www.ubersoft.net/d/20070403.html)
Day 3 (http://www.ubersoft.net/d/20070404.html)
Day 4 (http://www.ubersoft.net/d/20070405.html)
Day 5 (http://www.ubersoft.net/d/20070406.html)

-- sidney

Judy G. Russell
April 10th, 2007, 04:01 PM
Read this blog entry (http://www.websnark.com/archives/2007/03/i_think_jim_bre.html) about the experience this person with a web comic critique blog had with Internet Explorer's anti-phishing featureROFL!!! That is just wonderful. What a hoot!

then read this week-long web comic story line that it inspired. The web comic is called Help DeskAdding that one to my daily list, for sure!

jdh
April 14th, 2007, 01:09 PM
Mar 10 short article, from SANS Internet Storm Center, on FireKeeper

http://isc.sans.org/diary.html?storyid=2403&rss

DH

jdh
April 15th, 2007, 09:38 PM
Mar 10 short article, from SANS Internet Storm Center, on FireKeeper
http://isc.sans.org/diary.html?storyid=2403&rss


Oops, alpha version is causing problems on Google maps and Yahoo mail for me with FF 2.0.0.3 on Win 98. Had to uninstall the extension.

I guess I'll wait for version 1.0.

There were recent updates for SiteAdvisor & NoScript so the process of elimination was not so simple, esp. because I'd had problems with those extensions before in the past.

DH

Judy G. Russell
April 15th, 2007, 10:13 PM
I guess I'll wait for version 1.0.I usually wait for 1.1 myself.

jdh
April 15th, 2007, 10:43 PM
I usually wait for 1.1 myself. Well, I'm sort of paranoid. And I was sort of proud of my stepson being security conscious and recommending it to me. But then again, he's under 35. So maybe there's still something to be said for being an old fuddy-duddy (talking about myself). Of course, I'm pretty sure he's probably not having customers install it on their systems yet.

My OS is old 98. Maybe they don't even bother testing on 98 anymore.

The problems I used to have with SiteAdvisor and NoScript only disappeared when FF went from 1.0 to 1.5 or 2.0 (not with new versions of the extensions IIRC). So they probably don't bother much with trailing edgers like me, but I posted a mozdev bug report anyway.

DH

Judy G. Russell
April 16th, 2007, 10:04 AM
My OS is old 98. Maybe they don't even bother testing on 98 anymore.I would doubt it. That's an oooooold OS nowadays.

jdh
June 10th, 2007, 01:26 AM
Oops, alpha version is causing problems on Google maps and Yahoo mail for me with FF 2.0.0.3 on Win 98. Had to uninstall the extension.

I guess I'll wait for version 1.0.

There were recent updates for SiteAdvisor & NoScript so the process of elimination was not so simple, esp. because I'd had problems with those extensions before in the past.

DH
Problems with Firekeeper 0.2.10 alpha seem to me to intermittent on Google maps for me on FF 2.0.0.4 so I have disabled it again. If I had Windows XP instead of Windows 98 I'd probably try FireKeeper again, because it's got the potential of being decent pre-emptive protection i.e. could protect against zero-day exploits, whose occurrences seem to be on the increase.

At least with Firefox and NoScript I have at least 3 live resident layers of defense, namely firewall, anti-virus, and script/plugin blocking/confirmation. Plus on-demand spyware scans.

DH

jdh
August 26th, 2007, 12:07 PM
Version 0.2.12 is now available. I'm going to try it out again and see what happens.

DH

jdh
August 29th, 2007, 03:41 PM
Version 0.2.12 is now available. I'm going to try it out again and see what happens.

DH



I've been running FireKeeper again for a few days now. No problems so far.

I did a quick test to see if the bug I once found is still there. Apparently it has been fixed.

I also received an email today from the bugzilla server stating that the bug had been fixed. The message apparently did not state whether the bug had been fixed in 0.2.12, but that does seem to be the case.

I've been reading so many news stories about infected servers, that I don't trust the extra level of security provided by the (separate) NoScript extension to provide good coverage. So I'm hoping FireKeeper will give the needed edge against the bad guys.

dh