One of the causes of the adoption of Google’s Chrome browser in the workplace is that for the most part, since it installs under your user directory it can bypass the limited permissions on most business computers, letting the user install something without consulting IT. This is a minor security concern as Chrome runs with limited permissions and is certainly not more inherently vulnerable than the old corporate standby, IE6.
According to The Inquirer Firefox will be starting to do something similar but with larger repercussions. FireFox 12 will be whitelisted on UAC, allowing system level access to the program. While this does mean that if they are successful users will be running up to date software and not require IT resources to upgrade FireFox every month or so, it also introduces a powerful attack vector for infections. A silent FireFox update might not be from Mozilla and could instead be from malware online, creating a system vulnerability that the user is completely unaware of until obvious symptoms start to show, by which time it could be too late to stop the spread of an infection to the network or to clients machines. The update is due out today, so keep a close eye on your FireFox installation for now.
"SOFTWARE DEVELOPER Mozilla will bypass Windows’ user account control (UAC) to implement silent updating in its Firefox 12 web browser.
Mozilla’s Firefox 12 is expected to be released today, and the outfit claims it will bypass Windows UAC in order to enable silent updating. Since Mozilla put Firefox on its rapid release schedule, it has put out new versions of the web browser every six weeks, leading some users to complain about the number of releases."
Here is some more Tech News from around the web:
- HTC plans to develop customized processors @ DigiTimes
- ARM profits rise 22 per cent as margins increase @ The Inquirer
- Windows 8 Release Preview is coming ‘first week of June’ @ The Inquirer
- Microsoft lobs out first Skype for Windows Phone @ The Register
- Plumbers of the interwebs vow to kill IP hijacking @ The Register
- AMD Confirms Drop of Monthly Driver Support for Radeon HD 2000-4000 Series @ NGOHQ
- Sophos study finds that one fifth of Macs carry malware @ The Inquirer
- The TR Podcast 110: The lowdown on Ivy Bridge and her mobos
This is why firefox is not
This is why firefox is not widely in the enterprise at all.
Most of the time its banned completely.
I think it would have been
I think it would have been better if you just got the option to turn it off by way of a message at setup say why they thing it should be off.
Hmm, I don’t think that it’s
Hmm, I don’t think that it’s very smart to white-list Firefox in UAC. I also don’t see why you would need to, it works just fine. Sure, Firefox might be slightly annoying to update but it is more secure that way. Chrome’s silent updates are nice but I still use Firefox just as much due to its more powerful extensions that Chrome could never have.
Sorry, but this is complete
Sorry, but this is complete nonsense. There’s no such thing as white-listing in UAC. The news on the Inquirer must have been written by a dumb intern, as Windows UAC simply does not offer any such functionality. And Firefox itself will never get system privileges.
Instead, Mozilla introduces a seperate component implemented as a Windows service, which is a pretty safe way of handling this problem. When Firefox wants to update itself, it asks the OS to start this service, and the OS executes the service with system privileges. The service then installs the update, and digital signatures prevent it from installing any other stuff like malware.
Also, this new service is obviously optional. You can disable it, and you can even uninstall it completely. If you do that, Firefox will update non-silently as it used to. And in enterprise environments, you wouldn’t allow it to update itself anyway.
Thank you for clarification!
Thank you for clarification!
Thanks for the
Thanks for the clarifications, that is one of the problems with reporting on something before you can get your hands on it. Whitelist might not have been the best term to use, perhaps planned exploit of buggy UAC permissions?
Very glad to see it is optional … I hadn’t had time to try it until this morning.
Oh dear. You really need to
Oh dear. You really need to get off that UAC horse.
The Mozilla maintenance service, as it is called, has nothing to do with UAC. It doesn’t bypass or exploit UAC, it doesn’t tamper with UAC, and it doesn’t even care whether UAC is enabled or – remember Windows XP? – existant on your version of Windows. It simply allows you to perform Firefox updates without having admin rights, even on XP.
People just generally seem to muddle things up. For many, UAC has become synonymous with the mere concept of user privileges in a multi-user OS, probably because they never used standard user accounts, neither in Windows nor something other than Windows. Then, when they discover that some privileged operation can work without triggering a UAC prompt, they believe UAC must have somehow been bypassed or tricked.
But there is no trick, and there is no glaring security problem either. In fact, the same mechanism is used by Microsoft itself for Windows Update. If you set Windows to update automatically, it will do so in the background by running a service. Without prompting for admin privileges.
I may well be wrong, in fact
I may well be wrong, in fact I hope I am … I just don’t think this is going to be a great idea for security in an enterprise environment.
I must admit I don’t fully grasp exactly how it is that Firefox is going to write to a folder which the logged in user does not have write privileges to without it doing something dodgy with those privileges. I haven’t had a chance to fully research this yet, but since it seems to be generating interest (and conversation) I think I probably should look more into it.
Session 0 … aha, I
Session 0 … aha, I understand now.
Not really. Session
Not really. Session separation is a security mechanism introduced with Vista, but it’s not relevant to understanding service basics, and not relevant to this discussion. If you want to know more about services, go there: http://msdn.microsoft.com/en-us/library/ms685141%28v=vs.85%29.aspx
During a background update, Firefox does NOT write to its installation folder. To be more precise, the firefox.exe process does not write there. It doesn’t have the privileges to do that.
When you update to Firefox 12, the update installs a system service called maintenanceservice.exe. The service is configured to run with system privileges, so it can write to the installation folder. In theory, any unprivileged program can make this service run. But if its code is written properly – and I assume that it is – it won’t ever do anything else than installing Mozilla-signed update packages. Therefore, you have a working security boundary, and no privilege escalation.
Your worries regarding the enterprise usage of Firefox are also misguided. Enterprise admins are not going to deploy this service anyway.
Hate to be a jerk, but it
Hate to be a jerk, but it seriously bothers me that you would publish an article with statements like “I haven’t had a chance to fully research this yet.”
You very obviously don’t understand how Firefox is actually doing this. At the very least add an “Update:” to your article, so you aren’t leading people astray. Not everyone reads the comments below.
It appears you just wanted to pump out an article before having any sort of idea how it works.
Well, since the “I still
Well, since the “I still haven’t fully tested it” line comes in the comments and not the article they’d already have to be reading the comments in order to see that.
As for testing … yes I am planning on doing it however there is no way to approach the head of IT and ask to roll out FireFox 12 on the network so I can publish an article about it. Rolling it out for testing to the web crew on the other hand will eventually happen.
I do hope to update this once I have new information on how maintenanceservice.exe interacts with a secured PC but until then you are going to have to wait.