Q
Get started Bring yourself up to speed with our introductory content.

Can a walled garden approach help secure Web browsers?

While a walled garden can help secure Web browsers, they are not seen as beneficial by all. Expert Michael Cobb explains why.

Mozilla is reportedly including a "walled garden" in an upcoming version of Firefox. How can a walled garden secure...

Web browsers? Why would a walled garden be seen as not beneficial?

One method used by vendors to increase the popularity of their browsers and strengthen user loyalty is encouraging independent developers to create add-ins, plug-ins and other extensions that provide additional functionality and allow users to customize their browser so it can work the way that suits them best. The downside of this policy, though, is poorly written plug-ins can affect the stability of the browser and the system it runs on while malicious ones can put personal information at risk.

The Mozilla add-ons platform has traditionally been very open to developers. Not only are they capable of changing Firefox in radical and innovative ways, but developers are entirely free to distribute their add-ons from their own sites, and not necessarily through AMO, Mozilla's website repository of add-ons. This gives genuine developers a great deal of flexibility, but it also hands bad actors the ability to take advantage of Firefox users. For example, extensions that change the homepage and search settings without a user's consent have become common, so too have extensions that inject advertisements into webpages or even inject malicious scripts into social media sites.

Mozilla has tried to enforce add-on guidelines that add-on creators must follow by remotely disabling noncompliant extensions. Most extensions that violate these guidelines are distributed almost exclusively outside of AMO, but tracking them down has become increasingly impractical. Mozilla has decided add-on development for Firefox needs to change to improve security and performance.

When version 39 of Firefox is released later this year, Mozilla will require all add-ons to go through AMO review and code signing, even those self-hosted add-ons outside of Mozilla's AMO. While developers won't be forced to distribute their extensions solely through AMO, they must still be submitted for review, and thus, signing. After the transition period, it will not be possible for users to install unsigned extensions in release or beta versions of Firefox. There won't be any preferences or command-line options to disable this configuration either. Details haven't been released yet about how add-ons that will never be publicly distributed -- such as those developed for in-house use -- will be handled.

Balancing functionality with security is a constant struggle when it comes to software development and is particularly true for browsers, the most popular interface for accessing the Internet and content from unknown and untrusted sources. Firefox add-ons execute with full control over the browser, and unlike Chrome and Safari, there are no barriers to keep them separate from each other or the browser; this is what enables developers to achieve such potent levels of customization and added functionality -- both good and bad. The new review process may go some way to improving security, but it relies heavily on automated and human reviewers to find possible hidden attack vectors -- a daunting task given the volume of submissions and the sophistication of modern malware.

Many Firefox fans are disappointed with these proposed changes particularly as there will be no option to allow the installation of unsigned extensions even if the user understands the risks. By forcing developers to go through a lengthy review process to get an extension approved or to release a critical security update, Mozilla risks alienating developers and making extensions less secure if they can't be patched in a timely manner.

The number of add-ins available for Firefox is one of its biggest strengths, and the additional steps developers now need to go through to make their add-on available may reduce the number of those willing to support Firefox. This so-called walled garden may help protect users from malicious add-ons but it has its downsides, so the balancing act of making sure the add-on ecosystem continues to flourish while keeping the average user safe goes on.

Ask the Expert:
Perplexed about application security? Send Michael Cobb your questions today. (All questions are anonymous.)

Next Steps

Uncover more about Internet security in this Web browser security tutorial

This was last published in August 2015

Dig Deeper on Web browser security

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

3 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

A noble effort that I applaud and support. However, a better approach is via a set of purpose driven APIs and bar all access to Firefox internal code. A developer's extensions still should be reviewed and approved.
Cancel
I've heard there is a fundamental flaw with add-ons and Firefox; Add-ons are not sandboxed so add-ons can snoop on other add-ons? Something Google Chrome doesn't allow?
Cancel
So, requiring signed add-ons isn't the whole fix if the add-ons have full permissions to modify the computer, modify settings, snoop. The design needs to change. http://blog.rubbingalcoholic.com/post/110743007958/mozillas-mandatory-add-on-drm-violates-oss
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close