freshidea - Fotolia
Mozilla is reportedly including a "walled garden" in an upcoming version of Firefox. How can a walled garden secure Web browsers? Why would a walled garden be seen as not beneficial?
One method used by vendors to increase the popularity of their browsers and strengthen user loyalty is encouraging independent developers to create add-ins, plug-ins and other extensions that provide additional functionality and allow users to customize their browser so it can work the way that suits them best. The downside of this policy, though, is poorly written plug-ins can affect the stability of the browser and the system it runs on while malicious ones can put personal information at risk.
The Mozilla add-ons platform has traditionally been very open to developers. Not only are they capable of changing Firefox in radical and innovative ways, but developers are entirely free to distribute their add-ons from their own sites, and not necessarily through AMO, Mozilla's website repository of add-ons. This gives genuine developers a great deal of flexibility, but it also hands bad actors the ability to take advantage of Firefox users. For example, extensions that change the homepage and search settings without a user's consent have become common, so too have extensions that inject advertisements into webpages or even inject malicious scripts into social media sites.
Mozilla has tried to enforce add-on guidelines that add-on creators must follow by remotely disabling noncompliant extensions. Most extensions that violate these guidelines are distributed almost exclusively outside of AMO, but tracking them down has become increasingly impractical. Mozilla has decided add-on development for Firefox needs to change to improve security and performance.
When version 39 of Firefox is released later this year, Mozilla will require all add-ons to go through AMO review and code signing, even those self-hosted add-ons outside of Mozilla's AMO. While developers won't be forced to distribute their extensions solely through AMO, they must still be submitted for review, and thus, signing. After the transition period, it will not be possible for users to install unsigned extensions in release or beta versions of Firefox. There won't be any preferences or command-line options to disable this configuration either. Details haven't been released yet about how add-ons that will never be publicly distributed -- such as those developed for in-house use -- will be handled.
Balancing functionality with security is a constant struggle when it comes to software development and is particularly true for browsers, the most popular interface for accessing the Internet and content from unknown and untrusted sources. Firefox add-ons execute with full control over the browser, and unlike Chrome and Safari, there are no barriers to keep them separate from each other or the browser; this is what enables developers to achieve such potent levels of customization and added functionality -- both good and bad. The new review process may go some way to improving security, but it relies heavily on automated and human reviewers to find possible hidden attack vectors -- a daunting task given the volume of submissions and the sophistication of modern malware.
Many Firefox fans are disappointed with these proposed changes particularly as there will be no option to allow the installation of unsigned extensions even if the user understands the risks. By forcing developers to go through a lengthy review process to get an extension approved or to release a critical security update, Mozilla risks alienating developers and making extensions less secure if they can't be patched in a timely manner.
The number of add-ins available for Firefox is one of its biggest strengths, and the additional steps developers now need to go through to make their add-on available may reduce the number of those willing to support Firefox. This so-called walled garden may help protect users from malicious add-ons but it has its downsides, so the balancing act of making sure the add-on ecosystem continues to flourish while keeping the average user safe goes on.
Ask the Expert:
Perplexed about application security? Send Michael Cobb your questions today. (All questions are anonymous.)
Uncover more about Internet security in this Web browser security tutorial
Dig Deeper on Web browser security
Related Q&A from Michael Cobb
Sending sensitive information in attachments is inherently unsafe, and the main way to secure them -- encryption -- can be implemented inconsistently... Continue Reading
Spyware can steal mundane information, track a user's every move and everything in between. Read up on the types of spyware and how to best fix ... Continue Reading
Explore the differences between symmetric vs. asymmetric encryption algorithms, including common uses and examples of both, as well as their pros and... Continue Reading