首页 > 安全 > XPI: 下一个恶意软件容器?

XPI: 下一个恶意软件容器?

今天读到一篇文章:

XPI: The next malware vector?

有点意思。如今的phishing site已经越来越有意思了:用IE访问要求安装ActiveX,使用Firefox则要求安装XPI。也许Firefox的安生日子也没有多久了,也许还有2年?5年?:)

其实我和这篇文章的作者的态度总体上差不多,虽然XPI的malware已经逐渐开始出现,一时半会仍然不会成大气候:

With the explosion of popularity in Firefox, will Extensions become the
next ActiveX of malware drive-bys? Maybe, but probably not. While the
idea of having a single package to infect multiple operating systems is
very appealing to malware distributors, most will stick to Windows
systems as the primary targets because of the large share of the
desktop market. TriggerInstall isn’t new and has actually been around
for quite a while but hasn’t become a popular method used by web sites.
I think most malware distributors will stick to an "ActiveX or
Executable" delivery method for a little while longer.

不过对于一个已经超过了10%的市场占有率的浏览器,如果有人写了XPI malware,也将是一个极大的危害。解决这个问题除了使用传统的URL过滤的方案之外(毕竟这个网站本身还是一个phishing site,即使不是,这个XPI的URL也很容易放进malware list),也许一个合适的基于浏览器的方案也是可行的,例如pattern。

好吧,我很想把native操作系统上面的东西搬移到浏览器上面来,够疯狂否。

标签:
  1. 本文目前尚无任何评论.
  1. 本文目前尚无任何 trackbacks 和 pingbacks.