Category Archives: Firefox

Bromium: Application Isolation in the Spotlight

  • Two major announcements bring application isolation into the spotlight
  • Microsoft and HP elevate the importance of isolation in the endpoint security stack
  • Isolate risky browser activity, but don’t forget files are risky too

This week, two major announcements came out highlighting the need for application isolation in the security stack for endpoint security – HP DaaS Proactive Security and Microsoft Windows Defender extensions for Chrome and Firefox. The spotlight on application isolation is an excellent way to raise awareness for this technology, and I applaud HP and Microsoft for going all out with isolation as a way to boost endpoint security. Here is a closer look at what both announcements are highlighting.

Microsoft Defender Application Guard (WDAG)

Microsoft Windows Defender Application Guard (WDAG) was announced over a year ago, it introduced client virtualization on Windows. The initial release was designed to redirect untrusted (or not explicitly trusted) Edge browser activity into a VM. The end-user would surf the web using Edge, and if they typed in a URL or were redirected to a site that was untrusted, the website would open in a separate instance of Edge that was running isolated inside a VM. The end-user would have two instances of Edge running and the protected instance was noted with a red background.

Everyone was excited when WDAG came out, as browsers continue to be a major attack vector, and we even wrote a blog supporting Microsoft entering the isolation market. As any security specialist will tell you, the safest way to stop malware is to keep end-users from opening emails or surfing the web altogether. However, while true, this is clearly not practical, but isolation is the technology that can change the game.  Unfortunately for Microsoft, it was not practical to expect users to abandon Chrome and Firefox for Edge. You win some and you lose some, and Microsoft did not win the browser market. BUT they also didn’t lose sight of the importance of isolating potentially risky browser activity, which brings us to their announcement this week.

Microsoft releases Windows Defender Application Guard for Chrome and Firefox

Microsoft WDAG now allows users to surf the web using their browser of choice. When a user types in or is redirected to an untrusted site, the Chrome or Firefox extension directs opening of the website to Edge, which is running inside a VM. WDAG is still about client virtualization aiming to isolate risky websites into a separate VM on the user’s PC, but now the user is not required to use Microsoft Edge as their default browser. The end-user will have most of their browser activity take place in their default browser. However, when the user encounters an untrusted site, they will access that website in an isolated instance of Edge. Welcome back to browser isolation, Microsoft, and thank for you validating the application isolation market!

The second announcement this week that validates application isolation was from HP.

HP DaaS Proactive Security

HP and Bromium have enjoyed a productive relationship for over two years, since HP launched HP Sure Click, which uses Bromium Secure isolation technology for hardware-enforce browser isolation. Our relationship continues to grow and evolve, and this week HP announced the next step –including Bromium Secure isolation for browsing and files in their HP DaaS Proactive Security powered by HP Sure Click Advance. This announcement further validates that major players in the hardware and software market are recognizing the need to move the responsibility for endpoint security away from the end-user. Microsoft and HP are choosing to rely on application isolation as the way to prevent malware from invading Windows endpoints and spreading onto corporate networks.

Isolate Only Browsers?

While we applaud Microsoft’s decision to use isolation for surfing the web and for links that come in emails, there’s an obvious gap in their coverage. What about emails with attachments? And how about files that users download from the Internet? Browsers are indeed a major attack vector, but files are equally a major attack vector.  If you don’t think files are a threat, you might want to visit some of our latest Threat Intelligence posts below.

What do you think of this week’s announcements? Share your thoughts and questions in the comments section. Happy reading!

See Bromium threat intelligence in action:

The post Application Isolation in the Spotlight appeared first on Bromium.



Bromium

Microsoft Launch Application Guard Extension For FireFox and Chrome

Earlier, Microsoft introduced a dedicated Windows Defender browser extension for its browser Microsoft Edge with Windows 10. The extension, named

Microsoft Launch Application Guard Extension For FireFox and Chrome on Latest Hacking News.

Firefox 66 Arrives With Autoplaying Blocked by Default, Smoother Scrolling, and Better Search

An anonymous reader writes: Mozilla today launched Firefox 66 for Windows, Mac, Linux, and Android. The release includes autoplaying content (audio and video) blocked by default, smoother scrolling, better search, revamped security warnings, WebAuthn support for Windows Hello, and improved extensions. The company says its main goal with this release is to reduce irritating experiences such as auto-playing videos, pop-ups, and page jumps. Firefox 66 for desktop is available for download now on Firefox.com, and all existing users should be able to upgrade to it automatically. The Android version is trickling out slowly on Google Play.

Read more of this story at Slashdot.

Mozilla launches Firefox Send for private file sharing

Mozilla look to reclaim some ground from the all-powerful Chrome with a new way to send and receive files securely from inside the browser. Firefox Send first emerged in 2017, promising an easy way to send documents without fuss. The training wheels have now come off and Send is ready to go primetime. Will it catch on with the masses, or will only a small, niche group use it to play document tennis?

How does it work?

Firefox Send allows for files up to 1GB to be sent to others via any web browser (2.5GB if you sign in with a Firefox account). The files are encrypted after a key is generated, at which point a URL is created containing said key. You send this URL to the recipient, who is able to then download and access the file securely. Mozilla can’t access the key, as the JavaScript code powering things only runs locally.

Before sending, a number of security settings come into play. You can set the link expiration to include number of downloads, from one to 200, or number of days the link is live (up to seven). Passwords are also available for additional security.

It’s not for everyone

The process isn’t 100 percent anonymous, as per the Send privacy page:

IP addresses: We receive IP addresses of downloaders and uploaders as part of our standard server logs. These are retained for 90 days, and for that period, may be connected to activity of a file’s download URL. Although we develop our services in ways that minimize identification, you should know that it may be possible to correlate the IP address of a Send user to the IP address of other Mozilla services with accounts; and if there is a match, this could identify the account email address.

Of course, there may be even less anonymity if you use the service while signed into a FireFox account to make use of the greater send allowance of 2.5GB.

As a result, this might not be something you wish to use if absolute anonymity is your primary concern.

Who is likely to make use of this?

Send is for situations where you need to get an important file to someone but:

  1. The recipient isn’t massively tech-savvy. If you’re dealing with applications involving a drip feed of documents over time, this can get messy. Eventually, the person at the other end will have had enough of multiple AES-256 encrypted zip files hosted on Box where the password never seems to work, or they don’t have the right zip tool to extract the file. Send will simplify that process.
  2. The person at the other end is tech-savvy. However, they’re not necessarily aware that sending bank details or passport photos in plaintext emails is a bad idea.

A Mozilla project manager mentioned issues involving Visa-related documents in the cloud, and this is definitely where a service like Send can flourish. Multiple uploads over time usually ends up in a game of “hunt the files.” Did you delete everything? Maybe you should leave some of it online in case a problem arises? Are the files really gone if you delete them all, or is it as simple as flipping a “Whoops, didn’t mean it” switch and watching them all come back?

These are real-world, practical problems that people run into on a daily basis. The duct tape, multiple service/program approach works up to a point—and then it doesn’t. Firefox Send is perhaps a bit niche, but there’s nothing wrong with that. Not everyone is a fan of leaving important documents scattered across Google Drive or Dropbox, and this is a handy alternative. We’ll have to see what impact this product has long-term, but having more privacy options available is never a bad thing.

The post Mozilla launches Firefox Send for private file sharing appeared first on Malwarebytes Labs.

Firefox Send — Free Encrypted File Transfer Service Now Available For All

Mozilla has made it easy for you to share large files securely and privately with whomever you want, eliminating the need to depend upon less secure free third-party services or file upload tools that burn a hole in your pocket. Mozilla has finally launched its free, end-to-end encrypted file-transfer service, called Firefox Send, to the public, allowing users to securely share large files like

New Firefox Quantum-compatible VirusTotal Browser Extension

In November 2017 Mozilla released a new and improved version of their browser. This version is called Firefox Quantum. Following that step forward, VirusTotal is releasing major revamp of its browser extension! You may install it at:

Historically VirusTotal had a very simple but popular firefox extension called VTZilla. It allowed users to send files to scan by adding an option in the Download window and to submit URLs via an input box. We had not updated it since 2012.



At the end of 2017 Firefox decided to discontinue support for old extensions and encourage everyone to update their extensions to the new WebExtensions APIs, a common set of APIs designed to be the new standard in browser extensions. As a result our existing VTZilla v1.0 extension no longer worked. At VirusTotal we decided to face this as an opportunity instead of an inconvenience and we started working on a new and improved version of VTZilla.

VTZilla 2.0 has been designed with various goals in mind. We wanted this new version to be easy to use, transparent to users and as customizable as possible. The first thing users will see when installing the extension is the VirusTotal icon. If you click on it you will see the different configuration options:


This will allow users to customize how files and URLs are sent to VirusTotal and what level of contribution to the security community they want.

Users can then navigate as usual. When the extension detects a download it will show a bubble where you can see the upload progress and the links to file or URL reports.


These reports will help users to determine if the file or URL in use is safe, allowing them to complement their risk assessment of the resource. This is a great improvement with respect to the former v1.0 version of VTZilla where we would only scan the pertinent URL tied to the file download. Then you would then have to jump to the file report via the URL report, and this would only be possible if VirusTotal servers had been able to download the pertinent file, leaving room for cloaking and other deception mechanisms.

VTZilla also has functionality to send any other URL or hash to VirusTotal. With a right button click users have access to other VirusTotal functionality:


This is the basis for all future functionality. Feel free to send us any feedback and suggestions. We will be working to improve and add functionality to the extension. Thanks to WebExtensions we will also be able to make this extension compatible with other browsers that support the WebExtensions standard.

Soon after this major revamp we will be announcing new VTZilla features whereby users may further help the security industry in its fight against malware. Even non-techies will be able to contribute, the same way that random individuals can contribute to search for extraterrestrial life with SETI@home or help cure diseases with BOINC, stay tuned and help give good the advantage.