On CHOW: How to avoid dirty looks at cafes
BNET Business Network:
BNET
TechRepublic
ZDNet

May 8th, 2008

Mozilla spreads malware rather than security

Posted by Adrian Kingsley-Hughes @ 2:30 am

Categories: Thoughts

Tags: Mozilla Firefox, Malware, Mozilla Corp., Web Browsers, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Internet, Adrian Kingsley-Hughes

Vietnamese users turning to Mozilla’s Firefox to offer then security got a shock yesterday when the company revealed that the Vietnamese language pack for Firefox 2 was contaminated with malicious code and that this had been available for download for three months.

Because of a virus infection, the Vietnamese language pack for Firefox 2 was polluted with adware, Mozilla security chief Window Snyder said in a blog posting. “Everyone who downloaded the most recent Vietnamese language pack since February 18, 2008 got an infected copy,” she wrote. “Mozilla does virus scans at upload time but the virus scanner did not catch this issue until several months after the upload.”

Now, as someone who has started making the transition from Internet Explorer to Firefox, this is a worrying development. And to be honest, I’m not happy with Snyder’s explanation as to what went wrong:

Snyder did not know exactly how the adware code was added, but she said that this kind of problem could affect any software provider — open source or not. “In most software development environments the developers aren’t kept in a dark cave,” she said. “They browse the Web or take those laptops to a coffee shop ”

“It’s just a fact of life,” she added.

Oh, fact of life, really … somehow that doesn’t make me feel any better about the situation. There’s very little excuse for shipping malware to users nowadays.

I guess the flip-side is that there’s no such thing as a trusted source.

Thoughts?

Adrian Kingsley-HughesAdrian is a technology journalist and author who has devoted over a decade to helping users get the most from technology. He also runs a popular blog called The PC Doctor. See his full profile and disclosure of his industry affiliations

Want to get in touch? Got a tip? Feel free to drop me a note! I ALWAYS respect anonymity. I'm also on Twitter (@the_pc_doc)

Right to Reply: Should any industry representatives wish to comment on any posts on Hardware 2.0, I will be happy to publish their reply verbatim on this blog.

Subscribe to Hardware 2.0 via Email alerts or RSS.

  • Talkback
  • Most Recent of 81 Talkback(s)
You may be right
but if NSA and FBI work like the CIA, then the analysts have 2 different computers....one for classified work and another for when they go out on the web. I work with a woman who left the CIA last year. I'll ask what OS(s) they used on the desktop.... (Read the rest)
Posted by: notsofast Posted on: 05/11/08 You are currently: a Guest | | Terms of Use
yet another demostration that open source code is NOT safer than closed  qmlscycrajg | 05/08/08
Microsoft led the way long ago....  bportlock | 05/08/08
typical denial and deflect tactics  xuniL_z | 05/08/08
IE & Vista Gold Standard??  rpmyers1 | 05/08/08
I'm afraid your opinion  xuniL_z | 05/08/08
Cont......  xuniL_z | 05/08/08
Where did you get your "large number of security experts?"  IT_User | 05/08/08
You may be right  notsofast | 05/11/08
Drop the ad hominem attack and examine the facts  bportlock | 05/08/08
Thanks for proving my point.  xuniL_z | 05/08/08
No response - just abuse. Is that the best you can do?  bportlock | 05/08/08
ok then  xuniL_z | 05/08/08
You have a point? No, you don't.  TroyJohnson | 05/08/08
What would expect in reply...  xuniL_z | 05/08/08
You've just proved his point  hasta la Vista, bah-bie | 05/08/08
Drop the ad hominem attack  marks055@... | 05/08/08
Be my guest! wink  bportlock | 05/08/08
geeze  ivanotter | 05/09/08
A study in hyperbole  TroyJohnson | 05/08/08
Well Troy, I didn't....  xuniL_z | 05/08/08
Denial and all that  elderlybloke | 05/08/08
So it's OK for other companies to put users at risk?  tikigawd | 05/08/08
That's not what I siad. Read my posts again....  bportlock | 05/08/08
1995, 1996 & 2005  Dr. John | 05/08/08
is not about being safer or not...  benitodarder | 05/08/08
Wrong  klumper | 05/08/08
I heard Clamwin had a problem recently  marks055@... | 05/08/08
Is the plugin Open Source?  TripleII | 05/08/08
Is if you compile it yourself  John L. Ries | 05/09/08
Sh*t happens....  pjotr123 | 05/08/08
I have your answer.  xuniL_z | 05/08/08
Absolutely, I would.  TripleII | 05/08/08
Because  xuniL_z | 05/09/08
I'd stand by that statement  hasta la Vista, bah-bie | 05/09/08
RE: Mozilla spreads malware rather than security  MrViklund | 05/08/08
Ouch! Firefux strikes again...  Scrat | 05/08/08
Really?  hasta la Vista, bah-bie | 05/09/08
Another Win32-specific propogation incident  D. T. Schmitz | 05/08/08
Which means that...  Confused by religion | 05/08/08
I'd say the programmer's machine on the local subnet first...  D. T. Schmitz | 05/08/08
Ehh...advertising happens  Norcross | 05/08/08
Message has been deleted.  croberts | 05/08/08
RE: Mozilla spreads malware rather than security  sgp321 | 05/08/08
Murderers are not concerned with security  jackbond | 05/08/08
LOL - Too funny! (NT)  croberts | 05/08/08
4.8  marks055@... | 05/08/08
High Fives  supercharlie | 05/08/08
I'd love to know what anti-virus they use....  devlin_X | 05/08/08
Clamwin (OFF COURSE)  marks055@... | 05/08/08
Ah! But Vietnamese Trojan Make For Safer Sex  itanalyst2@... | 05/08/08
Proof that Linux would be a disaster for mainstream desktops.  xuniL_z | 05/08/08
"It's TIME to stop running at the MOuth"  TroyJohnson | 05/08/08
A Windows exploit, as mentioned earlier  mhenriday | 05/08/08
Err, I think this shows how much of a disaster Windows can be  nilotpal_c | 05/08/08
they're going after the widows market  marks055@... | 05/08/08
In which case  nilotpal_c | 05/09/08
Is there ANYTHING, I mean ANYTHING  mdsmedia | 05/08/08
RE: Mozilla spreads malware rather than security  archisgore@... | 05/08/08
You hit on the main flaw  rpmyers1 | 05/08/08
too busy checking out...  Confused by religion | 05/08/08
How many "thousands of eyes".....  bportlock | 05/08/08
Then OSS sucks for Vietnamese people  markbn | 05/08/08
RE: Mozilla spreads malware rather than security  Cyberneticus Dinosaurus | 05/08/08
Thats why ya read the story  marks055@... | 05/08/08
It is time for formal lock down of plugins.  TripleII | 05/08/08
Re : 'It is time for formal lock down of plugins.'  mhenriday | 05/08/08
Well meaning amateurs  tonymcs@... | 05/08/08
For a second there...  zkiwi | 05/08/08
3 months of dormancy?  desmondhaynes | 05/08/08
Bloodbath?  zkiwi | 05/08/08
is it really mozilla's fault?  kolvas | 05/08/08
RE: Is it really Mozilla's fault???  bfilipiak@... | 05/09/08
Somewhat misleading headline  mrdt | 05/09/08
RE: Mozilla spreads malware rather than security  Jay_BG | 05/09/08
VERY MISLEADING HEADLINE  Danometer | 05/09/08
Very predictable  Speednet | 05/09/08
*words?  Speednet | 05/09/08
RE: Mozilla spreads malware rather than security  balaknair | 05/09/08
RE: Mozilla spreads malware rather than security  frj111@... | 05/09/08
and a little wallstreet hint yet on the microsoft&intel m. .. family  llval@... | 05/09/08
Tabloid style journalism?  OldGuru | 05/09/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Click Here
advertisement

Recent Entries

advertisement

Archives

ZDNet Blogs

White Papers, Webcasts, and Downloads