Protect Firefox From a Critical Windows Flaw
Firefox is vulnerable to the nasty Windows animated cursor flaw that can hand over control of your XP or Vista computer, according to a video posted by Determina, the company that originally discovered the vulnerability.
In the Determina video, the speaker (possibly Alexander Sotirov, who posted the blog entry) says that under Vista, IE7's Protected Mode mitigates the potential attack damage by not allowing the browser - or any attack that takes over the browser - to change system files or perform other common malware attacks. He goes on to say that Firefox doesn't have a similar protected mode.
It doesn't, in a regular install. But you can give it one using a Microsoft tool called DropMyRights. In essence, DropMyRights lets you easily put any program into a Protected Mode. Set it up for Firefox like this:
1. Download DropMyRights
2. Double-click the downloaded file to install it. Keep note of where it installs (by default it will go into C:\Documents and Settings\[yourusername]\My Documents\MSDN\DropMyRights\DropMyRights.exe).
3. Right-click the shortcut you usually use to start Firefox and choose Properties. You can do this with a shortcut on your desktop or on the Quick Launch toolbar.
4. On the Shortcut tab, edit the line in the Target box to add a reference to DropMyRights before the location of the Firefox executable. For my shortcut, that looks like: "C:\Documents and Settings\Erik\My Documents\MSDN\DropMyRights\DropMyRights.exe" "C:\Program Files\Mozilla Firefox\firefox.exe"
- note those quotation marks, you'll need them too.
5. On the General tab, change the shortcut's name to something like DropMyRights Firefox.
Now, when you use that shortcut, DropMyRights will in effect start Firefox in a protected mode, and Firefox (or again, an attack that successfully takes over the browser) won't be able to mess around with important system files.
You can test whether it worked by trying to save a Web page into a system directory. On any page, choose File->Save Page As, and navigate into the WINDOWS\system32 directory. If you get an error window like the one below when you try to save a page there, you know it worked.
The only gotcha in doing this is that you won't be able to install many downloaded programs straight from Firefox anymore. The install will start but then fail when it tries to write somewhere where it isn't allowed. Instead, go to the download in Windows Explorer and install it from there.
DropMyRights changes user privileges to protect you. If you're curious, I wrote about admin rights, user privileges, and other programs like DropMyRights in a story called "Disarm Net Threats."
Also, Michael Howard, who wrote DropMyRights, has plenty of info on his Microsoft blog.
PC World's Marketplace
PC World's Free Whitepapers
tech news tech blogs community & forums laptop prices software reviews downloads
If you run Windows Desktop Search in Win Xp some addition steps are needed. In General Tab click the Advanced button and uncheck top 2 lines first. I noted that the quotes are not needed around path to Dropmyrights in Target nor Start in. Remember tp recheck above lines before exiting.
Does this program work with XP Home ? I've installed in on a PC running XP Pro and it works as described in the blog. I've also installed it on a PC running XP Home, and it does not work, the newly created shortcut launches Firefox, but nothing prevents from saving a webpage in the Windows\System32 folder.
It works in XP Home. It tested ( I tried to save to C:\windows ) as they said and got the above dialog box. I am also running Norton Internet Security 2007 (DropMyRights Firefox does not show Norton's "Fraud monitoring is on" task bar). Did you notice the lack of quote marks around the path to DropMyRights? The software actually took out my quote marks! I put DropMyRights in G:\Program Files\DropMyRights.
There is one way that is much simplier: use Sandboxie (forget the "ie" part, it works fine with firefox).
Install Sandboxie, choose the default browser (Firefox I hope), and it automatically sets up a Firefox start process through the Sandbox.
So I have 2 shortcuts on my desktop: 'Firefox Sanboxed', and, 'Firefox' (without setting up a sandbox protection).
Does this apply to users of FireFox Protable?
Thank you BearUp, it works fine with Sandboxie.