Posted by: Ken Harthun
Malware, Opinion, secure coding, Secure Computing, Security
Better a false positive than no warning at all, I say. And the one real alert was confirmed. Here’s the scoop as reported by Mozilla in their blog:
Last week, we disclosed two instances of suspected malware in experimental add-ons on AMO. Since that disclosure, we’ve worked with security experts and add-on developers to determine that the suspected trojan in Version 4.0 of Sothink Video Downloader was a false positive and the extension does not include malware. The same investigation also confirmed that the Master Filer extension included a valid instance of a trojan.
Recall that I reported on this last week: Mozilla Missed Malware in Infected Firefox Add-ons.
Here’s an idea: Err on the side of false positives rather than denial. Sure, it would be a little inconvenient to deal with, but at least we’d all be more secure as a result, don’t you think?
Well, what DO you think? Send me some feedback!