Jump to content

Recommended Posts

  • Staff

Hi,

This isn't a false positive. We are alerting here for a potentially Unwanted Modification.

In your case, it looks like you have your user.js override the default settings in firefox where some default security measurements have been disabled.

Eg, in your case, the safebrowsing protection has been disabled via your user.js file. This is something that is often done by malware as well, hence why we need to alert the user here.

Unsure if you are aware of this though - but it's not good practice to have the safebrowsing features in Firefox disabled (in your case override via your user.js file).

https://support.mozilla.org/t5/Protect-your-privacy/How-does-built-in-Phishing-and-Malware-Protection-work/ta-p/9395

 

In either way, if you are aware of this, then add this detection to your exclusions.

 

Thanks!

Edited by miekiemoes
Link to post
Share on other sites

No!
"add this detection to exclusions" - is not the problem.
If you you've read a little bit more careful, ;)
you've recognized, that the mentioned site ("www.privacy-handbuch.de"), even it's a german site, first of all deals with questions of security in internet!
One of the authors has been part of JonDoNym, next to torbrowser one of the only projects dealing explicitly with security in internet!
And that's source of the given file "user.js". It's (only) an addition(!) to a normal mozilla-firefox-profile! This addition is totally harmless - that's not difficult to detect. The addition is only a collection of configuration-steps to get a privacy-friendly firefox-profile (https://www.privacy-handbuch.de/handbuch_21u.htm)!! To avoid that a user has to add these steps manual via 'about:config' he/she can copy the file 'user.js' into the wanted firefox-profile. That's it!

=> so the alert of your program is redundant and in the end it's wrong.

Link to post
Share on other sites

  • Staff

Hi,

To elaborate more on this...

The browser settings in the user.js file actually overrides the settings in the prefs.js - so this isn't really an addition, since it overrides.

Some more info: http://miekiemoes.blogspot.be/2009/01/settings-wont-save-in-firefox.html

The safebrowsing feature in Firefox is actually google's safebrowsing one, which was implemented by default in Firefox since 2007. If not mistaken, this isn't present anymore in latest builds of Firefox however and replaced with the Safe Browsing API rather if not mistaken.

In this user.js file, it has settings that disables the safebrowsing feature of your Firefox browser as it has the value to "false" set here.

To give some examples what's in this user.js file:

user_pref("browser.safebrowsing.downloads.enabled", false);

user_pref("browser.safebrowsing.malware.enabled", false);

user_pref("browser.safebrowsing.enabled", false);

So this means, when these settings are present in the prefs.js file as well and set as true (as how it should), the presence of your user.js file will override this.

We've seen malware creating such user.js file as well, exactly with above preferences also set to false. I know the goal of yours is rather for anonimity/privacy reasons.

In either way, since our engine can't know whether this is a user.js file set by malware that disables safebrowsing, or a user.js file that is set by the user himself, we believe we need to alert here still as Potentially Unwanted Modification. We are not saying it's malware, we are alerting that default settings to use safebrowsing have been disabled. So in this case, it's users choice to either have Malwarebytes deal with this, or ignore.

 

Edited by miekiemoes
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.