I think we should implement a windows application reputation extension
to Safe Browsing -- to help detect malicious binaries users download and
for those we know are safe, stop prompting users.
== Background ==
Last year, Google started experimenting with an extension to Safe
Browsing that helps protect users from malware downloads. This is a
binary-file reputation system based on a whitelist of binaries and
domains, and identifies benign executables as windows users attempt to
download them. Benign executables can bypass any "are you sure" UI,
making it less annoying to users.
This adds to Safe Browsing (which just blacklists URLs that are known to
be phishing sites or distribute malware) so that no matter what page
you're on when you download malware, the binary itself is checked.
When they rolled it out in Chrome last year, it was unclear exactly how
effective it would be. Since the feature involved sending some download
URLs to Google (the reputation part of the system), there was no way to
reason through benefit vs. download history leak.
Since sending URLs is the main difference between this and the rest of
Safe Browsing, we have to think about whether Firefox users will be
willing to trade some of their download history for the protection
offered by the system and a less in-your-face download UI. I believe
== System Attributes ==
* List Size: roughly 300 domains and 100 app signers in whitelist (small)
* Average Chrome users download about 2 binaries per day.
* ~ 8% of files downloaded by users are executables (and subject to this
* ~ 65% of those executables are whitelist hits and cause no prompt or
ping to Google (with URL of binary)
* Roughly 5.2% of a user's downloads result in a URL being sent to
Niels, Moheeb: if you have any public documents about the system or API,
would you please reply to this with links?