Mozilla’s reported plan to implement ‘silent’ background updates in the upcoming version of Firefox 10 has been questioned by security company Lieberman Software.
According to the company's CEO Phil Lieberman, IT security systems will have to be reconfigured to allow background updates on Firefox. However, there is a danger that hackers could disrupt the update system, which would allow them backdoor access to the user’s computer.
“Auto-updating needs to let the user know what is happening. Having your software quietly update in the background - presumably on a modular code basis - is not something IT security professionals will welcome,” claims Lieberman. “If hackers start reverse engineering the Firefox background updating system - and remember we are talking about open source software - then it is only a matter of time before malware is injected into the mechanism.”
In 2008 code cracker Peter Kleissner’s launched the Stoned bootkit and he is now scheduled to reveal the Windows 8 bootkit. Lieberman continued to say this Stoned Lite bootkit will allegedly allow code loaded from the Master Boot Record on the PC’s hard disc to remain in place all the way through the Windows 8 boot-up and loading purpose.
“Having a Windows 8 bootkit that exists is bad enough, but at least IT security professionals can set-up their system controls to only allow access to the update processes with suitable admin account logs in,” says Lieberman, “but with the prospect of allowing Firefox 10 to update itself silently and in the background, I suspect that many IT security professionals will raise the alarm. This is a recipe for a hacker security incursion in the background.”