[tor-bugs] #9195 [Tor bundles/installation]: Bad default setting in Tor Browser Bundle poses a severe privacy risk.

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jul 9 20:01:08 UTC 2013


#9195: Bad default setting in Tor Browser Bundle poses a severe privacy risk.
---------------------------------------+------------------------------------
 Reporter:  cypherpunks                |          Owner:  erinn
     Type:  defect                     |         Status:  new  
 Priority:  critical                   |      Milestone:       
Component:  Tor bundles/installation   |        Version:       
 Keywords:  tbb-pref, MikePerry201307  |         Parent:       
   Points:                             |   Actualpoints:       
---------------------------------------+------------------------------------

Comment(by cypherpunks):

 Replying to [comment:3 runa]:
 > Replying to [comment:2 mikeperry]:
 > > Thank you for the detailed explanation. I didn't realize that AV
 systems had moved into the cloud for verifying stuff like this.
 >
 > From http://kb.mozillazine.org/Browser.download.manager.scanWhenDone:
 "... this preference is only used for scanning completed downloads and
 only has an effect if you have antivirus software installed and are
 running Windows" ... "Starting in Firefox 3.7, also apply Windows security
 policy checks".


 Yes, `scanWhenDone` + AV works as intended on a Windows system. Many AV
 providers are quite open about adding "cloud" features to their products.

 It is after the PRISM revelations that the consequences becomes dire.


 1.) Please verify that you can reproduce the described behaviour.


 2.) I may be mistaken about the usage of the term "cloud" in relation to
 MSE. This is because it has been a long time since I replaced it with
 Comodo and I don't remember what label MSE used for the feature. But most
 companies assign different meaning to the same terms, so it doesn't matter
 what it is called. Many AV companies do have separate products aptly named
 "Cloud Scanner", but that MSE had a cloud scanning feature enabled by
 default came as a surprise to me.

 3.) The concern for the Torproject in this matter is in respect to the
 default setting used in TBB. How to correctly use AV products to maintain
 some level of privacy lies outside the scope of Torproject. But this
 problem illustrates the difficulty of keeping netizens safe and protect
 their privacy, and also points to the urgent need for a collaboration with
 other groups to produce a ''"The Netizens How-To Guide to Privacy and Safe
 Computer Usage"'' ebook.
 EFF, EPIC and The Internet Defense League comes to mind as collaborators.
 I can provide a draft of the structure for such a book, if asked.


 4.) What is the feature called in Comodo? = "Use cloud while scanning".


 5.) What documentation gives this information?
 http://help.comodo.com/topic-72-1-451-4757-Scan-Profiles.html
 (This site requires JavaScript.)
 Quote:
 "Use cloud while scanning - Selecting this option enables the Antivirus to
 detect the very latest viruses more accurately because the local scan is
 augmented with a real-time look-up of Comodo's online signature database.
 With Cloud Scanning enabled your system is capable of detecting zero-day
 malware even if your local anitvirus [SIC] database is out-dated. (Default
 = Disabled)."
 ... [snip] ...
 "Update virus database before running – Selecting this option makes CIS to
 check for virus database updates and if available, update the database
 before commencing the scan. (Default = Disabled)."


 6. If someone contacts tech reporters, ask them to investigate McAfee's
 HackerWatch (and all components of their product for privacy leaks).
 http://md5.hackerwatch.org
 I suspect McAfee is more eager to watch their users than "hackers".

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9195#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list