Firefox’s Malicious Download Checker gets Bypass option

Mozilla implemented Google’s Safe Browsing technology for downloads in Firefox some time ago. The feature checks downloads that you make in the browser using Google to determine if a file is malicious.

The browser maintains a local copy of the blocklist and checks the file against that list to verify it. If it is flagged by Google, a blocked message is displayed in the download manager and the download is not saved to the local system.

Improving user protection in Firefox is certainly positive but the system is not free of issues. While Safe Browsing catches malicious files, it is plagued by false positives as well.

If you try to download a password program from Nirsoft for instance, a respected and acclaimed developer of Windows software, you will notice that some are blocked by Safe Browsing even though they are not malicious.

This raises validity concerns especially if Google’s own Virustotal service reports a program as clean. Even if some services report them as malicious, it does not necessarily mean that they are.

False positives are quite common and while Google is blocking downloads in Chrome as well, it offers an option to unlock the download to bypass the flag and get access to the file anyway on the computer.

Firefox up until now does not offer a bypass option. That’s a problem, especially if you know that a file is clean, trust the developer or want to continue because you know what you are doing.

Say, you download the file because you want to run it in a sandbox or a virtual machine. That’s perfectly fine but not possible currently if you are using Firefox because it does not offer a bypass option.

This changes in Firefox 39 which ships with an option to unblock files that were blocked by the browser.

Via ghacks.net