> Sorry if I'm asking silly questions... but to clarify... Your questions are not silly. :)
> 1. What is a 'whitelist miss'? When the user is given today's behaviour? Yes. It's the treatment given to binary downloads when Firefox is not assured the software is safe. So probably today's treatment, perhaps something with stronger words like "This might be malware". > 2. What can cause a whitelist miss that is correctable by an on-line > service? Is it just freshness? As far as I understand the system it's a server-side classifier that learns from and uses a combination of things: freshness, signing the binary, etc. But this exposes a good question: how does a legitimate software creator reliably get on the whitelist? > Is there essentially 6% daily churn in the list? I don't think it's that simple. I think there's a churn in the list, but only for the most popular binary downloads. There will probably be some less-popular downloads that never make the list but are still acceptable; those will result in a ping, but the result of the ping would be "this file is not malware", and Firefox could treat it as benign. -Sid _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
