Firefox 1.0 and downloads

[Kerodo]

I noticed an interesting thing here today and thought I'd mention it. I
was going to download a file in Firefox. The download window popped up
on the web site, asking for my permission to download it, and all of a
sudden my anti-virus was notifying me that the file contained a virus.
So, Firefox was downloading the file to a temp directory before I even
OK'd the download! I assume this is something it does to try to give
the appearance of speedier downloads.

I tried doing the same thing in IE and K-Meleon browsers, but they
didn't start the download before it was OK'd. So it's just Firefox. To
my way of thinking, this shouldn't be. The download shouldn't touch
your disk unless you say OK to it. What I wanted to do is exit and
cancel the download, but Firefox already had it on my disk before I had
a chance. It was also in the cache as well.

So I'm using K-Meleon for now. It's a minor thing, but it bothers me
that Firefox would do something like this. Interesting at any rate...

 

[Mike Andrade]

The download window popped up
on the web site, asking for my permission to download it, and all
of a sudden my anti-virus was notifying me that the file contained
a virus.

Just out of curiosity, what file from what website and what av are you
using?

 

[Kerodo]

Just out of curiosity, what file from what website and what av are you
using?

The AV is AntiVir, the latest version. I don't remember the file or
site anymore. It's gone. I don't keep any history. AntiVir found it
in a Temp folder that Firefox uses for downloads apparently, and also in
my Firefox cache. I had it delete both copies and all was well after
that. It was a small file if I recall right.

It's not that I found a virus infected file, that's common enough. What
bothers me is that Firefox actually hits my disk with the file before I
permit the download. Didn't even get to the download window in FF yet.

 

[xmp]

Just out of curiosity, what file from what website and what av are you
using?

yeah, without more information, who knows. sometimes AV flags on
legitimate crypt libraries since trojans use them. it could have also
been flagging on a malicious banner ad.

false positives are a problem with signature (or heuristics) AV.

michael

 

[=?ISO-8859-1?Q?=BBQ=AB?=]

I noticed an interesting thing here today and thought I'd mention
it. I was going to download a file in Firefox. The download
window popped up on the web site, asking for my permission to
download it, and all of a sudden my anti-virus was notifying me
that the file contained a virus. So, Firefox was downloading the
file to a temp directory before I even OK'd the download!

Yeah, it starts caching when you click the URL, and puts the file in
the folder you specify once you go through the download dialog. This
is by design. The download dialog is just to tell Fx where you want it
to put the already-selected file, not a check on whether you want the
file at all. I don't see it as a problem; the download won't be
executed from the cache.

 

[Kerodo]

yeah, without more information, who knows. sometimes AV flags on
legitimate crypt libraries since trojans use them. it could have also
been flagging on a malicious banner ad.

false positives are a problem with signature (or heuristics) AV.

Here's the exact message from AntiVir in the Event Logs (Win2k):

AntiVir has detected a virus 'TR/Drop.Small.GT.1' in the file C:\DOCUME~
1\ADMINI~1\LOCALS~1\TEMP\6U2UD5T8.EXE

However, whether it's a virus or not is not the issue. That's merely
the reason why I found out about the problem. The problem is that
Firefox is downloading files to disk BEFORE the user gives it permission
to do so.

 

[Kerodo]

Yeah, it starts caching when you click the URL, and puts the file in
the folder you specify once you go through the download dialog. This
is by design. The download dialog is just to tell Fx where you want it
to put the already-selected file, not a check on whether you want the
file at all. I don't see it as a problem; the download won't be
executed from the cache.

Thanks for verifying that. It appeared to put the selected file in the
cache AND in a temp directory as well. At any rate, it seems kinda
premature. I don't know if it's really a problem either, since it isn't
executed or anything, however, none of the other browsers do that, so I
wonder why FF does? Only reason I can think of is speed.. gaining a
second or two in the download time.

 

[Rili]

Yes, firefox starts downloading the file straight away to make it appear
faster.

There should be an option to turn this feature off for a number of reasons
including the one you mention.

The reason I found out about it is because we have a download quota at work
and so I clicked on a file to see how big it is, thinking it wouldn't
download it, but it had already started. The patch was over 300Mb in size
and we have a very fast internet connection at work. By the time I had
clicked cancel, my entire quota was gone for the month! I was not happy!

Maybe there is a configuration setting in about:config that can be used to
turn it off?

 

[Mike Andrade]

Maybe there is a configuration setting in about:config that can be
used to turn it off?

There is a mimetype extension where you can configure ff to /ask/ what
to do with any file once you have clicked on it.

 

[Kerodo]

Yes, firefox starts downloading the file straight away to make it appear
faster.

There should be an option to turn this feature off for a number of reasons
including the one you mention.

The reason I found out about it is because we have a download quota at work
and so I clicked on a file to see how big it is, thinking it wouldn't
download it, but it had already started. The patch was over 300Mb in size
and we have a very fast internet connection at work. By the time I had
clicked cancel, my entire quota was gone for the month! I was not happy!

Maybe there is a configuration setting in about:config that can be used to
turn it off?

That would be good if there was a config setting. I'm not aware of one,
but maybe someone else knows. If I had my preferences, I'd set it to
wait until I give the final OK on the download. The other browsers
wait. Seems a little better that way...

 

[MAMEngineer]

I tried doing the same thing in IE and K-Meleon browsers, but they
didn't start the download before it was OK'd.

Can't speak for K-Meleon, but IE does in fact start the download before you
ok it... test it this way:

Select the file you wish to download
When the OK dialog pops up, walk away. Come back in 10 minutes or so and
click OK. Your download will appear to finish instantly.

What you witnessed firefox doing was quite a welcome feature: It downloads
the files signature/header data first and presents it to your AV software.
Brilliant, if you ask me.

 

[=?ISO-8859-1?Q?=BBQ=AB?=]

The reason I found out about it is because we have a download
quota at work and so I clicked on a file to see how big it is,
thinking it wouldn't download it, but it had already started. The
patch was over 300Mb in size and we have a very fast internet
connection at work. By the time I had clicked cancel, my entire
quota was gone for the month! I was not happy!

Maybe there is a configuration setting in about:config that can be
used to turn it off?

I can't find a config option by googling.

You might try the Get File Size extension at
<http://www.extensionsmirror.nl/index.php?showtopic=328>.

I have not tried it, and in general I'm a bit leery of repackaged
old extensions. Torisugari's extensions are excellent, but the
update to this extension is still on his to-do list. I'd wait until
he does it. You can keep an eye on his files via the 'more' link on
his site <http://cgi29.plala.or.jp/~mozzarel/> or keep an eye on his
weblog at <http://www.spreadfirefox.com/?q=blog/8995>.

 

[Kerodo]

Can't speak for K-Meleon, but IE does in fact start the download before you
ok it... test it this way:

Select the file you wish to download
When the OK dialog pops up, walk away. Come back in 10 minutes or so and
click OK. Your download will appear to finish instantly.

Interesting. When I noticed the virus in Firefox, I later went to the
same site and did the same thing in IE, but got no virus warning from
the AV. So I assumed that the file did not begin downloading, or I
would have seen the same AV warning. Same with K-Meleon.

What you witnessed firefox doing was quite a welcome feature: It downloads
the files signature/header data first and presents it to your AV software.
Brilliant, if you ask me.

I guess you could look at it that way...

I think I'd still prefer if it waited. But I imagine it'll stay that
way in FF, since that's the way they want it.

 

[MAMEngineer]

I tried doing the same thing in IE and K-Meleon browsers, but they
didn't start the download before it was OK'd.

Can't speak for K-Meleon, but IE does in fact start the download before you
ok it... test it this way:

Select the file you wish to download
When the OK dialog pops up, walk away. Come back in 10 minutes or so and
click OK. Your download will appear to finish instantly.

What you witnessed firefox doing was quite a welcome feature: It downloads
the files signature/header data first and presents it to your AV software.
Brilliant, if you ask me.

 

[Toke Eskildsen]

Interesting. When I noticed the virus in Firefox, I later went to
the same site and did the same thing in IE, but got no virus
warning from the AV.

Maybe because the temporary file from IE has a different ending? Maybe
your virusscanner only checks files with specific endings like .exe,
..com and so?

BTW: Opera does the same download-in-the-background-while-waiting-for-
the-user. I find it to be a great feature, but I can understand why
some people would want to disable it.

 

[Kerodo]

Maybe because the temporary file from IE has a different ending? Maybe
your virusscanner only checks files with specific endings like .exe,
.com and so?

Yes, possibly. My AV is set up like that right now. No warning in K-
Meleon either, but maybe for the same reason? Don't know...

BTW: Opera does the same download-in-the-background-while-waiting-for-
the-user. I find it to be a great feature, but I can understand why
some people would want to disable it.

After thinking it over, I guess it's ok. If it were a security threat
then they wouldn't allow it, and I trust Firefox more than most. I also
have Opera here too. I like it as well.

 

[elaich]

I noticed an interesting thing here today and thought I'd mention it. I
was going to download a file in Firefox. The download window popped up
on the web site, asking for my permission to download it, and all of a
sudden my anti-virus was notifying me that the file contained a virus.
So, Firefox was downloading the file to a temp directory before I even
OK'd the download! I assume this is something it does to try to give
the appearance of speedier downloads.

Maybe that's why downloads always begin at 5 or 6% completed! I was
wondering about that.

I don't allow Firefox to download files at all any more. I use an old
version of GetRight (4.3) with the adserver files stripped out. (GetRight
allows this.) I like GetRight's ability to pause and resume downloads and
the old version is very skinny.

It can't automagically catch clicks in Firefox, but if you right click and
select "copy link location" GetRight will usually pop up ready to download.

This should be posted on the Mozilla forums ASAP.