Is firefox lying to users about viruses in downloads?

Published July 4th, 2018

Firefox ships with an interesting feature: they automatically flag downloads for viruses and malware. Sounds awesome. Unfortunately, this message isn’t always accurate. Apparently, sometimes this message is an outright lie. Firefox isn’t necessarily scanning the files for viruses, they’re often just using databases that list domains suspected of hosting malware. This would actually be a really useful warning if it was communicated to the end user accurately.

In one example, users report Firefox displaying this message when dowloading files via  “library genesis”, a popular website for downloading books and other materials without a license. A lot of the content on library genesis is pirated content, although there’s also some public domain material there.  But we’re not here to discuss the ethics of pirating books. For some users, Firefox is flagging every file downloaded from this website, telling them it’s a virus.

Several posts on the /r/libgen subreddit have confirmed this behavior. The behavior appears to be inconsistent: some users see the warnings, some don’t – sometimes the warning will display one day, and then not the next. Firefox support explains that the malware lists are updated every 30 minutes – so this might explain the erratic behavior. Apparently this has been going on for at least a month, according to another thread on the /r/libgen subreddit.

When the files in question were actually checked with a virus scanner, none of the flagged files were shown to contain viruses or malware. This isn’t to say that there isn’t any malware on library genesis – it probably does deserve to be on a list of sites that potentially host malware. That being said, to explicitly claim that a specific file in question IS a virus, is disingenuous. The problem could be easily remedied by changing the language of the warning.

Even more perplexing is UI of the virus warning dialog. Upon flagging a “virus”, Firefox gives the user two options: delete the file, or open it. There’s not actually an option to simply save the file. So, instead of giving the user the option to save the file and scan it with their own virus software, firefox says you either have to delete it or execute it immediately. That’s probably not a very good idea for files suspected of containing malware.