New policies for safe browsing configuration

[htcfreek]

As you have the policy DisableSecurityBypass/SafeBrowsing it would make sense to add a second set of policies to configure and lock the safe browsing settings.

Sure I can set all the preferences manually using the preferences policy, but this isn't the best way to go. We need multiple preferences for single check boxes and it is a bit confusing that after blocking safe browsing bypass rules the user can still disable the whole safe browsing feature.

The better and admin friendly way would be to have a dedicated set of policies. This helps finding the setting too.

And if you worry that admins disable the feature you could add a policy that only forces the enabled state.

List of preferences to set and lock:

• Block dangerous and deceptive content sets:
  • browser.safebrowsing.malware.enabled
  • browser.safebrowsing.phishing.enabled
• Warn me about unwanted and uncommon software sets:
  • browser.safebrowsing.downloads.remote.block_potentially_unwanted
  • browser.safebrowsing.downloads.remote.block_uncommon
• Block dangerous downloads:
  • browser.safebrowsing.downloads.enabled

[mkaply]

The reason I've never done this is because these preferences are confusing and don't really map to the checkboxes well. (and every thing is enabled by default)

But I totally understand.

[htcfreek]

Maybe it makes sense to at least add a hint in the description of DisableSecurityBypass/SafeBrowsing that it has nothing to do with the ui settings and that admins can use the prefs to manage the ui settings.