Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stopping ChatZilla Installs on FireFox Systems?

Posted by Cliff on from the limiting-user-abuse dept.

TonalSpeller asks: "I'm in charge of a language learning computer lab in an Asian university. We have Windows XP on all machines, but I convinced my superior that I needed to hide Internet Explorer on all student machines (can't remove it entirely because some proprietary software might need access to it). I'm counting on security through obscurity -- I know that a minority of savvy people can still access IE via the command line. I am running the latest version of Opera and Firefox 1.0 PR on all machines, but now I am faced with a dilemma -- extending Firefox is so easy that sooner or later, someone will try to install Chatzilla. Is there any easy way to block Javascript while keeping Firefox's superb usability? I will be running TrustNoExe, but that won't catch Mozilla extensions. Any ideas or suggestions?" "I have also removed all chat clients, games and Outlook Express so that people can concentrate on language learning (I don't want people using all this expensive hardware to goof off). I work hard to create interesting lessons, but I won't get a chance to teach anything if students are immersed in irrelevant conversations."

8 of 81 comments (clear)

  1. Re:File system permissions by OmniVector · · Score: 2, Informative

    Note: I could be talking out my ass if Firefox stores extensions in the user profile directory on Windows.

    and they are

    --
    - tristan
  2. about:config by for(;;); · · Score: 4, Informative

    Won't setting xpinstall.enabled to false do the trick? (Type about:config in the url-box-location-bar-whatever-it's-called.) Then lock down the configuration.

    --

    "Whatever happened to fair use?"
    -- Duff-Man
  3. Permissions -- learn about them, use them... by Spoing · · Score: 2, Informative
    (From memory...please take this for what it's worth! I'll guess that the user accounts are 'limited' and not admin. If not, try that first!)

    If you know how permissions work, you can lock down any resource.

    Walkthrough:

    1. Use an account with the same privilidges as a normal user.
    2. Grab two sample systems that have Firefox installed but not the extention.
    3. On the first one, backup the user and program directories.
    4. Install the extention.
    5. Take note of every resource (file and directory) that has changed.
    6. On the second system, login as admin and turn off the execute and write permissions on those resources.
    7. Change the ownership on the resources to another account. Note that you may have to make the resource readable by the user account(s).
    8. Logout from the admin account and try to install the extention on the second system. It should not install.
    9. Consider putting these changes in as part of a login script till you roll out a new system image.

    These are general guidelines only. Keep in mind that you will probably have to change some settings to get everything to work properly -- such as making some of the resources readable by normal user accounts.

    When done, clean up; make sure to remove the local test user account files and Firefox after you have something that works. Chances are, the test systems will have some crud left behind that you think isn't important -- but may prompt another support call.

    --
    A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
  4. Whitelist by sab39 · · Score: 4, Informative

    Firefox supports a whitelist of sites that you can xpinstall from. This was added in the Preview Release, I believe. If you look in the release notes of that version, there should be more information on the whitelist and how to change its contents. Emptying the whitelist will effectively disable installing extensions.

    1. Re:Whitelist by ChowyChow · · Score: 3, Informative

      actually..you can bypass the whitelist by just downloading the xpi to the hard drive and then drag n'drop to Firefox...

  5. Re:A version without the extension feture menu ite by chocobot · · Score: 2, Informative

    I think that is pretty easy, I worked through the XUL tutorial on the xulplanet site, and they show you how to manipulate the XML files that are used to generate the menus. So no rebuilding/compiling is necessary, just h4x0r some text files to remove the install entry from the tools menu. http://www.xulplanet.com/tutorials/xulapp/ Although that doesn't take care of the click-to-install tool. But I am sure you can disable that in some config file

  6. Re:Software Firewall by The+Madpostal+Worker · · Score: 3, Informative

    DeepFreeze by Farconics Software

    --

    /*
    *Not a Sermon, Just a Thought
    */
  7. Re:Mandatory configuration by hattmoward · · Score: 4, Informative

    Sorry, that's 'xpinstall.enabled' = false