Slashdot Mirror
Firefox 2.0 Update To Remove Phishing Detection
An anonymous reader writes "Computerworld and others are reporting that Firefox 2.0.0.19, the last security update to be released before 2.0 goes end-of-life, will remove the phishing detection at the request of Google. The browser is using an older version of the Safe Browsing protocol that Google will discontinue. According to the latest NetApplications report, about 25% of all Firefox users were still on version 2.0. This move ought to result in an increased adoption of Firefox 3.0 and other browsers, unless it goes unnoticed by most users."
I doubt phishing protection will be what gets them to do it.
I consciously refused to upgrade to 3.0-- a number of my extensions and scripts don't work right and it's incredibly ugly in my opinion. Workarounds/alternative settings exist, I'm sure... but how much are people really missing out on by refusing the updates?
Even a minor increase in 3.0 adoption would be worth it, as the phishing detection won't matter once google turns it off. I think Mozilla is doing well by making one last effort to move people towards Firefox 3.
At least the version 2 users are being given some warning, as opposed to just being left out to dry without any heads up at all.
My preferred name is frazz, but someone keeps taking it. If you see him, tell him I said hi.
You just gave a reason for Firefox 2 users not to upgrade to Firefox 3.
The reason not to switch from Firefox 2 to Opera instead (for older systems) is the same reason for Windows '98 users to not switch from MSIE to Firefox.
They are more familiar with their chosen browser, and there is an inherent resistance to switching.
It's ashame the last major, tried and true, stable release of Firefox is EOL'ed so rapidly, in favor of the bleeding-edge FF 3.
What would you think of Microsoft if they had discontinued further security updates for Windows XP in 2007, one year after the release of Vista?
I still use Firefox 2 at work because the Firefox 3 downloads won't run on Red Hat Enterprise Linux Workstation 4. Seems to want libpangocairo, as I recall. Also, a couple plugins I like haven't been updated for Firefox 3 (FLST and Open Link In... come to mind).
I wonder how many of the 25% are in similar situations to mine?
Program Intellivision!
Google has too much power, but you're just being ridiculous. This is the last FF2 security release ever. Leaving in an automatic information query to a dead server would be a GAPING security hole.
I'm fairly certain that anyone who actually needs phishing detection probably won't even notice that it's gone, or won't know what it means. For example, people like my parents who only have Firefox because some well meaning geek installed it for them a year and a half ago...
If I don't put anything here, will anyone recognize me anymore?
Run their own phishing blacklist? Is that really a good use of their time?
Maybe they should sue Google, without any contract having been broken?
Or break into their data center and force them at gunpoint to turn the machines back on?
Mozilla should have gotten Google to contractually agree to keep the servers running through the end of life of Firefox 2, and they didn't, which is their screwup. But you're just conspiracymongering.
Not sure what's so bleeding-edge about FF 3, it's a lot more stable and faster than Firefox 2 was. I think your word choice is a bit disingenuous and designed to make FF 3 look bad. And the situation is a bit different since upgrading from XP to Vista costs money, whereas unless you're on Windows 98 upgrading from Firefox 2 to 3 doesn't cost a thing.
All your base are belong to Wii.
I disagree. I already tried Firefox 3 and it ran very poorly, so that's why I went back to Firefox 2.
IMHO rahter than disable the feature, thereby making users vulnerable to scams, the correct solution is to upgrade the anti-phishing to v2. Toturn it off completely is somewhat akin to a AntiVirus 2.0.0.19 program deciding to turn-off its scanner, to force users to move to AntiVirus 3. The ends do NOT justify leaving users vulnerable to attack.
FOX NEWS.com should be BANNED from television and internet. Have the Congress take it over and give us Truespeak.
Just to be fair, there ARE some people who can't upgrade to FF3. I'm thinking of Mac OS users. FF3 only works with 10.4 or higher. So many of those with G4 Macs are left in the dust.
I'm unsure of Windows compatibility, but Windows XP *is* over 7 years old, so users of older PCs are probably in good shape, at least.
Fact: Everything I say is fiction.
Uhhh... Google's turning off the servers.
Your FF 2.0.18 won't have any phishing protection, either.
And what if you are still on FF version 2 because you don't like some of the 'features' introduced in FF version 3? I'm looking at you, 'Awesome Bar'.
There was a lot of resistance to the awesome bar, and I thought it was a stupid idea at first, but honestly, give it a week and you'll get used to it and wish it was there when you're forced to use other browsers.
I guess the question is, if people are so against upgrading to 3.0 (which I find worlds better btw), how long will it take someone to write an extension for 2.0 that supports the new format.
The problem is we are talking about a piece of dead code here. Mozilla has decided that the Firefox 2 code base is EOL, and frankly I don't blame them. The memory leaks in the code just never seemed to get fixed and the memory management in FF3 is simply light years better. And Google has already made it clear they are pulling the plug on the v1.0 Phishing filter, which would cause folks to think they had protection that they didn't actually have.
You mention MSFT, but lets be honest here. Most folks didn't have a living shit fit when they EOLed the Win9X line after giving it an extension to give folks time to switch. Why? Because those of us that knew anything about Operating Systems knew that trying to keep that mess of a codebase patched and functional was like pissing in the wind. At least with FF2 you HAVE a choice.
If you believe there are enough users out there that for one reason or another need FF2 you can set up a website and try to build a community around the FF2 code. Since the code is Open Source anyone who feels strongly about it can build a community of like minded individuals and keep it going. Just look at how Seamonkey continues to improve and update after what? 2 years of being cut loose by Mozilla? The Mozilla Corp doesn't support Seamonkey yet I have it on all my machines and it updates nearly as quickly as FF. So if you truly feel that it can be updated to Google Antiphishing v2.0 you should try to build a community around it. That is one of the great things about FOSS. We always have a choice.
ACs don't waste your time replying, your posts are never seen by me.
When I go "Check for updates" I get the dialog box that informs me: "This update will cause some of your extensions and/or themes to stop working until they are updated." Clicking on "show list" shows me that Compact Menu and Whitehart will be disabled with FF3. If that extension and that theme get updated, then I'll switch to FF3. Until then, I'll "suffer" with my working browser, anti-phishing or not.
I still don't see why they're pushing people so hard to upgrade to 3.0.
Because they are going to stop working on that version. I hate to point out the obvious, but this isn't really a complicated question.
"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
The reasons to upgrade are the same as for any software. Sooner or later, FF3 or higher will have features that FF2 does not have and that you will need or wish you had. Whether that's patches, plug-ins, or new features, I can't say... but it is coming. Maybe a new version of HTML or a new scripting language... maybe a plugin that only works with 3.0 or higher for web pages you need access to -- who knows.
As for why they choose to turn the anti-phishing off rather than move to the next version, I think it's fair to say that turning off something is easier than re-coding it to work with something new. Also, why code it to work with the new Google version when you're discontinuing support? At some point, Google's API will change and FF 2 users will be left without a working anti-phishing engine again -- only without any warning because Mozilla will have moved on to FF 4 or beyond by then.
You are, of course, welcome to continue to use FF 2 if you enjoy the product, but it is not Mozilla's responsibility to continue to support it once they've moved on to a newer version.
You are correct that Mozilla could wait until Google discontinues its service to turn off the feature, but that is only prolonging the inevitable. They likely want the upgrade in place before Google shuts down its service so that users have advanced warning. If I were Mozilla, I'd even put up a splash screen upon installing the update to warn people that the anti-phishing no longer works and to upgrade to FF 3 if they wish to continue using the feature.
I'm not exactly sure what you're arguing. It sounds as if you're upset that Mozilla is "pushing" people to FF3 by discontinuing a feature in FF2, but really it's Google that's changing and Mozilla is reacting to that change by turning off the feature in advance in an effort to control the situation. It's not as if Mozilla turned off FF2's ability to use tabs or plugins or other features to intentionally cripple FF2.
Honestly, your post sounds a bit like a rant that eventually you'll have to move to something other than FF2 and you're upset that the reasons to move have only just begun to pile up. I can understand that you like the software and believe it is still worth supporting and/or forking to continue updating, but apparently Mozilla isn't going to be the one to do that for you.
The reason I consider it bleeding edge, is a bunch of plugins don't work at all with FF3.
It's a relatively new, unproven release, in the grand scheme of things.
Mmm.
In the grand scheme of things, VMS and masonry are new and unproven things, too.
If someone complains about the site not working and describes that message, I tell them to downgrade to FF2, which actually lets you still access the site (with just a simple dialog box).
*points* *laughs*
Moron. I hope that you don't work a helpdesk or IT somewhere.
FF3 keeps needing updates frequently, security bugfixes (I guess), and I kept running into crash bugs with FF3, several times a day, even the latest version of FF3, whereas FF2 and FF1 were rock solid, rarely ever crashed.
System specs? Installed plugins?
If you're so 'hardcore hax0r' and use only URLs why do you even need autocomplete? Turn it off or ignore it and shut up about it.
Even if it is going to "end of life", I still don't see why they need to disable the security protection. If Microsoft did that with XP, in order to try to get people to move to Vista, people would scream bloody murder.
But because this is Firefox, for some reason it's okay where if MS did it, people would call foul. Double standard.
FOX NEWS.com should be BANNED from television and internet. Have the Congress take it over and give us Truespeak.
Possibly it is a double-standard, but they haven't done any significant development on 2.x for quite a while, only security updates. Updating the Safe Browsing protocol may be considered "significant development" (I have no idea how much work would actually be involved) and therefore isn't really an option.
Since Google is going to be disabling their service which makes the phishing detector thing work at all, stopping the browser from trying to access it is a reasonable measure. It perhaps depends on the manner in which they disable it; if someone wants to make and use their own SBP 1.0 server with Firefox 2 they should be able to, so removing the code altogether would be bad, but disabling the option and hiding the UI option to enable it would be okay.
Your analogy should have compared the idea of Microsoft disabling a soon-to-be-unusable feature of IE6 to get people to move to IE7. A lot of people (especially here) would argue that's a good thing, as IE7 is more standards compliant and more secure than IE6.