Firefox 3.6 Locks Out Rogue Add-ons

CWmike writes "Mozilla will add a new lockdown feature to Firefox 3.6 that will prevent developers from sneaking add-ons into the program, the company said. Dubbed 'component directory lockdown,' the feature will bar access to Firefox's 'components' directory, where most of the browser's own code is stored. Mozilla has billed the move as a way to boost the stability of its browser. 'We're doing this for stability and user control [reasons],' said Johnathan Nightingale, manager of the Firefox front-end development team. 'Dropping raw components in this way was never an officially supported way of doing things, which means it lacks things like a way to specify compatibility. When a new version of Firefox comes out that these components aren't compatible with, the result can be a real pain for our shared users ... Now that those components will be packaged like regular add-ons, they will specify the versions they are compatible with, and Firefox can disable any that it knows are likely to cause problems.'"

I want a mechanism for pluck-outs...

[jkrise]

At my company I would like a stripped-down Firefox without features like awesome bar and other bloat. Is there a way to do this, easily?

Also I have the SmartQ 7 and SmartQ 5 MIDs which are basedon the ARM processor. Thedefault browseris Midori... can I get a Firefox compiled for the ARM to run on that?

I hink firefox shoudl focus on these and similar issues...

Re:I want a mechanism for pluck-outs...

[Lord+Bitman]

The awesome bar, and most of the other firefox bloat, should be plugins. Firefox had this great plugin architecture which everyone and their dog used- except the firefox devs.
Why doesn't firefox ship with an array of "default" plugins, all of which can be disabled? There's no need for something like awesomebar to be core, is there?

Effects on Add-on Development

[Voulnet]

So what would be the effect on Add-on development? Would it make it more difficult to develop them? Would it constrain the Add-on developers?

Or is this just a method to lock out some Add-on with already known problems?

Re:.NET Anyone?

[maxume]

It's an artifact of supporting system wide extension installation, rather than per user. Microsoft probably should have used per user installation of the plugin (even though .NET is arguably a system wide update). Removing the support is probably overkill, as I imagine it is useful in managed environments.

It's not that simple

[carp3_noct3m]

It really isn't that simple. You could be running *nix or a mac. You might go to the same 3 sites everyday, but never browse new things. Due to the nature of the ways browsers are installed by default (which you imply you are using) you could get infected by even legitimate websites (who resell adspace to unscrupulous buyers) and not even realize it. With no tools, how do you propose to prevent cross-site scripting attacks, Java-script attacks, etc? I actually don't run a/v on personal systems. But I do run daily scans (while I'm at work) with multiple tools. I used to use no software firewall, relying on my strict PIX access-lists to protect me, but now I am using windows 7 and the firewall is so granular it is a good extra step. You are actually a malicious wet dream, someone who thinks they have everything so secure, that as long as you hide the bot/trojan etc well enough, they will never know they are a zombie machine. Just because you haven't been infected in over 20 years doesn't mean you can't get infected tomorrow. So, either you customize your browser intricately (JS, active-x settings, etc) or your just playing Russian roulette. Read this for tips on where you might be lacking. http://www.cert.org/tech_tips/securing_browser/

Re:.NET Anyone?

[DangerFace]

In my opinion, the missing uninstall button is a Firefox problem. How could they let you install software and list it as is installed software, but provide no method to uninstall?

Simple. Go to your FF address bar and type file:///C: then click on Program Files. You will be faced with a long list of software that FF is claiming is installed on your system, but can't just uninstall. I find it odd that you seem to think a few developers of a piece of software should be able to override the makers of the operating system. Maybe you also think that all the viruses and rootkits and trojans Windows gets from the web is a Firefox problem too?

A while ago there was a fuss about the Dalai Lama's computers getting hacked by Chinese dudes, and one of the guys asked for advice here. The overriding issue was that pretty much any modern software is hackable, if you have a team of experts working on it. MS has such a team, and they chose to target a specific program running within their own operating system - how were the FF devs supposed to stop them? OK, so they make good software, but they can't force you to use a different/better operating system.

Ninite installs only programs you pick?

[KWTm]

I think what you and the others that hate toolbars want is a nice little thing called Ninite. Dozens of programs including Foxit to choose from (and you can suggest more) and NO TOOLBARS. I just installed the latest Foxit in both WinXP and Win7, zero toolbars. it also makes it butt simple when you are building or repairing a PC which of the major programs you want installed without having to play "installer monkey".

Just pick the programs you want from the list, download the installer, and away you go. Has all the biggies like Chrome, Songbird, Aimp, Foxit, OO.o, Pidgen, Irfanview, etc. Really easy peasy and nice, so enjoy!

Wow, it's so easy to use! It's almost like having Synaptic for MS Windows programs!