Firefox 3.6 Locks Out Rogue Add-ons

← Back to Stories (view on slashdot.org)

Firefox 3.6 Locks Out Rogue Add-ons

Posted by CmdrTaco on Wednesday November 18, 2009 @03:13AM from the and-stay-out dept.

CWmike writes "Mozilla will add a new lockdown feature to Firefox 3.6 that will prevent developers from sneaking add-ons into the program, the company said. Dubbed 'component directory lockdown,' the feature will bar access to Firefox's 'components' directory, where most of the browser's own code is stored. Mozilla has billed the move as a way to boost the stability of its browser. 'We're doing this for stability and user control [reasons],' said Johnathan Nightingale, manager of the Firefox front-end development team. 'Dropping raw components in this way was never an officially supported way of doing things, which means it lacks things like a way to specify compatibility. When a new version of Firefox comes out that these components aren't compatible with, the result can be a real pain for our shared users ... Now that those components will be packaged like regular add-ons, they will specify the versions they are compatible with, and Firefox can disable any that it knows are likely to cause problems.'"

53 of 265 comments (clear)

Min score:

Reason:

Sort:

I want a mechanism for pluck-outs... by jkrise · 2009-11-18 03:17 · Score: 2, Interesting

At my company I would like a stripped-down Firefox without features like awesome bar and other bloat. Is there a way to do this, easily?
Also I have the SmartQ 7 and SmartQ 5 MIDs which are basedon the ARM processor. Thedefault browseris Midori... can I get a Firefox compiled for the ARM to run on that?
I hink firefox shoudl focus on these and similar issues...

--
If you keep throwing chairs, one day you'll break windows....
1. Re:I want a mechanism for pluck-outs... by toppavak · 2009-11-18 03:26 · Score: 3, Funny
  
  A pony would be nice as well!
2. Re:I want a mechanism for pluck-outs... by Aquaseafoam · 2009-11-18 04:00 · Score: 2, Funny
  
  You could try Midori. http://www.twotoasts.de/index.php?/pages/midori_summary.html
  
  --
  09-F9-11-02-9D-74-E3-5B-D8-41-56-C5-63-56-88-C0
3. Re:I want a mechanism for pluck-outs... by jamstar7 · 2009-11-18 04:12 · Score: 5, Funny
  
  The pony should be a plugin
  The mental image that came to mind when I saw that convinces me that I watch WAY too much porn...
  
  --
  Understanding the scope of the problem is the first step on the path to true panic.
4. Re:I want a mechanism for pluck-outs... by Lord+Bitman · 2009-11-18 04:27 · Score: 4, Interesting
  
  The awesome bar, and most of the other firefox bloat, should be plugins. Firefox had this great plugin architecture which everyone and their dog used- except the firefox devs.
  Why doesn't firefox ship with an array of "default" plugins, all of which can be disabled? There's no need for something like awesomebar to be core, is there?
  
  --
  -- 'The' Lord and Master Bitman On High, Master Of All
5. Re:I want a mechanism for pluck-outs... by LordSnooty · 2009-11-18 04:37 · Score: 2, Insightful
  
  Take source, rewrite source, build.
6. Re:I want a mechanism for pluck-outs... by anasciiman · 2009-11-18 04:47 · Score: 2, Insightful
  
  The code is available and forkable. Why not fix it to your liking and then submit patches?
  
  --
  Think of me when you shave your legs...
7. Re:I want a mechanism for pluck-outs... by Anonymous Coward · 2009-11-18 05:22 · Score: 2, Funny
  
  Have you considered trying the new browser Midori
8. Re:I want a mechanism for pluck-outs... by Glothar · 2009-11-18 06:03 · Score: 2, Funny
  
  No. I'm quite happy with Midori.
9. Re:I want a mechanism for pluck-outs... by gbarules2999 · 2009-11-18 07:34 · Score: 2, Funny
  
  I, on the other hand, think that Midori is a far better solution.
10. Re:I want a mechanism for pluck-outs... by clone53421 · 2009-11-18 09:16 · Score: 2, Informative
  
  Sure you can. You can wipe sites from the history (and thus from the location database) relatively easily.
  You can begin typing, highlight a search result by hovering over it with the mouse, then press the Del key to remove that result.
  You can also open the history tab, type something in Search, tab into the search results list, Ctrl-A to select all, and press the Del key to remove all of them.
  Finally, you can add the HistoryBlock extension which silently prevents certain sites (domains or subdomains) from being added to the history, recently closed tabs, download manager history, cache, or cookies. Blocked domains or subdomains are hashed, so there is no incriminating list, although having the HistoryBlock extension may be incriminating by itself to some people.
  
  --
  Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
.NET Anyone? by Daengbo · 2009-11-18 03:18 · Score: 5, Insightful

Last February, and again in May, Firefox users complained when they found that Microsoft had pushed the .Net Framework Assistant add-on and the Windows Presentation Foundation (WPF) plug-in to their browsers as part of the .NET Framework 3.5 Service Pack 1 (SP1) update, which was delivered via Windows Update.
That's the first thing I thought of when I read the summary.

--
Put identity in the browser.
1. Re:.NET Anyone? by NoYob · 2009-11-18 03:21 · Score: 4, Insightful
  
  The first thing I thought of was those Yahoo! toolbars that folks love to slip into every browser.
  
  --
  It's NOT me! It's the meds! I'm on 1000mg of Fukitol.
2. Re:.NET Anyone? by maxume · 2009-11-18 03:25 · Score: 5, Informative
  
  Those components were installed by editing the Windows registry, not 'dropped in' as is discussed here (Firefox looks in various locations to find plug-ins and addons to load).
  
  --
  Nerd rage is the funniest rage.
3. Re:.NET Anyone? by sopssa · 2009-11-18 03:37 · Score: 4, Informative
  
  Well, as no one reads the article, this doesn't concern .NET update in any way:
  
  In actuality, Microsoft did not drop its code into Firefox's components directory, Nightingale confirmed. "The .Net Framework and WPF use our existing extension/plug-in mechanisms, that's why we were able to disable them when they were found to be vulnerable," he said in a follow-up e-mail. "They aren't impacted by this change."
4. Re:.NET Anyone? by Anonymous Coward · 2009-11-18 03:56 · Score: 5, Funny
  
  What do you mean? As far as I know, in all the instances where a toolbar is bundled with some other software, the toolbar installation is clearly mentioned in the software EULA, so each time the toolbar is installed, the user agreed that he wanted it. As a developer for a Web optimizer plugin, this Firefox change will make it much harder for us to reach our users.
5. Re:.NET Anyone? by Anonymous Coward · 2009-11-18 04:11 · Score: 3, Insightful
  
  I'm sick of getting my browser hijacked every time I install a program.
  Maybe you should stop installing malicious software, then.
  There's a perfectly good reason why these apps need to look in multiple locations: different users have different setups.
  It's all well and good to have "one location", until that one location on one person's machine is an administrator-only location that non-privileged users can't edit, meaning they have no ability to customize their use of the software. I don't give a crap what people install on their machines under their accounts because they're running with few privileges and can only mess up their own setup. I don't want to have to start manually tweaking permissions on some shared add-ons folder every time somebody wants a new tool added to their instances of Firefox.
  Just because you choose to keep installing viruses and junkware that messes up your machine doesn't mean the rest of us should have to suffer through endless security configuration headaches.
6. Re:.NET Anyone? by The+MAZZTer · 2009-11-18 04:17 · Score: 2, Informative
  
  This is different from that. Those are actually packaged as add-ons so this change wouldn't affect them at all.
  What Mozilla should do about those IMO is one of two things: 1) Enable the uninstall button for globally installed extensions (IE installed for all users) on Administrator accounts (in Windows; root on Linux... assuming Linux has global extensions) 2) Take steps to prevent or discourage apps from trying to plop extensions down and install them in Firefox without the user's consent. The "official" way for installers to install extensions should be to invoke Firefox with the URL of the XPI. Then the user would get the normal Firefox "Do you want to install this extension?" dialog and they can decide. Of course it would be impossible to fully prevent extensions from being covertly installed, but I think it would be worth the effort to lay down a few roadblocks if only to indicate to extension devs "don't do it this way".
7. Re:.NET Anyone? by Canazza · 2009-11-18 04:29 · Score: 2, Informative
  
  http://slashdot.org/comments.pl?sid=1407593&cid=29776261
  link, because "plain old text" turns urls into links
  
  --
  It pays to be obvious, especially if you have a reputation for being subtle.
8. Re:.NET Anyone? by trevdak · 2009-11-18 04:34 · Score: 5, Insightful
  
  Regardless, there should've been a prompt to ask if you wanted to install it, and there damn well should be a working uninstall button.
9. Re:.NET Anyone? by mqduck · 2009-11-18 04:37 · Score: 5, Insightful
  
  the toolbar installation is clearly mentioned in the software EULA, so each time the toolbar is installed, the user agreed that he wanted it. As a developer for a Web optimizer plugin, this Firefox change will make it much harder for us to reach our users.
  I fail to see the downside for anybody but you, and you make it sound like you clearly deserve it.
  
  --
  Property is theft.
10. Re:.NET Anyone? by maxume · 2009-11-18 04:59 · Score: 3, Interesting
  
  It's an artifact of supporting system wide extension installation, rather than per user. Microsoft probably should have used per user installation of the plugin (even though .NET is arguably a system wide update). Removing the support is probably overkill, as I imagine it is useful in managed environments.
  
  --
  Nerd rage is the funniest rage.
11. Re:.NET Anyone? by Miamicanes · 2009-11-18 05:03 · Score: 4, Insightful
  
  > What do you mean? As far as I know, in all the instances where a toolbar is bundled with some other
  > software, the toolbar installation is clearly mentioned in the software EULA, so each time the toolbar
  > is installed, the user agreed that he wanted it. As a developer for a Web optimizer plugin, this Firefox
  > change will make it much harder for us to reach our users.
  Q. What's the difference between a 'trojan' and 'malware'?
  A. Malware has a EULA.
  I can't even *begin* to emphasize how badly it pisses me off when some app tries to sneak BHOs and plugins into their installer... almost always in ways that someone in a hurry to install the app that's actually *desired* will overlook. I flat-out refuse to ever use Yahoo and Google's toolbars, *precisely* because they have so many people trying to ram them down my throat and trick me into installing them.
12. Re:.NET Anyone? by andi75 · 2009-11-18 05:34 · Score: 4, Insightful
  
  If it's "mentioned in the EULA" it might as well be "on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying 'Beware of the Leopard'". About the same amount of people will be able to read & understand it.
13. Re:.NET Anyone? by Catiline · 2009-11-18 08:49 · Score: 2, Insightful
  
  In my opinion, the missing uninstall button is a Firefox problem. How could they let you install software and list it as is installed software, but provide no method to uninstall?
  Simple. Go to your FF address bar and type file:///C: then click on Program Files. You will be faced with a long list of software that FF is claiming is installed on your system, but can't just uninstall.
  What a textbook example of a strawman argument! Firefox was not intended to manage software installed to "C:\Program Files\" and presumably was not used to install any of these programs (Firefox itself excepted). What the GP is complaining about is the ability of add-ins for Firefox to disable the internal Firefox un-installation command. If you had followed the previous stories, you'd know that already.
  
  Maybe you also think that all the viruses and rootkits and trojans Windows gets from the web is a Firefox problem too?
  When a virus, rootkit, trojan or other form of malware gets installed due to a flaw in the design of Firefox, then that flaw is a problem Firefox should address. However, this is such a small percentage of the above listed programs that your question can be answered "no" with reasonable levels of honesty.
  
  --
  Do you like Japanese imports?
User perspective by omfglearntoplay · 2009-11-18 03:19 · Score: 5, Insightful

From a user perspective, this sounds like a good move. Stability problems in Firefox always seems to stem from add-ons or extensions. Lock that crap down, and make the devs code the right way.
1. Re:User perspective by fluffy99 · 2009-11-18 04:44 · Score: 3, Insightful
  
  From a user perspective, this sounds like a good move. Stability problems in Firefox always seems to stem from add-ons or extensions. Lock that crap down, and make the devs code the right way.
  Correction - stability problems in Firefox have always been blamed on add-ons or extensions. Of course the developers always became deaf when people having issues with no plug-ins installed.
2. Re:User perspective by RiotingPacifist · 2009-11-18 05:57 · Score: 2, Insightful
  
  Because --safe-mode is too much?
  To get help all I've ever had to do is run the program in --safe-mode and see if the bug is still there (often it's not), personally i like keeping a blank profile and launching it with --no-remote anyway, but --safe-mode isn't that much to ask, given they are normally caused by addons
  
  --
  IranAir Flight 655 never forget!
Effects on Add-on Development by Voulnet · 2009-11-18 03:20 · Score: 3, Interesting

So what would be the effect on Add-on development? Would it make it more difficult to develop them? Would it constrain the Add-on developers?

Or is this just a method to lock out some Add-on with already known problems?
1. Re:Effects on Add-on Development by socsoc · 2009-11-18 03:26 · Score: 2, Insightful
  
  Hopefully it's gonna lock out add-ons that weren't initiated from within the browser with explicit intention from the user. The MS .NET stuff and the browser addons that get automatically (if you're not paying close attention, which my users never are) added from Adobe Reader, Java, CCleaner, etc.
2. Re:Effects on Add-on Development by vertinox · 2009-11-18 03:29 · Score: 2, Insightful
  
  So what would be the effect on Add-on development? Would it make it more difficult to develop them? Would it constrain the Add-on developers?
  Its the same reason why IE made it easier to develop web pages by tolerating broken HTML code.
  People were using unintended features to make their work easier, but then when the unintended feature was removed then it breaks a lot of things.
  In that respect, the developers should have wrote to spec in the first place rather than taking advantage of loopholes because it might get fixed one day.
  
  --
  "I am the king of the Romans, and am superior to rules of grammar!"
  -Sigismund, Holy Roman Emperor (1368-1437)
3. Re:Effects on Add-on Development by BitZtream · 2009-11-18 03:45 · Score: 4, Informative
  
  The MS plugin is not effected by this. It did things in the proper way, the documented method for adding system wide extensions rather than user level extensions. That is why Mozilla could easily disable the insecure version of the plugin, because it actually followed the rules.
  MS just added a registry key that pointed at the files for the extension, which is well documented and used by many other pieces of software to allow plugins to be installed even before Firefox, and allowing any version of Firefox (or Thunderbird or whatever) to find them, even after installation into some random directory.
  If you bother to read the article, it says the same. Google Desktop Search on the other hand, doesn't follow the rules and will be blocked unless Mozilla makes a work around for them or Google updates GDS to follow the rules.
  This is essentially like not allowing code from anyone other than MS to be dropped into the Windows directory, and requiring it to be put somewhere else and properly registered with the system rather than throwing it in the system32 directory and loading it as if it were trusted code from MS.
  
  --
  Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
4. Re:Effects on Add-on Development by socsoc · 2009-11-18 03:57 · Score: 2, Insightful
  
  I disagree with the "proper way." I do not use .NET and have no wish for that to be in a competitor's browser. To me the proper way is for me seek out a download, preferably through an XPI, but definitely not through Windows/Microsoft Update.
  Although I thought I read it, I didn't see the link to the second page to TFA, so thanks for redirecting me back to it.
5. Re:Effects on Add-on Development by ImYourVirus · 2009-11-18 03:58 · Score: 2, Insightful
  
  If it followed the rules, it would have asked instead of just installing it, quit spewing this shit of 'they did it the right way' obviously not if the user was unaware it was happening and thus didn't want it installed.
  
  --
  Why is common sense called that if it's not common?
6. Re:Effects on Add-on Development by gbjbaanb · 2009-11-18 05:00 · Score: 3, Insightful
  
  but it isn't a .NET addon. Its a Firefox addon.
  So you should be perfectly able to install any .NET update from WU safe in the knowledge that it is not affecting your non-.NET applications, like Firefox.
Marketshare Issues. by carp3_noct3m · 2009-11-18 03:28 · Score: 3, Informative

In the browser wars, people tend to forget sometimes that marketshare is an inherent part of how much your browser will come under attack. Issue's like these, while it's good they're being patched, should have been taken care of a long time ago in anticipation of things to come. Firefox is still my preffered method of browsing, but thats because I am a halfway knowledgeable user that uses adblock, noscript, betterprivacy, use privately encrypted TOR when about (Iron Key) and only allow certain cookies. I used to recommend it to people, but now it seems just as bad (GASP) as IE with a standard install. I agree with jkrise (First Post!), there needs to be something like sub-builds that focus on security. I still like firefox better, as I occasionally evaluate the other browsers, and find them all lacking more than firefox in some areas. Just my two cents of subjective opinion though. Carpe Out.

--
"It's ok, I'm completely secure as long as my iron is off"
1. Re:Marketshare Issues. by socsoc · 2009-11-18 03:36 · Score: 2, Insightful
  
  I am a halfway knowledgeable user that uses adblock, noscript, betterprivacy, use privately encrypted TOR when about (Iron Key) and only allow certain cookies.
  Do you really feel this is necessary? Sounds like you are jumping through a lot of hoops and degrading your browsing at the expense of a tin-foil hat.
2. Re:Marketshare Issues. by carp3_noct3m · 2009-11-18 03:54 · Score: 2, Insightful
  
  Like I said, I only use the TOR on my ironkey when I'm say at class on an open wifi signal. The cookie thing is annoying as hell at first, but, as well as with noscript, once you have gone to the majority of the sites you frequent, its not an issue anymore.
  
  --
  "It's ok, I'm completely secure as long as my iron is off"
3. Re:Marketshare Issues. by TheReaperD · 2009-11-18 03:54 · Score: 2, Insightful
  
  Do you really feel this is necessary? Sounds like you are jumping through a lot of hoops and degrading your browsing at the expense of a tin-foil hat.
  If you are doing anything of importance with your browser, yes. If all you do is surf the web all day, then usually, no.
  If you work with online banking, do other forms of commerce online, then you need to treat your web browser like your bank should because it is, by extension, your bank. If any form of VPN connections are used to your work, then you need to treat your computer as a work computer and secure it appropriately. Also, if you surf for porn, you really need to use this as the most nasty exploits are routinely found on these sites. Since a majority of people do the first and/or third they now go in the category of needing to secure their browsers.
  
  --
  "Be particularly skeptical when presented with evidence confirming what you already believe." -
Components specifying version compatibility ... by BitZtream · 2009-11-18 03:34 · Score: 3, Insightful

Works great, till you have someone like myself, who just specifies that my components are compatible with Firefox 2.* to 10.* so I don't have to worry about a new version claiming my plugin isn't compatible even though it is, which has happened enough in the past that I just don't care anymore.
Am I wrong? Yes. Is Mozilla wrong? Yes, you never trust the external code to tell you the truth, basic programming 101.

--
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
1. Re:Components specifying version compatibility ... by The+MAZZTer · 2009-11-18 04:19 · Score: 2, Informative
  
  You can't upload such extensions to addons.mozilla.org, thus it isn't likely many people will use it. Right now extensions can only specify up to 3.6.*.
2. Re:Components specifying version compatibility ... by traycerb · 2009-11-18 05:32 · Score: 2, Informative
  
  The addon Mr. Tech Toolkit has this option. Under its options Misc -> XPI install options -> Enable Addons Compatibility checking
  
  --
  Relax. Have a muffin. Enjoy the show. --Slick, Sept 13th, 2007.
3. Re:Components specifying version compatibility ... by RiotingPacifist · 2009-11-18 06:36 · Score: 2, Informative
  
  FF less than 3.6
  1. Right-click -> New -> Boolean
  2. Name: extensions.checkCompatibility
  3. Value: false
  FF more than or equal to 3.6
  extensions.checkcompatibility. is used instead (bug 521905). "" is the application version, including alpha and beta releases but excluding minor version updates. For example: Firefox 3.6b2 -> extensions.checkCompatibility.3.6b Firefox 3.6 -> extensions.checkCompatibility.3.6 and Firefox 3.6.1 -> extensions.checkCompatibility.3.6.
  it's all here, did you even look before complaining?
  
  --
  IranAir Flight 655 never forget!
Doesn't extend to all externally-installed add-ons by Todd+Knarr · 2009-11-18 03:50 · Score: 3, Insightful

I notice this doesn't extend to plug-ins and extensions found via the various plugins directories and registry keys. If it were me, I'd extend this feature to include saving a list in a locked-down location of all known extensions/add-ons found via the plugin directories and via registry keys. Every time the browser started, if it found a plugin or extension being loaded via the registry or a plugin directory that wasn't on the list, it'd notify the user what the plugin was and ask whether they wanted it enabled or not. That way nothing can get added to the browser without the user knowing and approving of the change.
Down in the advanced options I'd add a setting to give expert users the additional option of removing the plugin by either removing it's files from the plugins directory it was found in or removing it's registry keys depending on how it was found.
The actual problem is... by JustNiz · 2009-11-18 04:01 · Score: 3, Insightful

The acutal problem is that firefox blindly loads whatever is in that directory.
Locking the directory is a hack of a solution that others, especially Microsoft will easily find a way around. The proper answer is that Firefox needs to compare components it finds by their signature (checksum and name combo or whatever) with a secure list of components it is authorised by the user to load, before it loads them.
The other fix firefox needs is to deny installed extensions the ability to prevent the user from uninstalling them (like Microsoft's .NET framework firefox extension did).
1. Re:The actual problem is... by BZ · 2009-11-18 06:06 · Score: 2, Informative
  
  > they should have an "approved" list within the browser's data
  That's precisely what this fix does.
  > as opposed to a "disabled" one
  I have no idea why you decided there's such a list. Was it something in the article?
  That's assuming you're talking about component loading, not add-ons; from the latter part of your comment it sounds like you're talking about add-ons...
Re:Doesn't extend to all externally-installed add- by BitZtream · 2009-11-18 04:11 · Score: 2, Informative

You do get notified when at least some of those methods are used the next time you start Firefox. Pretty sure it's been that way since shortly after the MS plugin fiasco.

--
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
nethack by SnarfQuest · 2009-11-18 04:16 · Score: 3, Funny

If it doesn't allow rogue add-ons, does it allow nethack ones?

--
Who would win this election: Andrew Weiner vs Andrew Weiner's weiner.
Re:Open source by maxwell+demon · 2009-11-18 04:43 · Score: 2, Insightful

They don't disable installing the plugins, they disable installing them the wrong way.
And of course, you can always get the Firefox source and disable the check, if you really want.

--
The Tao of math: The numbers you can count are not the real numbers.
Re:That was the idea behind Firefox/Firebird/Phoen by Reapman · 2009-11-18 04:46 · Score: 4, Insightful

Tired of reading these sorts of comments. Sure there's some "bloat", but what that bloat is varies by opinion. I've read where supporting CSS is "bloat". Graphics are "bloat". tabs are "bloat". RSS. etc.
My understanding (and please tell me if I'm wrong) is the point of Firefox was to supply a WEB BROWSER. Back then when you downloaded it you also got an email program, news reader, wysiwyg website builder, etc. Firefox was JUST a browser. Still is.
If you REALLY want where everything is an option go build it yourself. Have something where you choose which renderer you want (Moz's, Webkit, etc), whether or not to have tabs, allow plugins, command line version, etc. Hit next a few times and presto your very own browser.
It's not that simple by carp3_noct3m · 2009-11-18 05:01 · Score: 2, Interesting

It really isn't that simple. You could be running *nix or a mac. You might go to the same 3 sites everyday, but never browse new things. Due to the nature of the ways browsers are installed by default (which you imply you are using) you could get infected by even legitimate websites (who resell adspace to unscrupulous buyers) and not even realize it. With no tools, how do you propose to prevent cross-site scripting attacks, Java-script attacks, etc? I actually don't run a/v on personal systems. But I do run daily scans (while I'm at work) with multiple tools. I used to use no software firewall, relying on my strict PIX access-lists to protect me, but now I am using windows 7 and the firewall is so granular it is a good extra step. You are actually a malicious wet dream, someone who thinks they have everything so secure, that as long as you hide the bot/trojan etc well enough, they will never know they are a zombie machine. Just because you haven't been infected in over 20 years doesn't mean you can't get infected tomorrow. So, either you customize your browser intricately (JS, active-x settings, etc) or your just playing Russian roulette. Read this for tips on where you might be lacking. http://www.cert.org/tech_tips/securing_browser/

--
"It's ok, I'm completely secure as long as my iron is off"
Ninite installs only programs you pick? by KWTm · 2009-11-18 07:15 · Score: 2, Interesting

I think what you and the others that hate toolbars want is a nice little thing called Ninite. Dozens of programs including Foxit to choose from (and you can suggest more) and NO TOOLBARS. I just installed the latest Foxit in both WinXP and Win7, zero toolbars. it also makes it butt simple when you are building or repairing a PC which of the major programs you want installed without having to play "installer monkey".
Just pick the programs you want from the list, download the installer, and away you go. Has all the biggies like Chrome, Songbird, Aimp, Foxit, OO.o, Pidgen, Irfanview, etc. Really easy peasy and nice, so enjoy!
Wow, it's so easy to use! It's almost like having Synaptic for MS Windows programs!

--
404555974007725459910684486621289147856453481154 in hex is "You sank my Battleship?"
[GPG key in journal]
This is one that really needs to come as default: by Anonymous Coward · 2009-11-18 07:23 · Score: 3, Funny

Christian Anti-Porn 1.0.5.
Flee sexual immorality (1Co 6:18). Christian Anti-Porn will filter links and alert the user if any porn websites are clicked. This will not block but warn every Christian that he is going to crucify Jesus Christ again if he proceeds to such websites.