Apple, Microsoft, Google Attacked For Evil Plugins

← Back to Stories (view on slashdot.org)

Apple, Microsoft, Google Attacked For Evil Plugins

Posted by CmdrTaco on Monday November 29, 2010 @04:09AM from the also-wear-more-hats dept.

nk497 writes "A Mozilla exec has attacked Apple, Microsoft and Google for installing plugins without users' permission. 'Why do Microsoft, Google, Apple, and others think that it is an OK practice to add plug-ins to Firefox when I'm installing their software packages?' Asa Dotzler asks. 'That is precisely how a Trojan horse operates... These additional pieces of software installed without my consent may not be malicious but the means by which they were installed was sneaky, underhanded, and wrong.' He called on them to 'stop being evil.'"

5 of 293 comments (clear)

Min score:

Reason:

Sort:

Re:Yes by drachenstern · 2010-11-29 04:27 · Score: 3, Informative

Because not all extensions can be "disabled" from the UI. Then there's others, like Java, which don't remove old versions... go figure.

--
2^3 * 31 * 647
Google but not Adobe? by Enderandrew · 2010-11-29 04:57 · Score: 3, Informative

I have Google Chrome and Google Earth installed. I don't have any Google plugins installed in Firefox. So I'm not sure what he is talking about, unless something changed with Google Earth recently.
Adobe demands to install an extension just to let you download Flash, because downloading normally is out of the question.
Microsoft is the worst offender here, where they use Windows Update to push a Firefox .NET Assistant extension, don't ask your permission, and don't allow you to remove it.

--
http://blindscribblings.com - Tasty pop-culture in conceptual fashion.
1. Re:Google but not Adobe? by tokul · 2010-11-29 06:02 · Score: 3, Informative
  
  Adobe demands to install an extension just to let you download Flash, because downloading normally is out of the question.
  
  http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player.exe
  http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player_ax.exe
  Try to avoid installing Adobe download manager harder.
Re:Solution: Warning box by thePowerOfGrayskull · 2010-11-29 05:03 · Score: 3, Informative

You could if you tracked which ones were installed through the browser, vs which ones simply showed up in the plugins directory and were never 'approved' by the user. It doesn't seem difficult.
While you couldn't offer to delete them (because priv acct might be required) you *could* only enable them after explicit user approval.
Re:Yes by theCoder · 2010-11-29 05:28 · Score: 3, Informative

Normally, I'd agree, but the OP specifically talked about a user supplied password to be able to add a plugin. That password could control access to a private key that is used to sign a hash of the valid list of plugins. On startup, Firefox could use the public key to validate the list of plugins, and throw up a big error if the list is invalid (because someone snuck one in).
Of course, recovering from this state would be difficult -- maybe Firefox could provide a way to disable plugins until the new list matched it's hash? But it would at least alert the user that something fishy was going on. Think of it as a tripwire for plugins.

--
"Save the whales, feed the hungry, free the mallocs" -- author unknown