Mozilla To Bug Firefox Users With Old Adobe Reader, Flash, Silverlight

An anonymous reader writes "Mozilla today announced it will soon start prompting Firefox users to upgrade select old plugins. This will only affect Windows users, and three plugins: Adobe Reader, Adobe Flash, and Microsoft Silverlight. Mozilla says Firefox users will 'soon see a notification urging them to update' when they visit a web page that uses the plugins."

update

[ryzvonusef]

Update at 5:10PM EST: No dice. “At this time, Mozilla does not have additional information to share beyond the blog post content,” a Mozilla spokesperson told The Next Web in a statement. “We’ll be sure to update you once we have additional details to share regarding the timing, version(s) impacted and visual look of the message.”

Re:update

[mwvdlee]

I think Firefox (or rather Mozilla) cares about their users' experience primarily.
In this respect Silverlight is as much an "established competitor to Flash" as malware is.

Re:update

[Jeff+DeMaagd]

People use Silverlight?

Re:update

[JakeBurn]

Last year I read that 30% of internet bandwidth in North America was being used to watch Netflix. Netflix still uses Silverlight.

Re:update

[contrapunctus]

It doesn't mean they are using computers with silverlight installed.
Roku, game consoles, google players, a lot of TVs and DVD/blueray players, tablets, and phones play netflix.

Re:update

[bluescrn]

People use Netflix. Netflix uses Silverlight

Re:update

[hoboroadie]

I regard all Adobe products as malware, I thought everyone did.

Re:update

[theedgeofoblivious]

The other 70% was being used to download updates to Adobe Reader and Flash.

Re:update

[citizenr]

It doesn't mean they are using computers with silverlight installed.
Roku, game consoles, google players, a lot of TVs and DVD/blueray players, tablets, and phones play netflix.

This doesnt make any sense. They cant count Roku as silverlight traffic because Roku and other embedded platforms DO NOT use silverlight.

Re:update

[contrapunctus]

Yes that is the point I'm making

Re:update

[citizenr]

Yes that is the point I'm making

Somehow I read first message as "30% of internet bandwidth in North America was being used by Silverlight. Netflix still uses Silverlight ergo Netflix = 30%". My bad.

Re:update

[LordLimecat]

Baloney, and doubly so that they picked silverlight over Java. Silverlight is used for precisely one website, and is updated (IIRC) through windows update. Java has its own BS updater, and is probably the most widely used malware vector.

Re:update

[hairyfeet]

What's with all the nerd rage over Silverlight? Ever been to that web page where they built an OS in Silverlight that runs in your browser? Its cool as hell! Hell if the FOSSies wouldn't have taken pitchforks to moonlight you'd have a nice cross platform framework that could do some very cool stuff.

Would it fit every use case? Nope, but that is true of ANY framework, but what's bad about having more tools in your toolbox?

As for TFA that's nice, but the performance of Firefox compared to the Chromium based has been so piss poor for the last several versions I moved all my customers off Firefox awhile back. And don't tell me it runs nice on your Core i7 with an SSD, I have to support a wide range of customers with all kinds of hardware, from late model P4s and Pentium Ds to netbooks to the latest multicores and FF hits the hard drive harder, is more likely to hang, you can really tell the devs have cared more about the GUI and their side projects like MozOS than they do FF of late.

Up to the 4.x branch they were making steady but measurable progress. You could tell each version was getting better and I looked forward to upgrading FF. Then around 5 they just went off the rails. Hell I can get an extra hour on my netbook by NOT using Firefox, and on my nettop I can sit there and watch FF slam the CPU to 100% on load, slam to 100% on new tab, hell it can slam the CPU to 100% scrolling the bookmarks, which I admit I have a ton of 'em, but Dragon and the other Chromium based just don't do that.

Re:update

[Jeff+DeMaagd]

I'll go with "not all Netflix devices use Silverlight". I would bet that Silverlight is a minority of Netflix's traffic. I'm pretty sure the set-top boxes, game consoles and optical disc players with Netflix aren't using Silverlight. Wii and PS3 doesn't use it. I know Netflix iOS doesn't use Silverlight in a conventional sense, if at all. I don't even use my computers to watch Netflix, it's a console or a set-top box.

Re:update

[mrmeval]

Suggestion:

gxmessage -noescape -borderless -title WARNING! -buttons UPGRADE:44,ALLOWBANKINGDATA:666,PORNSPAM:333 -center "This is warning you that you have a defective OLD plugin. Press a button, any button but we suggest the UPGRADE button. Otherwise press the ALLOWBANKINGDATA button to send your banking data to a criminal, press the PORNSPAM button to have your PC hijacked and receive porn that will shatter your fragile little mind."

Re:update

[Seumas]

My experience with Silverlight is that the only thing which uses it is Netflix and every time I install it, it's only a matter of time before I try to launch Netflix and it says "damn, you don't have Silverlight installed" (even though I do) and I have to re-install it.

Re:update

[RaceProUK]

Silverlight is used for precisely one website

Wrong! It's used for at least two ;)

Disclaimer: I work for a company that makes a Silverlight-based website.

Re:update

[cavebison]

"We’ll be sure to update you once we have additional details .."

Is there an option to not be updated with additional details?

turn it off?

[sumdumass]

anyone know if it can be turned off? I got some crap that gets broken with new versions of reader.

Maybe i'll just have to switch browsers.

Re:turn it off?

[deniable]

We're running 10 at work, so this shouldn't bug us for a while.

Re:turn it off?

Just turn off the plugin, download PDFs and open them automatically with the reader. That'll even run smoother for both applications, and you get all the reader features instead of a subset.

Re:turn it off?

[1u3hr]

I run Win2k and Flash can't be upgraded any more anyway. And I use Acrobat 4. I don't want any later version. I don't want to be nagged to upgrade things. I know what I have and I know what I need.

Re:turn it off?

[SpaceCracker]

I run Win2k ...

Firefox has detected an old version of Windows. It is strongly recommended that you upgrade Windows to the latest version.

Re:turn it off?

[jones_supa]

I run Win2k and Flash can't be upgraded any more anyway. And I use Acrobat 4. I don't want any later version. I don't want to be nagged to upgrade things. I know what I have and I know what I need.

Actually, when you look at the Archived Flash Player versions, it seems that the 10.x line (the last one compatible with Windows 2000) still gets some kind of minor updates.

Re:turn it off?

[mister_playboy]

Opera is probably the wisest browser choice for Win2K.

Then again, using an OS that stopped getting security updates more than 2 years ago on an Internet-connected computer implies you don't care much about making wise choices.

Re:turn it off?

[lxs]

Is that the royal "We"?

Anyway there is a difference between the least shitty web browser and an excellent web browser, although the 64bit Nightly build on Win7 isn't too bad.

Re:turn it off?

[1u3hr]

Opera is probably the wisest browser choice for Win2K.

Which is my default browser. . But some sites just don't work and the I resort to Firefox.

Then again, using an OS that stopped getting security updates more than 2 years ago on an Internet-connected computer implies you don't care much about making wise choices.

Or it shows that I don't trust the OS whether updated or not and have a hardware firewall and third party security software. And use a version of Windows that doesn't try to call home or have IE embedded so deeply in it.

Maybe having been online for over 20 years and never having a malware infection implies I actually have a clue. (Or maybe I'm just too dumb to realise how much malware is on my PC, feel free to believe that if it helps you to feel superior.)

Re:turn it off?

[Jeff+DeMaagd]

You don't have to use IE on the Internet, so it shouldn't matter whether IE is on your computer.

I gave up on Windows 2000 two or three years ago when most developers stopped supporting it and compatibility quality gradually degraded as a result.

Good user habits are important, but it's not a comprehensive solution. For one, even reputable sites get hacked.

Re:turn it off?

[fustakrakich]

That's bull. Why should anybody have to spend hundreds of dollars to replace a perfectly functional system?

Re:turn it off?

[fustakrakich]

Well, you started a lot of chatter, but the question remains unanswered.

I'm experimenting with it now. Maybe somebody will answer in the meantime.

Re:turn it off?

[Rockoon]

We believe that Firefox is an excellent web browser.

I think a similar thing might have been said by some guy in my signature.

Re:turn it off?

[1u3hr]

You don't have to use IE on the Internet, so it shouldn't matter whether IE is on your computer.

Its very hard to stop Windows form using IE in one way or another. Every now and then it pops up when hardcoded in some applications. But I've blocked it at the firewall so it's effectively neutered (I hope).

I gave up on Windows 2000 two or three years ago when most developers stopped supporting it

It's only this year the apps I need to use have started to become incompatible. MS made changes to their compilers last year I think and basically forced the issue. While modders are fighting a rearguard action to patch Win2k, I'll probably move to XP next year. I regularly use a lot of quite old software so am dragging my feet. I could do it all in emulation on a newish PC, and may end up doing that a few more years later. Maybe hosted on Linux. Unix was my first OS, so I'd be happy if I could get back to that and still use my DOS and Windows apps.

Re:turn it off?

[UltraZelda64]

interesting ... so you trust your third party security software? and your harware firewall, really?

It's not me you're replying to, but the way I take it, the original poster just doesn't trust the Windows operating system on his network, period. Well, honestly, I barely trust it on my own network unless the machine in question was set up by me with a known good, crap-free installation media, and no one else ever touches the system without my supervision, after first telling me exactly what it is that they want to do. Not even a hardware firewall can help when you've got an infected zombie on the inside spewing shit across the Internet... as well as on your own personal LAN.

I don't run Windows anymore (stopped completely back in late 2006), but I still feel somewhat the same when someone brings over an "unknown" Windows laptop and wants to connect to my network. It's not as bad now, because at least I now run something else and my systems are basically immune to the vast majority of attacks that fuck over Windows machines.

I left Windows due to the impending atrocity that was Vista combined with the road to nowhere that XP was heading on; Microsoft's excessively bad behavior toward the competition and with regards to open standards that seemed to only get worse; to escape vendor lock-in and the inevitable DRM before it got worse; for the security benefits of a UNIX or UNIX-like OS and for more power and control over my machine; as well as to escape having to plop a few hundred dollars down for an OS upgrade (especially when they consist of such duds as Windows ME, Vista and Windows 8). I don't regret it.

Re:turn it off?

[laurelraven]

Just turn off the plugin, download PDFs and open them automatically with the reader. That'll even run smoother for both applications, and you get all the reader features instead of a subset.

Except that some sites only display PDFs through the plugin (which I think is silly, but when it's your payroll site, you don't have a choice in the matter). This also ignores the fact that Flash and Silverlight only run as plugins (yes, I know there are ways to download them and run them locally, but frankly, most people (myself included) really don't want to bother with that, as it is a pain in the ass).

Re:turn it off?

[bobbutts]

Try XFCE if you haven't yet, it's got that minimal efficient desktop feel like XP and 2K.

Re:turn it off?

[laurelraven]

I left Windows due to the impending atrocity that was Vista combined with the road to nowhere that XP was heading on; Microsoft's excessively bad behavior toward the competition and with regards to open standards that seemed to only get worse; to escape vendor lock-in and the inevitable DRM before it got worse; for the security benefits of a UNIX or UNIX-like OS and for more power and control over my machine; as well as to escape having to plop a few hundred dollars down for an OS upgrade (especially when they consist of such duds as Windows ME, Vista and Windows 8). I don't regret it.

Vista was terrible, but in a sense, it was necessary terrible. They broke the way things worked to fix the problems plaguing windows since forever (note: I'm not defending Vista, it was a pile of crap; it did introduce some great technology, though, which is great in its successor).

As for their stance towards open standards, I never thought I'd see the day, but for a change, they are actually getting better with them. Much better.

And with 8, I actually think it is a really good OS. They just needed to either leave out or give an option to bypass the Metro start screen and use the classic Start Menu. Otherwise, it is an incredible upgrade to 7. If only they had that ability to natively get past Metro, I might have actually introduced it to my network. Until they do that, though, I'm not incurring additional training costs for a crappy tablet interface, just for the (admittedly really nice) enhancements in the rest of the OS.

Mind you, I'm not trying to troll you; I'm happy for you that you've managed to escape them. I often wish I had been able to, but I really don't have a choice in the matter (my career pretty much depends on them right now). Just trying to point out that it's not all crap over on this side.

Re:turn it off?

[linebackn]

> "We believe that Internet Explorer is a really good browser" - Steve Jobs, 1997

Steve Jobs said that at Macworld Boston 1997 when announcing a deal with Microsoft where they would make IE the default on the Mac, essentially in exchange for Microsoft to continue producing MS-Office for the Mac. He got BOOED loudly when announcing that. Anybody really interested in that quote should see the video. The way he said it, you could tell he had a virtual gun to his head.

http://www.youtube.com/watch?v=WxOp5mBY9IY

Re:turn it off?

[tibit]

While I detest the whole IE 6 fiasco, and generally IEs before that were useless, mixing "the whole COM idiocy" into the discussion shows you're, well, clueless. COM is a way of instantiating and calling methods on objects. Nothing more, nothing less It comes with a bunch of OLE APIs for other things (say structured storage, control embedding, ...), but nobody forces those upon you. I'd say there's nothing to complaing about w.r.t. COM, apart from the fact that the design has some unnecessary idiosyncracies and complexities that weren't properly hidden away. Some of the complexity in COM is needed simply for it to do what it does -- for example the threading model is what you need to do in order to be explicit about how instances are shared among threads and to avoid the fiascos of running threading-usafe methods from multiple threads. COM is slightly obsolete at this point, and pretty much a necessary evil. If you're developing a windows application, you can either use COM and be out-of-the-box compatible with C/C++ code out there, or you can expose SOAP interfaces and pay the performance penalty, or you can provide .net interface. Otherwise you're irrelevant, pretty much. There are of course various ad-hoc and industry-specific things out there, like, say, OPC, but they either use COM or are conceptually quite simple (say a fixed-packet-format remote control interface).

Re:turn it off?

[theedgeofoblivious]

The drawback of using an OS that stopped getting security updates more than two years ago is that any new exploits are unlikely to be fixed.

The benefit of using an OS that stopped getting security updates more than two years ago is that because of its low marketshare it's much less likely to be targeted.

Re:turn it off?

[Skuld-Chan]

I remember when JS was introduced to Acrobat in version 4 - it was surprisingly permissive allowing systems calls for instance. I think they (Adobe) has certainly learned a lot about the wonderful world of security in the 6 major versions since then.

Re:turn it off?

[Billly+Gates]

My advice. I help manage a PC shop on the side as well as do IT consulting. Let me tell something. All the money from the shop comes from infected machines. Many are Windows 2000 machines and lots are XP. Many are up to date IE/Windows wise. They get infected through PDF and outdated flash! Some java ones too. Recently business slowed down. Why? Windows Update now updates flash automatically and Adobe Updater nags you if you outdated versions of their software or will auto update. Here is another fact sheet?. Why doesn't Adobe make releases for Windows 2000 anymore? Because they are all sandoxed with ASLR, and DEP. Hmm which OS does not support these? YOURS. XP offers at least some limited DEP protection and ASLR is reserved for Windows 7.

Another tidbit. I am reformatting my system now with a Windows 7 SP1 installation. For the record Windows 7 SP1 came out in March 2011. Take a wild guess how many security holes it is fixing right now? 20, 40, 60, ... try 134 updated where half are security fixes!! ... and this is for an OS with sandboxing, ASLR, DEP, and process seperation. I dread to think of the holes in Win2k in just years!

This is 2012 dude. THe internet is a very dangerous network. ... back to my advice. Since you are a man who wont upgrade for the sake of it and values your money go update to XP which is very similar to your W2K brother and can run on the same hardware. Go to PirateBay and do a search for Windows XP Service pack 2 (not 3) professional and many are pre-activated. There is no sense buying a copy of XP which in a year ... I hate to say will no longer be supported either. Do it today in a a day or two you will still have your ancient hardware working and also will get updates for Firefox and Chrome as well which no longer support your OS. Then save $40 a month and by CHristmas 2013 you can get yourself an awesome Windows 7 system that will run many circles around your current one.

XP is nothing to be afraid of and not a terrible change. Oh, FYI since you mentioned above you hate IE integrated I have to say recent versions of IE are fully sandboxed. Infact, if you open a Windows Explorer Window and type an url it wont even work. It will in Windows 2000 (or did in the years I used it unless MS finally patched it!@) unfortunately. IE is catching up to Opera and not a big deal. Your comments on phoning home are from the mindset of slashdotters 10 years ago. It is strange to see today. All it does is report things like crashes and it is all anonymous.

You need to plan ... not on switching to XP in a year, but to the 2010s with Windows 7 or a Mac. Your internet enabled device is not like your fridge that will keep running the same. Standards change and so the crackers who will try to steal things.

Re:turn it off?

[Toonol]

How are the developer tools for Opera? If they're close to firebug-level, I'll switch today. If I wasn't developing, I'd have switched yesterday.

Re:turn it off?

[Billly+Gates]

IE was the best browser in that time frame. I hated Netscape and IE led with AJAX, dynamic html, and CSS. Even IE 6 was not that bad 10 years ago before it started to turn to shit. IE for the Mac was better than IE for Windows too and was much mroe standards compliant at the time

Re:turn it off?

[Blaskowicz]

Sadly he was right, because Internet Explorer was actually better than Netscape.

Re:turn it off?

[epyT-R]

1. Seriously, he comes from a time when anyone posting to slashdot would know how to avoid malware vectors regardless of the system he runs. I'm sure he knows all of this..

2. ASLR and DEP are useful but often break old software that uses self modifying code.

3. The internet was 'dangerous' in 1998 too. Arguably more dangerous in terms of sevice denial to individual hosts because it was so much easier then (winnuke etc), but these were easily dealt with if one knows what's up. Today, the biggest threat is surveillance and lockdown to 'cloud' services that force us to give up control over the tools we use. This is something no updated OS will save us from.. infact the more modern builds more likely include backdoor surveillance and/or artificially imposed dependence on the network in order to have function fully.

4. windows vista/7 are clunky and bloated, with obtuse interfaces designed for simplistic use at best. Explorer had its pinnacle with win2k/xp (explorer, not IE). The current iteration is a chore to use and wastes desktop real estate. OSX isn't much better in this area, in fact, finder might be worse. I can see why he stayed with win2k. I may in fact go back to xp x86_64 on my windows system simply because of how much snappier it is compared with vista and its derivatives, even on fast modern hardware.

Re:turn it off?

[LordLimecat]

Enjoy your viruses.

As others have suggested, its probably a really really good idea for you to remove that plugin and just download the pdfs manually. The internet would collectively appreciate it if you didnt join the botnet.

Re:turn it off?

[LordLimecat]

Maybe having been online for over 20 years and never having a malware infection implies I actually have a clue

The fact that you think being "savvy" has anything to do with getting a virus-- as opposed to running woefully out of date, known vulnerable software-- shows that you do not.

Protip: 90% of virus attacks require no user interaction-- just out of date software.

Re:turn it off?

[LordLimecat]

Its very hard to stop Windows form using IE in one way or another. Every now and then it pops up when hardcoded in some applications. But I've blocked it at the firewall so it's effectively neutered (I hope).

No, its not. Office and help files both use IE in varying capacities. But regardless, it would help if you were actually running a version of IE that wasnt horribly broken, slow, and vulnerable to viruses.

You think youre being clever and that somehow newer versions of windows are better, but as an IT consultant who deals with all too many virus issues, please just accept that out of date software is a really bad idea for anyone browsing the web. More than anything you might be protected by the fact that viruses are broken on Win2k.

For the record, infections tend to be quite rare on Win7, a bit more common on Vista, and quite common on XP. The infections ive seen tend to be INCREDIBLY hard to notice-- unless youre lucky and it happens to be one that does search redirection or something equally obvious. Things like creating hidden partitions in NTFS free space and patching the NTFS or ATAPI drivers, and modifying the bootsector to boot off of that hidden partition, which basically no antivirus is going to pick up if you install it post-infection.

Re:turn it off?

[LordLimecat]

Seriously, he comes from a time when anyone posting to slashdot would know how to avoid malware vectors regardless of the system he runs. I'm sure he knows all of this..

Antivirus, firewalls, and "being clueful" will not protect you from viruses. There was a time when it would, and GP seems to be stuck in that time. These days, no-click 0-day exploits are all the rage, but lesser hacking rings rely on older exploits in the hope that people (like GP) neglect to patch regularly.

As for the internet being "dangerous" in 1998, no, not in the same way. You can find exploits straight off of Google depending on the day and query; ive had the top results for things like "frame relay cisco 1700" take me to attack sites. Big name sites like Facebook can infect you through their ad system. The days where you could just "stick to sites you know" are long, long gone, and the idea that you can just be clever and not run binaries off the web to stay safe is likewise outdated.

windows vista/7 are clunky and bloated,

Better than being rootkitted.

Re:turn it off?

[LordLimecat]

...And this is why we have a botnet problem.

Seriously, his system is 13 years old. Either A) decide you can live with wine and get on a linux distro that still gets updates, or B) decide you really do need Windows and pony up the $100 so that we dont have to deal with your spambot infested box.

Re:turn it off?

[Billly+Gates]

I am out of date?!

Shit last spring my anti virus software went off on slashdot. Turns out one of THnkGeeks advertising servers got compromised! If you had flash running without flashblock or a good anti virus package you got 0wned!

Tell me how much safer the internet is today?! It is more dangerous than ever. Exploits keep appearing at a faster rate and they no longer target IE 6. They target java, flash, pdf, and many are crossplatform too.

For the record 10 years ago I did not even run anti virus software and figured as long as I am running Mozilla and not clicking on .asf media files I am safe. Today if I had that attitude I would be hacked quickly as I occasionally do use the dark side of the internet.

You may hate explorer in Windows 7 but it is much and I mean much more secure than in XP.

Re:turn it off?

[SeaFox]

They don't have to buy a new machine. They could also change to a Linux distribution that is suited to their hardware performance-wise and still runs current versions of those plugins (not that I think anyone really needs Silverlight).

Re:turn it off?

[hairyfeet]

Well if you want to keep the Gecko engine there is Pale moon, IceDragon, and Waterfox. If you want to switch to something else there is Dragon (what I use, nice and with some extra security features), Chrome/Chromium, Safari, Opera,QTWeb if you need cross platform, that's the nice thing about what we have now, no more "This site only works in IE" crap and plenty of choices.

I give my customers a choice of Dragon or IceDragon because i give them Comodo AV and have had good luck with their free stuff, but any of the above will do the job and most will offer to transfer over your passwords and bookmarks, easy peasy.

Re:turn it off?

[fustakrakich]

...And this is why we have a botnet problem.

No it's not.. We have a botnet problem because people download and run crap to see their porn and to 'make 5000 a week in their home office'. Most of the bots are on windows XP and 7, and soon 8. If you want to cough up the hundred bucks, great, I'll take it. I shouldn't have to pay the price because other people won't set up their machines properly. A well configured firewall will protect a win2k machine from the bots. Don't put me on your damn upgrade treadmill.

Re:turn it off?

[hairyfeet]

Oh its MUCH worse than that, because unlike Win9X with Win2K you have an OS with enough guts similar to the next version, which XP is still one of the largest targets for malware there is thanks to its brain dead "hey let's all run as admin!" design that the guy might as well paint a bullseye on the side of the box. Not to mention he has outdated Flash, Reader, and most AV products don't support Win2K anymore?

What you have is a box that will end up with more bugs than a Bangkok whore on coupon day, NOT pretty.

Re:turn it off?

[fustakrakich]

The original poster said, "I know what I have and I know what I need.". I agree 100%. There is no reason to change anything as long as the machine does what's asked of it. Nobody has any business nagging at him about it. I mean, they can, but I, among others, would respectfully tell them to piss off.. unless, of course, they are ready to cover my expenses for upgrading.

Re:turn it off?

[hairyfeet]

Well you didn't hear it from me, wink wink nudge nudge, but it sounds like what you want is "Windows 7 Tiny" which I'm sure you can find a copy on the net easy enough. it was originally designed for gamers by gamers that want the updated DirectX without anything else so its stripped to the bone, no IE, no phone home anything, hell it doesn't even come with Media Center or WMP, just the OS stripped down so far it'll fit on a single CD.

I've played with it on systems as weak as a 1Ghz Celeron and I have to say...its quite nice actually, runs even better than Win2K thanks to the better memory management of 7 while having just an insanely low memory footprint, we are talking less than 260Mb on the desktop. It also runs a good 90%+ of the software out there, if it ran on Win2K it'll probably run on 7 Tiny.

So give it a spin. I've tried Windows embedded and WinFLP and frankly the Tiny builds just stomp the living hell out of them on performance. They really ought to hire the Tiny guy to build their embedded OSes, he really schools the WinFLP builds by a country mile.

Re:turn it off?

[hairyfeet]

Actually Billy if he's gonna go to TPB anyway a better choice would be Windows 7 Tiny, it'll take Windows 7 updates just fine, has no phone home and is stripped down enough to fit on a single CD while still running a good 90%+ of the software out there. It was originally designed by gamers to squeeze as much performance as possible out of the hardware by lowering overhead but I've found it works better than XP or even WinFLP when it comes to old hardware. you can slap it on a 1.7GHz P4 with 512Mb of RAM and it'll just fly, anything newer and its like a nitro funny car.

So while I'll personally stick with my 7 HP X64 because I like the extra bells and whistles like WMC and WMP, for those with seriously old hardware 7 Tiny makes a hell of a lot more sense than putting XP on anything anymore.

Re:turn it off?

[hairyfeet]

I'd just add his hardware firewall may not help him, i recently had a customer that had a hacker take over the whole system and it turned out he had flashed the firewall after he gained control, so even a full wipe and reinstall did nothing because he could just control the firewall and redirect the system to pages where he had loaded a ton of malware and just slam the system until he found a way into the system again, REALLY nasty.

Re:turn it off?

[hairyfeet]

Uhhh...because not only is what he is running a nightmare from a security standpoint but I bet it blows through power like Charlie Sheen blows through coke?

Most of the Win2K machines I've seen that are still usable on the net are Pentium 4s and lets face facts, the P4 was a giant SUV of a power hog. If he can actually slap in a hard drive and RAM sticks (which this is /. so surely if he knows about hardware firewalls he can do a drive install) he can pick up an E350 kit for $130 which will give him a dual core system that will smoke his P4, has hardware accelerated graphics, hell you can even play some Portal or L4D on it if you want. It'll more importantly only take 18w under load and idle at less than 6w which is nothing compared to what your average Prescott P4 sucked down.

Add the $40 Win 8 download and you are looking at less than $250 for a dual core system that will last for years, is silent, and will save him money on both electricity and cooling. So while i'm all for saving older gear that is still useful, hell i use a Sempron 1.8GHz Compaq in the shop as a nettop because its quiet and low power, but there are certain things just not worth saving and that covers pretty much anything made with the netburst arch.

Re:turn it off?

[Billly+Gates]

If he has Windows 2k my guess is the computer is from the 20th century. Also XP will run on his hardware guaranteed. There are many early class a and b wifi dongles and cards that wont work outside of Win 2k/XP. Same with printers and scanners as XP is very close to Win2k. Infact, I consider Vista a whole new kernel rather than an extension of the NT line. It was almost a rewrite.

He needs a new computer but XP is a bandaid solution if you have an ancient app and do not have to time to do a major overhaul or upgrade while you move to Windows 7. At least use XP while you migrate away in the next year.

Re:turn it off?

[DarwinSurvivor]

Fine, intranet sucks (some still stick you with IE6). But name a PUBLIC site with more than 10 unique hits per day and *maybe* Mozilla will take you seriously.

Re:turn it off?

[laurelraven]

ADP.

Re:turn it off?

[laurelraven]

While i agree with you, unfortunately, that is not the world we live in.

Re:turn it off?

[DarwinSurvivor]

Depends if he offers to cover the expense of every person on the internet that has to deal with the spam and DDOS attacks his machine is likely participating in.

I don't care if your car is 10 years old, but when it's bealching smoke like a refinery and the brakes only work on Tuesday, you have just become a liability and a threat to every other person on the road. In short, now you ARE my problem, so take the damn machine it and get it road/net worthy!

Re:turn it off?

[fustakrakich]

Cars are slightly different from computers. I'll leave to you to figure that out.

Re:turn it off?

[b4dc0d3r]

I'm pretty sure you will see your response as a knee-jerk response since someone stepped on a sensitive toe of yours.

IE has been unresectable from windows ever since, starting at 2.0/win 3.11 when they started the whole COM idiocy

IE was the original "killer app" to get OLE/COM to be a must-have development platform. It was integrated into Windows to the point that explorer.exe simply hosts the SHELL32 objects, and can host the web/ftp browsing objects just as easily.

IE was the COM host that allowed click-and-run directly from the web to work. No installation needed, no explicit download - just click a button or a website, COM gets downloaded and magically you're running a secure banking session, or a game, or whatever someone decided to build.

the whole COM idiocy was allowing untrusted applications, with no verification and little in the way of asking users if they would like an application to run, to do damned near anything they pleased on the user's computer. Simply by visiting a web page. Unprotected foreign binary code running on your machine, typically under a super-user account.

the whole COM idiocy was pimping their awesome new drive-by software which made it infinitely easier to infect computers, by integrating it so deeply into the operating system that it could not be disabled without taking down your file browser, and in some cases the whole shell.

The design of OLE/COM is irrelevant to the decision to make it the most obvious and least sealable security hole in recent memory.

Re:turn it off?

[b4dc0d3r]

Allow me to elaborate on laurelraven's 3-letter pimp-slap. ADP (Automatic Data Processing) has a market cap of 28.83B. According to ADP's 10-k from 2009, ADP processed payroll for 570,000 companies, delivered 51 million year-end tax statements (W-2), delivered 39 million employer payroll tax returns and deposits.

That's a pretty large site. Judging by the ignorance of your response, I'd say this is your first experience in taking the piss. Remember, the dinosaurs were on top of the Darwinian survivalist chain until that unpleasantness quite a few million years ago now. I bet they felt just as smug.

Now why don't you and laurelraven make up, kiss, and figure out how to make Mozilla aware of this new development?

Re:turn it off?

[LordLimecat]

No it's not.. We have a botnet problem because people download and run crap to see their porn and to 'make 5000 a week in their home office'

Once again, ignorance is displayed. Something like 90% of infections are thru vulnerable plugins, and require no user interaction. Every year at Pwn2Own, machines from Windows to OSX across a number of browsers are compromised with NO user interaction.

Most of the bots are on windows XP and 7, and soon 8.

Most of the computers are on those OSes, which makes that kind of a tautology.

That you really think that modern viruses require user interaction, and insist on running outdated software, kind of scares me.

Re:turn it off?

[tepples]

That's not the COM idiocy as much as the ActiveX idiocy.

Re:turn it off?

[petermgreen]

The main thing I remember about internet explorer for the mac is that it translates edit box text to macroman (or presumablly another legacy mac encoding on systems set up for dffierent languages) before letting the user edit it and then translates it back. This was a MAJOR pain for any website that lets users edit existing unicode text.

Re:turn it off?

[fustakrakich]

That you really think that modern viruses require user interaction, and insist on running outdated software, kind of scares me.

You should be more concerned over misconfigured systems which are far more numerous than 'outdated' ones. You watch your machine, and I'll watch mine, but don't tell me what I can and cannot run.

Re:turn it off?

[1u3hr]

Antivirus, firewalls, and "being clueful" will not protect you from viruses. There was a time when it would, and GP seems to be stuck in that time. These days, no-click 0-day exploits are all the rage, but lesser hacking rings rely on older exploits in the hope that people (like GP) neglect to patch regularly.

And yet, after 20 years online, I remain without any infections. Every time I try to explain my methodology, people just come along and tell me that either I'm lying or that I already having a dozen rootkits and haven't noticed.

As for the internet being "dangerous" in 1998, no, not in the same way. You can find exploits straight off of Google depending on the day and query; ive had the top results for things like "frame relay cisco 1700" take me to attack sites. Big name sites like Facebook can infect you through their ad system. The days where you could just "stick to sites you know" are long, long gone, and the idea that you can just be clever and not run binaries off the web to stay safe is likewise outdated. I browse some pretty sleazy sites. Still, not infected. (Well, not since I got WDEF from a floppy on a Mac in about 1991.)

I'm not unfamiliar with more up to date software. I clean viruses off my friends' and family's PCs, using XP and Win 7, and set them up with some antivirus and firewalls. I put Ubuntu on my daughters' laptop, since she's not going to listen to me about what's safe and what's not, so I didn't give her a choice.

I'm not evangelising my methods, but they do work for me, for the software tasks I need and the hardware I have. The only serious issues I've had in the last 10 years have been hardware related. But I don't imagine I'm invulnerable, I make backups.

Re:turn it off?

[1u3hr]

You think youre being clever and that somehow newer versions of windows are better, but as an IT consultant who deals with all too many virus issues, please just accept that out of date software is a really bad idea for anyone browsing the web

No, I think I'm broke and can't afford to buy a new PC and OS and Adobe Creative Suite 6. So I make what I have work. Rather than spend a lot of time and money on the shiny and at the end of the day not actually be more productive, since 50% of the computer is devoted to security software and second guessing everything I want to do..

More than anything you might be protected by the fact that viruses are broken on Win2k.

Exactly.

We're talking about Microsoft updates. They're never "up to date". I've got a friend with Win 7 laptop, it's always got 100s of MB of Windows updates pending. I installed some third party antivirus so at least he has a chance against the 0-days.

Re:turn it off?

[hairyfeet]

Dude if it'll run Win2K? It'll run Tiny 7. In fact I'd take the Pepsi challenge against a fully patched XP VS Tiny 7 and I'll win because a fully patched Tiny 7 only uses 240Mb on the desktop whereas a fully patched XP SP3 will use nearly twice that.

Trust me Billy, download a copy and fire it up in a VM if you don't take my word for it, its nuts how thin the guy made Tiny 7. The same guy took XP and managed to get it below 60Mb with an install size smaller than a fully patched Win98SE! I don't care if his gear is last century, if its powerful enough to run ANY web browser (which he has already stated he surfs with opera on it) then it'll run Tiny 7 just as good if not better than what he has now.

The lowest machine i ever tried it on was a Compaq deskpro I was getting ready to chunk because its propeitary triangle PSU cooked. It was a 733Mhz P3 with 384Mb of RAM and ya know what? It ran just fine, if a little slow on boot thanks to that ancient 40gb HDD with a lousy 2Mb buffer. if it'll run on that and let me surf then whatever POS he has will run it just fine.

Seriously man you gotta try it, its just nuts how low they managed to go while still having it run most software, like i said they really ought to hire the guy for their embedded team.

Re:turn it off?

[laurelraven]

Thank you for that elaboration, you put that far more succinctly than I could have (mostly because, while I know they're huge, I didn't really care to actually look up their financial info, but seeing it spelled out is rather...stunning).

While it's good to say ignore everything that doesn't live up to standards, it's not always possible. I had, for instance, set Foxit as our company's default PDF reader, due to it being 1) much faster than Adobe Reader, and 2) not automatically susceptible to the same vulnerabilities as Adobe Reader (which were multitude, and well known and exploited in the wild). When HR set us up with ADP, however, this was forcibly changed: anyone trying to look at their electronic pay statements just got a big red X.

ADP stated this was because they actively block everything other than Adobe Reader's browser plugin (no option to download it). Their reason? Security.

Try to change their mind. It will be like pissing into the wind.

Re:turn it off?

[Billly+Gates]

Maybe I am one of those financially irresponsible yuppies for daring to want a newer system, but I would shoot myself if I had such a low grade system!

Even an El-Cheapo brand AMD integrated unit for $399 would fly with Windows 7 on it.... at least much better than using tiny 7. But if he has an ancient app what are you going to do? The XP was a temporary fix as XP loyalists and driving me crazy. I just read on arstechnica that SHA-1 is expected to be cracked by 2016! That means IE 6 and IE 7 are at risk with SSL being useless with collisions and the master certificate being discovered. Same with RSA 1024.

XP users are why I can't use cutting edge HTML 5 stuff for a project. Sure some use FF or Chrome but you just know someone out there using it will click the blue E. IMost of them use IE 7 or 8 in one form or another as only old people, neophytes, and corporate bean counters use it. It frankly is dangerous to run such ancient software after EOL and you know MS wont patch SHA-1 certificates for IE 6 and XP. Instead web developers will have to use ActiveX controls to replace SSL like they do in China and Korea where IE still holds 90% of the market as a result. Not put a banner saying IE 9 or later sigh.

Anyway one good thing about XP is that I can run it in VMWare to test clients out because it is so light on resources.

Re:turn it off?

[LordLimecat]

I dont think I ever told you what you could run, nor was that my intention-- apologies if thats what came across. Im just trying to make clear that the very fact that youre running unpatched, known vulnerable plugins on an unpatched, known vulnerable OS isnt something you can fix with a firewall, an antivirus, and a little caution.

Im sorry if that seems like im being bossy or whatever.

Re:turn it off?

[LordLimecat]

people just come along and tell me that either I'm lying or that I already having a dozen rootkits and haven't noticed.

Have you checked recently? Maybe check your MBR from offline-- you say you are familiar with Ubuntu, try ms-sys (its in the debian repos), and see if it recognizes the boot record.

But even if you arent rootkitted, that doesnt make what youre doing a good idea. Some people get away with driving without a seatbelt, but Im going to continue recommending to everyone I care about that they use one.

Re:turn it off?

[DarwinSurvivor]

What part of "public" did you not read...?

Re:turn it off?

[DarwinSurvivor]

It's called an analogy. I'll leave to you to figure out what that is.

Re:turn it off?

[RaceProUK]

If you're on Firefox, check PDF Downloader. It can be set to prompt you to download every time a PDF is to be displayed in the plugin.

Re:turn it off?

[tibit]

IOW: Why use the terms correctly when you can redefine them and get upset when people call you on it. SIgh.

Re:turn it off?

[Crosshair84]

How does Tiny 7 handle folder sharing on a LAN? I'm running Tiny XP Rev09 on an old single core atom netbook with 2 gigs of ram and 8 gig SSD as a DVR security system and file sharing doesn't work, period. I want to have a remote system back up the recorded files every 60 seconds so if they steal the netbook from the garage I still have the photos it took. If I used Win7 I could use Readyboost to improve on the slow SSD it has.

Re:turn it off?

[cavebison]

Firefox has detected an old method of formulating humorous remarks. It is strongly recommended you update to the latest method.

Re:turn it off?

[hairyfeet]

It has a list on the desktop of everything they removed along with some .reg files that will let you turn back on anything you would prefer, and of course you can use add/remove Windows features if you'd like a little of the bling back.

I'll tell ya what, see my email in my UID? If you don't want to wipe the machine and try it yourself just give me a holler at that email address, I have an old 2.2GHz P4 that I'm gonna have to wipe anyway and it'll only take like 20 minutes to slap Tiny 7 on it and throw a few files on the thing and try out the folder sharing, then i can just email you the results and you'll know whether its right for you.

Like I said I gotta wipe that machine anyway so it really wouldn't be a biggie to slap it on the KVM here at the shop and run the test for you, just let me know if you want it run or not.

Re:turn it off?

[hairyfeet]

Well while I agree the best solution would be to simply buy a cheap kit and have something decent, we don't know his financial situation and maybe he is hurting, lot of folks are right now ya know.

That said you ought to see what you can get from Tiger if you get the email alerts, its just nuts. I got tired of putting my GF's old P4 back together and since she had 2 grandkids and a son in law with serious health issues (they just had to cut out half his right lung because of a broken major blood vessel, poor bastard) she couldn't afford to get her a new one so I kept an eye out for the sales, ended up getting her an Athlon triple with a 500gb HDD, 4Gb of RAM, DVD burner, and an HD5450 for just $189 after MIR, just crazy. My oldest boy's dual core was getting on in years but before i could spec out the parts he talked his grandpa into getting him one of the kits. For $350 he could a Phenom X6, 8Gb of RAM, DVD burner, 500Gb HDD, and a nice case to put it in, just swapped out his HD4850 and now he chews through LOTRO like it was nothing no matter how big the raiding party. And since I had to buy a new board to take the X6 I got last Xmas I decided the youngest would get my quad and board, the cost of getting the hard drive, case, and burner? less than $100.

So I agree if the guy has even a little money he can get a MUCH nicer system with Win 7, but the fact that he is still running a Win2K system makes me believe he simply hasn't got the cash. I mean you can buy one of those AMD E350 kits for $129, slam in a 300Gb HDD and 4Gb RAM stick and with a copy of Win 8 pro you'd be looking at less than $190 for a dual core with Radeon graphics, but if he is broke that $190 may as well be $190k.

So by working with the very real possibility that he is flat busted given the choice I'd say Win 7 Tiny would probably be the best bet. with XP it'll be dead in a year and a half, Win 7 is supported for another 7 years, and it'll run just fine on seriously old hardware.

Great, more prompts

If you know what the right thing to do is, just do it. If you don't know, don't bug the user about it. I get the calls when you show the unwashed masses around me yet another incomprehensible prompt about some thingamabob inside their computers that they didn't know was there in the first place. Make it work or shut up.

Re:Great, more prompts

[Cenan]

Spot on.

Re:Great, more prompts

[BZ]

You _want_ Firefox to uninstall or upgrade random other software on the computer without asking the user?

Most people don't want their software doing that sort of thing...

Re:Java?

[jarkus4]

Because they just turn java off on regular basis. Sometimes even when user explicitly tells them not to do this

Re:Who still uses silverlight?

[jarkus4]

Very large part of sites that want/need to stream DRMed video content.

Re:Who still uses silverlight?

Netflix instant watch uses silverlight.

Before

[Culture20]

It should prompt to update every day, regardless of whether they visit a site with flash/PDF/etc. That way the update gets applied before they "want to view content NOW". Otherwise they'll click cancel.

Re:Before

[pla]

It should prompt to update every day, regardless of whether they visit a site with flash/PDF/etc. That way the update gets applied before they "want to view content NOW". Otherwise they'll click cancel.

You realize, of course, that not all of us need or want to stay at the bleeding edge of every product we use?

Most people just want the same thing they used yesterday to work today. Most people get really, really annoyed when what worked yesterday starts nagging them to upgrade today (or worse, "Adobe Flash (malware) has been blocked for your protection" - Fuck you, Moz!).

Keep it up, guys... Google can't thank you enough for pushing us to use Chrome. And yes, I know that Chrome updates itself, but it doesn't change (aka "break") anything each time.

Re:Before

[Idbar]

Bonus points if they get it to show right on top of the annoying adobe update pop ups.

Re:Before

[Threni]

I think that updating Adobe's PDF reader every minute means you'll still be behind the curve. The amount of effort they put into updating that thing is amazing. My ability to read textual documents using it has come a long way in the last 5 years - there's just no comparison between reading pdf documents then and now.

Re:Before

[Culture20]

Then you won't be using The latest Firefox either so what's your beef? Also, why the heck would you want to use browser plugins that have targeted vulns?

Re:Before

[Billly+Gates]

Stop your whining. In a connected world things are never teh same as ysterday. Websites get updated, malware writters figure out new exploits, bug fixes come available. There is a common misbelief that a computer is like a car or refrigerator. Just never upgrade because if it aint broke do not fix it right?

It is not. Adobe updater will automatically install new updates silently if you installed it in the past 6 months. Chrome automatically updates itself and its flash version too if a hole is discovered. Even Windows Update will patch flash vulnerabilities.

Yes Mozilla needs to do this. After you update it will take care of itself and update automatically. Flash and PDF are dangerous and like Windows need constant updating on a biweekly basis. THis is just life in 2012

Re:Before

[pla]

Yes Mozilla needs to do this.

I don't have a problem with autoupdating (though I absolutely do think every piece of software should explicitly ask first).

I have a problem with non-manual updates that break things - Like Flash. Like older plugins. Like Fiddler. Like the size of my goddamned personal toolbar icons (lookin' at you, FF4!).

I have no problem whatsoever with semi-automatically repairing bugs, or even adding new features under the hood. I have a huge problem with breaking legacy support without my permission.


In a connected world things are never teh same as ysterday. [...snip...] There is a common misbelief that a computer is like a car or refrigerator. Just never upgrade because if it aint broke do not fix it right?

Another common (and erroneous) belief says that every computer everywhere must work online. Must fend off a never-ending onslaught of active attacks from outside. Must stay up-to-date at the expense of dropping legacy support, because who uses that old crap anymore?

I could give you a million and one counterexamples to that, but let me give you a common one many people likely use - A mostly-offline home media machine. I don't give a damn if it has 10 year old software riddled with security holes, I don't give a damn if it has up-to-date antivirus software, I don't give a damn if it has FireFox 3 and Flash 7 on it - It plays all my music, it plays all my movies, and I have it set up exactly the way I want to output correctly to my projector and sound system. It lives behind my firewall, and visits exactly two websites, IMDB and CDDB. It should remain functional, in its present state, until the actual hardware fails.

Oh, but look at that, Microsoft decided (yet again) to ignore my autoupdate preferences and reboot it last night; but never mind that I just lost my place in the movie I paused before bed, because today I get to waste two hours trying to convince it that yes, it still has S/PDIF out. Oh, and look at that, Firefox "forgot" (yet again) that I I don't want updates, and has blocked half my plugins. Woo-hoo!


Yes, the internet changes daily, and some software needs to reflect that. That doesn't mean we should ever, ever expect to just randomly lose functionality we had yesterday.

Re:Before

[mpicker0]

Meant to mod this "funny"... posting to undo bad mod.

Re:Before

[Billly+Gates]

Compatibility is a major problem. FF is updating its add on api so it wont break similar to Chromes. I have been fighting to update from Java 1.4.2 at a site I worked at as these users get infected over and over and over again. If I had admin rights I would disable java except in the intranet zone and the cost accountants only see cost savings from not upgrading. Not lost productivity of running outdated POS software. But I was a contractor so it was not my problem.

Yes we need to stop focusing on compatibility. I was just reading on www.arstechnica.com that SHA-1 will be cracked by 2016! This means TLS signed certificated required for IE 6 and I think IE 7 will all be compromised! These users stick with it because of the attitude if it aint broke don't fix it and it is a cost center so why upgrade bla bla bla. The economic costs are huge running outdated software and yes upgrading software is a requirement unless you are in a clean room environment like a bank with no internet access. You should not receive any messages on your media server. However if any family memeber goes on the net with it for couch surfing or you got to www.hulu.com then it is prudent to keep it upgrading. I worked in a computer shop so I have seen first hand what malware can do if people run ancient software and click ignore with updates.

The media server could get compromised with a virus that will spread all over your home network once inside and cause more headaches. If you really hate this do what I did and quit Firefox and use IE 9 and Chrome?

Re:Before

[BZ]

> but it doesn't change (aka "break") anything each
> time.

Except that it does, of course. It breaks websites all the time, for example, just like every other browser that makes any sort of change to its rendering engine.

Re:Before

[DamageLabs]

Unfortunately it does break. A lot.

Between pushing its touch UI changes to mice users, internal flash problems, memory leaks and general crash oh snap happy behavior, it has mostly become unusable for me. Still looking for a replacement..

Re:Java?

[AliasMarlowe]

I am wondering why the Java plugin is not on the list. Its security track has been bad for quite a while, and its on way more PCs tha silverlight

If they put really insecure shit like Java on the list, several shady revenue streams might be threatened. And when that happens, the lucky ones get an unexpected visit from Fingers and Lefty and their baseball bats. The unlucky ones die slowly after a few bullets from an untraceable weapon.

Re:Java?

[ChunderDownunder]

In this day and age a minority of the web actually requires applets. The option should be to 'whitelist' only particular websites.

[Aside: I have a public JRE installed on a windows box for work purposes. I may be vulnerable to rogue Java Web Start apps but there's a scary security warning each time I click on a JNLP link.

As for applets, I can sleep easy knowing there's no chance of infection. It's a 64bit JDK... All of the browsers from Mozilla, MS and Google are 32bit. So on my Windows machine no browser can load the 64 bit plugin!]

Re:Who still uses silverlight?

[ChunderDownunder]

Indeed, one of the major sporting competitions here in Australia uses a Silverlight plugin to load videos via a flash plugin.

On my Linux box I have Chrome setup with Moonlight for that particular website. I use Chromium sans flash for regular HTML5 video browsing. (Firefox is a bit heavy for a P4).

Workaround

[200_success]

To bypass this nagging, just continue to use an old release of Firefox.

Re:Workaround

[pongo000]

To bypass this nagging, just continue to use an old release of Firefox.

I use 3.5.7 (for various reasons, including better support for some protocols), and trust me, the nag dialog is there too. Got one yesterday before I read the /. article, was like "wtf?"...

Re:Workaround

[Billly+Gates]

I hope you have a good security package and enjoy your +50 security holes!

Re:Who still uses silverlight?

[cyber-vandal]

Netflix, Lovefilm and Sky TV all use it here in the UK because no-one's broken the DRM yet.

Mozilla targetting wrong people

[Wowsers]

As a Linux user, Mozilla should be targetting Adobe not me. For example, Adobe released a not working version of their flash player, it changes the colours of video on places like Youtube if you have hardware acelleration enabled. To get proper colours you have to disable hardware accelleration, which has a massive impact on system performance, even on a dual core machine.

To add to the problem, Adobe said they will no longer be working on Flash for Linux (at least the 64 bit version). So they released a known buggy version, and refuse to revert to previous version that worked.

Me updating is not the problem, it's companies like Adobe that need to be targetted.

Re:Mozilla targetting wrong people

This will only affect Windows users

Re:I'm running Windows 2000

[El+Lobo]

If you are still running W2000, then Flash, Acrobat, etc are the least of your concerns.

Re:Java?

The Java plugin already was on that list. They already warn for old versions of Java when the plugin is used.

Make sense

[aliquis]

Considering the Linux flash player won't be upgraded any more ;)

Also as I remember it Firefox totally refused to use my plugin earlier claiming it was old with no way to turn it on so I don't see what's new really. Unless that message was a bug.

Fine! Make me update silver light

[Holammer]

I'll just disable it again.

Great

[AndyKron]

Great. More endless updates. What a nightmare

config:

[sponse]

As far as you can disable this behavior using "config:" protocol, I don't care. Is just something else to add to the list.

Business model: Annoy your users

[ReallyEvilCanine]

Pissing me off after forcing an update onto me that WILL NOT install but which retries that install EVERY FUCKING TIME I start each and every Mozilla program; an "update" which can't be removed without a full uninstall and which requires a confirmation in the focus-stealing pop-up after each time it fails.

Then there's Chrome constantly bugging me to log in and give other details so I can be tracked as if I was the star of The Running Man.

Why hello, Opera. How've you been?

Re:Business model: Annoy your users

[game+kid]

While I sympathize with anyone who's trying not to get tracked in an internet that's become saturated with ways to be tracked, this May story seems relevant. I have a feeling that any such deal fell through after so much time, but you might want to remain vigilant, report misplaced baggage, buy American, et cetera.

(I had to undo 2 up mods to reply here; my apologies to those who lost the points.)

Re:I'm running Windows 2000

[KiloByte]

What's exactly the problem with Win2K (outside of being Windows) if you're not directly facing a hostile network and are not suicidal to use Microsoft's client software (IE, Outlook, etc)?

Mozilla to BUG Firefox?

[foma84]

I find the title of TFS very, very low standard.
It's so prone to misinterpretation, it took me quite some time to get it, despite I've alredy seen the message in my browser.

Mod this up to make it a pledge to mods for quality's sake.

Thank you.

Disable

[markdavis]

I have no problem with Mozilla doing this as long as the user (or admin) can disable it through about:config.

Re:Disable

[fustakrakich]

Don't hold out on us! Where do you disable it? I'm trying now. So far no joy...

Re:Disable

[Skuld-Chan]

Search for "blocklist"...

Re:i HATE this strategy

[meustrus]

This is the most important point. I don't feel safe updating Adobe Reader on Mac because it pops up saying "Please let me have admin access to update/install something." And then I have to go to Adobe's actual web site and clog my computer with the installer every time so Adobe will stop bugging me. I think most of us appreciate that security holes get fixed and updates get pushed out (in fact many of us would like it to happen more) but the updates really should be distinguishable from random malware pop-ups.

Pale Moon?

[C0L0PH0N]

Pale Moon ( http://www.palemoon.org/ ) is a long-standing fork of Firefox produced by Moonchild Productions, which is distinguished by being optimized for efficiency and speed in 64 bit Vista and Windows 7. There are 32 bit versions as well. Firefox does not provide a 64 bit version at this time. If you've never heard of Pale Moon, check it out. It is now my main browser of choice. Here is a review: http://www.softwarecrew.com/2012/08/pale-moon-15-building-a-better-browser/.

Perhaps this browser will give you your "Firefox" experience without the upgrade "bugging" that Mozilla is introducing.

Re:Pale Moon?

[Waccoon]

I tried PaleMoon, and alas is has all of the pausing and memory consumption problems of Firefox. With those issues still intact, 64-bit optimizations and other performance tweaks are meaningless.

Please, Mozilla, stop yelling at the plug-ins and fix the damn browser core, already!

Disabling this bullshit

[fustakrakich]

It seems to be a real problem that nobody has answered yet. I've changed some settings in about:config, and damned if they don't change back to their defaults when I restart the browser. Since Google has been no help, I'm counting on Slashdot for some help here. Don't let me down.

Re:Disabling this bullshit

[UziBeatle]

http://forums.mozillazine.org/viewtopic.php?f=38&t=491557

http://kb.mozillazine.org/Preferences_not_saved#User.js_file_locks_certain_preferences

  Maybe that is it. Google was used.
about:config settings not saved

Re:Who still uses silverlight?

[sourcerror]

> uses a Silverlight plugin to load videos via a flash plugin

What is the Flash plugin for in this scenario?

Two questions...

[WD]

1) Why are you using the Adobe Reader web browser plug-in? Downloading and opening PDFs is much safer.

2) Why are you using a version of Adobe Reader that has known security vulnerabilities? If Reader doesn't do what you want, there are alternatives.

Keeping software up to date is important for staying safe. But perhaps this is not a concern for you.

Re:Two questions...

[fustakrakich]

Instead of a lecture, do you have an answer to the question that was originally posted? All we are getting is BS and no solution as to how to disable the damn thing.

Re:Two questions...

[Billly+Gates]

I use Foxit and Google Docs. No security issues. ... I also highly doubt any payroll processing service would require 10 year old insecure versions of pdf. I would tell him to call them and say WTF do you support later releases? My guess is they do ... on XP and later.

Re:Two questions...

[DarwinSurvivor]

The way I see it there are 3 possible scenerios here, none of which warrant an answer to that question.

1) OP is to lazy to update his software, so we told him to update his software. (most likely).
2) OP uses an Intranet system that requires old versions, in which case he should let IT deal with it and stop fucking up corporate computers.
3) OP is the IT from scenerio 2 and should be fired for not knowing how to do his job/her.

Re:Two questions...

[Man+On+Pink+Corner]

4) Mozilla's obsolete-plugin detector works about as well as most of their stuff does these days, which is to say it doesn't.

That stupid banner still doesn't go away on my system even after I install the latest Acrobat Reader plugin. It still claims "Some plugins used by this page are out of date" anytime I open a .PDF.

And no, nobody wants to hear some geek lecture them about it being a bad idea to open .PDFs in the browser. That ship has sailed.

Re:Two questions...

[mark-t]

Speaking for myself here...

1) don't.... I will usually use google document viewer if I'm wanting to read a pdf online.

2) Because adobe hasn't made a version of Reader for Linux since 9.5 (although they've *never* made a 64 bit version for Linux. [grumble, grumble, grumble])

And no... to the best of my knowledge, there aren't equivalently functional alternatives. Name another one that supports pdf layers.

Re:Two questions...

[DarwinSurvivor]

I must have missed that sailing because i have NEVER used a single site that required pdf's to be viewed by a plugin instead of an external application like they should be.

Also, since you are probably running windows, have you tried turning it off and on again?

catering to the tards

[Cyko_01]

They are trying get everyone to upgrade because the number 1 issue they have had on the tracker for months is related to people using old versions of flash and it reflects negatively on peoples view of the browser

Ugh

[tehlinux]

I have enough trouble getting adobe to stop bugging me!

Flash's own updater royally sucks

[Dwedit]

Flash Player's own updater never seems to appear until I reboot the computer, which is quite a rare event for me (sleep mode works fine, no need for shutting down). This is a bad design.
It took me a while to figure out what triggers the Flash Player updater to appear: It's in the Scheduled Tasks area. It runs daily at about 12:30PM, and It's set to stop trying to update 72 hours after it starts. So if you rarely reboot your computer, you don't get Flash Player updates.

Re:Who still uses silverlight?

That is an odd thing to say considering Silverlight was released in 2007.

Re:I'm running Windows 2000

[Zaphod-AVA]

The methods the malware industry commonly use. If you can't run the patched version of Flash, you can visit a legitimate website and get attacked by an infected advertising server. Easily.

None of this should be needed.

[Zaphod-AVA]

None of this should be needed.

Microsoft should just allow third party critical updates through Windows Update. Flash, Reader, and Java flaws account for most of the malware installs, and most users are bad at keeping these things up to date. Running a stack of update utilities is irritating to advanced users and confusing to novice users. All this does is make the malware industry happy.

Netbooks?

[deimios666]

As a netbook (E350) owner I am forced to run an older version (11.2) of flash or else 720p content isn't played back smoothly.
Adobe borked something in 11.3+ versions of Flash that makes HD youtube videos unbearably choppy.

Life is short.

[hoboroadie]

When sites say I "need" Java or Flash, I just click the little x on the upper right corner of the screen. More time for real life.

More Bloat and We Stll Can't Remove Plugins?!

[BrendaEM]

It is totally baffling why the user can't take out plugins; it's even more baffling on Windows that any company just can add a plugin to your browser. Not Secure!

Re:I'm running Windows 2000

[Billly+Gates]

Only people in strict locked down environments do not connect to the internet. Besides Windows 2000 was atrocious in terms of security! It was one of the most insecure operating systems ever released. Even XP has some better protection

Re:I'm running Windows 2000

[KiloByte]

What "protection" do you have in mind? Because for client programs I see no difference. You might be hit by a bug in the TCP/IP stack or in the stub DNS resolver, but I don't recall any serious ones there. So Windows 2K is only exactly as atrocious as Windows 7 or 8 is (there's that UAC snake oil, but it's really only mitigation of further damage after you already lose). In reality, save for low-level networking, security is all about actual network-facing programs, and if you keep them secure, you should be reasonably safe. (Ok, Windows outside a locked down VM, but I digress...).

Of course, you can't possibly have anything from Adobe secure, but that's what Flashblock is for: you enable Flash only for known-good pages.

Re:Who still uses silverlight?

[ChunderDownunder]

Well either the silverlight plugin was displaying a fancy gui just to load the videos and do the actual playback in flash OR

Moonlight might have been offloading the playback.

They should permit opt out for old OS

[Gim+Tom]

I have an old box still running Windows 2000 pro and it got the nag from Mozilla today. The problem is due to the change in the windows installer DLL I can't upgrade those plugins they are nagging about. And I will not give up this as my window to windows since even with Wine there are some things I need it for.

What to replace Photoshop or Illustrator?

[tepples]

What do you recommend for a professional graphic designer to use instead of Adobe products such as Photoshop or Illustrator? Unlike free software, these support Pantone colors for printing.

Re:What to replace Photoshop or Illustrator?

[hoboroadie]

A professional can afford an IT staff to protect and maintain the software. I don't have time, and in my personal situation I didn't want all the superfluous extra crapware and opening up access to my system that the freeware wanted. If you want to use their professional ware, which I hear is swell stuff, maybe just protect it from the outside world, or stay offline. As far as I know that ware isn't a problem, it's the browser plug-ins that go out looking for trouble. I'm not interested enough in the internet's dancing baby features to bother with it.

Re:What to replace Photoshop or Illustrator?

[RaceProUK]

And flash is near death anyway.

Flash has ~95% penetration. Saying it's dead is like saying the Empire State Building is three feet tall.

Re:What to replace Photoshop or Illustrator?

[RaceProUK]

This is how they get their data.

And I'd rather go by the stats of 28,000,000 unique visitors than 250,000 thousand.

Version lag; DRM

[tepples]

What's with all the nerd rage over Silverlight?

Two things: First, Moonlight has historically been exactly one version behind Microsoft's implementation, making it useful for displaying messages to the effect "You are using an outdated version of Silverlight. Please update Silverlight at Microsoft.com and then display this page again." Second, Microsoft encourages Silverlight video providers to require Windows Media digital restrictions management but makes no provision for Moonlight to implement DRM.

Without buying something

[tepples]

It is strongly recommended that you upgrade Windows to the latest version.

I'm not aware of a way to do so without buying something.

Re:Without buying something

[u64]

That's fixed by updating to a more helpful message:

It is strongly recommended that you upgrade to something other than Windows.

Plenty of damage without admin privileges

[tepples]

XP is still one of the largest targets for malware there is thanks to its brain dead "hey let's all run as admin!" design

Malware can do plenty of damage without administrative privileges. It can infect all executables that are installed in your user account in "Install just for me" mode. It can destroy or disclose the documents in your user account. It can use your computer's network connection to serve spam or child pornography.

Re:Plenty of damage without admin privileges

[hairyfeet]

Uhhh...I never said malware HAD to have admin rights, i simply said its a braindead design that makes it frankly script kiddie easy to hack a system where everything is running with the second highest privilege, the first being system of course.

That's why I always laugh at those that say "Linux can't get viruses because you never run as root!" because modern malware simply doesn't NEED root to infect a system, look at the KDE look bug, or the infected Quake 3 that was in the repos for a year and a half, as long as they have basic permissions they can still wipe a user's files, send spam, there is a hell of a lot of damage they can do without root. After all nobody is running their Android phones as root but the marketplace has had more bugs than a roach motel in a trailer park.

Applications that phone home

[tepples]

Another common (and erroneous) belief says that every computer everywhere must work online.

This is the consequence of applications that phone home to validate the subscription to the application.

A mostly-offline home media machine. I don't give a damn if it has 10 year old software riddled with security holes, I don't give a damn if it has up-to-date antivirus software, I don't give a damn if it has FireFox 3 and Flash 7 on it - It plays all my music, it plays all my movies

But how do you add music and movies to it? Doesn't the movie playing application have to phone home to download the movies or at least to validate your subscription to movies? If not, what am I missing?

Re:Applications that phone home

[pla]

But how do you add music and movies to it? Doesn't the movie playing application have to phone home to download the movies or at least to validate your subscription to movies? If not, what am I missing?

Hmm? I think I missed your joke, there.

I either rip right to that machine, locally, from physical media; or I buy content from my "real" desktop machine and copy it over (stripping out any protection first, if necessary).

Not sure what you mean by the player phoning home, though... Do most of them do that? I primarily use VLC, MediaPlayer Classic, and Fubar2000, of which I think VLC has an option to check for updates, but doesn't force it on the user.

Re:Applications that phone home

[tepples]

I buy content from my "real" desktop machine and copy it over (stripping out any protection first, if necessary).

Do you buy movies that you plan to watch only once instead of renting them?

Not sure what you mean by the player phoning home, though

Players supporting movies that use protection phone home to verify licenses to play movies.

Re:Applications that phone home

[pla]

Do you buy movies that you plan to watch only once instead of renting them?

Depends on the price, honestly - If I can buy it for $2, sure, I'll buy it rather than rent it. Case in point, about three months ago Best Buy had a borderline-unbelievable sale on complete seasons of assorted "prime-time" cartoons (like Family Guy). Those have little repeat-watching value, but for $10 a season (and in a few cases, $10 for the entire run of 2-4 seasons), I picked up one of everything they had left in stock.

Normally, I'd just add them to my NetFlix queue (and before you ask, no, I have zero interest in streaming NetFlix), watch once, and delete. But for a low enough price, what the hell, might as well have a copy to keep.


Players supporting movies that use protection phone home to verify licenses to play movies.

I guess I've never encountered any "licensed" content (though let's not drift onto the topic of whether we "buy" or "license" physical media). If I can't use it in a DRM-free form on whatever player I want, I simply don't buy/rent/lease/license/watch it.

So far, that hasn't stopped me from watching anything I wanted, so I don't really know where it applies. But if/when I encounter it, I will certainly vote with my wallet and watch something else instead.

Flash needed to prepare to go outside

[tepples]

When sites say I "need" Java or Flash, I just click the little x on the upper right corner of the screen. More time for real life.

Unless the web site that uses Java or Flash is one of the web sites that helps you prepare "for real life". For example, the (U.S.) National Weather Service used to use Java to cycle images in its radar loops; now it uses Flash. I use the radar loop to see whether I can squeeze in outdoor activity before or after the rain hits.

Re:Flash needed to prepare to go outside

[hoboroadie]

I admit I throw a lot of good out with the bad. Most of the USDA sites and stuff I prefer happen to be pretty static. I did enough formatting and reinstalling back when my son was discovering internet porn to last a lifetime, and just got tired of it.

Blue people

[tepples]

No more blue people on YouTube.

What, did they file a DMCA takedown for Avatar again?

Re:I'm running Windows 2000

[petermgreen]

I disagree.

The TCP/IP stack and other OS libraries not getting security updates is certainly a concern. However IMO for a machine behind an "outgoing connections only" firewall/NAT and running client software that makes little use of OS facilities (for example firefox uses it's own SSL library, not the windows one) it is a relatively minor concern. Lack of security updates to client apps that deal with untrused data is a FAR bigger concern IMO.

Windows-exclusive applications

[tepples]

It is strongly recommended that you upgrade to something other than Windows.

And run still-needed, Windows-exclusive, Wine-incompatible applications in what?

That site says 5 out of 6 Safari users have Flash

[tepples]

I would take any statistics from that site with a grain of salt. I chose to drill down to Safari only, and it said 83.71% supported Flash in July 2012. Are there really five times as many users of Safari for Mac OS X and Windows as there are iPhone, iPod touch, and iPad users?

Re:That site says 5 out of 6 Safari users have Fla

[RaceProUK]

Looking at the filter choices, that site doesn't include mobile browsers. Yet it includes AIX.

Still, for ballpark figures, it's useful.

easy fix for this problem

[RobertLTux]

http://ninite.com/.net-air-flash-flashie-java-shockwave-silverlight/

no mess no fuss just run and hit NEXT

Re:easy fix for this problem

[lpq]

about:config
->plugins.update.url => about:blank
---
Problem solved.

Re:They'll SOON start?

[lpq]

Yep... same here...
and it won't go away...
(course I haven't looked into about:config yet...

But having the source for most of their automated stuff in javascript
in C:\program files\mozilla firefox\chrome\... is handy..

especially if you unpack it first and keep it unpacked...
First thing you can take out their "hidden settings" hider --

#!/bin/bash -ue
set -x
for i in *.jar; do
    d=${i%.jar}
    (cd "$d"; unzip -o "../$i" >/dev/null )&
done
 
for i in *.manifest;do
    perl -pi'.orig' -e 's/jar:(.*)\.jar!/$1/;' "$i"
done
wait
fn=toolkit/content/global/config.js
if [[ ! -e $fn ]]; then
    echo "Error - config.js is not in expected location\n"
    readarray -at cfglogs < <(find . -name config.js)
    str='^\s+if.*^capability.*prefName.*'
    declare -i cnt=0
    if [[ ${#cfglogs[*]} -lt 1 ]] ; then
        echo "and have no good guess as to where it might be\n"
    else
        for fn in "${cfglogs[@]}"; do
            if grep "$str" $fn ; then
                echo "looks like it is in $fn"
                cnt++
            fi
        done
    fi
    if ((cnt!=1)) ; then
        echo "File has been split or renamed, halting;"
        exit 1
    fi
fi
declare -i count=0
echo "Proceeding to act on file \"$fn\""
perl -pi'.orig' -we '
my $count=0;
while (<>) {
    if (m{^\s+if[^c]+capability[^p]+prefName.*$}) {
        my $x=<>;
        if ($x =~ m{.*(?:return|continue);\s*$}) {
            ++$count;
            next;
        }
    }
  print;
}
exit $count;' "$fn"|| count=$?
 
if (($count!=2)); then echo "Warning, count was $count, not 2 as expected"
else echo "Made 2, expected substitutions"
fi
 
# vim: ts=2 sw=2

The whole thing is far more tractable when you unpack it...