Mozilla rages at MS, Apple and Google's 'trojan horse' tactics
Shove your plug-ins where the sun don't shine
A well-respected Mozilla man has attacked Apple, Google and Microsoft for installing plug-ins without first asking for a web surfer’s permission.
Open web advocate Asa Dotzler, who co-founded the Spread Firefox project for the open source browser outfit in 2004, slammed the three tech titans for making sneaky installs of plug-ins into the popular surfing tool.
He complained that Microsoft, Google and Apple were all guilty of adding stealth plug-ins to Firefox when he installed various bits of their software.
“When I installed iTunes, in order to manage my music collection and sync to my iPod, why did Apple think it was OK to add the iTunes Application Detector plug-in to my Firefox web browser without asking me?” he pondered on his blog yesterday.
“Why did Microsoft think it was OK to sneak their Windows Live Photo Gallery or Office Live Plug-in for Firefox into my browser (presumably) when I installed Microsoft Office? What makes Google think it's reasonable behavior for them to slip a Google Update plug-in into Firefox when I installed Google Earth or Google Chrome (not sure which one caused this) without asking me first?”
Dotzler then likened the behaviour of those vendors to setting off unauthorised malware on his computer.
“This is not OK behaviour… These additional pieces of software installed without my consent may not be malicious but the means by which they were installed was sneaky, underhanded, and wrong.”
The Mozilla man, who is the organisation's director of community development, also pinpointed new browser kid-on-the-block RockMelt as a stealth plug-in offender.
“Microsoft, stop being evil. Apple, stop being evil. Google, stop being evil. And you upstarts like RockMelt, don't follow in those evil footsteps. It's not worth it,” he said before signing off with: “It's really simple. ASK first!”
Nearly a year ago Dotzler encouraged Firefox users to switch their search engine from Google to Microsoft Bing in the wake of Eric Schmidt's now infamous words on net privacy. ®
The clue is in the checkbox
When Firefox starts it asks you if you want to make it the default browser. If you never want to be asked again, just check the "don't ask me again" message and click No. Easy.
It's not hard to do
Welcome to iPrunes!
This will install iPrunes and these selected features. You can run this again to add/remove these features at a later date, or simply uninstall them from the related applciation
[*] iPrunes (required)
[ ] Windows Explorer/Nautilus/Finder integration (allows media to be opened in iPrunes)
[ ] Firefox plug-in (allows media to be opened in iPrunes)
[ ] Internet Exloder add-on (allows media to be opened in iPrunes)
A question for every single DLL? No. For the atomic add-ons that affect other applications, yes. And, of course, those applications should verify the addition with the user before letting them run.
I give up - and I thought people on this site were technical!
OK, to all the morons who think that Firefox (or any other application on your pc for that matter) is at fault for allowing another application to install a plug-in to itself, consider the following:
* This is NOT a drive-by download of a plug-in - it is installed by a software installer.
* Software installers get elevated privileges - for those of you running as users day-to-day, when you try to run one of these installers you get a notice requesting that you give it effectively admin rights (for those running as admin routinely, please go virus-scan your computer now).
* Once an installer gets admin privileges IT CAN DO WHATEVER IT LIKES TO YOUR SYSTEM AND ANY OTHER PROGRAM ON IT. It can wipe the hard-drive completely clean if it feels like. It can change all your clipart to Goatse. It can search your hard drive for anything that looks like a credit card number and mail it to an address in Lagos. It can do whatever it is programmed to do, with very little stopping it at the Windows OS level
* Now, for a piece of software that has just started up, how does it know that a plug-in has been installed sneakily by another app acting as admin, rather than the user choosing to install it? Really, how? Short of having to solve captchas for each add-in (and you can imagine the howls of complaints from users about the user-unfriendliness of that!), how can an application know whether a plug-in has been installed by user, or another application WITH FULL ADMIN RIGHTS installing the plug-in? (Remember, admin can do any action that a user can.)
So please remember - this is not a trivial problem that an open-source team should be able to knock out an answer in 30 lines of code. It is a pretty hefty security problem - and should an application be trying to secure itself from the operating system it is running on?