I refuse to pay for a Vista license, plain and simple. That includes paying for a Vista license plus some extra fee to allow me to upgrade to either XP or Windows 7.
That's not how it works.
Go look at business class machines from Dell.com right now.
The price for Vista Business and Vista Busines w/ XP Pro Downgrade are the same.
Still, it would be nice if Firefox would protect its users from non-authorized extensions, warning of what was installed, and providing a easy way to uninstall/disable it.
There is no such a thing as a non-authorized extension. The very concept doesnt even make sense. If you have the rights to install a machine wide plugin to FF then either your machine is busted, or its authorized.
On your second item, FF does PRECISELY that. The next time after this install that you started FF, it popped up a window that said this plugin was installed. You either explicitly turned off this behavior or you didnt read it and just clicked ok.
Lastly, FF does provide a trivial way to disable it. You click the disable button.
You're barking up the wrong tree here man.
ClickOnce is not ActiveX. Not even remotely or anything like it.
Nothing downloaded via ClickOnce is 'installed'. It's a per-user thing and it runs in a sandbox.
The
They added this to FF because of huge, massive, user demand for it. Lots of corporate apps are done in
Similarly, lots of companies dont use IE, so if they want ClickOnce to work through FF, they want an official build.
These really aren't the droids you're looking for.
Funny is, the real thing they stole the feature (Sun Java) does it very happily without having anything installed to "extensions" or "plugins". Java Webstart. Of course, it is ages ahead of the copier too.
Dont you just love it when people get self-righteous about something that they're dead wrong about?
The reality is that the JRE DOES use a plugin.
In fact, if you took 8 seconds to look in the plugins of your FF, you'd see that Java did install one (or probably more) plugins to work within FF.
There is something called "file types" on all operating systems down to Symbian on handhelds. You register filetype with helper app and expect browser to pick it from that database. It works on my Symbian S60 128MB RAM having handset
No, it doesnt. What you're describing is how the OS Shell handles what applications to launch with what file types.
Having browsers very explicitly NOT do that was a major step forward in security, done many many years ago.
You might have the best and most useful addon in the world, but if you install it on other peoples' computers in an underhanded or less-than-honest way, you're going to cause problems.
You're overblowing this by a couple of orders of magnitude.
Some points to keep in mind, for this to have happened to you:
1. You already made a conscious choice to install that version of
2. That version of
3. You made a choice to install the update, or you allow auto updates.
4. The first time you restarted firefox after this, you had to ignore the popup that tells you that this new plugin was installed. And you had to choose NOT to disable it (which works just fine, only 'uninstall' was blocked).
This was a very minor thing. Most people that installed
It wasnt a silent install, it didnt use any nefarious techniques, it didnt bypass FF's plugin mechanism (despite the general ignorance of
The only arguable thing here is that they should have shipped it as a standalone patch. This is arguable, but fairly minor.
And its only arguable by people who also chose to uninstall/disable Flash, JRE, and PDF plugins as well, as those are all full of holes and have a long history of security issues. The
OTOH, the
No, its not.
It's a security update to
It's also been out for like a year.
It's also (ClickOnce support in FF) something that there is HUGE demand for, and has been for years.
You know, I'd expect someone with that low of a UID would have a better understanding of how computers work.
More to the point, why are plugins being installed into program files to begin with? There's the All Users folder for shared data, or the users profile path for user specific data.
This is really simple stuff. Machine wide software is installed centrally, some would even say, 'machine-wide'. In which case Firefox doesnt have the ability or desire to uninstall 3rd party software from the machine, and most folks wont have the privs anyway since that requires admin elevation.
However, there is a per-user Enable/Disable setting. So you cant uninstall
Note that this is exactly how the JRE, Flash, PDF, etc all work. If this is news to you, then you havent been paying attention for the past 10 years.
Only plugins that were installed per-user can be installed/uninstalled by FF.
See FF has two kinds of plugins. Per-user and per-machine.
Does that help?
Well, a solution would allow people to tell the difference between what was subvertedly installed, and intended to be kept that way, and what was installed without the standard process, but wasn't intended to be hidden.
Good Lord, the ignorance on slashdot about how computers work is alarming.
This plugin WAS installed in the normal way. Just like Flash and the JRE was installed in the normal way to FireFox.
There are two ways to install plugins on firefox. Machine-wide and user-specific. This was done machine-wide.
Your statements do not in any way reflect reality. You're expecting XP, which was designed and release in 2001, to behave the same way your other modern OS's do.
That being said, running as non-admin DOES work quite well in XP, and even in Windows 2000. I've been doing it at every company or IT shop I manage since about 2002. It works great as long as there is an IT dept to work out the few misbehaving apps.
It doesnt work for home users, maybe thats what you're talking about?
You use RunAs, and more latterly, MakeMeAdmin. Works like a charm.
For the few apps that misbehave, you either make the vendor fix the damn software, or you make minor registry and file acl tweaks to make the software work. It's really not a big deal.
Are you trying to be clever and not-so-subtly imply that the
I think you should do some research, or at least get slightly informed.
Nearly all of the people complaining about this will have the JRE, Flash, and likely PDF installed as plugins. All of which are swiss-cheese as far as security holes, compared to
If people wanted to restrict their plugins to reduce security vulnerabilities, then they should have started complaining about this many, many years ago with the JRE and flash.
If the IT guy is using removal techniques that are sensitive to quantity and/or location, then he/she is a bad IT guy, and your company needs to find someone better.
It's part of the way Microsoft interfaces the internet with the operating system.
This statement makes no sense. I dont think you know what
Why would Firefox want to support ClickOnce? It's a Microsoft product after all, most likely patented or patent pending, and more hassle to deal with than it's worth.
Why would Firefox want to support Adobe? Or Java? Who asked them to? Your statements lack logic and make little sense. No one asked the FireFox non profit US corporation to be involved with this in any way.
The Mozilla Foundation has a set method of submitting Firefox addons for a reason. Microsoft bypassing the process and willy-nilly installing something in Firefox as a 'favor' does not make friends in the Mozilla camp, especially when the app installed makes things more insecure for Firefox in the process. Firefox and Mozilla Foundation are all about choice. Where's the choice here?
This also makes no sense. FireFox doesnt have an 'approval system' for addons/plugins as you seem to suggest.
And MS doesnt write
First you need to know it's there. Next, you need to know how to deal with the Registry.
Or just install the latest updates, which fix the uninstall problem. Or disable the addon. No need to modify the registry.
Well, they installed changes to another companies application without asking the user first
Are you purposely trying to mislead people, or are you just posting about something which you know little about?
Installing a plugin to a piece of software that explicitly supports plugins from 3rd parties in NO WAY qualifies as 'installed changes to another companies application". The JRE, Flash, and PDF plugins all do this.
these changes, while more convient, open up security holes (the down side of 'just work' technologies) that many people go to firefox specifically to get away from
Not really. As far as plugins like this go (JRE,Flash, PDF, etc), the
and then they make it difficult to uninstall
This was a mistake, but also an easy mistake to make given how the Firefox plugin mechanism works when installing system wide software.
Big deal or not I could see why people would be pissed, esp network admins that do not want this kind of functionality on their network.
Again, you're either being disingenuous or ignorant. Network admins run WSUS or some other patch management tool, and make an explicit choice of what software patches to run. And the vast majority of them want/need
Ignore the idiot AC who responded to you. Password storage has nothing to do with Kerberos. The two things are related, but orthogonal.
Windows still uses NTLM without a salt in the current versions.
There is a way to encrypt the SAM with a symmetric cipher, which requires that a floppy or USB key must be physically present for the SAM to be accessed. It's not widely used.
Here here.
Anyone who says that recovering passwords is never necessary, since you can just change them, obviously has never done much work in this field.
Function reject.
