Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Apple, Microsoft, Google Attacked For Evil Plugins

CmdrTaco posted more than 3 years ago | from the also-wear-more-hats dept.

Firefox 293

nk497 writes "A Mozilla exec has attacked Apple, Microsoft and Google for installing plugins without users' permission. 'Why do Microsoft, Google, Apple, and others think that it is an OK practice to add plug-ins to Firefox when I'm installing their software packages?' Asa Dotzler asks. 'That is precisely how a Trojan horse operates... These additional pieces of software installed without my consent may not be malicious but the means by which they were installed was sneaky, underhanded, and wrong.' He called on them to 'stop being evil.'"

cancel ×

293 comments

Yes (5, Insightful)

metrix007 (200091) | more than 3 years ago | (#34375078)

Yes...I should not have to check addons to firefox to make sure nothing dodgy has been installed. Of course, this behaviour will continue as long as it is technically possible, so why doesn't Mozilla simply make it impossible? Only allow installing addons through firefox, with explicit prompts.

Re:Yes (1, Informative)

Anonymous Coward | more than 3 years ago | (#34375132)

Yeah, this shouldn't be too hard. My understanding is that there's a directory that Firefox explicitly reads to load extensions. To "install" an extension, all you need to do is dump an extension in there, and it's "installed."

But you can disable extensions that have been installed and prevent them from being loaded.

So all you have to do is swap that blacklist for a whitelist. Problem solved.

Why is this a problem?

Re:Yes (3, Informative)

drachenstern (160456) | more than 3 years ago | (#34375274)

Because not all extensions can be "disabled" from the UI. Then there's others, like Java, which don't remove old versions... go figure.

Re:Yes (1)

hey (83763) | more than 3 years ago | (#34375440)

Java's behavior is weird and annoying. I can only guess that they keep old versions just in case some website request it. But that seems unlikely. Hopefully they only keep they last, N, version of Java on your box and eventually start deleting.

Re:Yes (1, Interesting)

Anonymous Coward | more than 3 years ago | (#34375726)

I can only guess that they keep old versions just in case some website request it.

Java updates are largely security-related. Allowing any website to request the old, vulnerable version would be beyond stupid. We'd actually need to invent a new word to convey the stupidity of it.

Re:Yes (4, Funny)

David_W (35680) | more than 3 years ago | (#34375966)

We'd actually need to invent a new word to convey the stupidity of it.

"Java-esque"?

Re:Yes (2, Informative)

140Mandak262Jamuna (970587) | more than 3 years ago | (#34375358)

These dumped extensions can be disabled and uninstalled only from a root account. If you are using a lower privilege account for day to day ops, the uninstall button is grayed out. These extensions are assumed to be installed for "all users" and one low privileged user would/should not be able to take them out. It is a pain to log out, and log in as superuser just to disable one extension that some corporate creep decides to shove on my machine.

Re:Yes (3, Insightful)

Corporate Troll (537873) | more than 3 years ago | (#34375916)

True, but keep in mind that only a privileged user would be able to install anything that has such a payload. So... Not a problem.

Re:Yes (1)

swillden (191260) | more than 3 years ago | (#34375394)

So all you have to do is swap that blacklist for a whitelist. Problem solved.

Unless the installer automatically adds the plugin to the whitelist.

You also need to find a way to secure the whitelist against alteration by anything other than the browser.

Re:Yes (0)

Anonymous Coward | more than 3 years ago | (#34375498)

Mozilla is open source, the format of these plug-in config files is well known. Any program can write in there if it has the correct permissions, unless if there is some hard encryption scheme on the config files.

Re:Yes (1)

wierd_w (1375923) | more than 3 years ago | (#34375634)

Encryption might not be necessary, as long as some other form of authentication security is implemented. EG, filesystem (and on windows, registry) security ACLs.

Similarly to how you can't change /fstab without being root.

The format of fstab is well documented, but changing it without permission is still hard-- etc.

Re:Yes (1)

cinderellamanson (1850702) | more than 3 years ago | (#34375168)

They won't do that, because the toolbar is a programmable feature so functionality can be tacked on to the browser for in-house development.

Re:Yes (4, Insightful)

Krneki (1192201) | more than 3 years ago | (#34375302)

Exactly, lock the plug-ins with a password. This is something I'm waiting since a long time ago.

It's my browser and I don't like changes being made without my explicit confirmation.

Re:Yes (3, Insightful)

QuoteMstr (55051) | more than 3 years ago | (#34375762)

This approach is doomed.

The browser has to somewhere remember that a user approved an extension. It does this by writing state to disk. A malicious extension installer can simply modify this saved state to make the browser think the user installed and approved the payload. The same goes for a startup message advertising extensions that have been installed since the last browser run.

You can't win this fight without OS involvement. The correct solution is application-level sandboxing, which quite a few people are working on.

And (4, Insightful)

ISoldat53 (977164) | more than 3 years ago | (#34375414)

Make it easier to remove them.

Re:Yes (3, Insightful)

mellon (7048) | more than 3 years ago | (#34375452)

You are right in principle, but not in practice. The problem is that the security model for software package installations allows for privilege escalation in an unconstrained (not chrooted) environment. This means that the installer can do whatever it wants to Mozilla, and there's nothing Mozilla can do to stop it.

The solution to this problem is to use a different installation model and a different security model. Two examples are Bitfrost [laptop.org] and iOS [wikipedia.org] . Both use a security model where apps are constrained as to what they can access, and how they can access it. Installers aren't allowed to scribble all over the filesystem. Consequently, app installers would not be *able* to modify the Mozilla install, so this simply wouldn't be an issue.

So basically what's going on here is that these companies are taking advantage of a broken security model while they can. Hopefully as technology marches forward, this broken security model will become obsolete, although I see no evidence that Microsoft or Apple are working on it.

Re:Yes (0)

Anonymous Coward | more than 3 years ago | (#34375604)

Mozilla can strike back pretty darn hard though.

You can keep the list of plug-ins in each profile, and the profile encrypted. If the user set a master password it will also be password protected.

An attack on this mechanism is painful enough that most people doing this will decide they are better off not.

Re:Yes (1)

mysidia (191772) | more than 3 years ago | (#34375764)

Mozilla needs to add a global configuration directive which must be set to enable plugins through any method other than XPInstall. That would take care of home users, who don't need to deploy plugins "globally". Quick plugin deployment is a developer / sysadmin feature.

Unless enabled, the user when they start the browser should be prompted one time to approve/reject each new plugin found in the directory. A Mozilla whitelist/blacklist should be checked before prompting.

And a list of plugins approved/disapproved should be part of the encrypted portion of each user profile.

Unauthorized deployments of plugins by OS vendors (instead of sysadmins), unless they use an approved mechanism to offer the user "approval based" activation of plugins, should result in blacklisting.

Mozilla is Open source, but that means YOU can modify your browser. Not, Everyone from the OS vendor on down to the PC manufacturer is allowed to do whatever extensions they want to your browser

Re:Yes (0)

Anonymous Coward | more than 3 years ago | (#34375912)

Yes... iOS security, where there are precisely two users: root, for Apple applications, and mobile, for third-party applications.

That'll work well.

Re:Yes (2, Insightful)

mysidia (191772) | more than 3 years ago | (#34375588)

so why doesn't Mozilla simply make it impossible?

Because they shouldn't have to? Due to understood ownership of the application's own files by that application and the system admin?

Apple, Google, Microsoft should list their plugins in the Addons directory, just like everyone else has to. If they think users will strongly benefit from a plugin and want to make things easy, they should at least prompt first, before messing with a different application's files.

Because the functionality Microsoft/Google/Apple are abusing is important useful functionality for system administrators to deploy plugins system-wide or network-wide. Or install a plugin once globally, without each user needing to maintain and update their own copy of every popular plugin that is needed.

Just because Microsoft has no business using this functionality as an underhanded way to try to hoc their own plugins does not mean the easy deployment of browser with plugins pre-loaded should not be allowed.

Re:Yes (0)

dvh.tosomja (1235032) | more than 3 years ago | (#34375748)

You are looking for technical solution for social problem. That would never work.

Re:Yes (1)

balbus000 (1793324) | more than 3 years ago | (#34375944)

In my experience, installing software from the above companies usually has a checkbox to determine if you want to install a plug in (admittedly and annoyingly checked by default).

But off the top of my head, Skype does not give you and option to leave out the plug in. These practices are very frustrating indeed.

Add Yahoo as well (0)

Anonymous Coward | more than 3 years ago | (#34375088)

Just last night I was testing something that required Yahoo messenger. After accurately deselecting all the various optional bullshit software it still installed the fucking Yahoo toolbar and who knows what else. What a scam.

Re:Add Yahoo as well (2, Informative)

PNutts (199112) | more than 3 years ago | (#34375138)

Just last night I was testing something that required Yahoo messenger. After accurately deselecting all the various optional bullshit software it still installed the fucking Yahoo toolbar and who knows what else. What a scam.

I installed Yahoo! Messager last week and it did not install anything I deselected. But since you posted as AC all I can say is you did it wrong.

Re:Add Yahoo as well (2, Interesting)

Monkeedude1212 (1560403) | more than 3 years ago | (#34375304)

Maybe in his configured UI the Checkboxes were actually X's - and he thought an X beside the item means "Do Not Want" - a common mistake when using X-indicative checkboxes.

But really, it's no different than when I want to Install Adobe PDF Reader and work, and it's all "Hey, do you want the Google Toolbar? I'll just go ahead and check the box for you. I know that you waste a fraction of a second each time unchecking that box, and that frustrates a lot of IT professionals, but thats just how I roll. I mean, IE already has a built in "Search Bar" which most people who use Google will switch it to google instead of Live search, but the important thing is to find all the technically illiterate masses who use computers and make sure they have the Google Toolbar so they use Google more. God forbid if they don't like Bing as their default search provider they actually set Google as their home-page and just use Google anyways - THEY NEED THAT TOOLBAR.

Honestly, I used to be completely and utterly serenely happy with Google. They provided just the right services I wanted and genuinely stayed out of my way. I didn't really care if they were collecting information on me, they were so clever about it I didn't notice.

But nothing makes me angrier than this silly ridiculous "Add My Browser Toolbar" Bull that ALL these companies are working together on. I mean, if you already have the google Toolbar installed, instead of asking you if you want it again, Adobe Reader Installer knows that and will ask "Hey, do you want this free version of Norton?" Seriously? As if cramming 1 optional program down my throat was bad enough.

Has anybody tried uninstalling and Re-installing adobe reader with all of the Auto-Opted-In "Side Packages" to see exactly how many companies have kissed Adobes ass? I'm now curious but I wouldn't want to do it on my machine. (I totally need to virtualize my workstation...)

Adobe Reader tip... (0)

Anonymous Coward | more than 3 years ago | (#34375546)

Go to: ftp://ftp.adobe.com/pub/adobe/reader/win/

Re:Add Yahoo as well (2, Insightful)

amRadioHed (463061) | more than 3 years ago | (#34375866)

Maybe in his configured UI the Checkboxes were actually X's - and he thought an X beside the item means "Do Not Want" - a common mistake when using X-indicative checkboxes.

Really? I find that a bit surprising. In all my years I've never encountered a single person who was confused by what an X in a box means, not in computers or in the real world where the practice is just as common.

Re:Add Yahoo as well (1)

Monkeedude1212 (1560403) | more than 3 years ago | (#34375928)

Common might have been too strong of a word.

I've seen it happen, more than thrice, lets just put it that way.

Re:Add Yahoo as well (1)

Bert64 (520050) | more than 3 years ago | (#34375218)

As a long time user of third party instant messaging clients, i was horrified to see just how much crap comes with most of the official clients for the various IM networks...

Not to mention Adobe and everyone else (0)

Anonymous Coward | more than 3 years ago | (#34375098)

Why does the Adobe Reader update install McAfee Security Scan automatically...

Re:Not to mention Adobe and everyone else (1)

sexconker (1179573) | more than 3 years ago | (#34375294)

Why does the Adobe Reader update install McAfee Security Scan automatically...

Because you didn't uncheck the checkbox on the download page.

Re:Not to mention Adobe and everyone else (1)

Yvan256 (722131) | more than 3 years ago | (#34375334)

Because Adobe are extremely confident in the security of Adobe Reader?

Why is it called Adobe Reader anyway? Can it read PSD and AI files too?

Re:Not to mention Adobe and everyone else (1)

GIL_Dude (850471) | more than 3 years ago | (#34375880)

Interestingly, seeing this reminded me that I had planned to install Adobe Reader X. I just went and did that and this time it didn't offer me or attempt to foist off on me any additional crap like the McAfee scan or any toolbars. It also didn't try to install any stupid down loader application. I thought perhaps Adobe was seeing the light for once. So I went back and checked again and found that they don't foist extra stuff off on you if you are using Chrome. If you are using Firefox or IE, they try to foist crap off on you (like the McAfee scan). Perhaps this just means they haven't developed any junk down loader add-ins for Chrome yet.

anti-trust! (2, Funny)

alphatel (1450715) | more than 3 years ago | (#34375102)

But MS, G and A all have our best interests at heart. No program should be able to circumvent this explicitly allowable behavior!

why can they do that? (0)

Anonymous Coward | more than 3 years ago | (#34375112)

That has a very simple follow up question.

Why can these companies do that?
Why is there no mechanism in place that demands a new plugin to be confirmed by the end user?

Uhh... (0)

stazeii (1148459) | more than 3 years ago | (#34375124)

Maybe I'm missing something, but at least on the Mac, Apple/MS/Google all install plugins in /Library/Internet Plug-Ins. These work for Safari, Firefox, and I believe Opera. If Mozilla thinks this is evil, then they could just ignore plugins in that directory... but that would be a huge step backward in usability on their part. Come on Mozilla... stop coming out once a month or two and saying something dumb. "Stop being dumb!".

Re:Uhh... (1)

clang_jangle (975789) | more than 3 years ago | (#34375412)

Quiet, you! OS X users have enough baggage to schlepp as it is, without your clueless rating.

Re:Uhh... (1)

Lundse (1036754) | more than 3 years ago | (#34375710)

Ignore the dir, but use another one? And what will MS, A and G do next?

Non-standardisation as a way to make it harder for others to do something to your installation is... just not the way to go.

Others respecting the standards would be preferable. I shouldn't have to not pick up my phone until the third ring to make sure no telemarketers got through - telemarketers should stop calling.

Solution: Warning box (5, Insightful)

GodWasAnAlien (206300) | more than 3 years ago | (#34375134)

Warning: A third party plugin, PluginNameHere, has been installed without user consent:

DELETE KEEP

Re:Solution: Warning box (1)

X0563511 (793323) | more than 3 years ago | (#34375160)

That verbiage is bad. You can't know if it was with consent or not.

Re:Solution: Warning box (0)

Anonymous Coward | more than 3 years ago | (#34375388)

You're right. The evil plugins were probably mentioned somewhere in the middle of a 20 page EULA, in which case there was consent. So read the goddamn EULA. Don't like this? Then don't install anything with more than 5 lines of EULA, that'll put pressure on software makers to write short EULAs.

Re:Solution: Warning box (1)

Darkinspiration (901976) | more than 3 years ago | (#34375776)

So, hum never install any software ?

Re:Solution: Warning box (1)

X0563511 (793323) | more than 3 years ago | (#34375858)

Yea, or.. you know, a fucking checkbox or Y/N question during some install.

Re:Solution: Warning box (0)

Anonymous Coward | more than 3 years ago | (#34375474)

Well if the user was under 18, they weren't legally able to give consent.

Re:Solution: Warning box (3, Informative)

thePowerOfGrayskull (905905) | more than 3 years ago | (#34375750)

You could if you tracked which ones were installed through the browser, vs which ones simply showed up in the plugins directory and were never 'approved' by the user. It doesn't seem difficult.

While you couldn't offer to delete them (because priv acct might be required) you *could* only enable them after explicit user approval.

Re:Solution: Warning box (1)

X0563511 (793323) | more than 3 years ago | (#34375884)

I'm just saying the wording was bad. Just find a more neutral way to say it, is all I meant. (something like "the addon 'SuperHappyKittySearchbar' was installed in an unusual manner. Do you wish to enable it?")

Re:Solution: Warning box (2, Insightful)

baka_toroi (1194359) | more than 3 years ago | (#34375198)

"Son, what should I do?" I will remember you forever when my mom calls me about that dialog box. Thank yo, GodWasAnAlien (BTW, don't you mean "Christ"?)

Re:Solution: Warning box (0)

Anonymous Coward | more than 3 years ago | (#34375798)

... and how do I (as an arbitrary piece of software like Firefox) prevent the root-level installer from some other vendor from just bypassing any checks I may have in place? If another vendor gets root-level access to a system, they can do whatever they want to ther software on the machine. There's nothing a program can do to protect its self from this.

Re:Solution: Warning box (0)

Anonymous Coward | more than 3 years ago | (#34375902)

Warning: A third party plugin, PluginNameHere, has been installed without user consent:

DELETE KEEP

Oh, it's easy to make that dialog go away. Just go into Firefox's plugin registry and add yours in. See? No more scary dialogs for our valued users!

Seriously, so long as I can install Firefox, image any relevant directories, then launch Firefox and install my plugin, then quit Firefox and compare the current directories to the image to see what Firefox changed, I can get around this dialog.

If there was a TPM chip on the motherboard, this might not work since I can't be sure that any signing keys I see are the ones Firefox might use. But since all of Firefox's state is on-disk and installer-accessible, there's no problem.

I Agree (0)

Anonymous Coward | more than 3 years ago | (#34375142)

But I would rather see the browser detecting externally installed plugins and not enable it on first start, and maybe ask user if it's wanted or not.

Don't stop them from adding, auto remove... (4, Insightful)

gurps_npc (621217) | more than 3 years ago | (#34375144)

Not that difficult to code in a startup screen "X addons installed since last restart. Should I remove?"

Re:Don't stop them from adding, auto remove... (2, Funny)

Anonymous Coward | more than 3 years ago | (#34375466)

One could write a plugin that does just that!

Re:Don't stop them from adding, auto remove... (1)

gurps_npc (621217) | more than 3 years ago | (#34375740)

A plug in to detect plugin changes and ask to remove them? Sounds like a good idea to me. Of course, the pop up should have an optional auto-cancel itself if you don't respond to it within 5 seconds.

Re:Don't stop them from adding, auto remove... (1, Insightful)

Anonymous Coward | more than 3 years ago | (#34375806)

How would you prevent, say, Microsoft, to write into the file which keeps track of the changes in the plugins?

Re:Don't stop them from adding, auto remove... (2, Insightful)

MobyDisk (75490) | more than 3 years ago | (#34375844)

Only slightly less difficult than that, is making the installer mark the add-ons as already approved. Even so, it is still a good idea because while installing a plug-in without permission is a gray area, pretending that the user clicked "yes I want this" when they didn't is probably illegal.

Isn't the real question... (1, Insightful)

Anonymous Coward | more than 3 years ago | (#34375148)

...why is your software so crappy that it allows anyone to install plugins without notifying the user?

people don't seem to mind (5, Interesting)

Anonymous Coward | more than 3 years ago | (#34375164)

One thing I've slowly come to realize is that most people do not mind a big company or other entity controlling their computers. They're quite happy to run javascript trackers, download web bugs, run any executable without knowing whether it's safe, and so on.

Many of us here have an aversion to these things. If we see a plugin installed without our permission, we'll figure out how to remove it. But most people do not place any value in having control over their own hardware, so they see no value in doing that.

The end result of this is going to be a highly controlled internet, because the number of people who care about its freedom and openness is very tiny compared to the number who don't. The market forces will decide, and those are clearly on the side of the "you may control my computer in any way you want, Mr Multinational Corporation".

PS - my CAPTCHA for this message was "disallow".

Re:people don't seem to mind (5, Insightful)

spacefiddle (620205) | more than 3 years ago | (#34375706)

I would alter "do not mind" to "have no clue and don't understand the potential implications of." The end result will be a highly controlled everything, because people are neither taught nor encouraged to think about things that don't relate to their immediate button-pushing responsibilities, coupled with a fair amount of casual despair about having any control over their own lives.

Most enduser types I've talked to about such things tend to give me lines like "Ah, none of this stuff affects me," "Whaddyagonna do, they'll do what they want anyway" and "Pfff, they wouldn't do anything really bad."

Re:people don't seem to mind (3, Interesting)

erroneus (253617) | more than 3 years ago | (#34375794)

There is much truth in what you speak here. But it gets worse.

Turns out that this is all done because Apple, Microsoft and Google (and more) have all done studies to determine the preferences of most users. The goal is to make things easier. It doesn't matter if easier makes them more vulnerable, easier is preferred by the general public. (Now if only the TSA and government would get this message! We don't care to be "safer" if it's inconvenient!)

If they have to be bothered to install or even be prompted to install things, this will add to the level of frustration a user will experience.

Does anyone remember the period of time in which you could hear the words "computer illiterate" spoken with a certain level of pride? "Oh, I'm computer illiterate..." Seriously? It's true and there is still a small number of people out there who wear their ignorance as a badge of honor. We have a HUGE world of user psychology to overcome before we can get to a place where people are aware and cautious.

For the moment, "ignorance is an excuse" for the problems they experience. If they actually take control of their own machines and something bad happens, it becomes THEIR OWN fault which is a responsibility they do not want to accept. It is far easier for them to curse and blame the faceless others out there rather than blame themselves for their own lack of interest.

TL;DR? Users want to blame anyone but themselves when they have problems. If they learn anything, it becomes a burden of responsibility they simply do not want.

Re:people don't seem to mind (1)

shadowofwind (1209890) | more than 3 years ago | (#34375812)

Many of us here have an aversion to these things...But most people do not place any value in having control over their own hardware...

People are that way about what they ingest into their bodies also.

Re:people don't seem to mind (3, Insightful)

Anonymous Coward | more than 3 years ago | (#34375940)

The CAPTCHAs are themed to the article. Slashdot has been doing this for a long time now. People like you keep posting their CAPTCHAs as if it is some humorous and unlikely coincidence that the word has a contextual applicability to the article topic.

This is on purpose. The system is explicitly designed to do this. Stop acting surprised.

It's bullshit!! (-1, Troll)

Carnivore24 (467239) | more than 3 years ago | (#34375166)

- Steve Jobs -- Sent from my iPad

Oh okay, but what about Mint (2, Insightful)

SmallFurryCreature (593017) | more than 3 years ago | (#34375184)

The Mint Linux distro installs a default custom search that not only removes a lot of functionality from google but also takes up half the page size on a 12.1 inch netbook with a plain ugly design, just to make some cash. Fixing it is possible but come on! I donate cash already to various projects, but Mint can kiss my hairy ass. I need that left column in Google search because else it gives me results from the beginning of the ice age on any query related to current events.

But companies just can't accept that we don't want their crap. Especially American companies. Please ATI, I know about WoW, if I wanted to play it, I would have played it by now. So stop trying to slip the trial on my gaming machine. No thanks MSI, I do NOT want a dumb virus checker with my windows, I do not even want windows. And if I want games I get the one with my ATI card not some god awful free game with god knows what installed along with it.

I would love to serve one of the execs.

Bill Gates: "One milk shake please"

Me: *FAP FAP FAP*. *HATCHOO*. *SPIT*.

Me: "Sure, and enjoy the free extra I added in regoniztion of the quality software you shovelled on me."

Anyone knows if the McD at Redmond is hiring?

Re:Oh okay, but what about Mint (1)

drachenstern (160456) | more than 3 years ago | (#34375314)

So your aspiration in life is to work at McDonalds and hope to serve Bill Gates? Wow, what an aspiration...

Re:Oh okay, but what about Mint (2, Funny)

slackbheep (1420367) | more than 3 years ago | (#34375632)

Clearly you didn't see the genius of his plan, once he gets Gates pregnant: BAM.

Bill Gate != Microst anymore. Re:Oh okay, (1)

140Mandak262Jamuna (970587) | more than 3 years ago | (#34375336)

Bill Gates: "One milk shake please"

Guys, it is time we quit picking on that pitiable guy. Was bad, was responsible for (what passes for) culture in Microsoft. But that was a long time ago. May be he did not know the evil he was unleashing on computers. But now he is mostly out of Microsoft and is trying atone for his sins by spending his money in charity.

Re:Bill Gate != Microst anymore. Re:Oh okay, (1)

imakemusic (1164993) | more than 3 years ago | (#34375560)

But that was a long time ago.

I still have to fix IE6 bugs.

The vast majority of companies still use Windows PCs, largely due to the lock-in which started in Bill's time.

Gates may no longer be in charge at Richmond but the effects of his thirty-odd years leading one of the most powerful tech companies in the world will be felt for a long time yet.

Re:Oh okay, but what about Mint (1)

Windwraith (932426) | more than 3 years ago | (#34375416)

Why Bill? Didn't he retire?
Perhaps more can be read on the fact that you want to feed Bill Gates your seed, though...*cough*

Re:Oh okay, but what about Mint (1)

slackbheep (1420367) | more than 3 years ago | (#34375732)

Actually he and his wife have given a couple talks at TED (TED.com) about the foundation he and his wife have setup.
http://www.ted.com/speakers/bill_gates.html [ted.com] and http://www.ted.com/speakers/melinda_french_gates.html [ted.com] for reference.

Re:Oh okay, but what about Mint (2, Insightful)

Jah-Wren Ryel (80510) | more than 3 years ago | (#34375970)

Actually he and his wife have given a couple talks at TED (TED.com) about the foundation he and his wife have setup.

Yeah, he went from being the 800lb gorilla in computers to being the 800lb gorilla in charities.
I predict the same level of destruction to that ecosystem too.

Re:Oh okay, but what about Mint (1)

couchslug (175151) | more than 3 years ago | (#34375622)

"But companies just can't accept that we don't want their crap. "

Yeah, I hate all that unwanted shit Debian installs. Oh, wait....

Re:Oh okay, but what about Mint (1)

internewt (640704) | more than 3 years ago | (#34375852)

I would love to serve one of the execs.

Bill Gates: "One milk shake please"

Me: *FAP FAP FAP*. *HATCHOO*. *SPIT*.

Me: "Sure, and enjoy the free extra I added in regoniztion of the quality software you shovelled on me."

Anyone knows if the McD at Redmond is hiring?

The jingle from the CrackDonalds adverts that goes "du du du da da, I'm lovin' it" also fits perfectly with "du du du da da, There's cum in it". And is probably much more descriptive.

Hell, a mate of mine swears a local SmackDonalds was closed down after Trading Standards found semen in food from the place (allegedly 7 different peoples'). I have tried to track the story down, but there doesn't seem to have been anything in the press about it, so I count it as an urban legend.

But I bet there are rumours like that about WhackDonalds all over the world! And lets be honest, WankDonalds is hardly the kind of place where employees are likely to have job satisfaction, and so someone ejaculating into a FuckMuffin is more than plausible.

On the flip side (-1, Troll)

Saint Gerbil (1155665) | more than 3 years ago | (#34375196)

While I agree that Vendors shouldn't add software with out asking you, surely if you are going to liken it to a trojan then maybe your system should have better defences to these trojans ?

Misread title (4, Funny)

Anonymous Coward | more than 3 years ago | (#34375202)

When I read the title I understood: "Apple, Microsoft, Google Attacked by Evil Penguins ". I should not have tried to read it again, it completely destroyed the original effect.

Re:Misread title (1)

o'reor (581921) | more than 3 years ago | (#34375362)

Ditto ! I need more sleep...

Beyond Firefox (1)

Amorymeltzer (1213818) | more than 3 years ago | (#34375220)

As a Mac user, I don't have to deal with Microsoft's stuff, and I haven't really noticed anything shady from Apple (maybe because my iTunes was grandfathered in?) but the fact that Google forces me to install a Google uploader daemon as part of Google Earth means I won't upgrade the software, and haven't for the past few years. Things like this need to be optional - don't make us choose between an unhappy version of software or none at all.

Re:Beyond Firefox (1)

Tridus (79566) | more than 3 years ago | (#34375268)

Apple does the same stuff on Windows. iTunes wants to install an apple updater, Quicktime, and Safari (but you can turn Safari off).

They're not yet at the Adobe level of evil though... "hey lets install an addin before we let you download our software! Yeah, that's genius!"

Re:Beyond Firefox (1)

Amorymeltzer (1213818) | more than 3 years ago | (#34375372)

Good point, and now that I think about it OS X has some of that as well. I've always felt that Apple software relies too heavily on Quicktime, and I had to delay updating things like iTunes or Safari simply because I refused to download the Quicktime update that broke Civ4.

Re:Beyond Firefox (1)

Rockoon (1252108) | more than 3 years ago | (#34375438)

Dont forget that all Apple software stealthily installs "Bonjour!" on windows.

Re:Beyond Firefox (1)

phyrexianshaw.ca (1265320) | more than 3 years ago | (#34375380)

Try buying google earth.

THEN allow/disallow whatever part of it you don't like. till then, either use the free software or don't: it's up to you.

Re:Beyond Firefox (2, Informative)

EvilMonkeySlayer (826044) | more than 3 years ago | (#34375508)

Actually, if you go to the google earth download page undernearth the TOS there is an "advanced setup" option that expands to some tick boxes you can untick to download a version of google earth that doesn't include the horrible updater and a version that doesn't require admin rights that can install to the users directory.

Re:Beyond Firefox (1)

chemicaldave (1776600) | more than 3 years ago | (#34375558)

As a Mac user, I don't have to deal with Microsoft's stuff, and I haven't really noticed anything shady from Apple (maybe because my iTunes was grandfathered in?) but the fact that Google forces me to install a Google uploader daemon as part of Google Earth means I won't upgrade the software, and haven't for the past few years. Things like this need to be optional - don't make us choose between an unhappy version of software or none at all.

Any slightly savvy user can just disable any unwanted processes associated with installed software, i.e. googleupdater, applemobiledeviceservice, etc. Then just start them when you want an update or whatever it is you need to do.

Microsoft, Apple and Google (4, Funny)

bradgoodman (964302) | more than 3 years ago | (#34375366)

See no evil, Hear no evil, Speak no Evil

Re:Microsoft, Apple and Google (0)

Anonymous Coward | more than 3 years ago | (#34375672)

very apt, kudos

Re:Microsoft, Apple and Google (1)

ArsenneLupin (766289) | more than 3 years ago | (#34375700)

Indeed. We want to keep our Firefox like it is! We don't want it to become Internet Explorer, Safari or Chrome!

So because Mozilla's security model is flawed (1)

hsmith (818216) | more than 3 years ago | (#34375390)

It is the fault of others for exploiting it?

Now, I am not saying Apple/Google/MS are in the right here, but Mozilla shouldn't allow just anyone to install extensions.

How about they fix their exploits instead of pointing fingers.

Re:So because Mozilla's security model is flawed (5, Insightful)

Lundse (1036754) | more than 3 years ago | (#34375814)

Yes. It is the other's fault.

The human body is very easy to puncture with a knife, this does not make slashing open your neighbour OK.
Cars can drive beyond the speed limit, houses can be broken into, people can be swindled, telephones called by telemarketers, etc. etc.

None of this makes it OK to do any of these things, and just because Firefox is built around a certain design principle (that it should be easy to modify) does not make it OK for others to modify it against the user's wishes.

that's the price of popularity (2, Insightful)

bl8n8r (649187) | more than 3 years ago | (#34375404)

when you have 300 jillion people using your product, you can afford not to care.  No it's not fair, but that's capitalism.

simple solution to a simple problem (0)

Anonymous Coward | more than 3 years ago | (#34375460)

Use a trustworthy operating system that doesn't do things behind your back and you won't have these problems.

Is this guy on crack? (-1, Troll)

aristotle-dude (626586) | more than 3 years ago | (#34375482)

Most users (99.99%) "want" the plugins, otherwise they would not have installed quicktime in the first place. If you don't want the plugins, don't install the programs. The 0.01% who don't are either idiots or live in a mental institution with an aluminum foil hat on their head to keep out the alien and CIA transmissions from their brain.

This guy is just trying to get any publicity he can because Mozilla has not been in the news much lately.

As others have mentioned, on the mac, all plugins for all browsers live in /Library/Internet Plug-Ins/ or ~/Library/Internet Plug-Ins/ and they enhance the capabilities of the browsers to display other media formats.

If you think this stuff is evil, sell your computer and stay off the internet.

Re:Is this guy on crack? (1)

Haedrian (1676506) | more than 3 years ago | (#34375582)

Not really.

I installed skype the other day and I got a plugin for firefox automatically - no choice to not have it installed. Will I use it? Nope.

Remember the days when people would install toolbars on your PC? This is just like it. Plugins do help the experience - but only if I want them to. I don't want my browser checking for updates to Google Earth, or having quicktime stuff installed.

Re:Is this guy on crack? (1)

Lundse (1036754) | more than 3 years ago | (#34375870)

Most users (99.99%) "want" the plugins...

No. They want the program that installed the programs against their wishes and without their consent.

The 0.01% who don't are either idiots or live in a mental institution with an aluminum foil hat on their head to keep out the alien and CIA transmissions from their brain.

People who do not want Windows Live Photo Gallery or the Google Update plugin are certifiably insane? Really?

If you think this stuff is evil, sell your computer and stay off the internet.

So I should stop using a phone altogether because I think telemarketers are bad? Or does your reasoning only extend to computers and/or stuff you personally happen to like and want?

Why does FireFox allow install without confirm? (1)

theNAM666 (179776) | more than 3 years ago | (#34375484)

I'm repeating what someone has already said-- but why do we not have reasonable protection (security) against this, at the browser level?

Re:Why does FireFox allow install without confirm? (1)

Enderandrew (866215) | more than 3 years ago | (#34375678)

All Firefox does is scan a directory for extensions. Anyone can write to your profile even when the browser isn't running. You just need to dump files there. How can Firefox protect a directory when Firefox isn't even running?

If extensions were handled 100% through an online Mozilla service, then no one could touch that. And your extensions would travel from computer to computer.

Google but not Adobe? (3, Informative)

Enderandrew (866215) | more than 3 years ago | (#34375644)

I have Google Chrome and Google Earth installed. I don't have any Google plugins installed in Firefox. So I'm not sure what he is talking about, unless something changed with Google Earth recently.

Adobe demands to install an extension just to let you download Flash, because downloading normally is out of the question.

Microsoft is the worst offender here, where they use Windows Update to push a Firefox .NET Assistant extension, don't ask your permission, and don't allow you to remove it.

Firefox Plug-in Support (1)

@madeus (24818) | more than 3 years ago | (#34375730)

Interestingly, from the PoV of a plug-in developer, I have found Firefox has possibly the most annoying environment to deploy plug-ins in. Granted it's open, and uses the NPAPI naturally - (as do Safari, Chrome and Opera) but how the browser handles installations and in particular upgrades makes it very annoying, even compared with MSIE and their ActiveX approach (and that's even given IE doesn't have a working navigator.plugins implementation).

Of all those browsers Firefox (on Windows) is the only one that requires that if you upgrade your plug-in it is not enough to increase the file version and rename the DLL and then register that with Firefox, you also have put your new DLL in a directory that has a name it hasn't seen before (e.g. including the file version in the directory name) because it refuses to look for a new DLL in a directory it thinks it's already looked in for plug-ins. You then need a JavaScript shim to refresh and check it's upgraded.

Even with MSIE all you have to do is give the control a new GUID (which is not unreadable).

Note: The official Firefox line on this is "you should always restart the browser after installing an upgrade to a plug-in". This is what their API for installing plug-ins does (or one of them, they have two, and have deprecated one in favour of combing it with the same installation method as for extensions now, but that and the quality of the documentation is a whole other issue).

Technically, no other browser documentation suggests or requires that and logically there is no good reason to need it. It listens to Restart Manager message (in Vista/Win 7) but you need to suppress those when upgrading because Firefox will invariably display a dialog then crash instead of restarting when it sees an upgrade is happening.

They also have odd rules like "the plug-in file name must begin with 'np' and the filename must be 8.3 format" (thought the documentation just seems incorrect on the latter - and would be super-inconvenient given you need to prefix it with 'np' and include a release number in the filename).

Lastly, Microsoft & Google both install "ClickOnce" and "GoogleOneClick" which, while not the same, perform not dissimilar functions, which kind of hints a market demand for a specific set of functionality.

That Microsoft include a ClickOnce plug-in is actually very helpful for Firefox in the enterprise. Apart from being a very cool and useful deployment mechanism on Windows (that in theory is a lot safer than having everyone always have to run apps with full user level privileges), Firefox doesn't current offer anything that could be an alternative (in either of it's two installation API's) and without it internal IT software teams would, I'm sure, just say "you need Internet Explorer to use that intranet app / HR tool / customer support tool / etc".

The best way to address the perceived problem of "sneaky plug-in installation" is for the Firefox team to come up with a decent, user friendly way of installing (& upgrading) and allowing plug-ins to work that doesn't suck (i.e. no yellow bar along the top [ awful usability ], and certainly no browser restart required). Something like a one-time dialog box displaying the digital signature details of the plug-in on first-run would work for everyone.

* I know most plug-ins, including Flash, suffer from requiring mandatory browser restarts and yellow bar popups, no I don't know why (other than they suck at writing installers). Especially in IE (which is evil in not supporting NPAPI, but *is* fairly well documented).

Re:Firefox Plug-in Support (1)

@madeus (24818) | more than 3 years ago | (#34375752)

Not unreadable? == Not unreasonable

Adware /= trojan (0)

Anonymous Coward | more than 3 years ago | (#34375958)

It's clearly Adware, not trojans... Trojans are running in the background to open the door to infect further while Adware show Advertisement for the one who pays the hacker who designed the program...

Don't forget Adobe (0)

Anonymous Coward | more than 3 years ago | (#34375990)

Shouldn't Adobe be in this list, too?

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...