Firefox Auto Update

..little box slides in:

"There are new updates for firefox - would you like to install them?"

so i think cool and hit install
then i get this - which made me laugh out loud:



i cant beliwve anyone would use this over IE (unless on linux)

I've been using Firefox for some time now. The only way I've ever found to unpdate it is to go to the site and download a new installer. I've never seen that autoupdate thing in action so I've never seen that error.

That error is caused by 3rd Party extensions with poorly authored update files, Mozilla Foundation has nothing to do with it.

General rule when hunting for Firefox extensions:

Only download from reputable sites!

Thats the official Extensions site, Texturizer, and MozDev.org, as these sites have ocassional quality-checks to ensure everything works the way they should

...Compared to IE6, I can write an ActiveX control or B.H.O. that completely thrashes a system and MS wont' stop me

W3bbo wrote:

...Compared to IE6, I can write an ActiveX control or B.H.O. that completely thrashes a system and MS wont' stop me

And you can do the same thing with FireFox...

Sure, there are approved FireFox plugins, but the same is true of IE ones. Sure, there are reputable software companies doing FireFox plugins, but ditto for IE ones.

What's your point with this jab?

I've been using Firefox for some time now. The only way I've ever found to unpdate it is to go to the site and download a new installer. I've never seen that autoupdate thing in action so I've never seen that error.

I think there is an option in the advanced section to check for updates. You might have it turned off.

Jamie, I would not worry, I'm sure all the spyware that has been installed on your computer via IE will let people know how you feel However, from what I hear FF may not be so immune to all of this for much longer. We'll all have to find another obscure browser to use...

BTW - Jamie is a good name!... My little brothers wife had a boy on Monday and they called him Jamie.

TTFN
-MrJelly

That particular problem is with a theme... not with Firefox per se.

Firefox has integrated auto-updates of themes and extensions... which is a good thing (keeps everything simple) and a bad thing (if the theme author messes up then Firefox looks bad)

Firefox is garbage. I feel sorry for anyone using who thinks they are now "secure". Although I can say that Firefox has pretty much killed anybodys interest in Linux, which is somewhat amusing.

This from a guy who has "Special Ed" as an avatar?
I've got mail! I've got mail! I've got mail!!!!

Jeremy W. wrote:

W3bbo wrote:...Compared to IE6, I can write an ActiveX control or B.H.O. that completely thrashes a system and MS wont' stop me

And you can do the same thing with FireFox...

Sure, there are approved FireFox plugins, but the same is true of IE ones. Sure, there are reputable software companies doing FireFox plugins, but ditto for IE ones.

What's your point with this jab?

Can Firefox plugins have control over the system like ActiveX controls (which are only limited by the users access rights - so could delete system files if logged in as admin)?

It would be harder to get malware into Firefox - any added to the popular sites (Mozilla Update, Extensions Mirror, MozDev) will quickly be taken down after being found to be malware. If hosted on other sites the users has to first allow the site to install extensions, then wait the 3 seconds and then click install. They cannot be installed without prompting by just visiting a site.

When malware does come, there will probably be a tool like SpywareBlaster (that blocks ActiveX controls) which blocks malicious extensions/sites. The advantage Firefox has is that there is no malware currently and so any blacklist will be easier to set up (add them as they are created).

I do not like the idea that you just have to pay a certificate agency to make IE think an ActiveX control is safe - the ones that benefit from spyware are the ones that can easily afford one. The majority of ActiveX controls available may even be the spyware/malware kind.

A far better way of 'signing' an extension would be to go through a peer review process to see if the extension does no harm. No one should be able to pay large sums of money to get something signed.

..to be clear i wasnt "looking" for plugins

i load FF - default and was using it to check a site and that box automatically came up - and it didnt work.

thats a ff bug - not the extention - as the program delegated to pop up the screen

As you see in the popup, the problem is with the author of the theme, not Mozilla. Remember this is only a version 1.0 release (while IE is on 6.0). I personally cannot see how it is a Firefox bug. Themes/extensions are in zipped files (with the .jar extension for themes, or .xpi for extensions). Save themes/extensions to disk and open with a zip tool.

Hopefully it will be a lot better in the future. Themes/extensions tested before being made available through update. Or if there is a problem, then provide a link to the theme/extension home page.

Perhaps they could make it more obvious that the update was not successful (although to me it is). Updates do not always go smoothly.

sbc wrote:

If hosted on other sites the users has to first allow the site to install extensions, then wait the 3 seconds and then click install. They cannot be installed without prompting by just visiting a site.

Yeah, that's bound to work. After all, dialog fatigue was never a problem for ActiveX/IE now was it...

AndyC wrote:

sbc wrote: If hosted on other sites the users has to first allow the site to install extensions, then wait the 3 seconds and then click install. They cannot be installed without prompting by just visiting a site.

Yeah, that's bound to work. After all, dialog fatigue was never a problem for ActiveX/IE now was it...

They should make the default button (i.e. when you click enter) to be cancel. The slight delay means you cannot add many extensions all at once. Plus you need to click to start the install.

sbc wrote:

Plus you need to click to start the install.

IE does that too...

1. IE info bar pops up
2. Select install
3. Another pop up asks me again if I want to install and whether its signed or not.

pikatung wrote:

sbc wrote: Plus you need to click to start the install.

IE does that too...

1. IE info bar pops up
2. Select install
3. Another pop up asks me again if I want to install and whether its signed or not.

Sure, but that is XP SP2 only. Many are still on older versions of Windows. A signed control does not mean it is safe (just that the control author has payed to get it signed). Any one can sign a control to make people think it is safe (they just need to pay the certificate agencies enough)..

IE doesn't assume it's safe. Signing is just a way to verify the publisher of the control, the dialog still says you should only install controls from publishers you trust. Even without the information bar in IE6SP1, the dialog defaults to 'no', although it has no delay on clicking yes (thank goodness).

And for me, I need to log out, log in as admin, launch IE and do the information bar routine to install an ActiveX control. Not much chance I'm going to do that with an unsafe control by mistake.

Also, with the exception of my bank and several Microsoft sites, I never install ActiveX controls from the web.

W3bbo wrote:

That error is caused by 3rd Party extensions with poorly authored update files, Mozilla Foundation has nothing to do with it.

...

Only download from reputable sites!

...

"Blue screens are usually caused by faulty drivers, not by the Windows kernel"

"Only install IE plugins from trusted sources"

We really need a reality check here:

1. Once you turn a product into a platform and allow other people to plug their own bits into it, it's no longer secure. (Unless you do it in .NET and you do it properly. It will take years until people learn this)

Most people get spyware in their computer after visiting warez/porn sites or forums with insecure server side software, or when they receive scam emails and are naive enough to believe what they're told (although, I admit, checking an email's authenticity is no easy task for a regular user). If they really want to get in there, they'll just click "Yes" when they're told to do so. They also run as administrator because they know what they're doing.

2. Even if you completely lock down a product, no software is perfect. This stands true for IE/Mozilla/Firefox/anything you wish. Check out http://secunia.com/multiple_browsers_idn_spoofing_test/ for instance (and the three advisories related to IE below ) Except for the noisy open source crowd (where's Beer, btw...), no real developer believes in perfect, free (as in speech, or as in beer, or whatever) software.

The tiny code base and functionality Firefox has is the only reason it hasn't had its share of exploits so far. Wait until it gains some more popularity and people start asking for more features and then we'll see (unless IE 7 will be released in the mean time). Things went the same way with IE years ago. But wait, most people never learn from bad experiences, it was other people's fault anyway.

The "(I need to watch my language)" filter is cool I used a word designating  "sites containing explicit sexual content" above I hope I haven't broken any forum rules. Sorry!