Linked by Kroc Camen on Sat 17th Oct 2009 05:27 UTC
Microsoft Whilst it's not okay in Microsoft's eyes for Google to install a plugin into Internet Explorer, increasing the potential surface area of attack, when Microsoft do it to Firefox, it's a different matter. Now a security hole has been found in a plugin that Microsoft have been silently installing into Firefox.
Permalink for comment 389767
To read all comments associated with this story, please click here.
RE: Opt-in
by flanque on Sat 17th Oct 2009 08:57 UTC in reply to "Opt-in"
flanque
Member since:
2005-12-15

I think the problem here is that these malware authors are very tricky. They figure out ways to slip things in without users noticing. I think Mozilla should add as much as possible, but I am wondering whether the issue at hand is not as much that the plugin is installed (it's a concern yes), but what the plugin can do.

Why not focus on controlling / auditing what the plugins do at the user level. For example, if it tries to write to disk alert the user, if it tries to remotely connect to a website, alert the user.

Control not only getting the plugin in the browser, but also add safe-guards to what it does once it's there.

Reply Parent Score: 3