what i'd really prefer
Is that plugins be checked prior to upgrade instead of after....without requiring users to verify all of them first.
Mozilla's Firefox will soon start blocking browser add-ons installed by other programs until users explicitly approve them, a move that's designed to give people more control over their web surfing experience. The feature will debut next week in the Firefox Aurora prebeta, Justin Scott a Mozilla product manager for add-ons said …
This is similar to Enterprise needs, and Mozilla has publicly stated it does not care.
As a school you will be able to get educational discounts on MS software and you can use Group Policy in Active Directory to do what you need.
Block the Moz add-on page at your firewall
Use VMs and scrub the machines back to a known base once a week.
> Is this too difficult?
Yes. What do you (aka the kernel or file system driver) use as ACL to determine that process foo may have write access to a specific folder? How does it determine that process foo is foo and not its notorious cousin, fubar? Keep in mind that creating a signature for process foo will fail when foo itself is updated. What about advance user Johnie that wants to use process screwup to access the folder and make some manual mods and changes?
Security is complex. Period.
I've got three addons from Kaspersky that are absolutely impossible to get rid of short of reinstalling Firefox. They've been there for about a year and the only reason they're not enabled right now is because they're not compatible with Firefox 5.0.
And yeah, I know Kaspersky's turning into a bloated mess. That's why there's absolutely no chance of it getting renewed. When the installer gives you no option as to what gets installed or not, and removing the stuff you don't want is harder than getting rid of any malware, you know it's time for a change.
We also need the ability to forceably remove extensions/plug-ins (I'm not sure what the difference is) that don't volunteer a removal option.
Right now, I've got quite a few obsolete or unwanted addons that are disabled. For example, I have old versions of addons that were not removed when a new version was added by a third party, such as old versions of Java Console and AVG Safe Search. We shouldn't have to consider editing the registry and searching out files to delete.
RE: Needs locked down
Toggle xpinstall.enabled to false in about:config.
To prevent users from re-enabling it, read the following article about locking the config file:
RE: About time
Can't you just delete the Kaspersky addons from the global add-on folder?
C:\Program Files\Mozilla Firefox\extension
Very true - if user education were going to work then we'd have started seeing results long since - it's now apparent that you *have* to treat users as complete idiots and try and prevent them from doing what they think might be a good idea.
Much as it grieves me for the vast majority of users Apple's approach actually isn't a bad thing!
I have had things like AVG safe search appear even though I did not want it and asked for it not be be installed, I think another one was the foxit toolbar - I like the reader but was midly annoyed to have to go and manually remove the toolbar add-on.
The option to NOT install is not always given.
Yes and there are already those here saying that it also needs the ability to turn off / remove plugins at will, like wot IE also already has. Presumably that'll turn up soon as well.
Following IE for function and Chrome for versioning? Isn't that kinda like the worst of both worlds?
I had also noticed the "warn about plugins that chew too much time on startup" function in IE, although personally I get enough of a cue to remove the "PDF helper" plugin from seeing the Adobe Reader update dialogue......
As devil's advocate, if my system is slow for whatever reason (perhaps I'm just running too many jobs so the load average is high, or I'm momentarily swapping a bit) then EVERY addon will add 0.2 seconds to the startup. I don't want my browser throwing up like 10 warnings because of this. Also I bet plenty of crapware addons do not slow down the startup, just do unwanted things later.
Sure, its a good addition and one which is most likely going to please a lot of people.
But when are they going to fix the real problems at hand? Why insist on forcing tabs upon thunderbird users without giving them an option to turn that stuff on or off themselves ?
Its not as if it isn't possible.. Last week I discovered to my surprise that my current browser / mail client of choice, SeaMonkey, /also/ supports tabs in the mail client. After using it for 3 - 4 months now I accidentally pressed control-t while reading an e-mail.
Both are Mozilla products.. Why can SeaMonkey give me "non-intrusive mail tabs" while thunderbird can only hide these at best ?
I think mozilla needs to get their priorities straightened out. Version 6 is about to come out yet in my website logs Firefox represents 34% (others being Chrome (23%) & Safari (31%)). Out of that 34% of firefox users 64% use version 3, 14% version 4, 25% version 5, 1% version 6 and the others cannot be determined.
If they keep this up I wouldn't be surprised if FF will be the next browser to get a reputation of being "unsafe to use". Not because the current product is unsafe; but because most people use outdated versions which are unsafe.
Once that starts I think they can kiss their good reputation goodbye; a downward spiral always proceeds faster than the upward spiral.
Biting the hand that feeds IT © 1998–2020