CyberTech Rambler

February 2, 2009

Not following standard practices … not good

Filed under: Uncategorized — ctrambler @ 12:17 pm

What do you call an extension to Firefox, IE, eclipse or any software that you can name, which

  1. Does not tell you that it is installing itself
  2. Changed something on the software it “extended”
  3. Cannot be uninstalled
  4. Perhaps use some EULA “cover up” to make itself legal

MALWARE

While it is understandable (but not condoned) that people selling enlargement services for parts that you do not own and their friends to do this type of things, you do not really expect reputable companies to do it. Hold on a minute … They do. First it was Sony’s RootKit, now it appears that Microsoft is also jumping on the wagon, with a firefox extension that alter your user agent setting (used by webservers to optimise their webpage for your browser)

Microsoft’s extension, compared to Sony’s Rootkit, is relatively harmless. It does not actually hide it from you. Firefox’s extension safety mechanism will catch it and you have to click the enable button to install it. Some will even argue that because it add a “ClickOnce” installer to work with Firefox it qualifies as an extension.

I don’t see it that way unfortunately. First of all, any Firefox extension must be uninstallable, or otherwise it should prominently inform the user, and let him/her choose whether to install it. Having an “Enabled” button is good, but installing without permission is bad. Second, I believe that any installer should not be installed unless the user explicitly authorized its installation, i.e., not hiding authorisation inside EULA or the sort, because it is designed to run outside the browser environment and has serious security implication.

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: