Apple, Microsoft, Google Attacked For Evil Plugins 293
nk497 writes "A Mozilla exec has attacked Apple, Microsoft and Google for installing plugins without users' permission. 'Why do Microsoft, Google, Apple, and others think that it is an OK practice to add plug-ins to Firefox when I'm installing their software packages?' Asa Dotzler asks. 'That is precisely how a Trojan horse operates... These additional pieces of software installed without my consent may not be malicious but the means by which they were installed was sneaky, underhanded, and wrong.' He called on them to 'stop being evil.'"
people don't seem to mind (Score:5, Interesting)
One thing I've slowly come to realize is that most people do not mind a big company or other entity controlling their computers. They're quite happy to run javascript trackers, download web bugs, run any executable without knowing whether it's safe, and so on.
Many of us here have an aversion to these things. If we see a plugin installed without our permission, we'll figure out how to remove it. But most people do not place any value in having control over their own hardware, so they see no value in doing that.
The end result of this is going to be a highly controlled internet, because the number of people who care about its freedom and openness is very tiny compared to the number who don't. The market forces will decide, and those are clearly on the side of the "you may control my computer in any way you want, Mr Multinational Corporation".
PS - my CAPTCHA for this message was "disallow".
Re:Add Yahoo as well (Score:3, Interesting)
Maybe in his configured UI the Checkboxes were actually X's - and he thought an X beside the item means "Do Not Want" - a common mistake when using X-indicative checkboxes.
But really, it's no different than when I want to Install Adobe PDF Reader and work, and it's all "Hey, do you want the Google Toolbar? I'll just go ahead and check the box for you. I know that you waste a fraction of a second each time unchecking that box, and that frustrates a lot of IT professionals, but thats just how I roll. I mean, IE already has a built in "Search Bar" which most people who use Google will switch it to google instead of Live search, but the important thing is to find all the technically illiterate masses who use computers and make sure they have the Google Toolbar so they use Google more. God forbid if they don't like Bing as their default search provider they actually set Google as their home-page and just use Google anyways - THEY NEED THAT TOOLBAR.
Honestly, I used to be completely and utterly serenely happy with Google. They provided just the right services I wanted and genuinely stayed out of my way. I didn't really care if they were collecting information on me, they were so clever about it I didn't notice.
But nothing makes me angrier than this silly ridiculous "Add My Browser Toolbar" Bull that ALL these companies are working together on. I mean, if you already have the google Toolbar installed, instead of asking you if you want it again, Adobe Reader Installer knows that and will ask "Hey, do you want this free version of Norton?" Seriously? As if cramming 1 optional program down my throat was bad enough.
Has anybody tried uninstalling and Re-installing adobe reader with all of the Auto-Opted-In "Side Packages" to see exactly how many companies have kissed Adobes ass? I'm now curious but I wouldn't want to do it on my machine. (I totally need to virtualize my workstation...)
Re:Yes (Score:1, Interesting)
I can only guess that they keep old versions just in case some website request it.
Java updates are largely security-related. Allowing any website to request the old, vulnerable version would be beyond stupid. We'd actually need to invent a new word to convey the stupidity of it.
Re:people don't seem to mind (Score:4, Interesting)
There is much truth in what you speak here. But it gets worse.
Turns out that this is all done because Apple, Microsoft and Google (and more) have all done studies to determine the preferences of most users. The goal is to make things easier. It doesn't matter if easier makes them more vulnerable, easier is preferred by the general public. (Now if only the TSA and government would get this message! We don't care to be "safer" if it's inconvenient!)
If they have to be bothered to install or even be prompted to install things, this will add to the level of frustration a user will experience.
Does anyone remember the period of time in which you could hear the words "computer illiterate" spoken with a certain level of pride? "Oh, I'm computer illiterate..." Seriously? It's true and there is still a small number of people out there who wear their ignorance as a badge of honor. We have a HUGE world of user psychology to overcome before we can get to a place where people are aware and cautious.
For the moment, "ignorance is an excuse" for the problems they experience. If they actually take control of their own machines and something bad happens, it becomes THEIR OWN fault which is a responsibility they do not want to accept. It is far easier for them to curse and blame the faceless others out there rather than blame themselves for their own lack of interest.
TL;DR? Users want to blame anyone but themselves when they have problems. If they learn anything, it becomes a burden of responsibility they simply do not want.
Re:Yes (Score:3, Interesting)
The limitation of not being able to disable add-ons from the UI is not something that HAS to be so, besides, the activation off the plugin can be put off until a user agrees to it's presence.
After all, if Google, MS and Apple are doing it, imagine what more malicious software can sneak in.
Re:people don't seem to mind (Score:1, Interesting)
Last week, after setting up a new HP box for my dad, I became convinced that the reason so many people fall for malware scams is because they never get to see a clean system to begin with.
The boxes come preloaded with absolute filth.
Major software packages sneakily adds more filth.
How are users supposed to tell when a new malware toolbar suddenly shows up? Or a fake virus warning?
The amount of garbage on that HP was astounding.
Re:And F-Secure installs trojans now (Score:3, Interesting)
'but the installer does not explicitly tell you that it will install a Firefox extension."
Guess what I sued EA for and got them to settle on PDQ?
That EXACT same behavior with SecuROM.
I think, given how easily EA settled, that one would have a winnable case against any other company. EA settled to stop irreparable damage to their shady business model, I can only imagine every other company doing the exact same thing if you took them to task over it.
Re:Is this guy on crack? (Score:3, Interesting)
Re:Bill Gates != Microsoft anymore. Re:Oh okay, (Score:3, Interesting)
"I’ll tell you why I like the cigarette business. It costs a penny to make. Sell it for a dollar. It’s addictive. And there’s fantastic brand loyalty." —Buffett, quoted in Barbarians at the Gate: The Fall of RJR Nabisco (from wikipedia) [wikipedia.org]
If you want me to like Bill Gates, saying he has Warren Buffet's approval won't do it.
Yes and No (Score:2, Interesting)
Ubuntu does it too! (Score:2, Interesting)
Not additional software (Score:3, Interesting)
At least on Windows, the plugins in question aren't "additional pieces of software" that are being installed secretly. They're part of the software package you chose to install, both conceptually and technologically.
This doesn't necessarily justify the fact that any particular software package doesn't make its browser add-on functionality optional and/or opt-in. It's just an observation.
Incidentally, I could swear that Firefox has been prompting me lately whenever a new add-on is discovered, and giving me the chance to disable it. Problem solved, I'd think, although I suppose you could argue that it should be opt-in rather than opt-out.