Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Firefox Google Microsoft Mozilla Privacy Apple

Apple, Microsoft, Google Attacked For Evil Plugins 293

nk497 writes "A Mozilla exec has attacked Apple, Microsoft and Google for installing plugins without users' permission. 'Why do Microsoft, Google, Apple, and others think that it is an OK practice to add plug-ins to Firefox when I'm installing their software packages?' Asa Dotzler asks. 'That is precisely how a Trojan horse operates... These additional pieces of software installed without my consent may not be malicious but the means by which they were installed was sneaky, underhanded, and wrong.' He called on them to 'stop being evil.'"
This discussion has been archived. No new comments can be posted.

Apple, Microsoft, Google Attacked For Evil Plugins

Comments Filter:
  • by Anonymous Coward on Monday November 29, 2010 @12:17PM (#34375164)

    One thing I've slowly come to realize is that most people do not mind a big company or other entity controlling their computers. They're quite happy to run javascript trackers, download web bugs, run any executable without knowing whether it's safe, and so on.

    Many of us here have an aversion to these things. If we see a plugin installed without our permission, we'll figure out how to remove it. But most people do not place any value in having control over their own hardware, so they see no value in doing that.

    The end result of this is going to be a highly controlled internet, because the number of people who care about its freedom and openness is very tiny compared to the number who don't. The market forces will decide, and those are clearly on the side of the "you may control my computer in any way you want, Mr Multinational Corporation".

    PS - my CAPTCHA for this message was "disallow".

  • Re:Add Yahoo as well (Score:3, Interesting)

    by Monkeedude1212 ( 1560403 ) on Monday November 29, 2010 @12:29PM (#34375304) Journal

    Maybe in his configured UI the Checkboxes were actually X's - and he thought an X beside the item means "Do Not Want" - a common mistake when using X-indicative checkboxes.

    But really, it's no different than when I want to Install Adobe PDF Reader and work, and it's all "Hey, do you want the Google Toolbar? I'll just go ahead and check the box for you. I know that you waste a fraction of a second each time unchecking that box, and that frustrates a lot of IT professionals, but thats just how I roll. I mean, IE already has a built in "Search Bar" which most people who use Google will switch it to google instead of Live search, but the important thing is to find all the technically illiterate masses who use computers and make sure they have the Google Toolbar so they use Google more. God forbid if they don't like Bing as their default search provider they actually set Google as their home-page and just use Google anyways - THEY NEED THAT TOOLBAR.

    Honestly, I used to be completely and utterly serenely happy with Google. They provided just the right services I wanted and genuinely stayed out of my way. I didn't really care if they were collecting information on me, they were so clever about it I didn't notice.

    But nothing makes me angrier than this silly ridiculous "Add My Browser Toolbar" Bull that ALL these companies are working together on. I mean, if you already have the google Toolbar installed, instead of asking you if you want it again, Adobe Reader Installer knows that and will ask "Hey, do you want this free version of Norton?" Seriously? As if cramming 1 optional program down my throat was bad enough.

    Has anybody tried uninstalling and Re-installing adobe reader with all of the Auto-Opted-In "Side Packages" to see exactly how many companies have kissed Adobes ass? I'm now curious but I wouldn't want to do it on my machine. (I totally need to virtualize my workstation...)

  • Re:Yes (Score:1, Interesting)

    by Anonymous Coward on Monday November 29, 2010 @01:02PM (#34375726)

    I can only guess that they keep old versions just in case some website request it.

    Java updates are largely security-related. Allowing any website to request the old, vulnerable version would be beyond stupid. We'd actually need to invent a new word to convey the stupidity of it.

  • by erroneus ( 253617 ) on Monday November 29, 2010 @01:07PM (#34375794) Homepage

    There is much truth in what you speak here. But it gets worse.

    Turns out that this is all done because Apple, Microsoft and Google (and more) have all done studies to determine the preferences of most users. The goal is to make things easier. It doesn't matter if easier makes them more vulnerable, easier is preferred by the general public. (Now if only the TSA and government would get this message! We don't care to be "safer" if it's inconvenient!)

    If they have to be bothered to install or even be prompted to install things, this will add to the level of frustration a user will experience.

    Does anyone remember the period of time in which you could hear the words "computer illiterate" spoken with a certain level of pride? "Oh, I'm computer illiterate..." Seriously? It's true and there is still a small number of people out there who wear their ignorance as a badge of honor. We have a HUGE world of user psychology to overcome before we can get to a place where people are aware and cautious.

    For the moment, "ignorance is an excuse" for the problems they experience. If they actually take control of their own machines and something bad happens, it becomes THEIR OWN fault which is a responsibility they do not want to accept. It is far easier for them to curse and blame the faceless others out there rather than blame themselves for their own lack of interest.

    TL;DR? Users want to blame anyone but themselves when they have problems. If they learn anything, it becomes a burden of responsibility they simply do not want.

  • Re:Yes (Score:3, Interesting)

    by Tharsman ( 1364603 ) on Monday November 29, 2010 @01:26PM (#34376036)

    The limitation of not being able to disable add-ons from the UI is not something that HAS to be so, besides, the activation off the plugin can be put off until a user agrees to it's presence.

    After all, if Google, MS and Apple are doing it, imagine what more malicious software can sneak in.

  • by Anonymous Coward on Monday November 29, 2010 @01:38PM (#34376206)

    Last week, after setting up a new HP box for my dad, I became convinced that the reason so many people fall for malware scams is because they never get to see a clean system to begin with.

    The boxes come preloaded with absolute filth.
    Major software packages sneakily adds more filth.
    How are users supposed to tell when a new malware toolbar suddenly shows up? Or a fake virus warning?

    The amount of garbage on that HP was astounding.

  • by Khyber ( 864651 ) <techkitsune@gmail.com> on Monday November 29, 2010 @02:51PM (#34377318) Homepage Journal

    'but the installer does not explicitly tell you that it will install a Firefox extension."

    Guess what I sued EA for and got them to settle on PDQ?

    That EXACT same behavior with SecuROM.

    I think, given how easily EA settled, that one would have a winnable case against any other company. EA settled to stop irreparable damage to their shady business model, I can only imagine every other company doing the exact same thing if you took them to task over it.

  • by frostfreek ( 647009 ) on Monday November 29, 2010 @02:57PM (#34377394)
    All I have to say in response to this is ".NET Framework Assistant". http://www.computerworld.com/s/article/9139459/Sneaky_Microsoft_plug_in_puts_Firefox_users_at_risk [computerworld.com]
  • by mcgrew ( 92797 ) * on Monday November 29, 2010 @05:24PM (#34379856) Homepage Journal

    "I’ll tell you why I like the cigarette business. It costs a penny to make. Sell it for a dollar. It’s addictive. And there’s fantastic brand loyalty." —Buffett, quoted in Barbarians at the Gate: The Fall of RJR Nabisco (from wikipedia) [wikipedia.org]

    If you want me to like Bill Gates, saying he has Warren Buffet's approval won't do it.

  • Yes and No (Score:2, Interesting)

    by huzur79 ( 1441705 ) on Monday November 29, 2010 @05:33PM (#34380038)
    When an Automatic Update from Microsoft Update or Apples Software update installs a plugin, I have an issue with that like how .net was added to firefox without users knowing. When something installs from a users explicit decision such as installing iTunes or MS Live and it installs a plugin he's wrong. User initiated installs is the permission granted to Apple or Microsoft or Google to install whatever is being offered. If the user fails to read the finer details of what’s being installed or reads the installer options such as, include whatever plugin, it’s not their fault. There is a difference between Automatic non user initiated plugin installs from updates and user initiated software installs that include a plugin. Firefox could easily just audit its plugins from last start to see if anything has been added in the unofficial way and warn the user or by default disable it and ask the user to enable it. Its in there power to do something about it but instead they take the lazy route or political route to complain about it instead. So one must ask what is the Agenda saying Microsoft, Apple and Google are evil when they have the power to code changes to prevent it vs saying the Maker of Internet Explorer and the Maker of Safari and the Maker of Chrome are evil. Oh I think I just answered the Political question with that last line.
  • Ubuntu does it too! (Score:2, Interesting)

    by datakid23 ( 1706976 ) on Monday November 29, 2010 @06:02PM (#34380504)
    I love linux and I've been using Ubuntu since 5.10 - but let's not forget that it's not just evil corporations that do this! Ubuntu has a plugin that's installed when you install firefox, without asking.
  • by harryjohnston ( 1118069 ) <harry.maurice.johnston@gmail.com> on Monday November 29, 2010 @10:07PM (#34383216) Homepage

    At least on Windows, the plugins in question aren't "additional pieces of software" that are being installed secretly. They're part of the software package you chose to install, both conceptually and technologically.

    This doesn't necessarily justify the fact that any particular software package doesn't make its browser add-on functionality optional and/or opt-in. It's just an observation.

    Incidentally, I could swear that Firefox has been prompting me lately whenever a new add-on is discovered, and giving me the chance to disable it. Problem solved, I'd think, although I suppose you could argue that it should be opt-in rather than opt-out.

I THINK MAN INVENTED THE CAR by instinct. -- Jack Handley, The New Mexican, 1988.