Mozilla rages at MS, Apple and Google's 'trojan horse' tactics


"...Now, for a piece of software that has just started up, how does it know that a plug-in has been installed sneakily by another app acting as admin, rather than the user choosing to install it? Really, how?..."

Presumably there is a directory where the plugins live? In which case, really simply, it could just look to see if any files have been added since last time it was run.

If you want a bit more security round it, the program could store a list of cryptographic hashes of the plugins which have been legitimately installed and that way detect tampering with existing plugins or the list of previously oked plugins.

The problem is that FF doesn't seem to be even trying here.


Back to the forum