"...Now, for a piece of software that has just started up, how does it know that a plug-in has been installed sneakily by another app acting as admin, rather than the user choosing to install it? Really, how?..."
Presumably there is a directory where the plugins live? In which case, really simply, it could just look to see if any files have been added since last time it was run.
If you want a bit more security round it, the program could store a list of cryptographic hashes of the plugins which have been legitimately installed and that way detect tampering with existing plugins or the list of previously oked plugins.
The problem is that FF doesn't seem to be even trying here.
- Review Reg man looks through a Glass, darkly: Google's toy ploy or killer tech specs?
- MEN WANTED to satisfy town full of yearning BRAZILIAN HOTNESS
- +Comment 'Stop dissing Google or quit': OK, I quit, says Code Club co-founder
- Apple tried to get a ban on Galaxy, judge said: NO, NO, NO
- Banking apps: Handy, can grab all your money... and RIDDLED with coding flaws