[nzlug] Observation on installing firefox to WinXP (SP3)

[Daniel Pittman]

Mark Foster <blakjak at blakjak.net> writes:

>> Upon installing firefox off the official site, XP popped up a warning
>> box. It told me (and I wish I got a screenshot) that firefox was from an
>> untrusted source and may contain malicious software which could damage
>> my computer and expose my personal information to identity thieves. Was
>> I sure about this.
>>
>> ... I know I know this is an automated message that pops up with any non
>> MS (+ paid partner) install, with "program name" inserted in the correct
>> place. But alarming anyway.
>
> I'm suprised that we havn't heard more about this before now...
> I can only assume the Windows Security State of the box was fairly
> high?
>
> I've never seen it before but I have to say your report gives me yet
> more pause on the Windows front... talk about anti competitive...

I can only say "what?!" to that; this has been a feature of Windows for
years under any security settings.

When you download a file from the Internet with the system tools it
marks it as "warn before running" and displays that dialog before
allowing you to continue.

The purpose of this is to allow Microsoft to blame the end user for any
security problems from running code they download.


Ahem.  I mean "to protect the user" of course.  Yes, that was it.

In any case: this doesn't require high security, requires explicit work
on the part of the software that downloaded applications to mark them as
untrustworthy, and is about as secure as spraying a can of "hacker-away"
on your PC ... but it was easy and visible, eh?

Regards,
        Daniel

(In other words: I agree with most of your thesis, other than the
 anti-competitive bit, but I am shocked you have not seen this yourself
 if you have used Microsoft software for any length of time.)