We were glad to learn that at least one browser is taking proactive steps to thwart software bundling, which has become pandemic across the Internet and remains the most common way computers become infected with unwanted Trojans, spyware, malware and other unwanted software.
Having had the opportunity to work on thousands of computers, we are very much aware that software bundling is the number one way computers become infected with spyware, malware, and Trojans — and as long as browser allow automatic installation and activation of questionable extensions, it will continue to be the bane of all of us who install software.
While Chrome’s decision to automatically disable extensions added via bundled software installers may not be the answer to the bundling problem, it will help Chrome’s users’ browsers from becoming an automatic vehicle through which malware and spyware vendors can infect Windows. We can only hope that Internet Explorer, Firefox and other popular browsers will follow Google Chrome’s lead.
Here’s an article from CNet that explains Chrome’s new policy regarding bundled software installers. You can read the entire article at http://goo.gl/gpqyV .
“:Chrome prepares to ax silent extensions
A coming version of Google Chrome on Windows is going to prevent extensions that don’t come from the official Chrome store from quietly installing without your say-so.
Starting in Chrome 25, currently-installed third-party extensions are going to be deactivated until you reactivate them.
In a move sure to annoy businesses and other groups that bundle browser extensions as part of their main toolset, Google is tightening extension security in Chrome for Windows.
The company announced on Friday two new features in Chrome 25 that will make it harder for third-parties to force-install extensions.
Chrome Product Manager Peter Ludwig wrote that Google decided to clamp down on third-party extensions because the policy had been “widely abused” to silently install extensions, “without proper acknowledgment from users.”
All new third-party extensions will be disabled by default, Ludwig said. Once installed, a box will open warning you that the extension has installed and give you the option to activate it…”
That’s really good news. It’s about time. I find it interesting that the article came from CNet News. I hope the CNet download site is paying attention to their CNet news site and gets the “message”.
You wrote, “We can only hope that Internet Explorer, Firefox and other popular browsers will follow Google Chrome’s lead.” But, according to the CNET article you are linking to here, “These changes pull Chrome in line with changes that Mozilla made to Firefox’s add-on management policies.” Doesn’t that mean that Firefox has been the lead on this?
No it doesn’t. It has nothing to do with the gist of the article. Firefox likes to claim it’s the safest browser but Chrome is taking steps here to DEACTIVATE any browser extension by default — unless you specifically added the extension. Those extensions added by bundlers will be deactivated until you manually activate them. Wish Firefox would do this — I can’t tell you how many Firefox browsers we’ve seen polluted by the likes of FunWebProducts, Ask Toolbar, and Babylon.
At least Chrome is making extensions added furtively by scum-ware, inactive, and making it mandatory that you activate them if you want to use them. Firefox and Internet Explorer (so far) have not done this. I don’t expect Internet Explorer will ever do this given Microsoft’s close association with IAC (the company that owns Ask and FunWebProducts) and its Smart Screen Filter to remain reliant on Digital Signatures as a means of determining if software is safe. FunWeb, Ask Toolbar, Babylon and many other scum-ware toolbars have digital signatures and IE’s Smart Screen filter will allow these programs to install based on their digital signatures. That’s why we say Digital Signatures are are joke.
What would happen IF I (we) disabled the Smart Screen Filter?
You would continue to get warnings from Microsoft that your browser is set to a non-default mode and therefore is not safe, which would probably be more annoying than dealing with the smart screen warnings every time you download a file that does not have a digital signature. The better solution is to use Chrome or Firefox — which have other ways of determining dangerous downloads — which to me seem more sensible.
Thank you.. I already use Chrome and Firefox for the majority of my internet activities but keep explore since some things just run better on it. Your info has been put to use by either my hubby or I MANY a time. Thanks for everything you do!
An article by CNET on the dangers of bundling?? Now that’s ironic!!
That is interesting. Especially since it seems that everyone wants to install Chrome on my machine, whether I want it or not. I’ve tried it a couple times, don’t care for it so decided to stick with Firefox until I can get a new computer. (I’m using an old XP machine and really don’t want to add anything unnecessary at this point) The times I have tried Chrome it just seemed too invasive to suit me, so I uninstalled.