how-to block ads
|
|
Uniqs:
20026 |
Share Topic
 |
 |
|
|
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4
1 edit | reply to BandHeight
Re: Firefox 3 honors Windows Security Zones... Thank you for the link to the bug report.  That was very interesting reading.
I still don't get it because there are no ADS on downloads from Fx3. I just downloaded Eicar, both the .exe and one of the zips, and saved them to my downloaded programs folder. Then I right click scanned them for ADS and they have none. I ran them both and Fx didn't popup any warning. I have no AV installed at the moment on this XP Pro guest machine so I was able to download the .exe one which ordinarily my AV would stop me before the download started. So, where are these ADS tags from Fx? They are not on any downloads. This Streams Shell Extension finds other ADS so I have no reason to think that Fx has somehow managed to hide the ADS from this extension. (I have not yet tried to install the extension on Vista. It may not work there). I suppose I can grab one of my myriad of programs (off my host...easy to do with XP...Vista is one huge headache for grabbing files on the network) that find ADS and run one of them in case Streams Shell Extension is somehow missing these. Ieven changed the settings in IE8 to allow unsafe downloads an Fx3 doesn't object to my running eicar.com or opening the eicar zip files. So, evidently, this feature is not working in Fx3.
Oh, btw, Fx3 works fine today on my guest XP machine. I'm on it now. It loaded all tabs very rapidly and blazes at Mozillazine forums. It loaded a preview of a post there so fast I was amazed and also posted it and then took me to the post incredibly fast. So, I have no idea what was wrong yesterday. I shut that machine down last night and booted it up again a little while ago. Maybe Windows needed restarting for some unclear reason. I'm going to use this machine now for awhile and see if, after a few hours, it happens again or not.
edit: I shut down IE with the risky setting still in place. Just now, I started IE8 again and got a gigantic warning telling me not to surf the internet with such a risky setting. So, why is Fx not reacting to that change? I don't think it is working on Fx unless Eicar files are exempted from the ADS?
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason | |
 Grail KnightQui audet adipisciturPremium
join:2003-05-31
Valhalla
kudos:6 | Did that user.js spelling setting work for you? | |
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | I haven't done it. I want the spell checker to stay turned off until I want it. I don't want to do without a spell checker entirely. So, I've been undecided about what to do. | | |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | I took the time just now to install Avira free on Fx3 on my virtual XP machine. I left the dangerous download setting for IE. I changed the setting for browser.download.manager.scanWhenDone back to true. Avira wouldn't let me play with Eicar at all..not even the zip ones. So, I instead downloaded a couple of applications and Fx never tried to start my AV, never tried to stop me from downloading because I have those unsafe settings for IE, never warned me about anything to do with the downloads. I checked them for ADS and there is no ADS tagging. I even tried opening the file directly from the download manager (instead of going to the containing folder as I ordinarily would so I could scan it) and Fx let it open directly and this was while IE has the bad settings enabled.
So, these features are not working for me at all.
Oh, so far Fx3 on the XP virtual machine is working fine...I still have no idea what was the matter last night.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason | |
1 edit | 
FF-Streams.png | 
IE7-DLDenied.png | 
FF-DLDenied.png |
said by Mele20:So, these features are not working for me at all. Test 1
- OS: Win XP SP3
- Storage Filesystem: NTFS
- Policy Set To Medium (3)
I downloaded the FF 3 installation file from Mozilla using four different applications:
- IE7 SP3 - File saved as: Firefox Setup 3.0-DLIE.exe
- FF 3.0 - File saved as: Firefox Setup 3.0-DLFF.exe
- Opera 9.5 - File saved as: Firefox Setup 3.0-DLOP.exe
- GetRight 5.2d - File saved as: Firefox Setup 3.0-DLGR.exe
Results (image posted: FF-Streams.png)
- IE7 - Added ADS; execution prompts user
- FF 3.0 - Added ADS; execution prompts user
- Opera 9.5 - Did not add ADS; execution proceeds without prompt
- GetRight 5.2d - Did not add ADS; execution proceeds without prompt
Test 2
- OS: Win XP SP3
- Storage Filesystem: NTFS
- General Policy Set To Medium (3) But FF Download Site Added To Restricted Zone (High - Zone 4)
I downloaded the FF 3 installation file from Mozilla using two different applications:
- IE7 SP3 - File saved as: N/A
- FF 3.0 - File saved as: Firefox Setup 3.0-DLFF-Restricted.exe
Results (images posted - IE7-DLDenied.png and FF-DLDenied.png):
- IE7 SP3 - Clicking the download link immediately alerts user with messsage box, "Your current security settings do not allow this file to be downloaded".
- FF 3.0 - Clicking the download link presents "Save As ..." dialog and then launches the FF DL Manager after clicking "Save". However, the FF DL Manager halts the download, and the DL Manager listing shows the file name with the following message: "This download has been blocked by your Security Zone Policy -- mozilla.org".
By the way, the file and partial file are left on the file system; file size of each is zero bytes (that probably needs to be cleaned up automatically?). | |
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | I don't understand your point. YOU had to add the ADS to get Fx to react. Soo....?
Plus, I thought Fx reacted if you had INsecure settings on IE not secure settings. Why would Fx stop you if the IE settings are secure? It should stop you only if the IE settings are insecure.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason | |
| said by Mele20:I don't understand your point. YOU had to add the ADS to get Fx to react. Soo....? Plus, I thought Fx reacted if you had INsecure settings on IE not secure settings. Why would Fx stop you if the IE settings are secure? It should stop you only if the IE settings are insecure. Firefox 3.0 for Windows now uses the same feature that Internet Explorer uses when you download a file from the internet. Firefox tags a downloaded file which then tells Windows to show the prompt. He did not add any ADS, that was Firefox that added the ADS.
--
less talk, more music | |
4 edits | reply to Mele20
Prompt Recieved Upon Execution of Zone 3 Tagged File DL'd with IE 7 | 
Prompt Recieved Upon Execution of Zone 3 Tagged File DL'd with FF 3.0 |
said by BandHeight:Results (image posted: FF-Streams.png) - IE7 - Added ADS; execution prompts user - FF 3.0 - Added ADS; execution prompts user - Opera 9.5 - Did not add ADS; execution proceeds without prompt - GetRight 5.2d - Did not add ADS; execution proceeds without prompt said by Mele20:I don't understand your point. YOU had to add the ADS to get Fx to react. Soo....? I know that might have been a little confusing, but c'mon ... why would I have even wasted my time with the previous post if I could only achieve those results by manually adding the ADS? Of course I didn't manually add the ADS ... the applications did (or didn't) as the case may have been. For example, when I downloaded the file with FF 3.0, the tags were automatically added based on my Policy because FF 3.0 recognizes and respects the Policy I have set (it uses the aforementioned IAttachmentExecute::CheckPolicy Method to do so) whereas Opera, for example, is Policy agnostic (thus, it does not add the Zone ADS tag).
said by Mele20:Plus, I thought Fx reacted if you had INsecure settings on IE not secure settings. Why would Fx stop you if the IE settings are secure? It should stop you only if the IE settings are insecure. None of the applications that recognize Policy react opposite your set Policy. They honor / respect your Policy. If you want to be insecure, the applications respect that. If you want to be secure, they respect that, too. It is your choice which Policy you set (Zone 1, 2, 3 or 4) for specific activities ... so why would FF 3.0 try to do the opposite of what your Policy dictated it to do?
If you have a Policy for high security, it prompts the user or blocks the activity completely (Zone 3 or Zone 4, respectively). If the user chooses a less secure Policy (Zone 1 or 2), the prompting and blocking do not occur at all or are lessened.
I think you are fundamentally misunderstanding this topic.
EDIT:
By the way, once the downloaded file is tagged with a Zone 3 ADS per policy, FF is out of the picture. The prompt that a user gets when the file is executed is then received from the OS and it looks just like the prompt that a Zone 3 file downloaded by IE would look (see images in this post).
Of course, this does not apply for Zone 4 because no file is actually downloaded, so no ADS can be added and the file-blocked message comes immediately from the browser itself (thus the 2 different screen-shots in my previous post). | |
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | reply to Ctrl Alt Del
Auto quote isn't working.
I understand what Bandheight said. My reply is that it is not true that Fx3 is placing ADS on downloads. It is not doing for me. Therefore, this feature does not work. Bandheight has Service Pack 3 for XP. I have SP2. Maybe Service Pack 3 is required for this to work? If so, that is another good reason to not install SP3...getting too bossy.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason | |
2 edits | 
FF 3.0 Adds Zone Tags In Win XP SP 2 Just Like In SP 3 |
said by Mele20:Auto quote isn't working. I just auto-quoted. It never ceases to amaze me how many things don't work for you.
said by Mele20:I understand what Bandheight said. No comment.
said by Mele20:My reply is that it is not true that Fx3 is placing ADS on downloads. Really?
said by Mele20:It is not doing for me. Of course not.
Please understand saying that something is not true (which makes me what by extension?) just because it doesn't work for you is insulting to say the least. I did not fabricate the FF 3 functionality (nor did anyone else in this thread for that matter), and I did not fabricate the test results and screen-shots I posted here.
Edit:
And because I can (but shouldn't have), I tested Win XP SP2, and of course as I expected, the ADS tags were added by FF 3.0 just as they were in Win XP SP3. See image above. For the record, my SP 3 tests were on XP Pro (which I failed to mention), so the tests thus far seem to validate the same functionality in SP 2 and SP3 and Pro and Home versions. This is not surprising. | |
| reply to Mele20
said by Mele20:Auto quote isn't working. I understand what Bandheight said. My reply is that it is not true that Fx3 is placing ADS on downloads. It is not doing for me. Therefore, this feature does not work. Bandheight has Service Pack 3 for XP. I have SP2. Maybe Service Pack 3 is required for this to work? If so, that is another good reason to not install SP3...getting too bossy. Your settings are insane so you may have turned them off in Internet Explorer's Internet Settings. If you're worried about this feature, you can turn it off so it acts exactly like it did before.
This feature was added in SP2, so your machine already has the framework for this feature.
--
less talk, more music | |
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | Auto quote worked the next time I tried it. Every now and then it won't work. If you had bothered to do a search you would find a number threads over the years about auto quote not working for awhile or working intermittently. I meantioned out of politeness but that was lost on you.
What "feature" was added in SP2?
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason | |
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | reply to BandHeight
said by BandHeight:If you have a Policy for high security, it prompts the user or blocks the activity completely (Zone 3 or Zone 4, respectively). If the user chooses a less secure Policy (Zone 1 or 2), the prompting and blocking do not occur at all or are lessened. I think you are fundamentally misunderstanding this topic. EDIT: By the way, once the downloaded file is tagged with a Zone 3 ADS per policy, FF is out of the picture. The prompt that a user gets when the file is executed is then received from the OS and it looks just like the prompt that a Zone 3 file downloaded by IE would look (see images in this post). Of course, this does not apply for Zone 4 because no file is actually downloaded, so no ADS can be added and the file-blocked message comes immediately from the browser itself (thus the 2 different screen-shots in my previous post). What are these "zones"? I don't use IE but rarely. I am a Mozilla person. I used Netscape when I got my first compter, then Mozilla, then Phoenix also and then Firebird/Firefox and SeaMonkey. I remember something called local/internet/trusted/restricted tabs in IE options. I never paid much attention to them. I kept everything in the internet tab except Spyware Blaster puts stuff in the restricted tab. I used custom settings for IE privacy from the beginning ...no slider or other junk but basically I don't use IE and would rip it out if I could. The only thing I use IE for, and the only reason to keep it around (if I could get rid of it), was for Java speedtests until the beginning of this year when I finally stopped using MSJava. I still don't allow Java on Fx. I have IE for speed tests and for the few sites that still won't work in Fx. (I also keep IE on a virtual machine that runs XP Pro SP1 for my ONLY install of Flash Player. I have it installed just so I can see how awful my ISP is now that they ditched the best speed test for a crap Flash one that cost a lot less. I never have allowed Flash on Fx or Mozilla/Seamonkey).
I thought we were talking about this:
"Reset system Internet security settings - Windows
Starting in Firefox 3: When you attempt to download an executable file (e.g., an .exe or .msi file) you may see a Firefox Downloads window with one of these messages under the filename:
* Blocked: Download may contain a virus or spyware (Firefox 3 Beta 5 image)
* This download has been blocked by your Security Zone Policy (Firefox 3 RC1 image).
This issue does not occur in Firefox 2 or earlier.
Firefox 3 may block downloads of all executable files if the Internet security option, "Launching applications and unsafe files" is set to "Disabled". [18] [19] To change this setting, open Internet Options (via Control Panel or from Internet Explorer -> Tools) and click the "Security" tab. Select the "Internet" zone, click the "Custom level..." button, then find the "Launching applications and unsafe files" setting (under Miscellaneous) and select "Prompt (Recommended)" "
»kb.mozillazine.org/Unable_to_sav···_Windows
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason | |
 HA NutPremium
join:2004-05-13
USA | reply to HA Nut
Interesting discussions! A couple more thoughts after reading some posts...
sivran: I'm not sure I would dump NoScript just yet. I haven't seen definitive evidence of how far FF 3 follows IE's Security Zones. So far, I've personally only seen file downloads and the launching of downloaded files.
I think BandHeight is on to something about FF 3 in business/office environments. Whether intended or not, FF 3 could be safer if group policy covered file downloads.
Other than the about:config entry where the AV scanning is set, has anyone read exactly how FF 3 goes about determining how to call up the AV and run the proper command(s) to actually perform the scan? I've ran FF 3 with the scanner on and off and saw no perceptible difference. | |
| reply to HA Nut
I definitely would not get rid of NoScript yet. The biggest problem with security zones in IE is that you cannot pick and choose which domains you accept content from. For example, you may want to allow cnn.com, but with IE's zones you will be mixed content, as there may be doubleclick.net stuff on the site as well.
NoScript shows you which domains are part of a site. | |
1 edit | reply to HA Nut
FF DL Manager / AV Scanner Functionality |
said by HA Nut:Other than the about:config entry where the AV scanning is set, has anyone read exactly how FF 3 goes about determining how to call up the AV and run the proper command(s) to actually perform the scan? I've ran FF 3 with the scanner on and off and saw no perceptible difference. It uses the IAttachmentExecute::CheckPolicy method that has been discussed in this thread (and falls back on IOfficeAntiVirus if IAttachmentExecute::CheckPolicy isn't available ... at least I think the fallback made it into the final version). If I've followed the bug reports correctly, IOfficeAntiVirus was the early go-to method, but was swapped in favor of IAttachmentExecute::CheckPolicy for various reasons later on.
I'm sure you asked about this without realizing that the Zone policy adherence and the anti-virus scanning functionality are tied together by virtue of the OS methods they utilize.
I had some additional bug reports to toss at you for further reading, but I saved them in a FF session on another PC which I can't get to right now.
If FF 3 is not scanning your files even with the About:Config setting turned on, it's possible that your AV isn't using one of the two aforementioned methods for communication with the OS. For example, I normally use AntiVir Personal Free Edition, and even though AntiVir appears in the Security Center GUI, it does not work as a DL scanner for the browsers (FF 3 nor IE 7).
It seems that if an AV is designed to work with these methods, the AV has to register itself and enable a particular Group Policy:
User Configuration\Administrative Templates\Windows Components\Attachment Manager
Doing so automatically creates this registry entry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments ScanWithAntiVirus = 3
(*see here for some interesting stuff:
»support.microsoft.com/kb/883260)
I checked my system, and the "Attachment Manager" Group Policy was disabled and the reg entries did not exist at all. However, even manually setting the Group Policy makes no difference with AntiVir Free, so there is more to its failure to work with IE 7 and FF 3 than that particular setting (i.e., it seems it was not designed to communicate with the OS in a way that the browsers need ... and it's highly possible that some FF issues may still need to be worked out, though that doesn't explain why AntiVir doesn't work with IE 7, either).
So, for testing, I installed Windows Defender (which automatically sets the above Group Policy and registry entries upon installation, by the way), and it works fine as a download scanner with both IE 7 and FF 3.
Beyond that, there still seems to be some tidying-up of the FF 3 display and behavior relative to the scanning process as it seems odd and inconsistent to me. I don't have time to expound fully, but here are a few examples:
- the DL Manager has a scanning-progress animation, but it only appears AFTER the AV has found the file to be suspect; it does not appear at all if the file is clean.
- the animation will time-out if the user doesn't respond to the AV prompt (i.e., the animation stops and the file is placed on the DL Manager's list)
- the DL Manager listing shows the file as if it were any other file, even if it was found to be malware by the AV (no big, Red X image or note that the file was found to be malware).
Just passing the file path parameter to the AV and retreating into the background is fine with me; however, providing a scanning-progress animation implies that the DL Manager is actually communicating with the AV for a purpose, otherwise it's just like a fake intake-scoop and a loud muffler on a Toyota Tercel. All show. And not a very good show at that. | |
| reply to Mele20
said by Mele20:What "feature" was added in SP2? In Windows XP Service Pack 2, Microsoft added something called the Attachment Manager.
said by »support.microsoft.com/?kbid=883260 :The Attachment Manager in Windows XP SP2 can help protect your computer from unsafe attachments that you might receive with an e-mail message and from unsafe files that you might save from the Internet. If the Attachment Manager identifies an attachment that might be unsafe, the Attachment Manager prevents you from opening the file, or it warns you before you open the file. The Attachment Manager uses the IAttachmentExecute application programming interface (API) to find the file type, to find the file association, and to determine the most appropriate action. Microsoft Outlook Express, Microsoft Windows Messenger, Microsoft MSN Messenger, and Microsoft Internet Explorer use the Attachment Manager to handle e-mail attachments and Internet downloads. When you save files to your hard disk from a program that uses the Attachment Manager, the Web content zone information for the file is also saved with the file. For example, if you save a compressed file (.zip) that is attached to an e-mail message to your hard disk, the Web content zone information is also saved when you save the compressed file. More simply...
said by »smallvoid.com/article/ie-attachm···ger.html :Windows XP SP2 includes a new feature called Attachment Manager, which monitors files downloaded from the Internet or received as e-mail attachments. When a downloaded file is saved to a disk formatted with NTFS, then it will update the meta data for the file with the zone (Internet- / Restricted-zone) it was downloaded from. The meta data is saved as an Alternate Data Stream (ADS), which is a feature of NTFS where the same filename can be used to cover multiple data streams. For example, if you use Windows XP SP2's Internet Explorer to download an executable, Internet Explorer will tag that file as potentially dangerous using Attachment Manager's IAttachmentExecute. Then when you try to run that executable, Windows will show the following dialog:
Because the Attachment Manager was added in XP SP2, when you said:
I understand what Bandheight said. My reply is that it is not true that Fx3 is placing ADS on downloads. It is not doing for me. Therefore, this feature does not work. Bandheight has Service Pack 3 for XP. I have SP2. Maybe Service Pack 3 is required for this to work? If so, that is another good reason to not install SP3...getting too bossy. Was incorrect. Service Pack 3 is not required, Service Pack 2 is, which you already have.
Now, Firefox 2 did not use the Attachment Manager at all. If you downloaded an executable with Firefox 2, you never saw that Security Warning dialog. However, Firefox 3 does use the Attachment Manager with the default settings. When you download an executable with Firefox 3, you will get the same Security Warning dialog that IE would show.
Both websites in the quotes above show the Group Policy settings or Registry keys that control this feature.
--
less talk, more music | |
OZOPremium
join:2003-01-17
kudos:2 | reply to HA Nut
Creation of :Zone.Identifier ADS's for new files does not depend on the IE security option "Launching applications and unsafe files". I don't see why FF guys start to rely on this option.
That IE option actually doesn't regulate downloading process at all. The option defines how WE (Windows Explorer, and not Internet Explorer) will react when user double click on ADS marked file. Accordingly to the option setting WE will run the file without any warning (if option is set to 'Enable'), will issue a prompt (if option set to 'Prompt'), and will send error message and restrict execution of the file (if the option is set to 'Disable').
Again, IE option "Launching applications and unsafe files" defines the process of launching (by WE) files, already being marked with :Zone.Identifier ADS, and not the creation of that ADS at download time! Do they, FF developers know that? It looks like they don't  . By this new screwed implementation - they additionally messing things... As I've mentioned in my first post there are special ways already designed to change the behavior of IE in this respect (to create the ADS for download file or do not).
Can they just use their own an internal FF option for defining the process of creation these ADS's or they can not? It's a simple and obviously the right way to do. Surely it's better then to start configuring one browser via UI of another one... (which is completely inappropriate, IMHO).
--
Keep it simple, it'll become complex by itself... | |
3 edits | said by OZO:That IE option actually doesn't regulate downloading process at all. The option defines how WE (Windows Explorer, and not Internet Explorer) will react when user double click on ADS marked file. Accordingly to the option setting WE will run the file without any warning (if option is set to 'Enable'), will issue a prompt (if option set to 'Prompt'), and will send error message and restrict execution of the file (if the option is set to 'Disable'). said by OZO:Can they just use their own an internal FF option for defining the process of creation these ADS's or they can not? It's a simple and obviously the right way to do. Surely it's better then to start configuring one browser via UI of another one... (which is completely inappropriate, IMHO). I think the misunderstanding is that Zone Policy is not an option or function of the browser (not IE or FF or any other browser). It is the function of the operating system.
- Yes the Zone ADS is set and attached to a file by a client that understands and adheres to the policy. The client understands the policy and knows the zone from which the file originated. Therefore it is necessary that the client apply the ADS stream to the file at this point, but at the instruction of the operating system's set policy.
- Any execution of a file marked with an ADS Zone 3 tag will cause a prompt to be issued by the operating system, not by the specific internet browser (e.g., FF or IE) nor by a specific file browser (WE, PowerDesk, etc.).
- If the Zone Policy is set to 4 (block), the operating system blocks the download through the client (no ADS can be set, obviously, as I've previously mentioned, since no file is actually downloaded). Both FF 3.0 and IE 7 respond in the same way.
Both Ctrl Alt Del and I are aware of the Attachment Manager Group Policy. I discussed it and supplied this link:
»support.microsoft.com/kb/883260
in an earlier post. Ctrl Alt Del re-posted the link and made some further observations in a follow-up post to mine.
The Attachment Manager Group Policy of 'Do not preserve zone information in attachments', when enabled, does indeed prevent the Zone ADS from being added to files by clients, but you seem to think only Internet Explorer follows that policy. That is incorrect. Any application (including FF 3.0) that adheres to Zone Policy via the operating system methods previously discussed, also honors not preserving the ADS information. Why not just try it and see for yourself? Im pretty sure this is what you will find:
- If you download a Zone 3 file with FF 3.0 (or IE 7, etc.), the file will no longer have the ADS tag added if the 'do not preserve zone information' policy is enabled prior to the download attempt.
- Any file that was downloaded under Zone 3 prior to enabling the 'Do not preserve zone information' Policy will still have the ADS stream embedded in the file (the policy does not remove existing tags), and the OS will still, appropriately, issue a prompt upon execution.
So, any application that honors the operating system's Zone Policy correctly (including FF 3.0 and IE 7) will also honor the Attachment Manager Group Policy. Behavior is [mostly*] consistent across clients because it is a function of the operating system, not the client.
In simplest terms:
Once the client sets the ADS tag (or not) or blocks a download per the operating system's current policy, the client is no longer responsible for any prompt that a user might see. It is then up to the operating system to interpret the file tags (if they exist) and correlate them with current policy.
Finally, why should FF 3.0 developers try to recreate the whole system over again as you seem to suggest? Either they decide to have the client adhere to the design of the platform on which it is installed, or they decide to not adhere to it at all (as with earlier FF version), but recreating their own parallel / redundant system probably never occurred to them as a viable option.
* Note:
I say "mostly" because their may be exceptions. For example, as I've mentioned (and supplied screen-shots, as well, in a previous post), FF 3.0 and IE 7 both respond to Zone 4 by blocking downloads, but the way they inform the user of the blocking is different (i.e. the GUI presentation in this case is not consistent). Under this scenario where no tags are added (since no file is downloaded), and the client still has some independent control over the process, this seems perfectly reasonable. | |
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | The important thing here is that the Attachment Manager in XP Pro SP2 doesn't work. I've read the Microsoft article and it doesn't work. I've checked group policy and under Administrative Templates: Attachment Manager it says:
Do not preserve zone information in file attachments: NOT Configured and then it says:
"If you do not configure this policy setting Windows marks file attachments with their zone information." But Windows does not mark the file attachments on my XP computer whether I use IE8 or Fx3.
Even if ADS were added to downloads (and that doesn't happen), the policy would still be irrelevant and not work because I routinely remove all ADS from any downloaded file BEFORE I scan with my AV and before I execute it. I think the Attachment Manager is not a good idea because it uses ADS which most of us would routinely remove as ADS could be malware so the wise thing is to remove all ADS from any newly downloaded file before executing.
I also don't see any point in Fx3 Download Manager calling your AV to scan the file as your AV will scan the file before it executes whether you elect to manually scan the file or not. Your on access AV will scan it so what is the point of the Access Manager and what is Mozilla's point in trying to use it? It is absurd redundancy. We already have several questions in the Avira forum about how awful it would be if Webguard scans the file, then the Fx3 Download Manager calls Avira to scan it again and then the user goes to execute it and Avira scans it again and inbetween all that all users practicing safe hex have scanned also with Luke Filewalker. Geeezzzz....a ridiculous amount of scanning there. It looks to me like Mozilla just wanted something to puff about that sounded good but really is not needed and could, like the Avira poster was worried about, cause unnecessary slowdowns. ONE scan of the file by Guard as it goes to execute is all that matters and nothing else is needed. Calling Luke Filewalker is not sensible because it is a weak scanner and it might say the file is clean when it isn't.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason | |
|
