| reply to OZO
Re: Firefox 3 honors Windows Security Zones... said by OZO:Again, if FF developers want to support security zones that come with IE, how will they manage those zones? Via IE? said by OZO with strike-through / emphasized correction by BandHeight :
Again, if FF developers want to support security zones that come with IE Windows and is made available to all applications through the Windows API, how will they manage those zones? Via IE?
I stated in my very first post (referring to the MozillaZine link that directs the user on how to change settings):
said by BandHeight:Pointing the user to a GUI that associates the settings with an IE icon (as well as being mixed in with other policies that FF does not adhere to) so that the settings can be adjusted is very, very clumsy. However, despite its drawbacks and upon further reflection, I think ultimately that there are so many different places to change related settings that adding to this with a separate FF interface may be more confusing than helpful in some cases. For example, a separate FF interface would give the illusion that its settings only affected FF, but integration with the system via the Windows APIs mean that changing them in FF changes them for all applications that use the API. That by the way is at the heart of the argument that this is not an IE-only policy. Changing the settings, regardless of where they are set, impact all applications that use the APIs.
Windows provides a number of generic and semi-generic places to change zone policy and related settings outside of Internet Explorer as well as directly through Internet Explorer:
- Internet Options GUI via the Control Panel
- Group Policy console
- Directly editing the registry
- Internet Options GUI via Internet Explorer menus
Using the Windows interfaces directly also reinforces that FF is integrating into the existing system rather than just recreating a different version of it.
I can definitely understand your point of view, and I believe that behind the scenes, there was an even more heated debate among the Mozilla team on how to proceed (or to even proceed at all) with this functionality.
Just as a final note (final ... hmm, I doubt it), I do think a Master ON / OFF switch in the About:Config interface that is not tied to the AV scanner or any other option would be very appropriate. Something along the lines of:
security.policy.honorWindows false |
|
OZOPremium
join:2003-01-17
kudos:2 | What I'm trying to say is turning ON / OFF switch is just a tip of the iceberg for security zone configuration. It's considerably deeper than that. In this development if you said 'A', then you should say 'B' as well (if you know what I mean).
E.g. how FF suppose to put variety of web sites into different security zones (as a part of zones security management) or how they even define them (zones) with security settings. Where is the dialog box that will be offered to FF users to change all (and there are plenty) security settings for different zones. Saying - open IE (or use Control Panel to run "Internet Properties" dialog box, which is the same) and adjust those settings, I hope, is not an option here... And I agree with you that a separate FF interface may be more confusing than helpful in some cases..
That why I've said earlier - is it the right direction to move for FF? And I'm not positive that it is...
And finally, FF is integrating into the existing system rather than just recreating a different version of it is not what I want to happen. We already have one web browser that some claim is an integrated part of the OS. I do now want to have yet another one with the same claim. Web browser should not be an integrated part of any OS. That's my strong opinion.
--
Keep it simple, it'll become complex by itself... |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | reply to BandHeight
I finally got it to work partially. (Not the AV scanning because Avira doesn't do that but I now see the ADS on the file).
I'm embarrassed to say that the problem was that I hardly ever open IE8 because it is soooo crippled (back button doesn't work, can't select part of auto quote here to delete, can't, can't, can't, ...about all IE8 can do unless you emulate IE7, which I don't want to do, is display a page and you can read the page but not do anything and not want to use the back button either). So, because I hardly ever open it, I was under the impression that I had changed the IE setting back to prompt. But evidently I had not as when I finally opened IE8 a few minutes ago, it wouldn't load my tabs and said I had unsafe settings and it was that one setting I had changed from prompt to disabled when I first read this thread. So, after putting it back to prompt, I tried Fx3 and downloaded an eicar zip file (with Avira Guard disabled so I could download it) and then I looked at the properties of the file and it shows an ADS tag. I ran the file so something is still not working right as I should have been stopped or warned at least right?
(Fx3 is acting nutty again and it continually loads this site and others but this site is the worst. I switched to my host computer with Fx 1.5 and this site loads just fine. IE8 is continually loading this site also on my guest machine).
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason |
|
|
|
| reply to OZO
said by OZO:What I'm trying to say is turning ON / OFF switch is just a tip of the iceberg for security zone configuration. It's considerably deeper than that. In this development if you said 'A', then you should say 'B' as well (if you know what I mean). Yes. It goes much deeper than that. My proposal concentrated on the ability to cleanly and clearly provide a means to turn off the functionality. Changing the value to "true", however, does get us back to the question of, "What interface do we use to change the settings?". For better or for worse, for now it is only available through the Windows interface.
said by OZO:And finally, FF is integrating into the existing system rather than just recreating a different version of it is not what I want to happen. We already have one web browser that some claim is an integrated part of the OS. I do now want to have yet another one with the same claim. Web browser should not be an integrated part of any OS. That's my strong opinion. Nothing wrong with a strong opinion.
"Integration" brings some strongly negative connotations in the context of Internet Explorer. Integration that forces users into something they may not wish or that stifles fair trade and competition is the kind we don't want to see. On the other hand, integration can be good, integration has many different tiers from loose-integration to breaks-if-you-remove-it-integration, and all software that is installed on any platform has to "fit in", so to speak, on some level to even run.
A very simple and benign bit of integration, I think you will agree, is that FF 3.0 looks different in Windows versus its appearance in Linux, even going as far as foregoing the new style back-forward buttons in Linux so that it fits in better with the Linux environment (that, of course is the Mozilla teams opinion).
Let's just say that integration is an integral (pun intended) part of computing. The good news in the case under discussion here is that the integration does not approach the level of integration (the really bad kind) usually implied when discussing IE and Windows. |
|
| reply to Mele20
said by Mele20:I finally got it to work partially. (Not the AV scanning because Avira doesn't do that but I now see the ADS on the file). Cool.
said by Mele20:... and said I had unsafe settings and it was that one setting I had changed from prompt to disabled when I first read this thread. So, after putting it back to prompt ... Hmm. Changing "Launching applications and unsafe files" to "Disabled" isn't unsafe (it's actually the "safest" setting) and shouldn't be issuing a warning in your GUI (e.g., "Your security settings put your computer at risk" should not show up). Setting "Launching applications and unsafe files" to "Enabled (not secure)", as the name may suggest, does cause the settings to be flagged as unsafe.
Anyway, yes, setting "Launching applications and unsafe files" to "Prompt (recommended)" is what you need for the test you are conducting.
said by Mele20:... then I looked at the properties of the file and it shows an ADS tag. I ran the file so something is still not working right as I should have been stopped or warned at least right? You should be getting the prompt after executing the file. Keep digging around. Something's still a little funky.
 |
|
SUMwarePremium
join:2002-05-21
kudos:2 | reply to BandHeight
said by BandHeight:FF 3.0 looks different in Windows versus its appearance in Linux, even going as far as foregoing the new style back-forward buttons in Linux so that it fits in better with the Linux environment (that, of course is the Mozilla teams opinion). Mine, too. FF3 flows into Linux nicely on my shiny new openSUSE 11.0 IMO...
... and I'm so glad that, as a Linux user, I don't need to deal with any of the convoluted issues raised in this thread.
[but i don't think that the 'awesome bar' is] |
|
1 edit | said by SUMware:... and I'm so glad that, as a Linux user, I don't need to deal with any of the convoluted issues raised in this thread. Excatly.
said by SUMware:[but i don't think that the 'awesome bar' is] I don't know anybody who does (I guess maybe the mozilla team members that coded it). I'm as switched back to the old-style as can be accomplished with extensions and About:Config settings.
Edit:
I assumed you read all my posts, which is the wrong assumption, so I'll clarify here that my primary OS is Linux as well (Arch + Gnome or Openbox, though; haven't used SuSE since version 8.something and never installed OpenSuSE, so I don't know what FF 3.0 looks like in KDE if that is what you are using). |
|
SUMwarePremium
join:2002-05-21
kudos:2
1 edit | said by BandHeight:said by SUMware:[but i don't think that the 'awesome bar' is] I don't know anybody who does (I guess maybe the mozilla team members that coded it). I'm as switched back to the old-style as can be accomplished with extensions and About:Config settings. Exactly. |
|
 sivranBack to Opera againPremium
join:2003-09-15
Arlington, TX
kudos:1
 ·RoadRunner Cable
| said by SUMware:said by BandHeight:said by SUMware:[but i don't think that the 'awesome bar' is] I don't know anybody who does (I guess maybe the mozilla team members that coded it). I'm as switched back to the old-style as can be accomplished with extensions and About:Config settings. Exactly. Pssst. What is the awesome bar? I must not have noticed it when I tried FF3.
--
Think outside the fox...Seamonkey |
|
| said by sivran:Pssst. What is the awesome bar? I must not have noticed it when I tried FF3. I'll bump the font so others can hear as well.
It's the term being applied to the location bar (I think it was referred to, perhaps unofficially, as the "almighty bar" during the beta phase ... now its just "awesome").
There have been many complaints about the location bar in FF 3.0, some involving its appearance (without mods, it takes up a lot of real estate), some involving the search algorithm (it picks up a lot more results that some people don't want included), some involving the fact that it lists all URLs and not just the ones you manually type in, etc.
See here for some ways to get it back to the old-style as much as possible (the search algorithm is not modifiable, however):
»How to get yellow address bar with SSL in firefox 3 |
|
sivranBack to Opera againPremium
join:2003-09-15
Arlington, TX
kudos:1 Reviews:
·RoadRunner Cable
| Oh, right. That thing. For some reason, I was thinking it was an actual toolbar or something. Opera 9.5 does the same thing. I find it useful on rare occasions but annoying most of the time. I'd want a way to quickly (read: not involving about:config) turn it on and off. Maybe even have it only behave that way if I typed words, rather than an address.
Thankfully my primary browser, SeaMonkey, doesn't bug me with such things. 
--
Think outside the fox...Seamonkey |
|
OZOPremium
join:2003-01-17
kudos:2 | said by sivran:Thankfully my primary browser, SeaMonkey, doesn't bug me with such things. I see your point.
I do not support the use of ADS at all. I think with introducing those ADS'a in SP2 m$ has actually opened Pandora's box. ADS's may be very easily misused. I hope we realize that, for example, under the Notepad.exe name a smart guy may hide folders and folders of any files (creating actually a whole new FS). And with current state of public knowledge and tools to find and work with ADS's - it's obvious to me that it's a dangerous thing that just wait to show its ugly head...
I try to keep amount of ADS's on my NTFS at minimum level. I do not allow IE to create ADS's on my downloaded files. I know, that I've downloaded them. And I do not need any reminder about that. There are probably a few files that currently have ADS's on my HD. And I watch it carefully.
That's why I think this tendency of Mozilla to embrace this move towards spreading ADS's in not the right thing for computer security. But, of cause, they may don't care...
--
Keep it simple, it'll become complex by itself... |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | reply to BandHeight
said by BandHeight: Keep digging around. Something's still a little funky. Avira is now invoked on Vista by Fx3 Download Manager. I watched it scanning (at least Download Manager showed my AV scanning so I assume it was scanning) during a download of a Microsoft Patch a little while ago. The patch is for IE8 which I also have on a machine with XP so I just now downloaded the patch on that machine. Avira was not invoked during the download by Fx3 Download Manager. I have the same settings for Firefox and IE on both versions of Windows.
There is a thread in the Avira forum where an Avira tech posted yesterday and said that the Fx3 problem was fixed (and was online) in regards to the Download Manager. He didn't elaborate so I still am puzzled as to why the scan is invoked on Vista but not XP.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason |
|
| said by Mele20:There is a thread in the Avira forum where an Avira tech posted yesterday and said that the Fx3 problem was fixed (and was online) in regards to the Download Manager. He didn't elaborate so I still am puzzled as to why the scan is invoked on Vista but not XP. Thank you for the info. I'll check up on it. |
|
