Closed Bug 445158 Opened 16 years ago Closed 16 years ago

Consider providing a pref that allows users to avoid check for "Launching Applications and Unsafe Files" Internet option

Categories

(Toolkit :: Downloads API, defect, P2)

Product:
Toolkit
Component:
Downloads API
Platform:
x86
Windows Vista
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.9.1b2

People

(Reporter: jimm, Assigned: jimm)

References

(Blocks 1 open bug)

Details

(Keywords: fixed1.9.0.6)

Attachments

(2 files, 4 obsolete files)

skipWinSecurityPolicyChecks patch v.3 [Checkin: Comment 42]
13.63 KB, patch
Details | Diff | Splinter Review
skipWinSecurityPolicyChecks patch for 1.9.0.4
14.37 KB, patch
mconnor
: approval1.9.0.5-
dveditz
: approval1.9.0.6+
Details | Diff | Splinter Review 
For further discussion. See bug 425946 for initial information. This internet option has caused some problems for users who have, one way or another, set the "Launching Applications and Unsafe Files" Internet Options pref to disable. This setting prevents users of Fx3 from downloading files. The error message displayed in the download window is "This download has been blocked by your Security Zone Policy". 

Some users would like to see a pref integrated into Firefox that allows them to disable this system wide security pref. Currently we are leaning against this, as this pref affects other applications (IE7 and reportedly Safari) and is managed through the control panel / remote admin.

http://kb.mozillazine.org/Unable_to_save_or_download_files

http://support.apple.com/kb/HT2092

http://blogs.technet.com/askperf/archive/2007/11/27/managing-the-launching-applications-and-unsafe-files-setting.aspx
note: highly likely a dupe of bug 445120
Note - I'm OK with having this bug used for discussion still (which is why I didn't outright mark it as a duplicate)
You asked for some discussion from users. Well, here's some -- sorry if it isn't polished, but I'm pretty peeved having to spend two hours digging into this, just to get a sympathetic ear. You guys don't make getting feedback to you easy... Had to create an account, wait for the activation, and jump through a bunch of hoops... and your average user isn't going to go through all this -- they're either going to not upgrade, switch to a different product, or grudgingly and silently accept the problem because there's no workaround. I have several feedback items for you all --

1. I see a lot of people using the justification for not fixing this as "But we haven't gotten many comments." The fact that you're getting any at all is due to extreme persistence on the part of some people, NOT that there aren't a lot of people that are **** about having their web browser crippled by somebody's political desires. And rather than looking at the amount of feedback, don't you find it at all striking that all of it has been negative except from people inside your group? 

2. The one thing Firefox has going for it right now is that it isn't Microsoft and doesn't subscribe to the paradigm that everything needs a "Are you sure?" dialog box, and tries to protect the user from his/herself. Forcing this "feature" on others is both exceptionally shortsighted and is alienating a crowd that has gotten used to having a product that does what *they* want it to do, not what others want it to do.

3. Bluntly stated, what the hell were you people thinking? You're doing this to "Appease corporate IT"? Let me explain something about corporate IT, as someone who's both working in it, and in a very large corporation that currently is trying to block Firefox:

They don't care about this feature. It won't change their decision. They care about logging, proxying, auditing, and locking down the workstations into the least useful configuration they can get away with. They ban Firefox because of what they read in trade magazines with three-lettered acronyms in the title, and those magazines tell them Firefox is bad because it's open source, not because it doesn't have Feature Xyzzy. It isn't produced by a corporation with billions in net assets and offers support contracts. For the upper level executives making these decisions, your efforts are wasted. Instead, you're pandering to Mordac, Preventer of Information Services. That, people, is not the person you want providing design oversight for your project.

So this is a big slap in the face to wake you all up and remind you that the end user wants functionality, flexibility, reliability, and speed. Firefox offers all of those things, and THAT is why it has become popular. Stick to that, not some misguided security idea that you're protecting the users from themselves or pandering to IT. Nobody who's using your product wants "protecting". If they're using Firefox, they have at least half a clue, enough to run an installer and then call their geek friend to get that nifty ad blocking software... Beyond that, they don't care as long as it works.

Keep it working.

Please.

b iver,

>1. I see a lot of people using the justification for not fixing this as "But we
>haven't gotten many comments."

Note we are not justifying "not fixing" this because a lack of feedback, what we are doing is waiting for more feedback until we make a decision.

>2. The one thing Firefox has going for it right now is that it isn't Microsoft
>and doesn't subscribe to the paradigm that everything needs a "Are you sure?"

There's a balance to be struck here. There are a number of Fx users who are power users, our goal is to keep the browser in a state that they can appreciate. However, as Fx continues to develop market share, it's user base is adding numerous average users who may not approach web surfing from such an angle. We have a responsibility to keep those users safe as well. 

I understand your concern and believe me the goal here is make everyone happy. Sometimes that is a very hard goal to accomplish.

>2. The one thing Firefox has going for it right now is that it isn't Microsoft
>and doesn't subscribe to the paradigm that everything needs a "Are you sure?"

The meta data on downloaded content does enable an "are you sure" type of prompting on certain executable files. However, this is an os level security feature, not a browser specific one. Consider the following scenario - an ie user switches to Fx. This user has been told Fx is more secure. However when downloading an exe to the desktop and executing it, the user notices the "browser" does not prompt him or her with a warning about the content potentially being unsafe. In this case would the user consider Fx more or less safe than IE? This is one of the questions we are trying to answer.

>3. Bluntly stated, what the hell were you people thinking? You're doing this to
>"Appease corporate IT"?

From an adoption stand point, we think we would like to be more compatible with corporate networks, assuming that doesn't adversely affect existing users experience. Increased adoption fits with the overall goals of the project - eliminating closed source software's dominance from the market. There is also some evidence that (some) IT departments would like to adopt Fx assuming they can control the content their users download and execute. I think the primary concern there is security of the network. While I'm sure there are IT departments out there that are anti-open source, I think it's a stretch to assume all are based on a small sampling.

Again, I would like to point out - this functionality is a step in a direction, but it is not the final step. We are trying to evaluate the functionality in an effort to decide where we go from here. More feedback from users like yourself is much appreciated. Please keep it coming.
One other note I forgot to mention - 

>2. The one thing Firefox has going for it right now is that it isn't Microsoft
>and doesn't subscribe to the paradigm that everything needs a "Are you sure?"

There is a pref for power users that disables this:

browser.download.manager.scanWhenDone

set to false will disable both virus scanning and the creation of meta data which causes the "Are you sure?" prompt. The security policy restriction remain in place however. The discussion of that was originally in bug 425946 but was spun off here. We have a patch that accomplishes this but we haven't decided whether or not to apply it.
> However, as Fx continues to develop market share, it's user base is
adding numerous average users who may not approach web surfing from such an
angle. We have a responsibility to keep those users safe as well. 

I would disagree, emphatically. There are tens of thousands of security websites that give instructions for even the most novice user on how to avoid falling victim to malware attacks, viruses, etc. Anyone who has even a slight interest in protecting their privacy and security online can do so very, very easily. Firefox is a tool. How a user chooses to use or misuse that tool is entirely their decision. It's the same argument for gun control, or privacy, or "national security", or a hundred other political cases. It's nobody's responsibility to educate and/or save these users.

> I understand your concern and believe me the goal here is make everyone happy.
Sometimes that is a very hard goal to accomplish.

That is actually an impossible goal. :( Most of our elected officials would very much like it if the internet was made entirely out of pink ribbons and sunshine, and fluffy bunnies frolicked on websites and nobody ever had to worry about anything bad happening. Corporate interests want 20 foot tall billboards over my keyboard, flashing and pulsing the latest slogans. And let's not even ask what Joe Average wants online. Web browsers shouldn't exist to answer to those interests -- only to give everyone the best possible access to what they want, how they want, in as broad a fashion as possible.

> The meta data on downloaded content does enable an "are you sure" type of
prompting on certain executable files. However, this is an os level security
feature, not a browser specific one. 

Well, that's about as valid a statement as "Internet Explorer is a required part of the Operating System and can't function without it." No. It was made into an OS-level security feature for Internet Explorer. What Fx is doing now is going along with that misrepresentation.

> Consider the following scenario - an ie user switches to Fx. This user has been told Fx is more secure. However when downloading an exe to the desktop and executing it, the user notices the "browser" does not prompt him or her with a warning about the content potentially being unsafe. In this case would the user consider Fx more or less safe than IE? This is one of the questions we are trying to answer.

Well, the user thinking that the presence or absence of a dialog box equating to a heightened or lessened level of security would seem to be the bigger problem. Fx shouldn't be emulating IE just because that's what users expect. If you're going to emulate another product, do it because it accomplishes a design goal, not because it satisfies a user expectation.

I understand why people are advocating this approach, but fundamentally it's taking responsibility away from the user.
--

On a different note, working in a locked down corporate environment where IT has become an administration instead of a service, I use Fx to get around these kinds of incredibly dense policies. I do software deployment to approx. 70k workstations, as well as develop software apps for internal use. As a result, I frequently need to download and exchange executables. The corporate powers that be in this scenario have made it so that I cannot copy executables to network shares, download executables, or drag and drop them to other windows in Explorer. In order to get my job done, I have to find workarounds and ways to disable this. As well, I need to do research online on a daily basis. There is a corporate proxy that IE is hard-coded to use... Whether it's for internal traffic or not. It has several scanners, runs on outdated hardware, and frequently crashes, or at the very least runs very slowly. Fx' lack of a subscription to these brain damaged corporate policies is the only thing that has allowed me to remain even marginally effective in my job.

Just something to think about. My needs as a user are vastly different than your needs, and as different from my mom's needs, or my kid sister's, or anybody else's. The tool should adapt to my needs, not to the majority expectation or a political requirement. If it doesn't do that, then I will discard this tool and find one that DOES meet my needs.


As a security minded user and a software developer, I find the integration of Firefox with these settings, that have long been used to secure/cripple Internet Explorer, a step in the wrong direction.  You all are playing right into Microsoft's dirty schemes by honoring any of their Internet Explorer settings.  The very first thing that I use Internet Explorer for on any new windows installation is to download Firefox.  The very next step that I take, before even installing Firefox, is to cripple the hell out of Internet Explorer (Internet and Intranet settings).  I then setup exceptions under Trusted Sites for windowsupdate.  I even have the Trusted Site settings partially locked down.  I then make sure that the Restricted Sites settings are locked down more than they are by default.  Only after I'm comfortable with these settings, do I then proceed to install Firefox.  I perform these steps on any and all windows machines that I build whether they be for me, friends, relatives or collegues.

In all of these years since the release of Firefox 1.0, I have never opened these settings for any reason.  Firefox 3 will be no exception to this rule.

Google shows that more and more users are becoming frustrated with this issue.

I have downloaded the source tarball for Firefox 3 and am in the process of locating this new "feature" and removing it.  If you all will not address this issue, then I will modify the source and post instructions for others to do the same.  I will ofcourse need to find out how to resubmit these changes back to you original authors per Firefox's licensing terms (gpl, lgpl, etc).

Here's an idea: Why not make a separate corporate version to cater to company network/system administrators, and leave the normal version unbundled from Internet Explorer.  Otherwise, you'll continue to hear complaints about Firefox 3 being bundled/tied to Internet Explorer.  This should not be a reputation that you want to aspire to.


Tyree, considering we're the only two people out of some tens of thousands that had the tenacity to track this web page down, find the people responsible and e-mail them... and that the developers then take that as a sign that they're doing it right... It's apparent they're suffering from Engineer's Syndrome. Google it. Laugh, then cry.

Firefox will probably fragment in the same way the *BSDs did, just give it a couple years. In the meantime, post your code, and you might just find someone to host a regular update site to track with the releases here, and we can just point the auto-update URLs to that. Technical problems are easily solved... But once you get a political one, it's best to just set fire to everything and move on... There's no real way to save it except by getting rid of the people involved. Especially when it comes to programmers, who aren't used to thinking of things organically.

Who knows? Maybe there'll be a sudden outburst of common sense, but I wouldn't wait for it.
Attached patch check policy quick fix (obsolete) — Splinter Review 
Assignee: nobody → jmathies
Status: NEW → ASSIGNED
Product: Firefox → Toolkit

    
    

    
  
This bug report states that some users have "set the 'Launching Applications and Unsafe Files' Internet Options pref to disable" 

Personally i dont have the "Launching Applications and Unsafe Files" option in ANY of the Internet Security Settings anywhere. Not under internet, local intranet, trusted sites nor restricted sites.  

My machine is a domain member and I dont know if that has any bearing, but regardless, i am utterly unable to use the latest version of firefox for anything meaningful.

This was a clean install as of today.  I installed windowsxp pro sp2, got all current updates (excluding sp3), installed video drivers, then joined it to my domain.  Then installed firefox 3.0.1

Sorry to say, but this was a bad move guys.   I dont know of ANYONE who prefers to rely on windows built in Internet Settings to control their browser sessions.
Most people use firefox to avoid them.  



    
    

    
  
also side note:

i see you posted a "check policy quick fix" but am unsure if this is some kind of patch or what.  If it is how do i apply it?

thanks

    
    

    
  
side side note:

If someone tells me i need to install IE7 to get the "launching applications and unsafe files" option, i am switching to Opera.

If that is really the case.. that means firefox would now require IE7 to function properly.  How does that make sense?


    
    

    
  
You would have to build Fx manually and apply the quick fix. Until we get a patch checked in and released that gives people a way to get around this that's about the only option. 

Since your part of a domain, it's possible your admin has enabled the option. I assume you have IE6 installed, if you upgrade your system to 7, the internet options exposes this pref. 

    
    

    
  
I am the domain admin. This is a small home-run domain.  Ive done nothing on the domain level to enable or disable such options. Not with Group Policy or anywhere else.

I'm no programmer so building manually really isn't an avenue I want to explore. 


Again, asking me to upgrade to ie7 is ridiculous--Firefox is supposed to be an alternative to IE.  The whole idea of using firefox, for me, is to avoid using or installing unwanted and unneeded (not to mention bloated) Microsoft applications.  

Thanks for a speedy response, but I'm still waiting on an official patch/fix.




    
    

    
  
>I am the domain admin. This is a small home-run domain.  Ive done nothing on
>the domain level to enable or disable such options. Not with Group Policy or
>anywhere else.

Hmm, well maybe this is being caused by something else. Just to confirm, is the message you see in the download manager "This download has been blocked by your
Security Zone Policy"?

There is a registry entry tied to the specific security zone policy pref, described here - 

http://kb.mozillazine.org/Unable_to_save_or_download_files

If you're familiar with regedit, you might use that to take a look and see if it is set. If it is not, we might be looking at the wrong thing.



    
    

    
  
"This download has been blocked by your Security Zone Policy"  is the exact error im getting.. and its not just from sourceforge like another bug thread ive seen. Been happening with .zip and .exe files from any site. 

I checked the registry settings for the following keys:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1806
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1806

Both keys are set to 1 (prompt) as outlined on the url you pasted.

Since this was a clean install anyway, there is nothing to lose.  I am going to reformat again and see how things go prior to joining the domain.

Thanks again.. and ill be glad to fill in any blanks, so let me know. 

    
    

    
  
> As a security minded user and a software developer, I find the integration of
> Firefox with these settings, that have long been used to secure/cripple
> Internet Explorer, a step in the wrong direction.  You all are playing right
> into Microsoft's dirty schemes by honoring any of their Internet Explorer
> settings.  The very first thing that I use Internet Explorer for on any new
> windows installation is to download Firefox.  The very next step that I take,
> before even installing Firefox, is to cripple the hell out of Internet Explorer
> (Internet and Intranet settings).  I then setup exceptions under Trusted Sites
> for windowsupdate.  I even have the Trusted Site settings partially locked
> down.  I then make sure that the Restricted Sites settings are locked down more
> than they are by default.  Only after I'm comfortable with these settings, do I
> then proceed to install Firefox.  I perform these steps on any and all windows
> machines that I build whether they be for me, friends, relatives or collegues.
> 
> In all of these years since the release of Firefox 1.0, I have never opened
> these settings for any reason.  Firefox 3 will be no exception to this rule.
> ...

I agree to all you have written and would like to underline your point of view with another opinion of someone who does the same with any new Windows installation than you do :-)

To me Firefox has always been THE alternative to IE because it does not use ActiveX and those pesky IE security zones. Years ago i invested many annyoing months into adding site after site into the "Trusted sites" dialog until i lost the overview about that list and finally lessend the security setting for the "Internet" zone. But that was not really a choice for me so i looked into an alternative to IE and found Firefox. Everthing was good again until i installed Firefox 3! Suddenly i found myself back into the bad old times.

Many people i talked with about that new feature of Firefox agree with me that this tie with IE (or Windows, i really do not care about these subtle differences) is a step into the wrong direction and will push many users of Firefox to other Browser very soon.

So PLEASE get rid with this SOON!

Thanks and keep up the good work.
Axel


    
    

    
  
For the record,  the issue i raised earlier with my clean install has been narrowed down to bad system memory leading to instability.  I replaced the problematic memory and reformatted.  The issue i expressed earlier has been resolved.  

It should be noted however, that as others have said, forcing firefox to rely on windows/IE security settings was a bad move.  Others here have argued the specifics, and I agree with them.  Please at least give us the option, rather than making the decision for us in future releases.

thanks

    
    

    
  
Comment on attachment 331790 [details] [diff] [review]
check policy quick fix

This patch would be a quick fix for 3.0 if it makes it through reviews. A more complete patch will be worked up for a 3.1+ release in the future.

        Attachment #331790 -
        Flags: review?(sdwilsh)

    
  
Priority: -- → P2

    
    

    
  
Comment on attachment 331790 [details] [diff] [review]
check policy quick fix

r=sdwilsh for 1.9.x branch ONLY

        Attachment #331790 -
        Flags: review?(sdwilsh) → review+

    
    

    
  


  
Rev one, I'll be doing some testing before requesting reviews. This patch is specific for a 3.X release at this point, although we might consider dumping the check policy patch and using this for all past/future releases.

    
    

    
  
I hope something will be done about this fast. I've spent a whole weekend trawling through Windows and IE7 trying various 'tricks' to restore downloading ability. Finally I had (circuitously) revert to FF2. No solution to this problem as found in the user forum has been entirely clear. Meanwhile, my natural reaction to an upgrade is not to say "oh, FF doesn't work properly anymore - I must go and change the 'launching applications and unsafe files' security option in Windows and IE".

Please rectify this and then I'll feel safe with FF3 and any upgrades in the future. Shame to have what is no doubt an excellent product spoiled by such a fundamental absurdity as not being able to download. This is what browsers are supposed to do!

    
    

    
  
There's been some time, and I still don't see any option included in official release. Is that really a political problem?
Recompiling my browser for one option is not very appealing to me, neither will I unchain my IE for obvious reasons - so please give me a choice.
You say that you expect feedback, but you ignore it.

BTW: what's the point in blocking .exe files? Can't I just download .zip, extract it and spoil my precious computer? And another thing - how could you leave Linux and Mac users so alone without tender care of uncle Microsoft? Stop implementing ridiculous functions - we already have IE.

    
    

    
  
no actually, we'll be working the second patch through reviews here shortly.

    
    

    
  
Comment on attachment 335968 [details] [diff] [review]
skipWinSecurityPolicyChecks patch v.1

Hey Rob, would you mind looking this over?

        Attachment #335968 -
        Flags: review?(tellrob)

    
    

    
  
Comment on attachment 335968 [details] [diff] [review]
skipWinSecurityPolicyChecks patch v.1

I don't like having the pref name #defined in two different places. Could they be moved to nsDownloadScanner.h?

>+  if (!skipPolicyCheck && mAESExists)
>+    mUseAttachmentExecute = PR_TRUE;
>+  else
>+    mUseAttachmentExecute = PR_FALSE;
>+  

How does
mUseAttachmentExecute = !skipPolicyCheck && mAESExists;
look?

>-class nsDownloadScanner
>+class nsDownloadScanner : public nsIObserver
> {
>+public:
>+  NS_DECL_ISUPPORTS
>+  NS_DECL_NSIOBSERVER
>+
> public:
>   nsDownloadScanner();
>   ~nsDownloadScanner();
>+
>+public:  
>   nsresult Init();
>   nsresult ScanDownload(nsDownload *download);
>   AVCheckPolicyState CheckPolicy(nsIURI *aSource, nsIURI *aTarget);

Why the extra public: ?

> 
> private:
>-  PRBool mHaveAVScanner;
>-  PRBool mHaveAttachmentExecute;
>+  PRInt32 mOAVExists;

This should be PRBool.

Other than that it looks fine. It's annoying that we have to observe the quit-application event to remove ourselves, but I suppose there's no good way around that. Shawn should probably look this over for anything I missed.

        Attachment #335968 -
        Flags: review?(tellrob)

        Attachment #335968 -
        Flags: review?(sdwilsh)

        Attachment #335968 -
        Flags: review+

    
    

    
  
>I don't like having the pref name #defined in two different places. Could they
>be moved to nsDownloadScanner.h?

Actually it wasn't needed in the manager. I'll update these and repost here in a bit.

    
  
Blocks: 426544

    
    

    
  


  
updated per Rob's comments.

        Attachment #335968 -
        Attachment is obsolete: true

        Attachment #339053 -
        Flags: superreview?(sdwilsh)

        Attachment #335968 -
        Flags: review?(sdwilsh)
Summary: Consider providing a pref that allows users to set "Launching Applications and Unsafe Files" Internet option → Consider providing a pref that allows users to avoid check for "Launching Applications and Unsafe Files" Internet option

    
    

    
  
This seems like a darn good idea.  I hope it gets implemented soon.  'Honouring' Windows security policies is like censoring yourself in China.  Except a lot less risky.

    
    

    
  
For many years we recommend our clients to use Firefox and not to use IE. This was very successful in the past as no Firefox PC got infected but many IE systems.
On all client systems we set the security level for internet zone to High and installed Firefox.
This is useless now because we have to lower the security settings for IE and therefore the whole system security instead of Firefox only.
In my opinion Firefox should be independent from IE to keep beeing THE safe browser.

Please add a feature to disable IE Settings in Firefox.

Many thanks! keep up your great work!

    
    

    
  
Comment on attachment 339053 [details] [diff] [review]
skipWinSecurityPolicyChecks patch v.2

>diff --git a/toolkit/components/downloads/src/nsDownloadManager.cpp b/toolkit/components/downloads/src/nsDownloadManager.cpp
> nsDownloadManager::~nsDownloadManager()
> {
> #if defined(XP_WIN) && !defined(__MINGW32__)
>-  delete mScanner;
>+  if (mScanner)
>+    NS_RELEASE(mScanner);
>+  mScanner = nsnull;
We should just use an nsCOMPtr now for this as a class private member.  We won't even have to free it in our destructor.

> #if defined(XP_WIN) && !defined(__MINGW32__) && !defined(WINCE)
>   mScanner = new nsDownloadScanner();
>   if (!mScanner)
>     return NS_ERROR_OUT_OF_MEMORY;
>+  NS_ADDREF(mScanner);
Also means we don't have to manually addref

>   rv = mScanner->Init();
>   if (NS_FAILED(rv)) {
>-    delete mScanner;
>+    NS_RELEASE(mScanner);
>     mScanner = nsnull;
and just set to nsnull here

>diff --git a/toolkit/components/downloads/src/nsDownloadScanner.cpp b/toolkit/components/downloads/src/nsDownloadScanner.cpp
>+NS_IMPL_ISUPPORTS1(nsDownloadScanner, nsIObserver)
nit:
NS_IMPL_ISUPPORTS1(
  nsDownloadScanner
, nsIObserver
)

> nsDownloadScanner::nsDownloadScanner()
>-  : mHaveAVScanner(PR_FALSE), mHaveAttachmentExecute(PR_FALSE)
>+  : mOAVExists(PR_FALSE), mAESExists(PR_FALSE), mUseAttachmentExecute(PR_FALSE)
nit:
nsDownloadScanner::nsDownloadScanner() :
  mOAVExists(PR_FALSE)
, mAESExists(PR_FALSE)
, mUseAttachmentExecute(PR_FALSE)


>+  if (prefBranch)
>+    prefBranch->AddObserver(PREF_BDM_SKIPWINPOLICYCHECKS, this, PR_FALSE);
nit: (void)

>+  if (observerService)
>+    observerService->AddObserver(this, "quit-application", PR_FALSE);
nit: (void)

>-PRInt32
>-nsDownloadScanner::ListCLSID()
>+PRBool
>+nsDownloadScanner::EnumOAVProviders()
Can we use the full word 'Enumerate' please?  Only because enum is a c++ type...

>+NS_IMETHODIMP
>+nsDownloadScanner::Observe(nsISupports *aSubject, const char *aTopic, const PRUnichar *someData)
>+  if (aTopic && !strcmp(aTopic, "quit-application")) {
check on #developers if that's the right way to do that.  I think there's an EqualsLiteral method

>+    if (prefBranch)
>+      prefBranch->RemoveObserver(PREF_BDM_SKIPWINPOLICYCHECKS, this);
nit: (void)

>+    nsresult rv;
>+    nsCOMPtr<nsIObserverService> observerService =
>+      do_GetService(NS_OBSERVERSERVICE_CONTRACTID, &rv);
rv not used - drop it

>+    if (observerService)
>+      observerService->RemoveObserver(this, "quit-application");
nit: (void)

>+  if (prefBranch)
>+    prefBranch->GetBoolPref(PREF_BDM_SKIPWINPOLICYCHECKS, &skipPolicyCheck);
nit: (void)

>+  return S_OK;
I think you want NS_OK here

>diff --git a/toolkit/components/downloads/src/nsDownloadScanner.h b/toolkit/components/downloads/src/nsDownloadScanner.h
>+class nsDownloadScanner : public nsIObserver
> {
>+public:
>+  NS_DECL_ISUPPORTS
>+  NS_DECL_NSIOBSERVER
>+
> public:
don't need public twice

>+  nsCOMPtr<nsIObserverService> mObserverService;
We don't use this (nor should we really hold onto a reference of the observer service)

r=sdwilsh with all that fixed

        Attachment #339053 -
        Flags: superreview?(sdwilsh) → review+

    
    

    
  


  
Addressed all comments except the nsCOMPtr one since the scanner doesn't support an interface yet.

        Attachment #331790 -
        Attachment is obsolete: true

        Attachment #339053 -
        Attachment is obsolete: true

    
    

    
  
(In reply to comment #37)
> Addressed all comments except the nsCOMPtr one since the scanner doesn't
> support an interface yet.
>+NS_IMPL_ISUPPORTS1(nsDownloadScanner, nsIObserver)
it implements nsIObserver, doesn't it?

    
    

    
  
(In reply to comment #38)
> (In reply to comment #37)
> > Addressed all comments except the nsCOMPtr one since the scanner doesn't
> > support an interface yet.
> >+NS_IMPL_ISUPPORTS1(nsDownloadScanner, nsIObserver)
> it implements nsIObserver, doesn't it?

It does, but then wouldn't you have to declare it as such, like - 

nsCOMPtr<nsIObserver> mScanner;

That didn't seem right to me.

    
    

    
  
Then use nsRefPtr<nsDownloadScanner> please

    
    

    
  


  
Ok, updated.

        Attachment #342109 -
        Attachment is obsolete: true

    
  
Keywords: checkin-needed

    
  
Version: 1.9.0 Branch → Trunk

    
    

    
  
Comment on attachment 342135 [details] [diff] [review]
skipWinSecurityPolicyChecks patch v.3
[Checkin: Comment 42]

http://hg.mozilla.org/mozilla-central/rev/a3076d373c3c

        Attachment #342135 -
        Attachment description: skipWinSecurityPolicyChecks patch v.3 → skipWinSecurityPolicyChecks patch v.3
[Checkin: Comment 42]
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9.1b2

    
    

    
  
No cheers from the crowd now that this has landed for 3.1? :)

    
    

    
  
Don't take it personal, but i will cheer when i see it myself :-)

    
    

    
  


  
If we want to back port this for 3.0, here's a patch.

        Attachment #342929 -
        Flags: approval1.9.0.4?

    
    

    
  
I will cheer when disregarding the MSIE Internet Options is again the default behavior as it always was, when the Fx installer/updater prompts the user whether he wants these zone policies applied and doesn't just turn them on without asking, when the dialog "this download has been blocked by your security zone policy..." pops up without having to look for the download error in the download manager, when it only ever pops up when I'm actually trying to RUN the file and not merely download it, and when it contains a direct link to a UI-visible setting for changing the behavior or alter the policy. All of this is how this obviously should work!

Making settings that are not controllable via the UI is not helpful. Making settings that are intended for Joe AverageUser that are not controllable via the UI is highly counterproductive and misguided. And making settings that are not controllable at all inside your own application - i.e. the way this was originally implemented -, is just going to enrage your users and turn them away.

It's nice to see that there was some openness to people's complaints and that an option was eventually provided to disable this behavior again, but the fact remains that Joe Plumber, eh, AverageUser is not going to know about this setting at all, doesn't grasp how to make the change even if he finds a reference for the workaround, and will either throw Fx3 out the window or utterly despair trying to get downloads working again.

And please don't tell me that Joe wouldn't have set his IE security policy to disable this in the first place, because changes are high that HE himself didn't do it - and you've surely read all the complaints from IE6 users that couldn't even have done it.

As others have said, people use Firefox to have an alternative to IE, not to be assimilated into the Redmond fold. Just because Microsoft calls the IE preferences dialog "Internet Options" that does NOT make them the OS-wide preferences. And that other applications have adopted these into their own preferences does not make that the right approach either. When Firefox behaves in a way that is not controllable by its own preferences dialog, something is seriously wrong in the state of Denmark. Have you ever even thought of running this stuff by a user interface design specialist? He would have torn his hair out!

Jim's comment: 'However when downloading an exe to the desktop and executing it, the user notices the "browser" does not prompt him or her with a warning about the content potentially being unsafe.' misses the point,  because Firefox NEVER let you execute a binary directly, it only let you download it. It was always only IE that had the security hole of executing binaries from the browser directly. The problem here is that Fx3 doesn't even let you DOWNLOAD and virus-scan the file anymore, it just blocks the download entirely.

Oh yes, it's truly great for increased security when your download of a Windows Service Pack and other patches gets blocked without any explanation or workaround being offered by the browser, as just happened to me. And no, I did not set my IE security policy, the stupid Windows Server IE lockdown set it - Microsoft itself makes IE entirely unusable on its server machines, so I need Firefox to have any functional browser at all. Yes, I can use Torpark and Opera and Fx2, but that's beside the point - the issue is that I had to google for the solution at all, which I wouldn't have had to do if this had been implemented right in the first place.

I am not using Fx3 on my main computers yet, which is the reason I hadn't found out and complained about this earlier - there are way too many critical extensions that aren't yet available for Fx3. 

I identify 100% with this comment made here: http://forums.mozillazine.org/viewtopic.php?f=38&t=673575&st=0&sk=t&sd=a&start=15
"i've been using FF for years but this post will be the last thing i do with it until i can find a way around those internet options. i just want my browser to do what i tell it to do and don't want to be told by it what i can do and what i can't. i don't think thats asking too much."

Being told by the software on my computer that what I was trying to accomplish was not the right thing and that it knows better and that in reality I really wanted to do XYZ is the thing I hate most about any sort of software program, far beyond bugginess, slowness, unhelpful documentation, and ineffective design.

So there you have some more feedback. Sorry it's not very friendly, but I've been aggravated by years of fighting misguided security features in Firefox with hidden settings because "we don't want to clutter the preferences dialog" (and prefer rather to make the settings not findable at all).

Cheers!

    
    

    
  
Just a small reply to some of your comments:

> Making settings that are not controllable via the UI is not helpful

I agree.
> Making
> settings that are intended for Joe AverageUser that are not controllable via
> the UI is highly counterproductive and misguided. And making settings that are
> not controllable at all inside your own application - i.e. the way this was
> originally implemented -, is just going to enrage your users and turn them
> away.

These settings are not intended for the average user since the average user runs a client version of windows which has a reasonable default zone security policy for a client computer.

> As others have said, people use Firefox to have an alternative to IE, not to be
> When Firefox behaves
> in a way that is not controllable by its own preferences dialog, something is
> seriously wrong in the state of Denmark. Have you ever even thought of running
> this stuff by a user interface design specialist? He would have torn his hair
> out!

There are many settings not in the preferences dialog because they are intended for power users since they may carry consequences which are complicated to adequately explain to the user or may be intended for web developers and/or extensions.

> Jim's comment: 'However when downloading an exe to the desktop and executing
> it, the user notices the "browser" does not prompt him or her with a warning
> about the content potentially being unsafe.' misses the point,  because Firefox
> NEVER let you execute a binary directly, it only let you download it. It was
> always only IE that had the security hole of executing binaries from the
> browser directly. The problem here is that Fx3 doesn't even let you DOWNLOAD
> and virus-scan the file anymore, it just blocks the download entirely.

And once you've downloaded it, you can double click on it in the download manager (which helpfully flashes to notify you that the download is complete). It's not a one step process like IE, but the risk is still there.

> Oh yes, it's truly great for increased security when your download of a Windows
> Service Pack and other patches gets blocked without any explanation or
> workaround being offered by the browser, as just happened to me.

I'm curious why you don't use the builtin windows update program or use the Windows Update site with IE (since it doesn't work with anything else). I think that most users do not go looking for the download links. But again, the default policy for Microsoft's client operating systems is to allow downloads from the Internet Zone which brings me to my next point...

> And no, I did
> not set my IE security policy, the stupid Windows Server IE lockdown set it -
> Microsoft itself makes IE entirely unusable on its server machines, so I need
> Firefox to have any functional browser at all. Yes, I can use Torpark and Opera
> and Fx2, but that's beside the point - the issue is that I had to google for
> the solution at all, which I wouldn't have had to do if this had been
> implemented right in the first place.

Your fundamental problem is that you are trying to use a server operating system as a client operating system. It is an entirely reasonable default security policy to block the browser from downloading files since an administrator should not be using a web browser for casual use, or even for patching. If you look at most Linux/Unix server distributions, they don't even include X or lynx (anymore) since that is not what the operating system is intended for. Patches for those systems are distributed through the distro's package management software as are patches for all editions of Windows since Windows Update was introduced.

> 
> I identify 100% with this comment made here:
> http://forums.mozillazine.org/viewtopic.php?f=38&t=673575&st=0&sk=t&sd=a&start=15
> "i've been using FF for years but this post will be the last thing i do with it
> until i can find a way around those internet options. i just want my browser to
> do what i tell it to do and don't want to be told by it what i can do and what
> i can't. i don't think thats asking too much."

And for the small set of users who are running a Windows server OS like you, this patch will let you which I think is the right solution. But since the majority of Firefox users use XP Home/Pro or Vista, I hope you will understand why this preference has taken so long to be implemented and why there will likely not be a GUI option.


> Being told by the software on my computer that what I was trying to accomplish
> was not the right thing and that it knows better and that in reality I really
> wanted to do XYZ is the thing I hate most about any sort of software program,
> far beyond bugginess, slowness, unhelpful documentation, and ineffective
> design.

I know. I bet you hate the UAC prompt in Vista too. There has always been a tradeoff between security and convenience and no systems seems to have perfected it.

> So there you have some more feedback. Sorry it's not very friendly, but I've
> been aggravated by years of fighting misguided security features in Firefox
> with hidden settings because "we don't want to clutter the preferences dialog"
> (and prefer rather to make the settings not findable at all).

Seamonkey (formerly the Mozilla Suite) had a bunch of options in its preference dialog that definitely caused confusion to users. When you have a bunch of checkboxes, dropdowns, buttons, sub preference windows, and so on, it becomes much more difficult to find the preference you want and for the average user, there are not many that they use. I hope this makes sense, but I'm not a UI designer so I probably cannot articulate this bit as eloquently.

    
    

    
  
Oh yes, the setting to include the IE zone policies into Fx3 IS intended for the average user - but you're not telling them about it and not giving them an option to decide otherwise. It's a marked change of behavior that for the first time makes your browser dependent on another browser's settings, and would be comparable to moving your browser cache into "Temporary Internet Files". Sure, the override to turn this behavior off may not be intended for the average user, but you need to at least tell them about the option before forcing that change on them. That's really my main complaint here - being steamrolled.

I did not use Windows update because I wasn't trying to update just one computer, I was trying to download a service pack to apply to multiple computers. I was by no means using a server OS as a client OS, but I was using the server's only UI to download necessary updates. And no, for a basic test lab I am not going to start using centralized administrative consoles and managed setups and all that. And yes, sometimes I do need to use these boxes as client OS too, since they're part of our Support lab and are used to access other systems via browser or remote desktop. But it's really irrelevant how we use our boxes - I just gave you an example of a particularly ugly way that this new setting failed, since you guys said you hadn't gotten much feedback or complaints about it.

The UAC prompt in Vista? Hmm, don't make me laugh. That is the single most stupid implementation in computing history. It's not only incredibly annoying, it also simply does not work - after providing the admin password to override you're still being rejected and get the same prompt again - obviously that was the first thing I turned off on my Vista box, and it has remained off ever since.

I am well aware that most users get confused by a multitude of preferences, especially when they're badly organized and cluttered (UltraEdit anyone?). Overall it's great that Firefox keeps things simple there, a good example are the display font options since Fx2. But by organizing them into breakouts like the "Site Exceptions" dialogs you can make a lot of preferences available to more advanced users that do want to use them without overwhelming the majority of the users that don't care for this level of detail and won't click on those anyway. And when someone goes to a tab named "advanced", he expects to see advanced settings (such as pipelining), and not for-dummies stuff.

I'm specifically thinking of the local sites policy for opening file: URLs - I can see no good reason why this couldn't be integrated into the preferences via an exceptions dialog similar to the ones already there for cookies, images, or pop-up windows.

Incidentally, talking about less clutter and less confusion, those "site exceptions" dialogs could be a lot easier to use, e.g. they could pre-fill the text box with the current site, auto-search down to it if it already exists, offer wildcard exceptions so you don't have to exempt xxx AND www.xxx and x48.xxx and all that (that should make them lots faster to load too). And when the current URL is set to "Block" and I select to "Allow" it they could actually work, rather than forcing me to remove the Block, OK the dialog, open it again, and now allowing the site. But I know I'm ranting, that really doesn't belong here, sorry for getting on everyone's nerves - I just had to get it out of my system at some point.

    
    

    
  
(In reply to comment #48)
> Oh yes, the setting to include the IE zone policies into Fx3 IS intended for
> the average user - but you're not telling them about it and not giving them an
> option to decide otherwise.

It wasn't really our willing choice to include the IE zone policies. We wanted to use the newer anti virus scanning interface (IAttachmentExecute) which has the side effect of enforcing the zone policies (note that this interface is *not* tied to specific versions of IE but to XP SP2 and Vista). These zone policies are also embedded as an alternate stream attached to the file, so keep in mind you'll still get the same prompt for files you've already downloaded unless you change your zone setting.

> It's a marked change of behavior that for the first
> time makes your browser dependent on another browser's settings, and would be
> comparable to moving your browser cache into "Temporary Internet Files". Sure,
> the override to turn this behavior off may not be intended for the average
> user, but you need to at least tell them about the option before forcing that
> change on them. That's really my main complaint here - being steamrolled.

Part of the point of my last point was to let you know that most users (including me when I wrote the initial scanning feature) do not encounter any problems with the zones; the whole behavior passed unnoticed until the fx3 betas or so when they picked up many more users.

> I did not use Windows update because I wasn't trying to update just one
> computer, I was trying to download a service pack to apply to multiple
> computers. I was by no means using a server OS as a client OS, but I was using
> the server's only UI to download necessary updates. And no, for a basic test
> lab I am not going to start using centralized administrative consoles and
> managed setups and all that. And yes, sometimes I do need to use these boxes as
> client OS too, since they're part of our Support lab and are used to access
> other systems via browser or remote desktop. But it's really irrelevant how we
> use our boxes - I just gave you an example of a particularly ugly way that this
> new setting failed, since you guys said you hadn't gotten much feedback or
> complaints about it.

For patches since you're going to specific sites (presumably for security patches), can't you just add them to the trusted zone and it should work just fine? I can understand that it's convenient to use the server OS for browsing but you should understand that it's by default configured as a server (this includes many more low level details that you probably don't notice most of the time) so your out of the box experience will vary. We don't test heavily if at all on server operating systems unfortunately and it's clear now that these little differences in default configuration do make a difference.

> The UAC prompt in Vista? Hmm, don't make me laugh. That is the single most
> stupid implementation in computing history. It's not only incredibly annoying,
> it also simply does not work - after providing the admin password to override
> you're still being rejected and get the same prompt again - obviously that was
> the first thing I turned off on my Vista box, and it has remained off ever
> since.

There's a fair assessment in there. By turning if off, you've demonstrated my point that security comes at the sacrifice of ease of use (and UAC does work when programs are written well enough to handle errors and such; many aren't though). But functionality similar to UAC is present in Ubuntu and OS X (and the upcoming Windows 7) as it presents so far the most convenient method for asking users for elevated permissions (I assume you realize that running as Administrator/root is a bad idea).

> I am well aware that most users get confused by a multitude of preferences,
> especially when they're badly organized and cluttered (UltraEdit anyone?).
> Overall it's great that Firefox keeps things simple there, a good example are
> the display font options since Fx2. But by organizing them into breakouts like
> the "Site Exceptions" dialogs you can make a lot of preferences available to
> more advanced users that do want to use them without overwhelming the majority
> of the users that don't care for this level of detail and won't click on those
> anyway. And when someone goes to a tab named "advanced", he expects to see
> advanced settings (such as pipelining), and not for-dummies stuff.

I don't think pipelining is in the GUI anymore. In some sense, about:config is the advanced GUI config and a really convenient one for developers to expose hidden features to at that (pipelining is exposed here in a few prefs).

> I'm specifically thinking of the local sites policy for opening file: URLs - I
> can see no good reason why this couldn't be integrated into the preferences via
> an exceptions dialog similar to the ones already there for cookies, images, or
> pop-up windows.

I suggest you file a bug then (this is not the right bug for that).

> 
> Incidentally, talking about less clutter and less confusion, those "site
> exceptions" dialogs could be a lot easier to use, e.g. they could pre-fill the
> text box with the current site, auto-search down to it if it already exists,
> offer wildcard exceptions so you don't have to exempt xxx AND www.xxx and
> x48.xxx and all that (that should make them lots faster to load too). And when
> the current URL is set to "Block" and I select to "Allow" it they could
> actually work, rather than forcing me to remove the Block, OK the dialog, open
> it again, and now allowing the site.

Again, file a bug. If users complain without filing bugs, it becomes much less likely that their complaints will be resolved (that's just how the system works).

    
  
Blocks: 448652

    
    

    
  
Comment on attachment 342929 [details] [diff] [review]
skipWinSecurityPolicyChecks patch for 1.9.0.4

The 1.9.0.4 release has gotten "full" and we won't have the resources to verify and regression test this patch this cycle. I personally hope we can fit it in next time, but this may not fit the new "people are tired of updates breaking them" branch critera and get booted by mconnor :-(

        Attachment #342929 -
        Flags: approval1.9.0.4? → approval1.9.0.5?

    
    

    
  
mconnor's call, this is an exception to the normal security update criteria.

    
    

    
  
Comment on attachment 342929 [details] [diff] [review]
skipWinSecurityPolicyChecks patch for 1.9.0.4

Let's wait until this has actually at least shipped in 3.1b2 before we make a call on branchworthiness.  I'm inclined to take it, but not when it hasn't baked anywhere except 3.1 nightlies.

        Attachment #342929 -
        Flags: approval1.9.0.6?

        Attachment #342929 -
        Flags: approval1.9.0.5?

        Attachment #342929 -
        Flags: approval1.9.0.5-

    
    

    
  
I just downloaded Firefox 3.1b1 and Minefield 3.1b2 and didn't see this browser.download.manager.skipWinSecurityPolicyChecks flag.  Has this patch actually been integrated and released?

    
    

    
  
(In reply to comment #53)
> I just downloaded Firefox 3.1b1 and Minefield 3.1b2 and didn't see this
> browser.download.manager.skipWinSecurityPolicyChecks flag.  Has this patch
> actually been integrated and released?

It's not a flag that gets created by default on an update or new install, try creating it manually.

    
    

    
  
Comment on attachment 342929 [details] [diff] [review]
skipWinSecurityPolicyChecks patch for 1.9.0.4

Approved for 1.9.0.6, a=dveditz for release-drivers.

        Attachment #342929 -
        Flags: approval1.9.0.6? → approval1.9.0.6+

    
    

    
  
(In reply to comment #55)
> (From update of attachment 342929 [details] [diff] [review])
> Approved for 1.9.0.6, a=dveditz for release-drivers.

Just confirmed this still applies cleanly and builds.
Keywords: checkin-needed

    
    

    
  
Checked in to the 1.9.0 branch:
Checking in toolkit/components/downloads/src/nsDownloadManager.cpp;
/cvsroot/mozilla/toolkit/components/downloads/src/nsDownloadManager.cpp,v  <--  nsDownloadManager.cpp
new revision: 1.186; previous revision: 1.185
done
Checking in toolkit/components/downloads/src/nsDownloadManager.h;
/cvsroot/mozilla/toolkit/components/downloads/src/nsDownloadManager.h,v  <--  nsDownloadManager.h
new revision: 1.68; previous revision: 1.67
done
Checking in toolkit/components/downloads/src/nsDownloadScanner.cpp;
/cvsroot/mozilla/toolkit/components/downloads/src/nsDownloadScanner.cpp,v  <--  nsDownloadScanner.cpp
new revision: 1.20; previous revision: 1.19
done
Checking in toolkit/components/downloads/src/nsDownloadScanner.h;
/cvsroot/mozilla/toolkit/components/downloads/src/nsDownloadScanner.h,v  <--  nsDownloadScanner.h
new revision: 1.11; previous revision: 1.10
done
Keywords: checkin-neededfixed1.9.0.6

    
    

    
  
I'm glad this is being (at least partially) corrected.  Thank you.

The two main problems with this "misfeature" are [1] that it could not be disabled using firefox controls (like about:config) and [2] firefox already has a policy facility (in FF3, the moz_hosts table in the permissions DB).  When I first ran into this I scanned my moz_hosts table looking for the afflicted website; I found nothing until I googled the offending phrase - "This download has been blocked by your Security Zone Policy".

When I use a particular piece of independent software, I expect it to use its own configuration facilities rather than slaving its settings to some other (competing) product.

I have trusted Firefox, and I *don't* trust Internet Explorer.  Therefore I lock down Internet Explorer's settings and policies, so that when I am forced to use it, I don't feel quite so exposed.  To have firefox use those same Internet Explorer policies/settings without any alternative or question is unacceptable.  To make Firefox 3 usable, I have had to "open up" my Internet Explorer settings to what I consider to be an unsafe degree.

There are some alternative implementations of this feature which would have worked quite well, and you might want to consider them, moving forward (firefox 3.2?):

When you first run Firefox, and it creates a new profile for you, it asks you if you want to import settings from other browsers configured on the machine.  The security zone decision should have been added there, rather than unilaterally.  Make use of the same policy features as the other parts of firefox, use the permissions database and/or the moz_hosts table.  Provide an option (about:config only, maybe) which forces the synchronization of the IE zone policies with suitable policies in the moz_hosts table.  If the user chose to honor IE zone settings at their profile creation, then set that synchonization option, otherwise leave it disabled.  Firefox already has an admin lockdown feature (using firefox.cfg etcetera), which strict-minded admins could use to enforce the rest.

The more options and controls the better (from my POV).  I understand that you don't want to confuse or bamboozle the average user, so it's fine to leave many options off of the standard options dialogs.  But at least have things like this available in about:config.

    
    

    
  
(In reply to comment #58)
> When I use a particular piece of independent software, I expect it to use its
> own configuration facilities rather than slaving its settings to some other
> (competing) product.
Last I checked, Firefox wasn't competing with Windows.  As it's been said several times before, these are Windows system settings, not IE specific settings.

    
    

    
  
(In reply to comment #59)
> (In reply to comment #58)
> > When I use a particular piece of independent software, I expect it to use its
> > own configuration facilities rather than slaving its settings to some other
> > (competing) product.
> Last I checked, Firefox wasn't competing with Windows.  As it's been said
> several times before, these are Windows system settings, not IE specific
> settings.

I'm sorry but this point is debatable.  As Microsoft has made it very clear that they consider Internet Explorer an integral part of Windows, these settings are very much Internet Explorer settings.  Firefox is not an integral component of Windows and is not bundled with IE and therefore should not be tied to these settings.  Besides, MS has no interest in supporting any browsers other than their own, so why support their security policies and validate their ridiculous browser.  

Internet Explorer is able to be invoked from within any number of non browser processes, and invisibly I should mention.  With it being part of the Windows OS, the only way to secure a Windows machine against its security faults are to lock down these settings.  If Firefox is to be tied to these settings, then Firefox is to be locked down and shot like Internet Explorer is for many of us.  That will force us to look to other alternatives.

Thankfully, the Firefox team has given us an option now to ignore these settings.  A applaud their efforts to come to a compromise on this, but I still feel that this skipWinSecurityPolicyChecks should be made an option under the advanced tab in the preferences dialog.

    
    

    
  
Jim, could you somehow provide some steps I can use to verify the fix for 3.0.6? That would be really helpful.

    
    

    
  
(In reply to comment #61)
> Jim, could you somehow provide some steps I can use to verify the fix for
> 3.0.6? That would be really helpful.

Sure,

1) Download a file and save it to the desktop
2) right-click and select properties

You should see a little warning message about the file being downloaded off the net. If it's an exe, and you double click on it, you should get a security prompt. This is on XPSP2 and above.

3) Set browser.download.manager.skipWinSecurityPolicyChecks to true
4) download a file and save it to the desktop

Check the properties again, the little warning message should be missing.

    
    

    
  
Henrik: also you should follow the steps in comment 0 -- in the Internet Options Windows control panel disable "launching Applications and Unsafe Files". With the pref mentioned above unset or set to false you should not be able to download an .exe, instead you'll get the error message from comment 0. With the option set to true you can download.

    
    

    
  
Hmm, i am using Firefox 3.0.7 and i have set browser.download.manager.skipWinSecurityPolicyChecks to true, but still i can not download any file, it is blocked because of internet security zone settings. And yes, i have restarted firefox after setting the value in about:config.

What am i missing?

    
    

    
  
Using Windows XP SP3, I set my Internet Options security to High for the Internet zone, (which sets "Launching applications and unsafe files" to "Disable"). This causes executable file downloads to fail in Firefox, with the Downloads window showing "cancelled".   I have both Firefox 3.6 and Firefox 3.5.7 on my system, in different folders (I copied my Firefox 3.5.7 program files to another folder before updating to Firefox 3.6). 

Setting browser.download.manager.skipWinSecurityPolicyChecks to "true" allows me to download exe files in Firefox 3.5.7 but not in Firefox 3.6. 

Does this preference no longer work in Firefox 3.6?
Related discussion:
http://support.mozilla.com/en-US/forum/3/579542

    
    

    
  
browser.download.manager.skipWinSecurityPolicyChecks got removed in bug 504804

You can disable anti-virus scanning by setting browser.download.manager.scanWhenDone to false.

    
    

    
  
(For the record)
When Internet Options security is set to High for the
Internet zone (or when "Launching applications and unsafe files" is set to "Disable"), setting browser.download.manager.scanWhenDone to "false" makes no difference.  The download still fails, with "canceled" in the Firefox 3.6 Downloads window. 

Related discussion: http://support.mozilla.com/en-US/forum/3/579542

    
    

    
  
(In reply to comment #67)
> (For the record)
> When Internet Options security is set to High for the
> Internet zone (or when "Launching applications and unsafe files" is set to
> "Disable"), setting browser.download.manager.scanWhenDone to "false" makes no
> difference.  The download still fails, with "canceled" in the Firefox 3.6
> Downloads window. 
> 
> Related discussion: http://support.mozilla.com/en-US/forum/3/579542

Ok, I've confirmed this. we still check local security policy when the download starts, so if users have disabled the download of content, we follow those rules.

I suppose we could also tie this feature to the scan when done pref. I'm mixed on that. Fixing this is easily addressed through the internet settings - enable download content and everything works fine, and you don't get any security prompts, which was the original goal.

    
    

    
  
(In reply to comment #68)
> I suppose we could also tie this feature to the scan when done pref. I'm mixed
> on that. Fixing this is easily addressed through the internet settings - enable
> download content and everything works fine, and you don't get any security
> prompts, which was the original goal.

Isn't the point that the user doesn't always have control over those (sometimes braindead) security settings - they may be set through group policy - so respecting them is just a PITA for users, who might just turn to another browser if FF puts up this artificial barrier?

    
    

    
  
(In reply to comment #69)
> Isn't the point that the user doesn't always have control over those (sometimes
> braindead) security settings - they may be set through group policy - so
> respecting them is just a PITA for users, who might just turn to another
> browser if FF puts up this artificial barrier?

It's been a balancing act. We have users who want to be immune from all local os security settings, users who want firefox to honor those settings including group policy settings for admins, users who want virus scanning, users who want to old firefox way of handling download, etc.. and on top of this we're stuck working with windows api that combine a lot of these features into a single com interface. :/ Hopefully we're reaching a point where all needs are addressed.

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: