Closed Bug 526150 Opened 16 years ago Closed 15 years ago

Option to Disable Software Installation Upon Completion

Categories

(Toolkit :: Add-ons Manager, enhancement)

Product:
Toolkit
Component:
Add-ons Manager
Platform:
x86
Windows XP
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED WONTFIX

People

(Reporter: david, Unassigned)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.4) Gecko/20091017 SeaMonkey/2.0 Build Identifier: I normally have my advanced preference set to disable software installation. When I go to install an extension, the Add-Ons Manager gives me the option to enable software installation. If I do enable it and then install the extension, I then have to go to [Edit > Preferences > Advanced > Software Installation] (SeaMonkey, different navigation for Firefox) to clear the checkbox. Upon completion of an installation of any add-on (not only extensions), the Add-Ons Manager should provide the user with the option to disable further installations. Reproducible: Always This is an issue of configuration safety. Users might not understand the connection between enabling installation via the Add-Ons Manager and disabling installation via [Edit > Preferences > Advanced > Software Installation].
When I click the Install button, the Add-ons Manager presents an Enable button with the explanatory text to the left: "Software installation is currently disabled. Click Enable and try again." For this RFE, I suggest the following UI: When the Add-ons Manager completes any installation, it should check the status of the xpinstall.enabled preference variable. If it is "True", the Add-ons Manager should present a Disable button with the explanatory text to the left: "Software installation is currently enabled. Click Disable to prevent installing unwanted software." The result of clicking Disable, of course, would be to set xpinstall.enabled to "False". By the way, the default for xpinstall.enabled seems to be "True". Should it not be "False"?
As it stands I think this bug is probably a WONTFIX. I think when xpinstall.enabled is off we just should never let new extensions be installed through the app and we shouldn't give users the option to play with it. For updates we should ignore the pref and install them anyway.
xpinstall.enabled is a safety preference. This preference variable should NEVER be ignored, even for updates. Ignoring it would open users to installing bogus, hostile updates to good add-ons. The Add-ons Manager allows installation of add-ons to be enabled upon a user request. It requires positive user action. The problem is that, once installation is enabled for a particular add-on, the Add-ons Manager fails to provide for subsequently disabling further installations. In my suggested UI, the presentation of a Disable button should occur before the Add-ons Manager asks if the user wants to terminate and relaunch the application.
(In reply to comment #3) > xpinstall.enabled is a safety preference. This preference variable should > NEVER be ignored, even for updates. Ignoring it would open users to installing > bogus, hostile updates to good add-ons. When the user already has an add-on installed they have already granted the developer of that add-on free reign to do whatever they like to their machine, letting them get an updated version is no additional risk. > The Add-ons Manager allows installation of add-ons to be enabled upon a user > request. Yes, I think we should remove that. and just include a message explaining why they cannot install add-ons. This pref should generally be used by sys-admins to lock down Firefox for their users.
Yes, I trust Manuel Reimer, developer of the PrefBar extension. However, I don't trust the system to protect me from someone else creating a bogus update to PrefBar and attempting to foist it onto me. Thus, I am relying on xpinstall.enabled to protect me even from updates to add-ons that I have already installed. As for removing the capability to enable installation of new add-ons from the Add-ons Manager, that would truly discourage new users from installing any add-ons. The navigation to enable installation through the Preferences window from SeaMonkey involves (with similar steps for Firefox): 1. On the menu bar, select [Edit > Preferences]. 2. In the Category area on the Preferences window select [Advanced > Software Installation]. 3. On the Software Installation pane, select the checkbox (to create a checkmark) for "Allow web sites to install extensions and updates." 4. On the Software Installation pane, select the OK button. Then, after installing an add-on, repeat above, selecting the checkbox to remove the checkmark. Step #2 above is definitely NOT intuitive even to an experienced user. The need to remove the checkmark after installation is even less intuitive. Note that in Thunderbird, there is NO user-oriented interface to disable installation of add-ons. Once an add-on is installed, the user must resort to the Config Editor and know exactly which preference variable to change. This is a security vulnerability for Thunderbird users. And removing the capability within the Add-ons Manager to enable installation will only eliminate the use of add-ons by most users if "False" (the safe setting) becomes the default for xpinstall.enabled.
(In reply to comment #5) > Yes, I trust Manuel Reimer, developer of the PrefBar extension. However, I > don't trust the system to protect me from someone else creating a bogus update > to PrefBar and attempting to foist it onto me. Thus, I am relying on > xpinstall.enabled to protect me even from updates to add-ons that I have > already installed. The update system is secured so no-one but the author should be able to provide updates for their extensions. > As for removing the capability to enable installation of new add-ons from the > Add-ons Manager, that would truly discourage new users from installing any > add-ons. Only those users that have decided to completely disable add-on installation. I think that is the minority of users and probably almost no new users at all. > The navigation to enable installation through the Preferences window > from SeaMonkey involves (with similar steps for Firefox): There is no UI for controlling xpinstall.enabled through Firefox's preferences and I don't think it is an option that should be exposed to users as I don't believe it has an effect that is useful to users. What Seamonkey does is of course a different choice based on the target user base of Seamonkey. > Note that in Thunderbird, there is NO user-oriented interface to disable > installation of add-ons. Once an add-on is installed, the user must resort to > the Config Editor and know exactly which preference variable to change. This > is a security vulnerability for Thunderbird users. And removing the capability > within the Add-ons Manager to enable installation will only eliminate the use > of add-ons by most users if "False" (the safe setting) becomes the default for > xpinstall.enabled. The default value of xpinstall.enabled is not changing in Firefox or I expect Thunderbird, it should default to true since that is what the majority of users want and it does not expose any kind of insecurity that we are aware of.
wontfix per previous comments.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → WONTFIX
The justification for WontFix ignores an important user consideration. Many users do not want updates to an extension without having control over when it happens. Installing and updating extensions generally requires terminating and relaunching the affected application. This could be disastrous if it occurs while attempting to use a browser to do online financial transactions. On relaunching, the browser will revert to the browser's home page. The user will then be left uncertain about whether the transaction was completed or needs to be redone. Thus, it is important that the preference variable xpinstall.enabled retain its current meaning and not be ignored.
Status: RESOLVED → REOPENED
Resolution: WONTFIX → ---
(In reply to comment #8) > The justification for WontFix ignores an important user consideration. Many > users do not want updates to an extension without having control over when it > happens. In which case they should turn off automatic update checking. > Installing and updating extensions generally requires terminating and > relaunching the affected application. This could be disastrous if it occurs > while attempting to use a browser to do online financial transactions. On > relaunching, the browser will revert to the browser's home page. The user will > then be left uncertain about whether the transaction was completed or needs to > be redone. We never ever force the user to relaunch their application and when we give the user the option to restart we restore their tabs for them. > Thus, it is important that the preference variable xpinstall.enabled retain its > current meaning and not be ignored. Neither of the points you made have any bearing on xpinstall.enabled so the decision still stands. The new add-ons manager does not offer to enable xpinstall.enabled for you any longer so if applications continue to do this when websites attempt to install extensions (as Firefox still does right now) then the application would be responsible for turning it off again.
Status: REOPENED → RESOLVED
Closed: 15 years ago15 years ago
Resolution: --- → WONTFIX
The capability described in comment #9 appears to be quite contrary to the way many users handle updates. My understanding of that capability is that automatic detection of updates will mean automatic installation of those updates. What bug report specifies this change to the Add-Ons Manager? Many users want to be notified that updates are available, but we want then to control when those updates are installed. Thus, automatic notification and automatic installation should be two different controls. If we then choose to install an update and must enable its installation, we subsequently need to disable other installations when the desired installation is completed.
Status: RESOLVED → REOPENED
Resolution: WONTFIX → ---
(In reply to comment #10) > The capability described in comment #9 appears to be quite contrary to the way > many users handle updates. My understanding of that capability is that > automatic detection of updates will mean automatic installation of those > updates. What bug report specifies this change to the Add-Ons Manager? > > Many users want to be notified that updates are available, but we want then to > control when those updates are installed. Thus, automatic notification and > automatic installation should be two different controls. If we then choose to > install an update and must enable its installation, we subsequently need to > disable other installations when the desired installation is completed. In Firefox 3.6 and earlier there was no option to automatically install updates, we just presented the user with available updates and had them opt in. xpinstall.enabled had no effect on that nor would it really make any sense to have used it to control that. In Firefox 4 we do automatically install detected updates by default however the user can switch back to manual updates for all add-ons or on a per-add-on basis (see mainly bugs 562622 and 586574). In this state we would again offer the user updates available to install and allow them to choose to install them. Again it makes no sense for xpinstall.enabled to play a role here.
Status: REOPENED → RESOLVED
Closed: 15 years ago15 years ago
Resolution: --- → WONTFIX
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.