We didn't get the kind of uptake we were hoping for in the initial stub installer experiment. One theory as to why is that local virus scanners or firewalls could be preventing it from working, or at least popping up a warning that dissuades users from continuing with the installation. The stub installer here: https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/stub/Firefox%2017.0b1%20Beta%20Stub%20Installer.exe virustotal says both are ok: https://www.virustotal.com/url/af3064d8cc97a4fea5c1e4f21da8d6a0d6aa40ceaa2e7d2444a0aeaf3772e333/analysis/1350412706/ https://www.virustotal.com/url/0d3fa292c781a73f19fe4aebce8dfef16a7785e5f8153b3a54cdac53e476c8da/analysis/1350412414/ Juan mentioned that F-Secure was one of the products the gave a warning. Is this reproducible?
I haven't been able to reproduce in the machine where I was seeing this. It doesn't help that the program has been removed from it, and I can't find a trial version that let's me install without providing billing details. I've registered to be a beta user, and I'm waiting for registration confirmation. I'll report back when I can install it.
My understanding is that the stub installer will not download the actual package from an SSL site, and so the the stub installer is not doing similar checks on a SSL certificate as bug 770594, since there's no SSL happening. But, if we're still downloading the actual package from an SSL site, then issues like bug 770594 should be investigated.
juan - any update here?
I received a beta tester invitation, but the list of projects I am offered to participate in does not include their consumer software using F-Secure. I'll cc Marcia since I think she installed F-Secure previously.
Any updates here?
Created attachment 673354 [details] F-Secure warning when running the stub-installer I was able to install a trial version of F-Secure on a clean VM, and then downloaded the stub-installer from today's latest-mozilla-aurora using IE. I made sure F-Secure was running and ran the installer, and sure enough it popped up a warning.
Haven't heard back from any AV vendors.