Other issues in this category (50)
"I have no idea what it is! I never installed it". Such claims are always treated by system administrators with scepticism. Phrases of this kind never helped prevent a crack-down. But life goes on, everything gets turned on its head—and software developers begin to do our thinking for us:
This add-on emerged several days ago with no prior warning. It was signed by a Mozilla certificate, but information about the extension and the reasons why it was automatically installed were nowhere to be found on the Internet. Neither did the add-on undergo any public review, which used to be standard practice for test extensions.
According to Mozilla, the add-on was part of a promo for the new season of the Mr. Robot TV series and was to appear in one of its episodes. It was meant to come as a surprise for the TV series’ fans and Firefox users and engage them in an augmented reality game.
The actual statement from Mozilla may appear somewhat unnerving.
It’s especially important to call out that this collaboration does not compromise our principles or values regarding privacy.
The experience was kept under wraps to be introduced at the conclusion of the season of Mr. Robot
Well, after all, the experiment proved to be a success, and an unauthorised installation of an application violates no privacy principles whatsoever. So perhaps it can be done again.
The first time is always the hardest!
With Windows 10 Anniversary Update (build 1607), Microsoft introduced its Content Delivery Manager. The component automatically installed suggested applications without user consent.
Travis Ormandy from Google Project Zero discovered that the password manager Keeper, from a third-party developer, had been pre-installed in his Windows 10 system
Keeper was downloaded to the researcher's PC via the Microsoft Developer network.
The automatic installation of advertising applications is one of Windows 10’s major flaws. For example, it can of its own accord download Candy Crush Soda Saga, Netflix, and other partner applications.
So, you've configured your security features, deleted unused software and suddenly out of the blue something else impregnated with vulnerabilities appears.
Having determined that third-party applications are now getting installed by default, the researcher decided to check whether Keeper has any security issues. He quickly discovered a vulnerability that allowed for "a complete compromise of Keeper security, allowing any website to steal any password".
Luckily, (for the time being) automatic installation can be disabled.
Launch the Registry Editor. To do so, you can enter '
regedit' in the command prompt.
Look for this entry:
Double-click on the key SilentInstalledAppsEnabled and set its value to 0
Close the Registry Editor.
We hope you will be able to toggle off the compulsory delivery of "very useful" applications at least for a while.#security #Windows
Needless to say, such behaviour does violate security principles. And, most important, no one can tell what will show up on our computers after the next “update”.