Your browser is obsolete!

The page may not load correctly.

Unexpected guests

Незваные гости

Other issues in this category (52)
  • add to favourites
    Add to Bookmarks

Forced delivery

Read: 536 Comments: 3 Rating: 8

"I have no idea what it is! I never installed it". Such claims are always treated by system administrators with scepticism. Phrases of this kind never helped prevent a crack-down. But life goes on, everything gets turned on its head—and software developers begin to do our thinking for us:

Many Firefox users noticed that the new add-on, "Looking Glass 1.0.3", appeared on their extension list even though they never installed it.

This add-on emerged several days ago with no prior warning. It was signed by a Mozilla certificate, but information about the extension and the reasons why it was automatically installed were nowhere to be found on the Internet. Neither did the add-on undergo any public review, which used to be standard practice for test extensions.

According to Mozilla, the add-on was part of a promo for the new season of the Mr. Robot TV series and was to appear in one of its episodes. It was meant to come as a surprise for the TV series’ fans and Firefox users and engage them in an augmented reality game.

The actual statement from Mozilla may appear somewhat unnerving.

It’s especially important to call out that this collaboration does not compromise our principles or values regarding privacy.

The experience was kept under wraps to be introduced at the conclusion of the season of Mr. Robot

Well, after all, the experiment proved to be a success, and an unauthorised installation of an application violates no privacy principles whatsoever. So perhaps it can be done again.

The first time is always the hardest!

With Windows 10 Anniversary Update (build 1607), Microsoft introduced its Content Delivery Manager. The component automatically installed suggested applications without user consent.
Travis Ormandy from Google Project Zero discovered that the password manager Keeper, from a third-party developer, had been pre-installed in his Windows 10 system
Keeper was downloaded to the researcher's PC via the Microsoft Developer network.

The automatic installation of advertising applications is one of Windows 10’s major flaws. For example, it can of its own accord download Candy Crush Soda Saga, Netflix, and other partner applications.

So, you've configured your security features, deleted unused software and suddenly out of the blue something else impregnated with vulnerabilities appears.

Having determined that third-party applications are now getting installed by default, the researcher decided to check whether Keeper has any security issues. He quickly discovered a vulnerability that allowed for "a complete compromise of Keeper security, allowing any website to steal any password".

Luckily, (for the time being) automatic installation can be disabled.

Launch the Registry Editor. To do so, you can enter 'regedit' in the command prompt.


Look for this entry:


Double-click on the key SilentInstalledAppsEnabled and set its value to 0


Close the Registry Editor.

We hope you will be able to toggle off the compulsory delivery of "very useful" applications at least for a while.

#security #Windows

Dr.Web recommends

Needless to say, such behaviour does violate security principles. And, most important, no one can tell what will show up on our computers after the next “update”.

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.


Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.