I really thought that was the whole point of an enterprise list was to
discuss the ESR, otherwise you would use the standard RR firefox user
communities?
James Pulver
CLASSE Computer Group
Cornell University
On 02/02/2016 01:29 PM, Tanstaafl wrote:
So... you're saying that his discussion list is only for those running
the ESR version??
Can you provide documentation for that?
Interestingly, I don't even see the Enterprise list listed on Mozilla's
official page of all of their lists:
https://lists.mozilla.org/listinfo
On 2/2/2016 1:23 PM, Mike Connor <[email protected]> wrote:
If you're running ESR, you will continue to have that option for the
foreseeable future. If you're not, I believe this thread is well off
topic for this list.
On Tue, Feb 2, 2016 at 9:39 AM, Tanstaafl <[email protected]
<mailto:[email protected]>> wrote:
I didn't say it never happens.
I said it is not nearly the problem that you or Mozilla would have us
believe.
But that is irrelevant, because, as I already pointed out, it has been
proven that enforced signing *will not protect anyone* - all it does is
provide a *false* security blanket.
I have no problem with making enforced signing the default. I just want
the ability to disable it without having to resort to running an
unbranded version.
On 2/2/2016 10:56 AM, Wolf, Daniel <[email protected]
<mailto:[email protected]>> wrote:
> You don't get infected with an add-in. Your user runs malware that
installs it.
> Companies with whitelisting will obviously not have this problem.
Nor is there a central way to get a listing of add-ins, you would
only know if you looked in Firefox on every machine.
>
> AdwCleaner, a tool designed to remove browser hijacking, has been
downloaded over 38 million times.
http://www.bleepingcomputer.com/download/adwcleaner/
>
> Here are blog posts about malicious add-ins from just the last few
months
>
https://blog.malwarebytes.org/security-threat/2016/01/yontoo-pups-with-two-faces/
>
https://blog.malwarebytes.org/security-threat/2015/11/framefox-nominated-for-the-most-aggressive-eula/
>
https://blog.malwarebytes.org/security-threat/2015/11/dynamicpricer-pup-disables-browser-updates/
>
>
> This is a major issue that users deal with. If you don't believe
me, you're welcome to ask Mozilla, who are the developers of Firefox.
>
> Daniel Wolf
>
> -----Original Message-----
> From: Enterprise [mailto:[email protected]
<mailto:[email protected]>] On Behalf Of Timo Pietilä
> Sent: Tuesday, February 2, 2016 12:04 AM
> To: [email protected] <mailto:[email protected]>
> Subject: Re: [Mozilla Enterprise] Add-on Signing in ESR
>
> On 1.2.2016 17:32, Tanstaafl wrote:
>
>> I have been managing a smallish (50-80 over the years) install
base of
>> both Firefox and Thunderbird since before Firefox 1.0 was released,
>> and *not once* have I encountered a user who got infected with a
>> malicious Addon.
>
> I got a bit larger user base: I distribute FF and TB for
University with about 50k students and around 7000 staff and have
been working here for about 15 years now. Not one case of malicious
add-on at that time.
>
> Timo Pietilä
_______________________________________________
Enterprise mailing list
[email protected]
https://mail.mozilla.org/listinfo/enterprise
To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise
or send an email to [email protected] with a subject of
"unsubscribe"
_______________________________________________
Enterprise mailing list
[email protected]
https://mail.mozilla.org/listinfo/enterprise
To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise
or send an email to [email protected] with a subject of
"unsubscribe"
