>As for detecting subsequent
> tampering on your own machine, there's no way (that I know of) for a
> remote attacker to modify code on your machine
I was thinking of in-house tampering - possibly modifying scripts etc - I
think there is real likely hood of this.
If say a package is installed as a JAR then I would have thought that that
the installer program could at least keep its byte count in say the
component registry
When the Mozilla starts the package Mozilla could at least check the byte
count of the file against value in the component registry.
Alternatively installation details could be saved and possibly password
protected .e.g. a package (or spoof) cannot be reinstalled without knowing
the installation password.
While not fool proof, it seems just too easy at the moment.
