It looks like the Prophets have been found correct and the age of Firefox Spyware is upon us. While the current Java Scheme requires user intervention, this is how it started on IE. Users were given Pop-up window choices to install a "necessary" program, choosing "Yes" would install the Spyware. I can hear the cyber cries now, as Firefox followers commit mass suicide, their beloved browser infallible no more.
"In a flurry of remote downloads, numerous changes to the registry took place and a sizeable amount of IE specific installs began downloading. Amongst the assortment was DyFuCA, Internet Optimizer, ISTsvc, Kapabout, sais (180 Solutions), SideFind, Avenue Media and something called djtopr1150.exe lurking in the Temp folder."
Is there a Double Standard for Internet Explorer? Of course there is. The Firefox community will quickly dismiss this sort of exploit. It will be considered not important because it requires user interaction. Yet these same exploits found in Internet Explorer have been fiercely criticized by the Firefox community and used as a reason to switch away from IE. This is also why recommending Firefox, as a Spyware solution is very dangerous. Installing and using Firefox does not clean or prevent your system from being infected with Spyware. The parasites can still exist in memory, robbing your system of resources, killing performance and causing application crashes.
The infallible Firefox is currently being plagued with Pop-under advertisements that are displayed when you minimize or close Firefox. These are related to the Flash Plug-in. It turns out that Firefox does have the ability to block these but it was disabled by default.
"Well, we shipped 1.0 with the capability to block these pop-ups and pop-unders but we didn't enable it because we were concerned about breaking legitimate uses"
This is an excuse for "We could not write it good enough to not break legitimate uses."
There are solutions but again this requires as much work as it does on IE.
"To block pop-ups from plugins, open your Firefox 1.0 or 1.0.1 browser, type about:config in the address field. Right-click in the resulting config page somewhere and select New -> Interger. Type privacy.popups.disable_from_plugins in the resulting dialog, hit OK, type 2 in the next dialog and you're all set."
This pref can actually take three values:
0: open allowed
1: the opened windows are treated as popups, but they're allowed to open
2: the window is a popup, block it
It should be noted this solution renders certain web pages useless and blocks user requested Flash Pop-ups. A better solution may be FlashBlock,
"an extension for the Mozilla and Firefox browsers that takes a pessimistic approach to dealing with Macromedia Flash content on a webpage and blocks ALL Flash content from loading. It then leaves a placeholder on the page that allows you to click to view the Flash content."
Flashblock currently blocks the following content types:
Firefox having only been out less then a year is already being plagued with elementary style Spyware exploits and Pop-ups. This is only a sign of things to come. The Followers however should have taken note to Beware of false Prophets.