http://isc.sans.edu/diary.html?storyid=14749&rss

Google blocks silent Chrome extension installation

Last Updated: 2012-12-24
According to chromium blog, Google Chrome 25 won't allow anymore silent extensions installs. This is good, because attacks like the Chrome malicious extension injecting ads to wikimedia pages in may won't happen without the user's consent. This is similar to Internet Explorer Protected Mode, which does not allow extension installations and Firefox add-on control since Firefox 8.

This kind of controls enforce the security settings described in the corresponding security templates of web browsers. So far, the only browser that posess the most scalable security baseline is still Internet Explorer

http://www.networkworld.com/news/2012/121912-facebook-timeline-265257.html

Facebook bans developer of timeline-cleaning browser extension

Creator of FB Purity says he's about to be booted from the social network.
The developer of a browser extension that lets Facebook users block some types of content from their newsfeeds called Fluff-Busting Purity says the social network's legal department has banned him from the site, accusing him of violating the terms of service.

there were a lot of annoying features that I didn't like about the site, so as a web developer by trade, decided to fix them via the magic of a Greasemonkey User Script, which is basically a small program that you load in your browser that alters the way specific web pages look or behave," he explained to Network World in an email.

The fact that Fernandez's extension doesn't use Facebook's official API means this isn't his first clash with the site's administrators. He was banned in February, though he regained access to his account two weeks later. In April, Facebook began to block links to his website, calling it "spammy or abusive."

"The original reason I developed the extension in the first place was to make it easier and less annoying to use Facebook for myself, the fact other people liked it too was just a bonus," he says. "They need to accept that users are going to use browser extensions on their site, and there's not much they can really do about it."

@Dragonlair, to turn off autoupdate in Opers go to PREFERENCES, select the ADVANCED tab and then the SECURITY option from the lefthand menu and the Auto Updates options are at the bottom :-)

Well, this is shill posting, has been in the comments too.
As it's not commercial and as the developer seems to be a GOTD friend I didn't delete it ;)

The comment of the copy and paste friend cellspydude - is deleted: it's spam under the name.

I don't see any benefit in such an extension, but everyone to his taste :)
Besides MS and Kaspersky I never allow any programme to look for updates. Kaspersky checks for vulnerabilities and informs me when there are critical updates for programmes.

For Chrome lovers: why not try Iron: The Browser of the future?

graylox

Well I use Chrome and love this extension although I still come to the forums everyday lol. I'm all for self updating as I don't feel like checking myself but always want the most recent version. But I agree in there should be an option for people unlike me who dislike self updating to turn it off

Actually Dragonlair, (maybe neither here nor there, but) cellspydude, copy/pasted that comment from the link ChroMe gave. The comment was posted under a different user name, at that site, but is still the same comment, word for word.

cellspydude, you are arguing both sides of the same issue! First you applaud that a product updates itself and then you complain that another did it. Except for my anti-virus and Opera (which I can't find out how to turn off), NOTHING is allowed to update all on it's own. It's allowed to check (with modern computers doesn't drag much on the system) but NOT allowed to update. It must ask for my approval.

I don't like the new Opera doing it and I would appreciate it if someone would tell me how to turn that back to "ask permission". Even Windows must ask first!

Which way are you liking - full update (behind your back) or check and ask? The third choice (which I often take) is for no check - let you check at your own selected time -- whenever you think of it or feel like it.

Giveaway of the Day Chrome Extension

I actually had it installed before this thread was posted, but hadn't thought to point it out, since I wanted to see how well the 'experimental' beta was working before I led others into a potential snake pit.

So far it's done pretty well for an 'experimental' add-on, now I'm wishing more sites had secure versions!

TY. :)

Many thanks.

works a treat, too. gotta love it.

Simply wonderful news. Thanks for the information.

Same here HD....thanks. Hope it works as well as they say.

and thank you from me as well, hotdog. :)

Thank you for the valuable information, Hotdoge3. Appreciate it very much.
Inas

https://www.eff.org/https-everywhere

HTTPS Everywhere is a Firefox extension produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. It encrypts your communications with a number of major websites

hotdoge3 - I found the discrepancies in the links. The first one, on vulnerabilities in .pdf applications, should be http://www.h-online.com/open/news/item/Vulnerabilities-in-several-PDF-applications-833449.html

The post on Firefox first blocking, then unblocking the MS extension is just missing a hyphen: http://www.h-online.com/security/news/item/Firefox-blocks-then-unblocks-Microsoft-add-on-832309.html

hotdoge3 - the first link, to the h online story on pdf vulnerabilities, and the link to the story on Firefox blocking/unblocking the MS add-on, lead to 404s. Not sure why, as the pdf story, anyway, is still up over there, and the other links are ok.

http://www.h-online.com/security/news/item/Vulnerabilities-in-severalPDF-applications-833449.html

Vulnerabilities in several PDF applications

http://software.silicon.com/security/0,39024655,39582320,00.htm

Scareware is bad for your PC and your pocket - but the fake security warning messages popping up on your screen are only the most visible part of a complex scam.
http://www.h-online.com/newsticker/news/item/Washington-and-Microsoft-sue-fake-anti-spyware-vendors-737513.html

http://secunia.com/advisories/37049/ > Foxit Reader Firefox Plugin Memory

http://www.h-online.com/security/news/item/Adobe-closes-29-vulnerabilities-in-Acrobat-and-Reader-828796.html

http://www.h-online.com/security/news/item/Firefox-blocks-then-unblocks-Microsoftadd-on-832309.html

Firefox blocks, then unblocks, Microsoft add-on see Post on
how-to-remove-microsoft-net-spyware-extension

http://www.h-online.com/security/news/item/Lost-Found-Botnets-Rescue-CD-Calculators-Flickr-and-Online-Banking-826382.html

API Key used to authenticate API requests from applications has been crackedPDF and posted online. Due to a vulnerability in the signing process, attackers can generate valid signatures

LOL @ A year later - glad it helped.

That was my probleme and you solved it Thank you BuBBy!

Hi BuBBy,
it's one year long that I'm managing the setup.msi iussue with the application "Universal Extractor", still I think that I was lucky to check it (I also posted the link in the GAOTD's comments: http://www.legroom.net/software/uniextract),
indeed you can imagine how do I feel now that the code you provided is really working !
You are a GREAT !! Frank

That's it BuBBy!!! I don't know how someone on earth can understand that code, but it's working. Thank you very much BuBBy!

Thanks, while my French is almost non-existent I know the dialog you are referring to.

It sounds like the registry keys needed to recognise and open msi files are missing or incorrect.

Paste the following into a new file (eg. with notepad) and save the file with a .reg extension. setupmsi.reg will do ok. Then double click on the saved reg file and add the keys to your registry. (The first line "Windows Registry Editor Version 5.0" must be the first line in the file).
======

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.msi]
@="Msi.Package"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msi.Package]
"EditFlags"=hex:00,00,10,00
"FriendlyTypeName"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
32,00,5c,00,6d,00,73,00,69,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,34,\
00,00,00
@="Windows Installer Package"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msi.Package\DefaultIcon]
@="C:\\WINDOWS\\System32\\msiexec.exe,0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msi.Package\shell]
@="Open,Repair,Uninstall"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msi.Package\shell\Open]
@="&Install"
"MUIVerb"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,\
6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
00,6d,00,73,00,69,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,36,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msi.Package\shell\Open\command]
@=hex(2):22,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,\
73,00,69,00,65,00,78,00,65,00,63,00,2e,00,65,00,78,00,65,00,22,00,20,00,2f,\
00,69,00,20,00,22,00,25,00,31,00,22,00,20,00,25,00,2a,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msi.Package\shell\Repair]
@="Re&pair"
"MUIVerb"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,\
6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
00,6d,00,73,00,69,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,37,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msi.Package\shell\Repair\command]
@=hex(2):22,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,\
73,00,69,00,65,00,78,00,65,00,63,00,2e,00,65,00,78,00,65,00,22,00,20,00,2f,\
00,66,00,20,00,22,00,25,00,31,00,22,00,20,00,25,00,2a,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msi.Package\shell\Uninstall]
@="&Uninstall"
"MUIVerb"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,\
6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
00,6d,00,73,00,69,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,38,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msi.Package\shell\Uninstall\command]
@=hex(2):22,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,\
73,00,69,00,65,00,78,00,65,00,63,00,2e,00,65,00,78,00,65,00,22,00,20,00,2f,\
00,78,00,20,00,22,00,25,00,31,00,22,00,20,00,25,00,2a,00,00,00

Hello BuBBy!

Here is the message displayed (it's in french since I have a french version of Windows):

"Windows ne peut pas ouvrir ce fichier :
Fichier :
Setup.msi
Pour ouvrir ce fichier, Windows doit connaître le programme utilisé pour sa création. Windows peut effectuer une recherche en ligne automatique, ou vous pouvez choisir un programme dans la liste des programmes installés sur votre ordinateur.
Que voulez-vous faire ?
--> Utiliser le service Web pour trouver le programme approprié
--> Sélectionner le programme dans une liste
OK
Annuler"

I would like to include also a screenshot of this message, but I don't know how to insert it here. The copy of the image is impossible in text.

It's not an error message but the windows witch appears let me choice a program (witch one?) to open that kind of file since Windows doesn't recognize the extension file.

Bye!

When you say it "doesn't recognise" MSI files, can you quote "exactly" what the error message displayed is (including any error numbers etc). A screenshot of the error message might be helpful also.

Thank you guys for the solutions you have proposed. I tried to log like admin, but I don't have the password. I always log with my user ID with rights of an administrator since I am the lone user of this computer. So, I logged with my user ID and execute the command line "C:\windows\system32\msiexec.exe /regserver", restart, but the system doen't recognize MSI files anyway.

So, I tried to put out Windows Installer from my system, but I don't know where it is; witch name it has(?).
I download the also "Windows Installer from the alternative site ... and install it, but the result is same. What's next?

http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB893803

Another download site for windows installer.

Might be that windows installer is corrupted and needs to be removed, booted and reinstalled.

Some tweaking programs cause problems with windows installer.

1) Restart XP in safe mode and log on as a local admin

2) Click Start -> Run... -> and type C:\windows\system32\msiexec.exe /regserver

3) restart XP and log back with your user ID.