Richard Bucker

Danger Google Search - Serious OpenSource Weakness

Posted at — Jul 27, 2014

Warning - a bit of a scatterbrain todayI needed to install a fresh Windows install in a VMware virtual machine along with a number of developer tools like Visual Studio. I also needed to install the latest version of Firefox and Chrome. Sadly there is a very serious threat to privacy trending out there and so long as the barrier is lower to modify the source and the cost to advertise is lower than the value… this will continue.Google, Yahoo and Bing searches for Chrome, Firefox (UPDATE: Opera) browsers all returned Ad or otherwise sponsored links to 3rd parties who are repackaging these applications in their own installer with, in some cases, malware. One key difference is that these installers also ask for root access; unlike the default install of Firefox and Chrome which install in userspace and not root.I also tried DuckDuckGo and while the results are formatted differently and the Google ranking in the results were higher they also provided links to 3rd parties although some are more reputable than the others.One strongest features of all three browsers is that they install and run in userspace. If the installer asks for your password then there is something very wrong going on.This alone makes a strong case for factory bootstraping of key tools and brands.Back in the day Microsoft defended itself and it’s business practices by making it difficult to install 3rd party browsers like Mozilla. Today everyone loses. An Apple genius recently recommended that I disable FileVault; not because it was bad but because failure created product perception problems. This sort of malware, misuse and misappropriation of free/open software is going to hurt everyone.**Sandboxed apps is one solution and may or may not be a good remedy but thanks for trying. On the other hand there is something to be said for the ChromeOS approach too.