Will Firefox ask for an admin password when installing plugins?

Discussion in 'Mac Apps and Mac App Store' started by doxavita, May 6, 2011.

  1. doxavita macrumors 6502a

    Joined:
    Jul 6, 2010
    #1
    I know that Safari will ask for an admin password when trying to install plugins (to prevent from installing potentially unwanted applications such as trojans).

    Is it the same with Firefox? Will it also ask for a password?
     
  2. MarkMS, May 6, 2011
    Last edited: May 6, 2011

    MarkMS macrumors 6502a

    Joined:
    Aug 30, 2006
    #2
    Yeah, with Firefox you get a dialog within itself asking you if you want to install a plugin/extension. No, it doesn't ask for a password though.

    In Safari, it doesn't ask you for a password unless the plugin is being installed in your ~/Library/Internet Plugins. Things like Adobe Flash require a password because you end up downloading the Flash installer which then places the required files in that plugin folder. Safari extensions don't need a password though. It just asks you if you want it installed. If you go to extensions.apple.com it doesn't even ask you for a password. It just installs the extension for you.

    Basically, you're safe if you want to jump to Firefox or even Chrome. Just be careful of bad sites and just click Cancel if something ever pops up you weren't expecting.
     
  3. doxavita thread starter macrumors 6502a

    Joined:
    Jul 6, 2010
    #3
    So other than that yellow bar at the top displaying "install plugins", there's nothing else?

    I had a recent thread on internet safety with a Mac. I learned a password will be asked for before installing any sort of malware/trojan. At what point does that prompt take place? How am I safe it it doesn't ask for a password?
     
  4. MarkMS macrumors 6502a

    Joined:
    Aug 30, 2006
    #4
    Right, you'll just get a yellow bar asking you to install that particular plugin. Once you click it, it will download the plugin installer to your desktop or downloads folder and if you run that installer ... it will then ask you for an admin password.

    It's just like installing apps. If you are in standard mode, once you drop the app into the Applications folder it will ask you for the password.
     
  5. doxavita thread starter macrumors 6502a

    Joined:
    Jul 6, 2010
    #5
    And that's the default setting already, right? No need to mess around with any settings?

    btw, here's the link to the safety thread I'm refering to: http://forums.macrumors.com/showthread.php?t=1146986&highlight=
     
  6. MarkMS macrumors 6502a

    Joined:
    Aug 30, 2006
    #6

    Are you running as an Admin user (which is default) or Standard user?

    If standard, then any plugin that wants to install itself will ask you with that yellow bar in Firefox. If you know that the plugin is good and not malicious, it will then redirect you to a page to download the .dmg installer. This will download to your downloads folder. From there, you will double click it and it will prompt you with an admin password dialog. You enter your credentials and it's installed.

    As for this being the default setting, yes it is the default as long as you are a standard user. If in admin, the same process applies ... but in the end it will not prompt you for a username/password to install.

    I really hope this helps clear up the confusion. Basically follow what GGJstudios said about unchecking "Enable Java and open 'Safe" files" in Safari. In Firefox, you don't have to do that as "Enable Java" isn't an active preference and Firefox doesn't automatically open "safe" files.

    TL;DR: Make yourself a "standard" user in System Preferences>Accounts and use common sense when surfing and downloading items from the Internet.
     
  7. MarkMS, May 6, 2011
    Last edited: May 6, 2011

    MarkMS macrumors 6502a

    Joined:
    Aug 30, 2006
    #7
    Here's a page you might be interested in.

    http://www.mozilla.com/en-US/plugincheck/

    It checks your plugins in Firefox and lets you know if they are updated or not. I'd recommend on disabling the Java Plug-In 2 for NPAPI Browsers if you see it.


    PS: I just installed Firefox 4. I've been using Chrome and decided to update it and see how it runs to help you out better. I ran into an older version of Silverlight. Now with my system, I'm in Standard mode. So the yellow bar came up and said it Silverlight wants to install itself. I clicked it and it redirected me to Microsoft's Silverlight page.

    http://www.microsoft.com/getsilverlight/get-started/install/default.aspx

    As you can see with the directions, as I said before, it will tell you to download the installer and from there it will install itself AFTER you click on it. If admin, you probably will not get a admin password dialog. If standard, you will always get that dialog to authenticate the installation.

    Again, hope this helps!
     
  8. doxavita thread starter macrumors 6502a

    Joined:
    Jul 6, 2010
    #8
    Yes, I'll follow your advice of common sense surfing. That's best. Nothing is completely 100% safe.

    I think I'm already admin (as I'm the only user that uses my Mac & haven't changed any of those settings since my computer was brand new)
    When I lock/unlock KeyChain for example it does ask me for a password though.

    Yes, I let my firefox update its pluggins automatically.

    Thanks for all your help too! :)
     
  9. MarkMS, May 6, 2011
    Last edited: May 6, 2011

    MarkMS macrumors 6502a

    Joined:
    Aug 30, 2006
    #9
    Alright, think about changing to a standard user account if you really want to be protected. It's a bit of a pain though. You have to constantly enter your admin username/password anytime you want to install anything, whether it is OS X updates or apps to your App folder. It's worth the pain though, especially when that day comes when OS X becomes a big target for virus/trojan writers.

    See this tutorial: http://www.helpdesk.umd.edu/os/macosx/security/4669/

    If you want more information about OS X security, feel free to ask. Here are more resources if you are interested.
    http://www.princeton.edu/servers/osxsecurity/
    http://research.corsaire.com/whitepapers/technical.html
    http://research.corsaire.com/whitepapers/080818-securing-mac-os-x-leopard.pdf (it automatically downloads the PDF)
     
  10. doxavita thread starter macrumors 6502a

    Joined:
    Jul 6, 2010
    #10
    I'll be buying a new iMac soon, so I'll keep that advice/tutorial in mind.
    Once I get it working and used to it, I'll make such changes to this MacBook Pro I'm using.
     

Share This Page