voices.washingtonpost.com— Apparently, the .NET update automatically installs its own Firefox add-on that is difficult -- if not dangerous -- to remove, once installed.
May 31, 2009View in Crawl 4
@Cyonix: Hey, you're right. That sounds exactly like the *DESIGN* of ActiveX. Since it worked so well the first time, I see no reason not to relive that fiasco. It should be fine now, especially since we've now sandboxed the browser that ClickOnce isn't hijacking with this paper-thin security door.
I used securityfocus.com and searched on Microsoft. Also from listening to SecurityNow there have been patches for IE vulnerabilities that allow code injection, beyond that you won't get anymore 'proof' out of me as I use linux and rarely pay attention to things like this. I think I did well considering.Sandboxing is provided by the OS, this capability could be extended to Firefox. Just because the OS can sandbox IE and refuses to sandbox Firefox, does not make IE a better product and does not make Firefox a worse product.Sandboxing is a good technology when used right, why don't you push for the capability to sandbox all applications? It is being used atm to protect a select few MS apps, which gives you an argument that you should not be able to make in an ideal world where platform security is prioritized over application oneupmanship.
I don't think it's about image so much as the spread of blatantly misleading and false information.Nobody here with this line of thought has come up with a specific criticism of ClickOnce or the security ramifications of it.
ClickOnce will ask you whether you want to install either way, the prompt you're talking about is the one that asks if you're sure you want to download the manifest and pass it to ClickOnce in the first place.
link385Jun 1, 2009
then don't forget to uninstall flash, that's the same kind of runtime platform as the .net framework!good luck living stucked in the 90's
honoredmuleJun 1, 2009
@Cyonix: Hey, you're right. That sounds exactly like the *DESIGN* of ActiveX. Since it worked so well the first time, I see no reason not to relive that fiasco. It should be fine now, especially since we've now sandboxed the browser that ClickOnce isn't hijacking with this paper-thin security door.
stimpackJun 2, 2009
I used securityfocus.com and searched on Microsoft. Also from listening to SecurityNow there have been patches for IE vulnerabilities that allow code injection, beyond that you won't get anymore 'proof' out of me as I use linux and rarely pay attention to things like this. I think I did well considering.Sandboxing is provided by the OS, this capability could be extended to Firefox. Just because the OS can sandbox IE and refuses to sandbox Firefox, does not make IE a better product and does not make Firefox a worse product.Sandboxing is a good technology when used right, why don't you push for the capability to sandbox all applications? It is being used atm to protect a select few MS apps, which gives you an argument that you should not be able to make in an ideal world where platform security is prioritized over application oneupmanship.
alveslopesJun 5, 2009
I have several applications using ClickOnce with auto updates AND using Apache/PHP for deployment and it works perfectly.
latrosicariusJun 11, 2009
M$
ravatarJun 12, 2009
<a class="user" href="http://www.microsoft.com/downloads/details.aspx?displaylang=en&amp;FamilyID=cecc62dc-96a7-4657-af91-6383ba034eab">http://www.microsoft.com/downloads/details.aspx?di ...</a>
ravatarJun 12, 2009
I don't think it's about image so much as the spread of blatantly misleading and false information.Nobody here with this line of thought has come up with a specific criticism of ClickOnce or the security ramifications of it.
ravatarJun 12, 2009
The original: <a class="user" href="http://www.youtube.com/watch?v=6HGKJHpQkfI">http://www.youtube.com/watch?v=6HGKJHpQkfI</a>The classic Chris Farley skit: <a class="user" href="http://www.ebaumsworld.com/video/watch/1035969/">http://www.ebaumsworld.com/video/watch/1035969/</a> (sorry, couldn't find a good quality non-ebaums one)
ravatarJun 12, 2009
ClickOnce will ask you whether you want to install either way, the prompt you're talking about is the one that asks if you're sure you want to download the manifest and pass it to ClickOnce in the first place.
ravatarJun 12, 2009
Buried for blatant misinformation.
apotikAug 21, 2009
Awesome post, thank you for sharing. Microsoft can't be trust !!from <a class="user" href="http://www.rumahfarmasi.com" rel="nofollow">http://www.rumahfarmasi.com</a>