I woke up this morning to see this on the screen:

Something has automatically installed itself into my Mozilla without my permission.  What was it?  I don’t know.  The screen above does not actually say what was installed.  It might be the Michelangelo virus for all I know.  And there is nothing listed in the list of extensions.  There is a list of plug-ins, so it might have been a plug in, but which one?

But I did not ask for anything to be installed.  There was no little pop up window saying “About to install….are you sure?”  I had no idea that something was being installed.  That spells virus city.

Why am I so sensitive?  Last Thursday I installed Firefox 3.0.  On sunday my computer was infected with a virus that took over the screen saver.  I attempted to remove it manually, including a number of removal tools, but in the end wiped the computer and re-installed windows.  Not a fun way to spend a Sunday evening.  I am pretty sure that source of the infection was Firefox, and having just installed Firefox 3, it makes me wonder if there is a security flaw in the new version.

So now I am running on a computer with almost nothing on it (it will be a few days before I get all my normal software installed).  In this relatively sterile environment, I am finding pieces of software automatically installing themselves.  Not good.

Kudos to the Mozilla folks for providing an alert saying that something happened, but how hard would it have been to include the NAME of the add-in in the alert?  Real security would be to have a list of every extension to the software listed, where it came from, as well as the date and time that it was installed.  Maybe even the signature on the code for verification.

I am probably overreacting to this, but given my recent experience, I am justifiably nervous.  Hmmm, maybe that Google Chrome is starting to look a tiny bit more attaractive.