Firefox Auto Update Question and What Happened to Michelle Malkin?

3/9/14 | Me

[ducttape45]

I need to pick someone's brain on a Firefox question and on what happened to Michelle Malkin.

First, I can't keep Firefox from automatically updating. I have tried everything I can find on the Internet about ensuring Firefox doesn't automatically. I have version 24 and 25 and I don't want to update any further, but no matter what I try it still continues to do so.

I've told Firefox not to update under the Tools/Options/Advanced/Update tab. I deleted the Maintenance Service. I've gone into about:config and deleted the update URL. AND NOTHING WORKS!!!!!!

Anyone else out there got any ideas? I want to keep using it but I'm afraid I'll have little choice but to go to another browser. Mozilla is really slitting their collective throats with this.

Secondly, I've noticed that Michelle Malkin doesn't seem to be on Fox News anymore. Usually the email updates I get from her would have links to her appearances on Fox News. Since about last October those links are no longer in email alerts and the Youtube sight for Right Sightings no longer posts anything newer than Oct 2013.

Anyone know what happened to her? Did she go a tick off someone? I wonder if it had anything to do with the sudden hiring of Elizabeth Hasselhoff last year.

Thanks.

[cynwoody]

Open Preferences (or Options). Click on the Advanced tab, and select Update.

[UCANSEE2]

Did you check out post 25 ?

[minnesota_bound]

Resetting preferences
http://kb.mozillazine.org/Resetting_preferences

[NoCmpromiz]

I note that you have received some answers on how to make it stop so I won't add any on that subject, but allow me to toss in about $0.02 worth on the topic of updating. I agree with not liking software applying updates without my knowledge or consent. I especially won't let Windows update anything without my perusal of the updates, reading of the knowledgebase article, and then ok-ing or denying the update. Same with Adobe and Java. I also think Firefox is inflating version numbers when most of the changes look more like a 'point release' than a 'version change', but in the end they can call it whatever they please, it's not my software product.. ;-)

Having said that, I run Firefox on both my Windoze machines and my Linux boxes and Firefox is the one program I allow to update itself. Here's my reasoning (your mileage may vary). Firefox is the one browser that seems to keep up on its security. OK, supposedly so does MS with their InternetExploiter browser, but there is a difference. When an exploit is discovered in Firefox, they tend to get the 'fix' released rather quickly, like by the next update or interim update. Also if some unexpected strangeness comes from an update, Firefox is really quick to fix or undo the damage.

If you have been paying attention over the years, you will remember that Microsoft has allowed known exploits of IE to remain unpatched for time measured in years. Same with Apple - they ignored exploits because it would ruin their 'only Windows gets viri' meme.. Chrome I hear is ok if you want Google looking at everything you do - I don't. (I have no handle on its security side.)

For the record, I do use the NoScript addon with Firefox. That way NO active content runs on a web page without me knowing it's there. And with NoScript I can block googleanalytics so they can't snoop either (ruins the webpage's hit counter and thus rating with Google, but helps my privacy.. ;-)

Just my opinions and comments for your consideration.

[ansel12]

I have been trying to harden an xp computer for back up use, and updating seems to be the major part of security.

What I’m reading is saying that even plenty of security ware can’t be depended on to protect against system flaws, and browser flaws.

[BlueDragon]

Pretty sad huh..... D:

I think I know how you feel.

Mongo and his 'puter just pawn in game of life

[Windflier]

If you are running Firefox on a Windows OS based machine ... Then you should see an orange-ish tab of sorts, near the upper left-hand corner of the Firefox window.

That's weird. Mozilla tells me I'm running the latest version of Firefox (27.0.1) and I don't have any such orange-ish tab in the upper left hand corner of my browser window. My computer runs Windows 7.

[Windflier]

My Options window in FF looks pretty plain compared to the one you posted, and I’m running version 27.0.1 (which Mozilla claims is the latest).

I wonder why that is?

[cynwoody]

My Options window in FF looks pretty plain compared to the one you posted, and I’m running version 27.0.1 (which Mozilla claims is the latest).

That screenshot is of 27.0.1 running on Mac OS 10.6.8.

[Windflier]

That screenshot is of 27.0.1 running on Mac OS 10.6.8.

Ah...that explains it. Nice graphic rendering. Much nicer than Win 7.

[Revolting cat!]

Have you tried duck tape?

[PieterCasparzen]

That’s my issue, I need to stay on an ESR version. I can’t be updating my OS for what I use the machine for.

I had to see which versions were ESR, cuz that’s all that I can count on CentOS actually having any commitment to making sure both CentOS and FF work.

When I do a major upgrade of CentOS, or when it supports a newer FF ESR version, then I’ll be looking to go to the next FF ESR version.

There are no guarantees with updates; they can have new configuration options with default settings that may not work, may be a security hole, etc. I don’t have time to be constantly researching and fixing updates that happen behind my back.

I think that’s the whole point of the ESR versions, so they may be a little more easily “tamed”.

Once all your updates (ALL) are turned off, and you research and plug all the security holes for that version, of course life is good for a while.

Of course it may take 6 months or so for security holes to surface, so I like let a new version “age” at least that long before trying to upgrade to it, for any software.

[B4Ranch]

Use the Addon “NoScript”. Stop scripting and it won’t download without specific permission.

[PieterCasparzen]

Don’t browsers have to update to remain secure?

Doesn’t Microsoft have to update to remain secure?

Software updates can include changes to configuration.

Say you came across a nasty vulnerability, before anything happened, but you read up on it, and, according to solutions you found, you turned off this or that, or set some Windoze registry entries to certain values, etc., as part of plugging the security hole.

An update could change that back on you and you'd never know unless you checked it.

Perhaps the new software that was installed with the update has new configuration options: checkboxes, settings, that tell the software do this, don't do that. The default settings are often huge security holes. Update installs, a short time later, bingo, a hacker is in your computer exploiting the new way to break into your machine.

In theory, as soon as M$ or mozilla or whoever receives a report of a vulnerability in their software, they work on a solution, then push it out as updates. But it's the time from when the hackers find it....................... all the way until the "fix" gets pushed to your machine, that you're sitting there defenseless.

The conservative way is spend the effort to find out how to get your machine locked down (secure), then leave it alone.

Most Windoze (and smartphone) users don't do that. Most users don't know about much of their configuration at all, they just install software with the "wizard", taking all the defaults, keep clicking ok. They never look at what windows services they have running or how they are configured, they don't look much at the network settings or understand them much, same with IE, email, etc. It's all far too complex, really, and mostly always the way software is designed and installed with all defaults, it's very insecure..

[Cold Heat]

IMO...most of the updates are because of OS and support application updates...they have to keep up with the jones’s.

It's OK to be paranoid, but the video codecs also update and if you freeze your computer in time and bow out of the update process, pretty soon you have a windows XP machine that won't do diddly...and is full of exploit holes big enough to drive a truck through..

I tried that freeze idea.....but had to allow updates because my network crashed due to one computer not having the right credentials.

So do what you must....just sayin...

[ansel12]

Aren’t 99.9% of the people better off not rejecting the updates that repair weaknesses in their operating systems, software, and browsers when the creators of those items discover a weakness and create the update?

I’ve been updating for almost 20 years, and like the idea, and have never understood the people who go years without updates, in fact, it seems to be the problem in almost every computer that I have ever looked at.

You seem the guy to ask something that has puzzled me, for the people who don’t believe in updates, I assume they will keep using XP and IE, won’t they?

[ShadowAce]

[PieterCasparzen]

Aren’t 99.9% of the people better off not rejecting the updates that repair weaknesses in their operating systems, software, and browsers when the creators of those items discover a weakness and create the update?

Most updates are not related to security, but they change or extend functionality, some are cosmetic changes. New data formats, new HTML extensions, changes to the code libraries that software calls to interact with the operating system or features bundled with it.

When these non-security updates are installed, they invariably create new security vulnerabilities, or reintroduce old ones.

So then we have another "zero-day" exploit, i.e., after the introduction of a vulnerability, there is some amount of time that users are vulnerable, until the thing is reported to the vendor and a solution is developed, packaged, and made available or pushed out to users.

I’ve been updating for almost 20 years, and like the idea, and have never understood the people who go years without updates, in fact, it seems to be the problem in almost every computer that I have ever looked at.

What was missing on the "problem" computers was the updates that were needed, not the whole stream of all updates.

Also, note that machines may be compromised but the user is not aware of it. For years. Also, one may be lucky for years and not be hacked, even though there are vulnerabilities on one's machine. It's also important to note that machines behind corporate firewalls are administered by professionals with a toolbox of software, whose job it is to keep everything updated. Of course, corporate networks are hacked quite often, so the approach of professional adminstration, and pushing updates often does not guarantee security at all.

There are basically two approaches for updates.

One, the riskier way: try to keep up with the latest stable versions of everything. You need to upgrade to the latest major release to do this - but you can't obviously upgrade to it if you have software or hardware that it does not support. Once you're on the latest major release, you keep trying to stay up with the latest updates and fixes. This can lead to problems that are introduced by the updates themselves.

The other way is the conservative way: get on a stable release and stay there for a while. Selectively install software so you don't have any installed that you don't need or user; this eliminates vulnerabilities in software that you don't even need. Do the research to find existing vulnerabilities for the software you run, implement the solutions for each that best suits your needs, i.e., turning features off, disallowing access from other IP addresses, apply software security updates that fix the software, etc.

This conservative approach is more "active", the first is more "passive", but more, shall we say, "adventurous".

You seem the guy to ask something that has puzzled me, for the people who don’t believe in updates,

It's not a matter of "not believing in" updates.

It's a matter of wanting to know what the proposed updates are and reviewing them before any are applied, then picking and choosing which to apply so as to avoid having the updates break things in the software that you use and rely on.

I assume they will keep using XP and IE, won’t they?

The userbase changes over time due to death and inactivity on the one hand, and births on the other hand, in addition to current users making the choice to use or not use software. Industry organizations continually extend data protocols and formats, which are then adopted by websites, but not backported to old browser versions. Old browers therefore don't have all the new pretty things enabled. This causes users to upgrade their browsers, which at a certain point will necessitate OS upgrades; the timing, of course, is up to the OS and browser owners/developers.

Interestingly, the hardcore web / tech folks will be familiar and wholeheartedly support the idea of the simplistic text-only browser.

Lynx is still distributed and available, and serves valid purposes.

[PieterCasparzen]

I’m responding to you from lynx ! It does have a windows version,if you’re so inclined. It’s interesting to note that since it does not support flash, flash cookies are not a tracking or security issue. It works quite well with sites like FR, where a key part of the functionality is text.

[jimt]

Overall, I WANT CONTROL OF MY COMPUTER, not some faceless individual or corporation. It's a choice, a preference.

And there's always the old saw "Iffen it ain't broke don't fix it."

Too often the "downgrades" eliminate some critical functionality to be replaced with drivel or unnecessarily complicated (but NEW!) user intercourse.

No thanks - I'll choose.