Norton claim that Mozilla forcing change in add-on behavior

[Rick216]

I have long used Norton Internet Security, with its automatic (unless disabled) Toolbar add-on to Firefox (often called Identity Safe). While I would always hide the visible Toolbar in Firefox, I appreciated the fact that it would cause site-safety ratings show up next to each result in a Google search (green means safe, yellow means caution, red means unsafe, and grey means unknown). These were mostly based on known malware/phishing presence -- with specifics given for each "unsafe" rating, as opposed to the more-subjective, largely content-judging ratings of Web of Trust. The Norton site-safety ratings for Google search results was a VERY useful feature.

Well, with Firefox going to 57, Norton claims (link below), that the new Webextensions API required them to take a different approach, designing a "new" add-on called SafeWeb that will work with 57, but it will no longer attach site-safety ratings to Google search results. Instead, you have to do the search through SafeWeb's own interface (powered by the awful Ask.com). (And BTW, SafeWeb is hardly anything "new" as Norton is trying to present it -- it has been available to anyone as a Firefox add-on for years..which immediately brings the credibility of all of Norton's claims in this document into question.)

Bottom-line question: Is Norton credible when they claim (as implied in the document, and explicitly stated on Norton Forums) that Mozilla will no longer allow them to create an add-on that adds site-safety ratings to Google Searches in Firefox 57? NOTE THAT NORTON *DOES* STILL HAVE THIS FUNCTIONALITY WITH ITS CHROME EXTENSION. Maybe I'm wrong, but this sounds more like a ploy to get more revenue sharing with Ask under the guise of a false "this is the only way Mozilla will let us do it now" claim. Any thoughts (aside from "you shouldn't be using Norton or allowing Toolbars")? Thanks

https://support.norton.com/sp/en/us/hom ... file_en_us

[Sugoi]

Umm so, how is that related to this Firefox support section?

[malliz]

Norton/Symantec make a lot of claims one of which is they make a decent product. Any company that aligns itself to Ask has a very dubious business model.

Umm so, how is that related to this Firefox support section?

Valid question we see a lot of Firefox problems caused by Norton/Symantec

[allande]

The Firefox Webextension API can do most, but not all things that Chrome extensions can do. They are probably lying, with rewriting the extension or modifying their Chrome one, they probably could make a webextension that alters webpage results - adblockers are able to modify webpages so it should likely be possible. It would require a full rewrite or modifying the Chrome extension. But, accusing someone (Norton) who you want to do you a favor may not be successful in getting you what you want.

[the-edmeister]

...
Bottom-line question: Is Norton credible when they claim (as implied in the document, and explicitly stated on Norton Forums) that Mozilla will no longer allow them to create an add-on that adds site-safety ratings to Google Searches in Firefox 57? NOTE THAT NORTON *DOES* STILL HAVE THIS FUNCTIONALITY WITH ITS CHROME EXTENSION. Maybe I'm wrong, but this sounds more like a ploy to get more revenue sharing with Ask under the guise of a false "this is the only way Mozilla will let us do it now" claim. Any thoughts (aside from "you shouldn't be using Norton or allowing Toolbars")? Thanks

https://support.norton.com/sp/en/us/hom ... file_en_us

Extensions are no longer allowed to add a toolbar to the User Interface. Not directed towards a particular company or particular type of application or functionality (i.e., , towards Norton or security toolbars).

So, following the WebExtensions format as set forth by Mozilla, Norton has provided a "door-hanger" type of notification display that looks like when the cursor is 'on hover' over their toolbar button a notification panel appears. Seems to be logical solution, IMO.

[Rick216]

...
Bottom-line question: Is Norton credible when they claim (as implied in the document, and explicitly stated on Norton Forums) that Mozilla will no longer allow them to create an add-on that adds site-safety ratings to Google Searches in Firefox 57? NOTE THAT NORTON *DOES* STILL HAVE THIS FUNCTIONALITY WITH ITS CHROME EXTENSION. Maybe I'm wrong, but this sounds more like a ploy to get more revenue sharing with Ask under the guise of a false "this is the only way Mozilla will let us do it now" claim. Any thoughts (aside from "you shouldn't be using Norton or allowing Toolbars")? Thanks

https://support.norton.com/sp/en/us/hom ... file_en_us

Extensions are no longer allowed to add a toolbar to the User Interface. Not directed towards a particular company or particular type of application or functionality (i.e., , towards Norton or security toolbars).

So, following the WebExtensions format as set forth by Mozilla, Norton has provided a "door-hanger" type of notification display that looks like when the cursor is 'on hover' over their toolbar button a notification panel appears. Seems to be logical solution, IMO.

Thanks. Maybe there's something I'm failing to understand here, but wouldn't that also disallow WOT' (Web of Trust) from appending site ratings to Google search results? I understand that the WOT add-on still works with Firefox 57. (Although I suppose it's possible that WOT has moved to a "door-hanger" approach in Firefox 57? I can't test that possibility because I have Firefox 52.5ESR.)

BTW, thanks to everyone else for their replies as well.

[malliz]

To be brutally honest WOT is widely known by the name Web Of Trolls its efficacy is dubious at best due to the inaccuracy of its data

[Rick216]

To be brutally honest WOT is widely known by the name Web Of Trolls its efficacy is dubious at best due to the inaccuracy of its data

That said, if you or anyone else who has Firefox 57 would be willing to add WOT temporarily, and let us know whether or not it can/does still append ratings symbols next to Google search results, I would be most grateful!

[Mark12547]

I added Web Of Trust to my Nightly Test Profile and indeed on a Google search WOT added a little circle by each search result: green (good reputation), gray (not enough data), orange (caution), but I didn't hit any red circles in my quick test. Hovering the mouse over one of the WOT circles brought up more information.

So, yes, at least WOT is able to add stuff to the search results page, at least in Nightly where I tested it.

[Mark12547]

Oh, 57. Yes, WOT works also in Firefox 57 (Release Channel).

[Rick216]

Thanks, Mark12547!

[therube]

which immediately brings the credibility of all of Norton's claims in this document into question

LOL.


Oh, those. Didn't even realize they were there at first.

[c627627]

Original poster, this may be informative for you enough to reconsider paying for/using Symantec products.:

1. There were 2017 news headlines about Symantec in yet-another dodgy digital certificate revocation scandal...
2. Google will distrust all Symantec certificates starting with Chrome 66.

Excerpts:

GOOGLE'S PROJECT ZERO security group has published details of what it describes as a series of critical vulnerabilities in Symantec's Norton Antivirus product that "are as bad as it gets".

"They don't require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption," said Project Zero's Tavis Ormandy...

Frightened? You should be. Symantec uses the same core engine across all its antivirus products, including:

Norton Security, Norton 360, and other legacy Norton products (all platforms)
Symantec Endpoint Protection (all versions, all platforms)
Symantec Email Security (all platforms)
Symantec Protection Engine (all platforms)
Symantec Protection for SharePoint Servers

Some of these products cannot be updated automatically, and administrators must take immediate action to protect their networks."


"Because Symantec uses a filter driver to intercept all system I/O, just emailing a file to a victim or sending them a link to an exploit is enough to trigger it. The victim does not need to open the file or interact with it in anyway," warned Ormandy.

"Because no interaction is necessary to exploit it, this is a wormable vulnerability with potentially devastating consequences to Norton and Symantec customers. An attacker could easily compromise an entire enterprise fleet using a vulnerability like this."

[Brummelchen]

Norton claim that Mozilla forcing change in add-on behavior

a big big green from my side. this has to come and it had come ^^

this exactly points out which attitude Norton and other antivirus vendors have in general
"we have the longest d**k, so b**w us"

i had hope that quantum will drive them all dead, for some it happend.
at anytime norton and kaspersky, also for avira, those "developers" never could manage to release their extension right in time, or make them bugfree.

in fact there NEVER was need to develop such crappy extension, the general code should have done it at all.

at least they had like anyone else 1 year to develop a webextension from scratch, now they have no luck.
and that's what customers pay for? (not note: for being incompatible, buggy and always too late)

PS WOT is not that bad, its supposed to warn for malicious sites and its performing well.
nevertheless the past showed us that they gathered personal data, i dont know if it still do.

as a long time user for uBlock it has similar or better function to warn for such bad sites and more.

BTW https://addons.mozilla.org/en-US/firefo ... tity-safe/

PS a further toolbar is planned, but there exist no date. anyone is waiting for.

[Rick216]

Original poster, this may be informative for you enough to reconsider paying for/using Symantec products.:

1. There were 2017 news headlines about Symantec in yet-another dodgy digital certificate revocation scandal...
2. Google will distrust all Symantec certificates starting with Chrome 66.

Excerpts:

Interesting. I'm not at all committed to Norton, especially if they don't add back the safety icons to Google search. (If you had asked 3+ years ago I was happy as could be with them and would have said otherwise, especially after bad experiences with other AV's including BitDefender and NOD32 -- and the older, bring-your-system-to-its-knees versions of Norton.)

BTW, my brother is a mortgage broker for a mid-sized regional bank that uses Symantec and keeps integrating it deeper and deeper into its security systems. The bank removed his Firefox installation, saying Firefox is a security risk because it is open-source. They allow IE and Chrome.