[DZittersteyn]

Wow, this is really irresponsible behavior, I would've expected something better from Mozilla.. Until now they've first offered an alternative (e.g. pdf.js) before trying to move away from a tech.

Marking a current version as unsafe, even when there are no known exploits is simply ridiculous. I'd love to see the reaction of Mozilla if Microsoft decided to mark all Firefox releases as unsafe, and give a big security warning whenever you installed FF.

Especially if the UI for unblocking it in FF is as obtuse as the discussion implies..

[calibwam]

Well, when you download the .exe file in IE, you do get a warning that it might be unsafe from Windows. And you need to verify that you want to install it.

The way to verify that the installer is legit, verifying the checksum, is not done by Windows, and must be done manually. Users don't do that, and flagging everything as unsafe is a good way of notifying the user that they must be careful.

[josteink]

> flagging everything as unsafe is a good way of notifying the user that they must be careful

Crying wolf all the time is a 100% guaranteed way of making sure nobody will ever care.

[DZittersteyn]

UAC? is that the window I always have to click 'Yes' on when I run a program? Yeah, could you disable that?

[josteink]

Either you are doing admin-y stuff, or the programs you rely on are broken.

When I write Windows-software, I only signal that the process requires UAC elevation for the things which actually does so. It's possible. In fact it's rather easy.

I almost never encounter software which requires UAC elevation, just like most things in Linux doesn't require me to go full sudo.

[eterm]

No, it's a good way to ensure that users click OK without reading message boxes ever.

[Yoric]

Have you read the linked page?

At the moment, as Oracle refuses to fix security bugs timely, Java is permanently unsafe. Please be pissed off at Oracle for not protecting their users, not at Mozilla for doing it for them.