I have come to the realization now, that I should except any software I download and install to try and sneak bloatware or Malware on to my system. This can be in the form of a browser toolbar or some type of ‘security software’ or Windows optimizer. Avast! has their WebRep extension that is installed into all the browsers on your system. This is suppose to tell you how reputable a site is when you are doing a Google search. Java is partnering now with McCrappy McAfee. Waterfox now serves up a bunch of stuff from AVG unless you go hunting around the custom install options to NOT install. The latter though was far worse as it went ahead and took it upon itself to install the AVG Toolbar and associated Malware in the background when the user chooses to uninstall Waterfox.

So, what can you do to protect yourself? In most cases, the user is given the option to install the Toolbar or other ‘extras’, however these options can be hidden or confusing. When you are installing an application, read each screen carefully and look to see what is selected. Even if the application is something you have installed in the past, things may have changed. This was the case with Java offering to install McAfee security software and how I was caught off guard. If given the option always select ‘Custom Install’ as sometimes the option not to install is not available in ‘Typical’ or ‘Express’ install. In the case of Waterfox, I just happened to select Custom install and saw the options for AVG, although it was very confusing with the way they had the options presented in the installer. However, in the case of the Waterfox uninstaller, there were never options as to install or not install the AVG crap.

Sometimes though, you just somehow overlook the options or it is not quite clear how to NOT install the software. It happens, I’ve been there…done that as was the case with Java and McAfee. That at least was not too difficult to cleanup, just went into the Windows Control Panel and removed the application. Last night, I spent a couple hours helping a Firefox user over on Go Firefox! who unbeknownst to them installed the Babylon toolbar. They were trying to download a driver for their HP printer and obtained the driver from a non HP site. They either weren’t paying attention to the installer or chances are the installer was not very clear that it would also install the Babylon toolbar. While they did remove the plugin from Firefox and the toolbar from Windows, their Firefox was still using Babylon for the search engine as well as their new tab home page.

We confirmed Babylon toolbar no longer showed up in the ‘Programs’ list in Windows Control Panel and the extensions sub folder within their profile folder had no traces of the add-on. So while the plugin/toolbar was off their system, it had made changes in the browser settings. These changes were not changed back when the offending add-on was removed, plus we discovered it left a bunch of its own entries in about:config. That is actually normal, so in case the user accidentally removes the add-on, their customization/settings are not lost and will automatically be restore when they re-install the add-on. After some screenshots of their about:config settings and research we managed to get their Firefox back to normal. In the table below is a list of some of the about:config entries that could be changed by a plugin, extension, toolbar and/or Malware. Note: not all entries may be changed.

First thing you need to do is to get into Firefox’s advanced preferences settings:

1. In a new tab/window type in the address bar about:config and press enter
2. If you get a pop-up box about ‘Voiding the Warranty’, click the I’ll Be Careful, I Promise! button to continue
3. For each preference in the table below, copy and paste into the Search box.
4. If the preference has been modified from the default value it will be in bold. If it is not bold then the preference has not been changed and you can move on to the next preference.
5. In the list of results, right-click on the preference and select Modify.
6. Follow the directions below for each preference that needs to be changed and click OK when done modifying.
7. Once you are done close the tab or window and your changes should take effect without restart.

---

Preference Name	What does it do?	What should it be?
keyword.URL	By default this is suppose to be the URL for Google’s I’m Feeling Lucky and is suppose to open a Google search result if the user puts a bad or malformed address in the address bar. However, it appears this feature no longer works and users instead get an error message.	Nothing, the field should be blank. Remove whatever value is listed and click OK
browser.newtab.url	This is the page Firefox will display when you open a new tab.	The default value is about:newtab which opens the the new tab ‘thumbnail’ page. If you prefer just a blank tab then change it to about:blank
browser.search.defaultenginename	Tells Firefox which search engine to use by default	The default value is Google
browser.search.selectedEngine	This is the name of the currently selected search engine	Nothing, the field should be blank. Remove whatever is listed
browser.search.order.1	Specifies which search engine is listed first in the search box drop-down	The default value is Google
browser.search.order.2	Specifies which search engine is listed second in the search box drop-down	The default value is Yahoo
browser.search.order.3	Specifies which search engine is listed third in the search box drop-down	The default value is Bing

What to know more about:config entries? Check out the mozillaZine KB article on about:config entries