Add-ons, Installation Experiences, and User Consent


As discussed in previous blog posts, add-ons can have a material impact on browser performance. IE measures the performance of add-ons so that users can make informed decisions about them. It is important to understand how add-ons arrive on a user’s system to begin with because browser performance is so important to site developers and to consumers. The notification and control that users have around the add-on installation process is equally important because add-ons can also have an impact on user privacy and information sharing. This blog post surveys the current installation experience for different kinds of add-ons in different browsers and how the add-on installation experience can be more robust for consumers.

First, let’s look at mark-up based add-ons in IE. These add-ons describe their functionality without any executable code, typically using XML. Examples are OpenSearch providers, Web Slices, and Accelerators. There is no code in the add-on itself and no code involved when the add-on is installed. Consumers install these add-ons from within the browser. There is clear consumer consent as part of that in-browser installation experience:

Accelerator installation consent dialog from IE8

Binary add-ons, like Toolbars and BHOs, are full Windows programs that run within the browser. The installers for these Windows programs are other Windows programs that run outside the browser. Some add-on installations are the result of a user explicitly seeking them out and installing them. Other add-on installations are bundled with other software. These can be a surprise to users, and are often installed without explicit consent.  Technically, browsers can only detect that an add-on was installed, not what consent the user gave during installation. We hope you’ll share your favorite examples of software installation surprises in the comments. It is not clear from within the browser what consent (if any) a consumer has given when one of these add-ons is installed. It is clear that the next time the user starts IE, the new add-ons will affect browser performance and reliability, and possibly privacy.

Add-ons can also affect privacy. Additional code running in the browser can send user information to websites. (You can read more about an add-on that sent user information inappropriately here.) For this reason, when users start IE8’s InPrivate Browsing feature, IE runs without toolbars and BHOs. The user expects an InPrivate session to be private, and there is no way for IE to know what information add-ons save on the user’s system or send to websites. 

Because many add-on setup experiences surprise users, some browsers today seek user conformation before they run newly installed add-ons. For example, here’s the dialog that Firefox 3.6 shows the first time the user starts it after installing an add-on:

Firefox add-on installation consent dialog

Note that before seeing this prompt, the user initiated the add-on installation explicitly and clicked two prompts within the browser to install the add-on.

On today’s web, consumers face many different threats to browser security, reliability, performance, and privacy. We work closely with other software vendors to make experiences within IE better for consumers. For example, we exchange feedback with toolbar vendors about their work and the IE Add-on Guidelines and Requirements. Many times, these conversations result in improvements to add-ons. Microsoft treats all add-ons and software vendors consistently with respect to these guidelines and requirements. Given the ambiguities and risks around add-ons, consumers benefit from having more information and more control over how add-ons are installed.

Herman Ng

Program Manager, Internet Explorer


Comments (19)

  1. Anonymous says:

    Fifth paragraph: "conformation" should be "confirmation"

  2. ieuser says:

    Will IE 9 have a new way to create addons? Would love if we can get a VS 2010 support for IE Addon development.

  3. Linr says:

    @ieuser You can create Add-on via "HTML+JS",such as LinrWinds  hi.baidu.com/…/e198ac184004f00b35fa419c.html

    使用HTML+JS就可以开发IE的add-on,超级容易。LinrWinds就是这样的一个扩展。

    One install,IE6/7/8/9(IETester) all extended.一次安装,全部IE版本扩展。

  4. USC Trojan says:

    I am hoping for a better add-on experience with IE9. Something like Firefox and/or Chrome where all add-ons are separately installed, is preferred.

  5. Rachel says:

    Will addons in IE9 have a timer for install so that accidental drive-by installs can be avoided?

    Likewise many other software products include pre-checked crapware installs as part of their ad revenue. e.g. (bogus example, but you get the point) you go to install Adobe Reader and the install tries to get you to install the Norton A/V toolbar in IE.

    Will IE9 present a dialog on startup indicating that a new addon ("Norton A/V toolbar") was installed by a 3rd party vendor, did you authorize this? (Yes/No/Uninstall the crapware)

    I think in my entire IT experience I have yet to see a single user that actually wanted to install all the addons inside their IE.

  6. EricLaw [MSFT] says:

    @Rachel: Within IE, add-on installs aren't simply delayed, they're blocked. The user must specifically elect to install add-ons using the notification bar.

    @ieuser: I'm not entirely sure what you're asking about? Visual Studio can already be used to create add-ons (and it's the most common way to create binary add-ons today).

  7. GoodThings2Life says:

    My problem with the current IE add-on approach is that when a toolbar or other add-on is installed by a third-party installer (let's say Adobe Flash or Shockwave installing the Google Toolbar or Adobe Download Manager for instance) there is a checkbox enabled by default to install it, and of course, most consumers don't read or pay attention to the implications of that. Unfortunately, once they click Next/I agree/OK, it's installed, and there's no confirmation by IE after the fact. IE should be smart enough to say to the user, "Hey wait a minute… something is different, and it is this… is this OK?"

    Not too familiar with Opera, Safari, or Chrome, but I know that Firefox always displays the add-ons dialog if something changes, and it's usually pretty good about highlighting what changed. I'd like to see a similar mechanism in IE. Moreover, I would like to have an option in the IE Add-on Manager to not only Enable/Disable add-ons but to flat out REMOVE the add-on. Even cooler if you could block specific classes of add-ons (ie Toolbars or Search engines or BHOs, etc). If I could banish toolbars forever, I would do so in a heartbeat!

  8. GoodThings2Life says:

    PS– I'm a Systems Administrator, and if I could group policy disable the addition of these classes of add-ons that would be even better! I can't tell you how many times I get called to fix somebody's Internet issues and find out the problem is due to toolbars and BHO's that they installed purely by accident because of bundling.

  9. EricLaw [MSFT] says:

    @GoodThings: Open GPEdit.msc. Open Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Advanced Page, and set the policy "Allow 3rd-party browser extensions" to DISABLED.

  10. RBJ says:

    We want integrated addons like Firefox or Chrome and not installing .exe just for one addon.

    I really do not know why MS can't do this already. the addons gallery is already in place, just add real addons like adblock and not accelerators or what not.

  11. Learn says:

    unlike in lesser browsers, you do not need to download an ad blocker for IE it already has one built in already. just configure in inprivate filtering feature with the block list from adblock. this is so easy that lots of magazines have written articles for noobs about how.

  12. boen_robot says:

    @EricLaw [MSFT]

    "Within IE, add-on installs aren't simply delayed, they're blocked. The user must specifically elect to install add-ons using the notification bar."

    Wait, what? Last time I checked, when an add-on BHO or Toolbar is installed (usually in cases like the ones GoodThings2Life describes), IE8 does nothing to stop it from running. It stops ActiveX controls when a page first requests them, but not Toolbars and BHOs. Or are you talking about what IE9 is going to do? If that's the case, then it's nice to hear that IE will finally block toolbars and BHOs unless the user has explicitly allowed them within IE itself. If you were talking about ActiveX controls when you said "add-on"… I don't think Rachel was talking about ActiveX controls.

  13. Literacy says:

    Boen, you should probably learn to read. Here was the specific question: "Will addons in IE9 have a timer for install so that accidental drive-by installs can be avoided?"

    There's no such thing as an accidental drive-by install in IE and hasn't been since XPSP2.

  14. ieuser says:

    @  Learn:  common, its 2010. MS should provide us a way to implement this in 1 click. We want a better solution and Addons from MS not .exe ones.

  15. mentas says:

    Yeps, IE9 need something like Firefox.. Without an "install.exe" and admin/system problems.

    And more:

    – Add-on Store

    – Easy development/deployment like Silverlight (.NET)

  16. Deen says:

    "Some add-on installations are the result of a user explicitly seeking them out and installing them. Other add-on installations are bundled with other software. These can be a surprise to users, and are often installed without explicit consent."

    http://www.h-online.com/…/Microsoft-installs-Firefox-extension-without-asking-741823.html

    http://www.h-online.com/…/Microsoft-installs-another-Firefox-add-on-without-asking-users-permission-1021221.html

  17. CSharpHacker says:

    I guess I can understand a lot of the frustration with toolbars in IE, I don't add them myself, and if I'm in too much of a hurry to install something and miss a checkbox on an install and end up with the yahoo toolbar i curse myself out. please re-read that last part "I curse _myself_ out", I don't blame Microsoft because I don't read / don't know how to install software. IE shouldn't protect me from every stupid mistake I can make on my computer, and it's unrealistic to assume that it should. As noted, they provide a way for administrators to turn off toolbar installation in a corporate (or home) environment, which they should. Other than that take responsibility for your own actions and learn to read a EULA, or checkbox labels.

    The answer is smarter users, not smarter software.

  18. zzz says:

    So, in IE9, can you "unconsent/unapprove" previously approved site from using certain addon? In other words, if you install say Flash, then approve it to run on site-by-site basis, can you later remove a single site from the approval? It seems absurd you can approve sites but can't unapprove (in practise: block site from using addon) them except by resetting the whole thing ("Remove all sites" in IE8).

  19. Gunnhar says:

    Will there be the possibility for plugins that will not be initialized with every opening of a tab.