That doesn’t seem a lot better—I know what it wants me to do with an unsigned plugin prompt—review the site, verify the download hash, review the plugin source code, look for reviews of the plugin, author, site...
What I actually do is wait 5 seconds, then click “yes do it” as soon as possible. So the utility is … well intentioned, but still ineffective.
It’s true that it’s less than perfectly effective, but it serves some purpose: I almost always install plugins from the Mozilla plugin site, where a rating is immediately available, and where a virused plugin would probably get removed very quickly. Under those conditions, I know that I’m fairly safe just installing it anyways.
However, a malicious site could attempt to infect my browser by installing a plugin, which is where the timer comes in handy. It could even attempt to hide the plugin dialog with lots of other useless dialogs (“Really submit this comment?” Yes. “Really really submit this comment?” Yes. “Really really REALLY submit this comment?” Yes. “Install this plugin?” Yes. Oh, hold on, wait! Crap.)
More generally, timed dialogs are helpful because they increase the chance that you notice what it is you’re confirming. If you know you’re doing something risky and want to do it anyways, so be it… but at least you know what it is you’re accepting, and are given a greater opportunity to back out if you are surprised by the level of risk.
That doesn’t seem a lot better—I know what it wants me to do with an unsigned plugin prompt—review the site, verify the download hash, review the plugin source code, look for reviews of the plugin, author, site...
What I actually do is wait 5 seconds, then click “yes do it” as soon as possible. So the utility is … well intentioned, but still ineffective.
It’s true that it’s less than perfectly effective, but it serves some purpose: I almost always install plugins from the Mozilla plugin site, where a rating is immediately available, and where a virused plugin would probably get removed very quickly. Under those conditions, I know that I’m fairly safe just installing it anyways.
However, a malicious site could attempt to infect my browser by installing a plugin, which is where the timer comes in handy. It could even attempt to hide the plugin dialog with lots of other useless dialogs (“Really submit this comment?” Yes. “Really really submit this comment?” Yes. “Really really REALLY submit this comment?” Yes. “Install this plugin?” Yes. Oh, hold on, wait! Crap.)
More generally, timed dialogs are helpful because they increase the chance that you notice what it is you’re confirming. If you know you’re doing something risky and want to do it anyways, so be it… but at least you know what it is you’re accepting, and are given a greater opportunity to back out if you are surprised by the level of risk.
The about:config option “security.dialog_enable_delay” allows one to reduce the delay to 0.