It could also patch firefox.exe to allow it. Or, just run in the background in its own process because malware.exe is already running. Once you have malicious binaries running on the user's computer all bets are off.

This is partially true – code-signing defeats it on modern operating systems – but don't forget that much of the problem isn't outright malware but rather ad-ware like the ask.com toolbar where the companies try to claim that users chose to enable it to avoid prosecution or lawsuits.

This is a relatively minor change but the automated checks prevent some of the more blatant abuse and, more importantly, the fact that you can't just anonymously upload code forces shady companies to leave more of a paper-trail.

My windows box will still happily run unsigned binaries, so I don't see how code-signing would help it there. Unless you were not referring to regular windows/linux as modern. I'm not sure if there's anything special with regards to replacing signed binaries with unsigned ones, but if so you could just put the binary elsewhere and replace the shortcuts.

With regard to the ad-ware like toolbars, is that really reason enough to lock everyone into a walled garden? I'd rather deal with the occasional toolbar than only being allowed run blessed extensions.

> My windows box will still happily run unsigned binaries, so I don't see how code-signing would help it there. Unless you were not referring to regular windows/linux as modern

Close: it's not the OS flavor so much as the security configuration. All of the major operating systems can be configured to restrict execution – whether that's mandatory code-signing, only running code from white-listed restricted directories, etc. this can be used by a security-aware admin to prevent whole classes of attacks or escalation for successful attacks.

That's the default on OS X but can also be enabled if you're willing to break with tradition on most other operating systems. That certainly has a compatibility cost but much of that cost is born by users who don't benefit from it.

> With regard to the ad-ware like toolbars, is that really reason enough to lock everyone into a walled garden?

First, the nakedesecurity writer used a click-bait headline to troll for clicks but that hinges on a redefinition for the accepted meaning of “walled garden”. It's highly misleading since Mozilla isn't charging for signatures or deciding which companies are allowed to publish add-ons.

Second, millions of people are affected by dishonest software. I'm not terribly enthusiastic about needing to sign things now but I'm not cavalier enough to dismiss the argument that a minor inconvenience for a few developers is worth more than improving the average user’s experience. Any time I look at my front-end JavaScript logs, I'm reminded of just how many people are browsing the web with untrustworthy code injected into every page.

Not if it is signed or doesn't have write permissions.

You argument is basically: "if a user installs the virus, the virus will make sure that the user will install the virus". Nonsense.

Malware.exe doesn't need Firefox to do its dirty work.

No but it degrades Firefox user experience and that's bad for Mozilla.

Theoretically Malware.exe could be able to replace (or alias, or provide a convenient shortcut on Windows' desktop) the Firefox binary with one, that does not perform a certificate check. It is hard to protect user from something that is already running on their computer.

In which case, for the user's safety, we need to remove the ability to download exe's. Disabling won't be good enough; they may follow steps to enable it not knowing what they are doing.