[Total Noob]

Open query:

I use Ubuntu 9.10.

I saw some interesting FireFox extensions (there are a handful of them) and installed them using the tabs within the browser for doing so.

I was surprised that they installed without me being asked for an installation password first, as customarily the case when installing Linux apps via the package manager or with programs obtained elsewhere.

I thought the supposed imperviousness of Linux to viruses was password/root protection before software could be installed, as opposed to Windows where bad stuff may install from email attachments or poisoned websites without the user having any idea it was doing that.

But with FireFox, apparently the Linux norm is bypassed somehow, and maybe it is allowing malware in under the same process. So is this a flaw in security?

I like the idea of package management because I assume that Canononical is checking the programs out before putting them in its repositories. I hope my assumption is correct.

I also know to use discretion when installing third party programs -- that it could be infected or just bad.

But now I don't know what to think about Firefox and its motives or its safety record, especially with its placement in the market somewhere between a large company's and some unemployed college kid working in his basement.

Is Firefox certifying the extensions before they allow them to go into its repositories? Is it taking responsibility if an app is poison? Why did it override the password protection?

Comments invited.