Users need to know that installing an extension is exactly as dangerous as installing any other software, no more and no less…

Maybe part of the problem is that the install prompt dialog is so small that it doesn’t look like a big deal, when in fact it is. People might be more likely to think twice before clicking through an installation wizard that presents you with a license (even if the user isn’t going to read it), or a dialog that comes with one of those background windows that covers up the rest of the screen, or for that matter, a dialog that takes forever to load and gobbles up your memory – just like the Microsoft Office installation wizard.

Instead, the current dialog is the same size as the dialog you get when entering a secure site. That fact, and the dialog’s complementary green icon (the default extension icon) could lead a user to subconsciously dismiss the risk involved in installing an extension.

(IANAP)

Didn’t you use to have a preview function, Robert?

You should be conditioned to automatically click OK when the timer expires, when you were planning on installing an extension, since it’s only there for the times when you weren’t expecting an install prompt. (emphasis mine)

I think it’s important not to forget that this is “sufficient” UI to protect the Regular People™ who make up the vast majority of many products’ userbases (I don’t think they make up a sizeable enough percentage of Firefox users or this discussion wouldn’t be framed the way it is ) “Sufficient” here more closely approximating “good but there’s still room to improve” rather than “foolproof security”….

One of the best security UI improvements to solve a similar problem is the yellow location bar background for https sites (limits of that notwithstanding–hrm, I thought Gerv had a article on those limitations?). The yellow background eliminates the modal dialogues, which makes it less suceptible to the conditioning that comes with annoying modal dialogues, is visually distinct enough to catch the attention even of the jaded Bugzilla user–and for Regular People likely appears infrequently enough to really catch their attention. The absence of the yellow background is the first thing I notice when using non-Moz browsers on my Mac. I’ve become so familiar with it that I’m tempted to turn off “warn when leaving a secure site” and just leave the modal dialogue for mixed-mode sites.

Unfortunately, I can’t think of a way to apply this UI innovation to extension installation. The ability to trust the site one time for installation seems like a good step to take with the current UI, though.

(I have not done very much Psych.)