Surely just make the [user confirmed plugin install] update something with a secret hash token.

When firefox starts, it checks each plugin has been explicitly accepted by the user. If not, it alerts them.

Sure, you could reverse engineer the signing token, and hack around it, but that wouldn't get you many friends.

Neither does including anti-Microsoft code in your product. (it doesn't protect against shadier players because those don't care about having friends.)

That's not anti-ms. That's just good security. I'd like to know when something is messing with my browser executable.

Like I said, it's not effective. If malware wants to futz with your browser executable, it's just going to patch the executable, not conveniently go through the plugin interface around which you've designed some forgeable security token.