One of my visitors called and told me, that he is getting strange messages, when browsing my website. I couldn't make heads or tails of it, so i took a look at it myself.
It seems that the Real-Player triggers the Windows Vista UAC-message. I was not yet able to reproduce the error on my own machine, but it started exactly the moment we started using Piwik.
Disabling the Check for real player would be a fix for me, as I do not really care for this particular plugin.
This is a major annoyance, since he gets the window on every single page-view. I'd give it a priority "major", but then again, who has real player installed and uses vista and IE at the same time ;-)
Piwik isn't trying to exploit a plugin vulnerability, but unexplained/unexpected security alerts and/or launching of apps can spook visitors. This is undesirable even if impacts a small number of users.
The proposal is to disable ActiveX plugin detection on Internet Explorer. Maybe one day, Microsoft will populate window.navigator.mimeTypes[(or navigator.plugins) instead of leaving these properties empty.
An alternate proposal would be to disable ActiveX plugin detection by default, and provide a method to enable it.
Note: GA has a _setDetectFlash(bool) method.
(In ) fixes #852 - disabled ActiveX plugin detection in IE