MS Issued a Fix For Its Unwanted FireFox Extension 266
As we discussed last February, and again a few days ago after the Washington Post noticed, Microsoft installed without permission a hard-to-remove Firefox extension along with a service pack for .NET Framework 3.5. Reader Pigskin-Referee lets us know that, as it turns out, Microsoft issued a fix a month ago; details here.
So the WaPo reports a story a month obsolete? (Score:5, Insightful)
And of course, since it's negative towards Microsoft, Slashdot dupes it a few dozen times. That's some quality journalism all-around. Oh, and it was an honest mistake in the first place, not some horrible malicious act.
Of course, if you read the Slashdot comments, you knew that Microsoft had already fixed it, since the comments are always about 10 times more on-the-ball than the actual posts. Sadly, I think the majority of visitors to this site never dive into the comments section and are probably fed a large spoon of bullshit every morning with their news.
Re:So the WaPo reports a story a month obsolete? (Score:5, Insightful)
I dunno about you but I get screwed in the ass enough and I'm duct taping my shorts and sitting on the porch with a shotgun.
Re:So the WaPo reports a story a month obsolete? (Score:5, Insightful)
It is not actually fixed. Even had it been removable in the first place it still would have been bad because they should not have installed it without permission.
Yeah, a fix (Score:5, Insightful)
Now there is an 'uninstall' button, but if you press it, the app is only uninstalled for the user who clicked the button, not other users on the computer; there's still no ready means of permanently opting out system wide.
And they also indicate with every update of the .NET framework it may get re-installed for all users when Windows Presentation components are updated...
Their fix is even more sly possibly. Now you have the false illusion of being able to remove it....
And this still doesn't 'fix' the whole issue of installing components / editing the contents of a third party app a user installed without that user's permission.
Re:So the WaPo reports a story a month obsolete? (Score:5, Insightful)
Say what you will about people bashing on Microsoft, but this was not an "honest mistake." It was by design, and all Firefox extensions installed this way behave the same way.
Better idea yet (Score:5, Insightful)
Instead of installing it and letting you uninstall it if you don't want it, how about they don't install it and make it an optional thing you can choose to install?
Re:So the WaPo reports a story a month obsolete? (Score:5, Insightful)
Install certainly isn't for the "common" user (Score:5, Insightful)
Sure, they've come out with an uninstall process. But who here thinks that Ma and Pa PC User have a chance in hell of correctly performing the necessary steps? For that matter, who thinks that the common user of a PC will even be aware of the issue in the first place?
Yes FF allows add-ons. Yes, MS has every right to create an add-on for FF. What really worries me is when a company creates an add-on for the product of their primary competitor which threatens the stability and security of their competitor's product. At a minimum this is dirty pool. To me it just looks like MS continuing to wallow in the sewage of unfair competition.
Re:So the WaPo reports a story a month obsolete? (Score:3, Insightful)
Now how about Java Quick Starter? (Score:5, Insightful)
Re:So the WaPo reports a story a month obsolete? (Score:2, Insightful)
When the open source community 10 times out of 10 makes hostile gestures towards Microsoft.... ... well yeah, you can see how it goes.
For all Microsoft's faults, it does what it does because it's a business whilst many members of the FOSS community seems to purely rely on hatred for their reasoning.
How can the FOSS community expect to be taken seriously when it can't be mature itself and when Microsoft does something that isn't wrong it STILL attacks it? FOSS is a noble cause but the community is so often blinded by it's own bias that it's self-defeating. I guess that's what happens in an anarchy though.
Why not you know, when it does something right accept that it's done something right and encourage such behaviour rather than leave many big companies thinking the FOSS community is just a cesspool of hate not to be taken seriously?
Microsoft.. (Score:5, Insightful)
Knowing them, it will leave about 50% of the junk that the addon installed. And 100% of the registry keys they used for it.
Re:Question? Who fucking cares? (Score:2, Insightful)
"You use a browser I don't like, therefore it's okay if someone messes with it without your permission!"
And yes, that IS exactly what you're saying, and yes, saying it DOES prove you beyond all possible doubt to be the craven idiot you so rightly fear yourself to be.
And no, you weren't just trolling to get a rise out of those oh-so-predictable Slashbots. And finally, yes, that IS what you were about to say in your pathetically futile defense.
Re:So the WaPo reports a story a month obsolete? (Score:4, Insightful)
Re:So the WaPo reports a story a month obsolete? (Score:5, Insightful)
Oh, and it was an honest mistake in the first place, not some horrible malicious act.
Not really buying it. It may not have been some horrible malicious act... but it sure was not some 'innocent mistake.'
Sure, innocent mistakes happen at big companies (like the whole thing with Amazon de-ranking Gay and Lesbian books). But for a company that is a constant target of anti-trust suits, who is notorious for this kind of thing, you think by now that they would be more careful. Its hard to believe that someone internal at Micrsoft didn't realize what was this was doing and just say 'fuck it' - even if it was a low level developer, somebody had to know - at the very least the guy(s) who wrote the code. I mean come on, this took some work to do. Its not like the amazon issue where practically one click of a check box reclassified a whole genre of books... some one had to put finger to keyboard and code this out.
So I think its really really hard to call this an innocent mistake. Maybe not a 'horrible malicious act' but once again they are injecting their shit into other peoples shit.
The HORROR! (Score:1, Insightful)
Wait, what's the big problem? It sounds to me like they decided to give Firefox support for what is basically .NET's equivalent of Java WebStart. It means you're using a Windows platform... which you are if you're bitching about this. They didn't alter the code for firefox, or anything-- they installed an extension.
It sounds to me like years of opensource Stockholm Syndrome has made freetards deathly frightened of platform integration and compatibility. Do you freak out when Java WebStart support is installed, also?
From the team perspective, they probably viewed it as a positive gesture--while they were updating the clickonce support on IE, they figured they would provide it on Firefox as well to give users a wider range of choice as to what their browser is.
From an enterprise perspective, you probably want to use things like ClickOnce on your company Intranet; that way web applications don't have to be cludged together in either archaic standard javascript or wacky inconsistent non-standard "modern" javascript... you can make consistent interfaces for things like electronic timesheets and such. Chances are, they don't want you removing it unless you know what you're doing. Of course, there's also some tin-foil hat linux moron who is going to remove the extension with their user-level permissions because it says "Microsoft" on it, then complain about the lack of .NET web application to support. Or worse... "WHY ISN'T THIS WRITTEN IN HTML 5? IT'S A WORKING DRAFT SORT OF. HOW ABOUT WxPython?!" One might even surmise that it being user-level monkey-able might make it more open to exploitation than it would be in IE.. (GreaseMonkey, anyone?)
The fact of the matter is, it's platform integration. Nothing more. For most users, ClickOnce is simply convenient. It just bridges them to support for secure sandboxed .NET applications that might be convenient if provided. For wingbats on slashdot, it's A GROSS INVASION OF THEIR OMG PRIVACY THAT THEY DEMAND FOR THEIR PIRATED COPY OF WINDOWS XP.
Since most of you are using a supported platform, your web browser is rather connected to the security and integration of the platform. Thus, it is Microsoft's territory, in the same way Firefox gets updated and extended if you are using Ubuntu or OpenSuSE. Of course, Firefox's biggest security hole is probably Firefox itself, but that's unimportant.
The point being is its a goddamn platform integration plugin and you people are probably afraid of your own shadows. The idea that any of you can use hideously insecure linux or mac systems, then turn around and freak out at a sandboxed .NET application starter is just awkward.
Re:Now how about Java Quick Starter? (Score:3, Insightful)
Re:Install certainly isn't for the "common" user (Score:1, Insightful)
First off the plugin doesn't add anything malicious, it isn't a security hole, and it doesn't do anything without the user's consent (You need to 'Click' for 'ClickOnce' to work, strangely enough)
Second off, they don't think it's an outrage that some company tries to increase interoperability with their favorite browser (FF) and they actually want it to happen, because they get pissed every time some thing doesn't work in FF as they think it should (such as click once)
Third off, it doesn't fucking matter because 20 other companies do it already (Adobe's Flash, Sun's Java VM, etc.) and only a fucking retard would care only because it's MS. These people need to get a grip.
Re:So the WaPo reports a story a month obsolete? (Score:5, Insightful)
Yeah, you know that button you click when you install updates that has two radio options, one where you accept the terms and one where you don't?
That's where you gave permission.
If you didn't install it explicitly, the alternative is that you gave permission when you accepted automatic updates.
If you don't want these things on your system, then don't give permission. Don't give permission and then claim you never actually gave permission when you blatantly did because otherwise it wouldn't have installed in the first place.
Re:So the WaPo reports a story a month obsolete? (Score:5, Insightful)
You could save the teeth gnashing and anal rape metaphors for when you actually have an issue, instead of wasting it on complete non-issues. It might lower your blood pressure in the long run. But that's just my opinion.
Re:Install certainly isn't for the "common" user (Score:3, Insightful)
Who the Hell thinks ma and pa PC user are using Firefox? .Net is a widely used set of tools that more and more webpages are taking advantage of. .NEt framework because they've been told they need it for a certain webpage or program to work correctly is just common sense.
The majority aren't.
You may have turned your parents onto it, and I've tried with mine, but the reality is it's still an IE world, webpages are still designed to work in IE, and
having this installed into firefox for all users when the person ELECTS to download the
versus the more slashtard oriented view of making "Ma and Pa PC User" go download the required .Net framework for their needs, and then go download a firefox extension to make it work properly in the alternative browser that their geek son/daughter/relative told them was so much better.
yeah.
So much better, and more annoying, and less useful.
But instead we get something like this that actually makes FF useful for the same places the user already downloaded the .Net framework for......
And since the extension was to allow click-once support for .net enabled websites, i'm gonna go out on a limb here and say that those "Ma and Pa PC Users" will LIKE having it installed so their webpages work correctly and function the way they expect.
Just like they do in IE.
So in reality, despite what slashtards want to think, most people simply won't care, don't want to uninstall it, and in the real world, are probably glad it's there when they need it without having to go search for it and then download and install it.
let the modding down for the truth begin.
Re:The HORROR! (Score:5, Insightful)
The objection isn't to them providing support in Firefox. It's in their forcing the add-on into Firefox without asking the user whether they want it or not, when established convention is that the user elects to install add-ons and that if the user hasn't elected to install something it doesn't get installed. This is made especially annoying by the fact that many Firefox users use it precisely because it doesn't support things like .Net.
Re:So the WaPo reports a story a month obsolete? (Score:5, Insightful)
Everyone seems to be ignoring the fact that uninstallable extensions shouldn't even be allowed by firefox. I remember installing SiteAdvisor, then it was bought by McAfee and they set the "screw you no uninstalls" bit. Not appropriate at all.
If it can't be uninstalled, then it shouldn't be an extension.
Re:So the WaPo reports a story a month obsolete? (Score:3, Insightful)
Microsoft makes deliberate anti-open source moves all the time and is a convicted monopolist, why would you assume that is was a mistake? Or are you a MS employee with inside information?
Re:So the WaPo reports a story a month obsolete? (Score:1, Insightful)
Re:Yeah, a fix (Score:3, Insightful)
first, since that update wnt out over windows update, this one should too.
or perhaps just not install it in the first place, thats also a perfectly good option. submit it to mozilla to present in the addons section. you know, like nearly ever addon out there.
but hey, if you want to excuse their behavior, go right ahead.
Re:Install certainly isn't for the "common" user (Score:1, Insightful)
The difference in Java/Flash and this is two fold:
1. You explicitly install these FOR the functionality provided to the browser.
2. You can choose not to install the browser addons
2a. With the last version of Java I installed you could
2b. Flash requires you pick what browser you want it installed for the last time I checked also.
Installing something by default (as an update no less) without notifying me and providing the solution of "oh you can just uninstall it by deleting this reg key, this folder, and change this in about:config" pisses me off, not that I'm not capable, but WHY should I have to when I didn't ASK for the addon to begin with? This is what pisses me off about it....
Re:So the WaPo reports a story a month obsolete? (Score:2, Insightful)
Re:So the WaPo reports a story a month obsolete? (Score:1, Insightful)
Is it too much to ask that if you have issues with MS that you bring up the legitimate issues and leave the BS alone?
Yeah, but how would he feel a part of the community without that common enemy? Once again, yet another instance of fallacious "us vs. them" crap that humanity continues to be shackled by. People get off on malcontent, especially on Slashdot. Makes them feel alive to write scathing and illogical comments about a multinational corporation anonymously on a random Internet site.I guess its easier than actually doing something with your life.
Re:So the WaPo reports a story a month obsolete? (Score:3, Insightful)
This is simply a case of:
Damned if you do, Damned if you don't.
Re:So the WaPo reports a story a month obsolete? (Score:3, Insightful)
Not that I speak for the FOSS community or even care at all about this issue, but I just can't ever bring myself to have any sympathy for Microsoft. They worked so hard for so many years to build this reputation for themselves, and they deserve all of the spoils. My only regret is that the cost of their public image couldn't ever hope to outweigh the massive profits they've made through years of bad behavior. It's like seeing a bully get his ass kicked for no reason at all. Maybe he didn't do anything to deserve it (this time), but I'm not a good enough person to want to try and help him. I admit, that's probably some kind of personal failing, but I just don't care.
Re:So the WaPo reports a story a month obsolete? (Score:2, Insightful)
Seriously, I don't ascribe this to maliciousness on anyone's part. Microsoft failed to test this in all circumstances in a way that's not uncommon for them (limited user account usability fail), but if that's "malicious" then so was the entire release and lifetime of their exceedingly popular OS. You know, Windows XP. The one that everybody loves so much because it doesn't suck?
Yeah, it's a huge pile of limited user account usability testing fail. *shrug* If somebody's going to claim the Firefox extension thing is malicious, they'd better not be claiming that Microsoft is being malicious/anti-competitive/monopolistic/whatever by giving XP the End of Life notice. Both products suffer from the same problem, and MS is trying to move past them both.
Re:So the WaPo reports a story a month obsolete? (Score:4, Insightful)
To be clear, if they had asked up front "Can we install this for all users on the system?" and if they would have honored my inevitable response (NO!) then we would be ok. They damaged my web browser without asking. I would open a problem to Mozilla about it being possible, but this was the operating system subverting the security of an application. An App can't really defend itself against a malicious OS.
Re:So the WaPo reports a story a month obsolete? (Score:4, Insightful)
Microsoft have nothing but contempt for those people who choose not to use Microsoft products. How many more examples do you need to see to understand that Microsoft can't stand ANY competition. They want ALL of the market, not just a share of it.
My guess is that you fall into one of the following categories:
1 - Someone with their heads in the sand, intentionally finding other ways to look when decades of evidence is staring you in the face. A worried Microsoft shareholder perhaps?
2 - A Microsoft astroturfer trying to earn a living by defending Microsoft and passing the blame in vintage Microsoft fashion.....yes, you guessed it, it's them dumbass users again. Of course they're dumbasses, they don't use Microsoft products, right? If they don't use Microsoft products they deserve to be fucked with.
3 - A comedian who makes jokes which can be read as serious.
4 - A troll looking for responses.
From what I understand of the functionality of this plugin, it helps display sites done with Microsoft drugs like
Re:So the WaPo reports a story a month obsolete? (Score:4, Insightful)
They didn't screw up.
If you don't trust Microsoft....if you don't want Microsoft messing around with your computer - DON'T LET MICROSOFT.
Install Linux and be done with it. Or go to the Mac store and buy a mac.
EVERYONE who experienced this problem had the .Net Framework installed and had automatic updates turned on.
The add-on couldn't be removed from FireFox in EXACTLY THE SAME WAY that countless others can't be removed. When they are installed for 'all users' on the machine, individual users can't remove it.
Just like all of these others....
* Java
* VLC Player
* Adobe Acrobat
* QuickTime
* Google Talk
* iTunes
* Hulu
* Picasa
The 'fix' was released weeks ago - long before everyone got their panties in a wad over it. And when I mentioned that in the last anti-ms thread here I was modded flamebait.
The worst part is that lots of people are going to honestly think they 'made Microsoft' change their mind by their complaining. No, sorry Kid, MS had the update long before you even NOTICED.
Re:So the WaPo reports a story a month obsolete? (Score:2, Insightful)
Perhaps there's a middle ground between silently installing something that can't be removed without special effort and something that's difficult to install. Like, perhaps, asking the user if they want it in the first place?
I, for one, don't want the .NET "experience," whether on firefox or anywhere else. It gives no value that is of importance to me. Others may feel differently. That's the whole beauty of asking the user -- everyone can be happy.
Re:Install certainly isn't for the "common" user (Score:3, Insightful)
Exactly which web pages have you visited that require the .NET framework? I have never encountered one.
Programs don't count. I use Firefox to browse the web. Having .NET installed because a certain program required it doesn't mean I want to visit the 3 websites that require .NET using Firefox.
Re:So the WaPo reports a story a month obsolete? (Score:2, Insightful)
They should have just posted the plugin on the firefox plugins webpage. It would then be just as easy to install as any other extension.
Re:So the WaPo reports a story a month obsolete? (Score:2, Insightful)
First of all, those other updates don't get installed silently among other, legitimate updates. Secondly, it affected anyone that installed that .NET update regardless of how they did it.
Like someone else said, this should have been an option in the installation process for that could be unchecked. You shouldn't make changes to other people's software without their permission. So, yea, Microsoft certainly did screw up.
Is it the end of the world? No. They offered a fix, so it's more like a minor annoyance for those who don't want it, but it's still a screw-up.
Re:So the WaPo reports a story a month obsolete? (Score:3, Insightful)
If removing a "slipped in" extension requires more than clicking on the Uninstall button in add-ons, it shouldn't be there to begin with. Not to mention there isn't an option to opt-out of the installation. That post claims "it's always been there, and only noticeable in Firefox 3" doesn't help the "we weren't trying to slip one by you" argument that you seem to be making, since FF2 has it completely invisible (if that post is true). And claiming that it was announced in the patch notes is a stretch claiming that it was announced. If something is coming through as an update to an application, I should have to hunt down its release notes online to ensure it isn't going to add some "bonus things" onto other applications.
Since we keep seeing these type of extensions appear, I wish FF would add something on startup that says "Hey, we noticed this new system-level extension that wasn't here when we quit last time installed itself. You want to install it or reject it?"
Spaz down, Sparky (Score:5, Insightful)
While I have my criticisms of Microsoft, I'm hardly a basher. Despite having lots of familiarity with Macs and a tiny bit of familiarity with LINUX, I use Microsoft operating systems exclusively.
Two things are worth mentioning here. One is that practically any palooka can show up and start one of these threads. Someone probably saw the article in the WP (or an article about the article in WP) and started a thread without doing research and finding out that this is actually an old issue, an issue that was already mentioned back in February on this site, and that Microsoft had issued a fix a month ago. Bone-headed posts happen a lot around here. That doesn't make these threads part of a sinister conspiracy against Microsoft.
The other thing worth mentioning is that frankly, this is worth mentioning again. While the disabled uninstall button was obnoxious, to me the greater wrong here was sneaking in an extension to a competitor's browser through an automatic OS update without informing the user.
But what's the difference? (Score:4, Insightful)
but could someone please clarify the "difficult to remove" bit? I "removed" it by going into "add-ons" and clicking "disable". Problem solved as far as I'm concerned.....
Simple: disable != remove
What is the significant practical difference between an add-on that doesn't get loaded because it's disabled and an add-on that doesn't get loaded because it's removed?
Re:So the WaPo reports a story a month obsolete? (Score:1, Insightful)
Say what???? Firefox users install addons they want via the addon manager in Firefox itself. They don't expect third parties to use other tricks to install addons, and grey out the "uninstall" option.
Speak for yourself. When I install something that has, as one of its features, browser integration, I expect that feature to be installed as well. I don't want to have to launch my browser, go to a separate plugin site, and install that feature manually.
Having said that, the installer should provide the option to not install the browser integration feature if I don't happen to want it. Either way, though, the installation should be done outside of Firefox.
Re:But what's the difference? (Score:3, Insightful)
but could someone please clarify the "difficult to remove" bit? I "removed" it by going into "add-ons" and clicking "disable". Problem solved as far as I'm concerned.....
Simple: disable != remove
What is the significant practical difference between an add-on that doesn't get loaded because it's disabled and an add-on that doesn't get loaded because it's removed?
Its trivial to re-enable something if its only disabled.
Re:So the WaPo reports a story a month obsolete? (Score:2, Insightful)
The mechanism used isn't a trick, it is an explicit feature of Firefox. That is, it checks a local machine registry key and runs extensions that are pointed to by that key. Any installer with system privileges can do the same thing.
Now, would it have been better for Microsoft to make the installation optional? Probably.
Re:Wiping Microsoft wipes the extension (Score:3, Insightful)
Somehow I don't believe that you're a longtime MS app developer and this was enough to move you to Linux.
That's what bugs me. (Score:3, Insightful)
And you must enable it in order to uninstall it.
That's what bugs me the most.
If some other operation installed malware on your machine then said it would uninstall cleanly if you just TURNED IT ON and ASKED IT, would YOU believe them? Would you enable it just to turn on the uninstall button?
I sure wouldn't. Whether it was (or claimed to be) from Sony, Microsoft, 3FN, or Linus himself. Why the HELL should I enable malware that actually IS from a company that considers Firefox to be a major competing product line and has repeatedly sabotaged it in the past? ...
And you can bet that, even if Microsoft's malware uninstalls itself cleanly, the next generation of black-hat malware will include plugins that MASQUERADE as later versions of this thing...
Re:So the WaPo reports a story a month obsolete? (Score:2, Insightful)
but this was the operating system subverting the security of an application.
By using a documented API designed for silent installs?
Re:So the WaPo reports a story a month obsolete? (Score:1, Insightful)
"it keeps MS in check"
You haven't been paying attention, have you?
Re:So the WaPo reports a story a month obsolete? (Score:3, Insightful)
Of course it didn't explicitly mention a Firefox plugin, it does however talk of installing software on your machine. The fact it doesn't specify what doesn't mean you didn't agree, it just means you agreed to let them install whatever they deem necessary and they deemed a Firefox plugin necessary,
You still explicitly gave them permission however you cut it.
You can avoid installing updates to certain software - this was a general update to .NET, no one is stopping you installing the security updates by themselves. No one is forcing you to even use the .NET framework. If however you want to run the latest applications then you have to accept what comes with that package though.
The fact is though, it's almost certainly the case that what it comes down to is people like yourself simply cannot be bothered to sift through all the updates that come out and so you are generally happy to let Microsoft make that decision as to what should and shouldn't be installed for you. Again though, if that's the case don't start whining if you don't like Microsoft's decisions.