Microsoft Update Quietly Installs Firefox Extension 500
hemantm writes "A routine security update for a Microsoft Windows component installed on tens of millions of computers has quietly installed an extra add-on for an untold number of users surfing the Web with Mozilla's Firefox Web browser."
And yet... (Score:4, Interesting)
Re:Uhm... but this is old news, isn't it? (Score:3, Interesting)
The .net-Update has "installed" this Add-On secretly for a few months now, as far as I know. It just got into the "normal" Windows auto-update stream, thus annoying more and more people? Or am I somehow mistaken?
It has certainly been around for some time, and I think it has been in updates that Joe Public gets automatically for a while too. My guess is that this reported has only just heard about it so to him (and presumably other too) is it new news.
At first it turned up as part of the Visual Studio install/servicepack, so developers got it first, I'm not sure when I first noticed it appearing on machines that had the relevant .Net libraries but no VS.
I don't have a problem with the add-in existing, or it being installed by default. But being installed by default with no opt-out and with the uninstall/disable options removed from the user, is either bad customer care or plain malice (though for all the noise my inner tin-foil-hat is making I can't think of anything logical that such malice would achieve for MS, so "not caring about the customer" is the more likely option).
Anecdotal problem (Score:5, Interesting)
I noticed this on a work machine and read about it last week. Instead of trying to manually remove the extension (the Uninstall button is disabled for this one and only extension) I simply disabled it. Starting that same day, the machine (2.3 Ghz dual core Vista with 4 GB RAM) has begun locking up hard when using Firefox. This doesn't happen with IE or any other software. It locked up 5 times on me with Firefox within 1 hour, and has not locked up at all since then, as I have not used Firefox. It is abundantly clear the problem is related to Firefox, and the only thing I did with Firefox was disable the extension and restart.
Has anyone else experienced anything like this after disabling the .NET extension? I'm curious how deeply this extension hooks into the OS and if it is capable of freezing up the entire OS. Firefox, on its own, should not be capable of locking up the entire machine.
Re:fairly sure that (Score:2, Interesting)
The new twist is that the article's author just realized that the extension can't be easily uninstalled:
I'm here to report a small side effect from installing this service pack that I was not aware of until just a few days ago: Apparently, the .NET update automatically installs its own Firefox add-on that is difficult -- if not dangerous -- to remove, once installed.
Annoyances.org, which lists various aspects of Windows that are, well, annoying, says "this update adds to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer: the ability for Web sites to easily and quietly install software on your PC." I'm not sure I'd put things in quite such dire terms, but I'm fairly confident that a decent number of Firefox for Windows users are rabidly anti-Internet Explorer, and would take umbrage at the very notion of Redmond monkeying with the browser in any way.
Big deal, you say? I can just uninstall the add-on via Firefox's handy Add-ons interface, right? Not so fast. The trouble is, Microsoft has disabled the "uninstall" button on the extension. What's more, Microsoft tells us that the only way to get rid of this thing is to modify the Windows registry, an exercise that -- if done imprecisely -- can cause Windows systems to fail to boot up.
The sad thing is that I think probably everyone missed this because this is not new behavior for Microsoft.
Re:Surprise! (Score:4, Interesting)
V1.1 Has the Uninstall Button Active (Score:2, Interesting)
Re:Annoying, but... (Score:5, Interesting)
What is annoying is that it's installed without warnings or questions asked. The good part may be that it provides (or could provide) some functionality and M$ is finally acknowledging the percentage of Firefox users out there.
I've seen the way they "acknowledge" competitors before. I like Firefox; that's why I'd prefer they keep ignoring it.
Re:Surprise! (Score:3, Interesting)
If Firefox was an evil company of some sort, they would deliberately add some functionality to make browser break when their extension installed from their back and call a good lawyer company. For a software/app at market share of Firefox, I can guarantee millions of dollars in return although I am not a lawyer.
MS should pray that they don't seem interested in such things and of course, source is open to look/review. E.g. it is not Microsoft.
If it sounded too childish or tin foil, just check that story http://www.theregister.co.uk/1999/11/05/how_ms_played_the_incompatibility/ [theregister.co.uk] . It is not a IT urban legend, it is actually documented in court.
Re:Surprise! (Score:2, Interesting)
I think the OP's point is like XP was Windows nt5.1 to Windows 2k's nt5.0 (hint, just an update) and that Windows7 is just an update to Windows Vista, that ME was just an update to Windows 98 osr2.5.
No, I am sorry ME was complete downgrade to Win 98!
Re:Surprise! (Score:1, Interesting)
Except ME was a decent OS. It has one thing over 98se that you cannot deny: If a program crashed, it didn't take down the entire machine. That is the primary reason ME was better than 98SE. Same capabilities, marginally more resource usage (I think it went from 5mb to 12mb memory usage, the ONLY reason people complained at the time, and it was slower)
Now, 2k was years beyond the 9x line. But ME is the best of that series. It actually had uptimes of days, not hours.
Also, 2k was not a Consumer OS. It was a business OS. XP was the next in the consumer OS line. 2k != 9x/XP lines, hence better.
Re:Uhuh (Score:4, Interesting)
Then this is a problem with Firefox, not IE, that it let's plugins be installed through the filesystem without user intervention. At the least it should warn upon next start that "Blah has been installed, do you want to enable it?"
When you have access to the filesystem, and I assume Windows Update runs with full privileges, you can do whatever the hell you want. If MS really wanted to, they could be replacing libraries in the Firefox folder. In many ways this is similar to the argument that if a hacker has physical access to the machine, you're toast.
Having said that, a number of Linux distros have taken to including certain addons optionally or by default with a Firefox install. I don't really want to see this feature taken away and there is a very real purpose...to make mass management of Firefox installations easier.
Re:Surprise! (Score:3, Interesting)
This is exactly my point.
The company who wrote the EULA for their product will treat it as legally binding until a court tells them it's not. They wrote it for exactly that purpose. They will use threats / bullying etc to try and get people to accept it rather than fight it, because they may just lose the fight, and therefor lose the right to continue using it to extort more money.
Windows-only Firefox? (Score:5, Interesting)
I'm just thinking that if this update is making Registry changes, then the plug-in is Windows-only, and it means that Firefox users on Windows will now have a different browsing experience than Firefox users of other platforms.
So, the plug-in accomplishes two things for Microsoft: 1) it promotes the .NET platform to a wider audience, and 2) it promotes Windows as being the superior OS to run Firefox in.
It's a win-win scenario for Microsoft. Firefox can continue to gain marketshare, but Microsoft will have their tentacles in it, making sure that the adoption of Firefox does not lead to a platform-agnostic world. And it rewards the .NET developers for investing in Microsoft-only technologies.
Re:Surprise! (Score:3, Interesting)
In fairness I believe Microsoft have learned the error of that approach and have been trying to find a way round it. The problem they have is that they've conditioned users too well. They keep using "we know you don't want to learn anything new" as a reason to stay with Microsoft rather than look at something else.
They even tried to patent sudo, even though they never invented it and don't use it.....but then since when has that stopped them using legal bullshit to attack and extort money from a competitor?
Third party app developers don't help the cause either by not programming their user apps to need regular user rights. On the other hand OEM installed Windows which most Windows users have, tend to be installed as admin anyway to it's a fair bet that every user will be running as an admin.
I have serious issues when the average Joe Sixpack can go into the system folder, delete and change stuff at random with NO knowledge about what he;s doing. My mate's lil cousin has been known to do that, randomly delete files in the System32 folder that he don't like the name of because he's bored, then he complains when his PC don't boot up.
It's important that these functions should be doable. It's vital that the user / admin rights stop the average user from doing it. Of course, if people (or remote websites) were stopped from being able to hose their PCs, lots of PC repair stores would lose a LOT of customers and a lot of income. It does help their revenue stream when a clean PC can be hosed by the following day and needs a repeat appointment.
Comment removed (Score:4, Interesting)
Re:Updated (Score:4, Interesting)
Microsoft removed the superior method of communicating with hardware that OpenGL had been using since Win9x.
They designed something very similar to what OpenGL did, for DX10, which improved communications efficiency quite a bit. (Takes far less CPU power to talk to the videocards, compared to DX9)
Unfortunately, there's only one of these channels in the kernel now, so OpenGL has to sit on top of it. (Reducing OpenGL's efficiency, since it doesn't need all the overhead that DX10 does)