MS Issued a Fix For Its Unwanted FireFox Extension

As we discussed last February, and again a few days ago after the Washington Post noticed, Microsoft installed without permission a hard-to-remove Firefox extension along with a service pack for .NET Framework 3.5. Reader Pigskin-Referee lets us know that, as it turns out, Microsoft issued a fix a month ago; details here.

So the WaPo reports a story a month obsolete?

[Blakey Rat]

And of course, since it's negative towards Microsoft, Slashdot dupes it a few dozen times. That's some quality journalism all-around. Oh, and it was an honest mistake in the first place, not some horrible malicious act.

Of course, if you read the Slashdot comments, you knew that Microsoft had already fixed it, since the comments are always about 10 times more on-the-ball than the actual posts. Sadly, I think the majority of visitors to this site never dive into the comments section and are probably fed a large spoon of bullshit every morning with their news.

Re:So the WaPo reports a story a month obsolete?

[Foofoobar]

When a company like Microsoft 9 out of 10 times makes hostile gestures towards the open source community, are we supposed to run towards them with flowers and candy every time they screw up now and say 'we forgive you darling. lets go have buttsex on the veranda!'?

I dunno about you but I get screwed in the ass enough and I'm duct taping my shorts and sitting on the porch with a shotgun.

Re:So the WaPo reports a story a month obsolete?

[nizo]

Where is my "+1 Insightful but gross" mod option?

Re:So the WaPo reports a story a month obsolete?

[Beelzebud]

Is it too much to ask that if you have issues with MS that you bring up the legitimate issues and leave the BS alone?

Spaz down, Sparky

[Benfea]

While I have my criticisms of Microsoft, I'm hardly a basher. Despite having lots of familiarity with Macs and a tiny bit of familiarity with LINUX, I use Microsoft operating systems exclusively.

Two things are worth mentioning here. One is that practically any palooka can show up and start one of these threads. Someone probably saw the article in the WP (or an article about the article in WP) and started a thread without doing research and finding out that this is actually an old issue, an issue that was already mentioned back in February on this site, and that Microsoft had issued a fix a month ago. Bone-headed posts happen a lot around here. That doesn't make these threads part of a sinister conspiracy against Microsoft.

The other thing worth mentioning is that frankly, this is worth mentioning again. While the disabled uninstall button was obnoxious, to me the greater wrong here was sneaking in an extension to a competitor's browser through an automatic OS update without informing the user.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Keeper Of Keys]

It was an instance of buggery, not fallacio.

Re:

[Anonymous Coward]

When the open source community 10 times out of 10 makes hostile gestures towards Microsoft.... ... well yeah, you can see how it goes.

For all Microsoft's faults, it does what it does because it's a business whilst many members of the FOSS community seems to purely rely on hatred for their reasoning.

How can the FOSS community expect to be taken seriously when it can't be mature itself and when Microsoft does something that isn't wrong it STILL attacks it? FOSS is a noble cause but the community is so often b

Re:

[Allicorn]

They make great mice.

And I hate them for it!

Re:

[nicolas.kassis]

Why is this rated informative, this is the same bullshit comment we see here every day. Look, business is business and FOSS folks are doing what they can to promote what they think is best. Microsoft does the same. In the end, it's healthy, it keeps MS in check and MS gives a few knocks to the FOSS folks that keep em coming up with new ways to push their stuff. Competition is good. All out assault on Microsoft is fair game. ( aside from pure slandering)

Re:

[Anonymous Struct]

Not that I speak for the FOSS community or even care at all about this issue, but I just can't ever bring myself to have any sympathy for Microsoft. They worked so hard for so many years to build this reputation for themselves, and they deserve all of the spoils. My only regret is that the cost of their public image couldn't ever hope to outweigh the massive profits they've made through years of bad behavior. It's like seeing a bully get his ass kicked for no reason at all. Maybe he didn't do anything t

Re:So the WaPo reports a story a month obsolete?

[mR.bRiGhTsId3]

I know that its bad that Microsoft silently installs things that are difficult to remove, but I can't help but wonder, if the .NET plugin was actually hard to install, would we be seeing complaints about how Microsoft is leaving Firefox users out in the cold by not supporting the full .NET experience in Firefox.

Re:

[Shakrai]

I know that its bad that Microsoft silently installs things that are difficult to remove

I'm upset about the silent install but could someone please clarify the "difficult to remove" bit? I "removed" it by going into "add-ons" and clicking "disable". Problem solved as far as I'm concerned.....

Re:So the WaPo reports a story a month obsolete?

[Fujisawa Sensei]

I know that its bad that Microsoft silently installs things that are difficult to remove

I'm upset about the silent install but could someone please clarify the "difficult to remove" bit? I "removed" it by going into "add-ons" and clicking "disable". Problem solved as far as I'm concerned.....

Simple: disable != remove

But what's the difference?

[tepples]

but could someone please clarify the "difficult to remove" bit? I "removed" it by going into "add-ons" and clicking "disable". Problem solved as far as I'm concerned.....

Simple: disable != remove

What is the significant practical difference between an add-on that doesn't get loaded because it's disabled and an add-on that doesn't get loaded because it's removed?

Re:

[Fujisawa Sensei]

but could someone please clarify the "difficult to remove" bit? I "removed" it by going into "add-ons" and clicking "disable". Problem solved as far as I'm concerned.....

Simple: disable != remove

What is the significant practical difference between an add-on that doesn't get loaded because it's disabled and an add-on that doesn't get loaded because it's removed?

Its trivial to re-enable something if its only disabled.

Re:

[AmiMoJo]

Even when disabled it still adds itself to your browser's user-agent string.

Re:

[Anonymous Coward]

It still left .NET to your user agent string. To get rid of false user agent string, you have to enable the extension, install MS removal tool and uninstall the extension with it. Just disabling it or using removal tool to disabled extension will not stop your browser advertising .NET extension.

Re:

[Anonymous Coward]

Perhaps there's a middle ground between silently installing something that can't be removed without special effort and something that's difficult to install. Like, perhaps, asking the user if they want it in the first place?

I, for one, don't want the .NET "experience," whether on firefox or anywhere else. It gives no value that is of importance to me. Others may feel differently. That's the whole beauty of asking the user -- everyone can be happy.

Re:

[BorgDrone]

I can't help but wonder, if the .NET plugin was actually hard to install, would we be seeing complaints about how Microsoft is leaving Firefox users out in the cold by not supporting the full .NET experience in Firefox.

They should have just posted the plugin on the firefox plugins webpage. It would then be just as easy to install as any other extension.

Re:So the WaPo reports a story a month obsolete?

[Blakey Rat]

You could save the teeth gnashing and anal rape metaphors for when you actually have an issue, instead of wasting it on complete non-issues. It might lower your blood pressure in the long run. But that's just my opinion.

Re:So the WaPo reports a story a month obsolete?

[RobDude]

They didn't screw up.

If you don't trust Microsoft....if you don't want Microsoft messing around with your computer - DON'T LET MICROSOFT.

Install Linux and be done with it. Or go to the Mac store and buy a mac.

EVERYONE who experienced this problem had the .Net Framework installed and had automatic updates turned on.

The add-on couldn't be removed from FireFox in EXACTLY THE SAME WAY that countless others can't be removed. When they are installed for 'all users' on the machine, individual users can't remove it.

Just like all of these others....
        * Java
        * VLC Player
        * Adobe Acrobat
        * QuickTime
        * Google Talk
        * iTunes
        * Hulu
        * Picasa

The 'fix' was released weeks ago - long before everyone got their panties in a wad over it. And when I mentioned that in the last anti-ms thread here I was modded flamebait.

The worst part is that lots of people are going to honestly think they 'made Microsoft' change their mind by their complaining. No, sorry Kid, MS had the update long before you even NOTICED.

Re:

[cml4524]

First of all, those other updates don't get installed silently among other, legitimate updates. Secondly, it affected anyone that installed that .NET update regardless of how they did it.

Like someone else said, this should have been an option in the installation process for that could be unchecked. You shouldn't make changes to other people's software without their permission. So, yea, Microsoft certainly did screw up.

Is it the end of the world? No. They offered a fix, so it's more like a minor annoyance fo

Re:So the WaPo reports a story a month obsolete?

[gmack]

It is not actually fixed. Even had it been removable in the first place it still would have been bad because they should not have installed it without permission.

Re:

[The Moof]

Yea, but we've seen this MS story about this a few times. Where's the huge repeated outrage about the Sun extension [slashdot.org] that essentially pulled the same BS? There's even a portion of comments in that article defending Sun's decision to do it. Repeatedly visiting this one comes off as the usual MS bashing, like the GP pointed out.

Re:

[DoofusOfDeath]

Yea, but we've seen this MS story about this a few times. Where's the huge repeated outrage about the Sun extension [slashdot.org] that essentially pulled the same BS?

Because even virus writers aren't interested in targetting Java?

(ducks)

Re:So the WaPo reports a story a month obsolete?

[melstav]

Since you dragged the other discussion into this, allow me to point out a comment in that very discussion [slashdot.org] which points out why it's nowhere near the same thing. (Like the fact that Sun announced months in advance that they were going to do it, and the fact that you can, in fact remove it.)

That comment is +5 insightful. You don't even have to drill down to find it. Just scroll a bit. Given that (some of) the comments are regularly more fair and balanced than the article summaries, you ought to at least skim the discussion before you decide whether this guy is bringing something useful to the discussion or just throwing more FUD onto the pile.

Re:

[The Moof]

Yea, I saw that post. Just because its modded insightful doesn't mean that I agree with what it was saying.

If removing a "slipped in" extension requires more than clicking on the Uninstall button in add-ons, it shouldn't be there to begin with. Not to mention there isn't an option to opt-out of the installation. That post claims "it's always been there, and only noticeable in Firefox 3" doesn't help the "we weren't trying to slip one by you" argument that you seem to be making, since FF2 has it complet

Re:

[PitaBred]

There seem to be quite a few posts in that article about the Sun extension being bad, how it should have been opt-in rather than opt-out. And the author of the post is obviously not happy with what happened. There were a few people defending Sun in that article, just like you're defending Microsoft.

Really... just because you have a hard-on for MS doesn't mean everyone does. There are quite a few Slashdot users that don't think EITHER of these actions were right.

Re:

[The Moof]

I'm not defending Microsoft, and I'm on the side that thinks both actions were NOT right (and very irritating because I'm tired of removing these extensions every time I get a critical Java update or .Net SP). It was more of a commentary about repeatedly bashing MS while turning a blind eye to other offenders who are just as bad.

Re:So the WaPo reports a story a month obsolete?

[Xest]

Yeah, you know that button you click when you install updates that has two radio options, one where you accept the terms and one where you don't?

That's where you gave permission.

If you didn't install it explicitly, the alternative is that you gave permission when you accepted automatic updates.

If you don't want these things on your system, then don't give permission. Don't give permission and then claim you never actually gave permission when you blatantly did because otherwise it wouldn't have installed in the first place.

Re:So the WaPo reports a story a month obsolete?

[AmiMoJo]

The license agreement didn't mention anything about installing a Firefox plugin. I never agreed to having it installed.

It isn't like people have that much of a choice about security updates anyway. You can either accept their terms or be vulnerable to exploits. Switching to Linux isn't an acceptable option, MS has a moral and possibly legal duty to fix security problems in the software they provide and I pay for and those updates should not interfere with my other software.

Re:

[Xest]

Of course it didn't explicitly mention a Firefox plugin, it does however talk of installing software on your machine. The fact it doesn't specify what doesn't mean you didn't agree, it just means you agreed to let them install whatever they deem necessary and they deemed a Firefox plugin necessary,

You still explicitly gave them permission however you cut it.

You can avoid installing updates to certain software - this was a general update to .NET, no one is stopping you installing the security updates by them

Re:

[squallbsr]

This is simply a case of:

Damned if you do, Damned if you don't.

Re:

[Chlorine Trifluoride]

Actually, its a case of MS having a broken system. If the automated updates system held unimportant non-security updates, like IE8 and the extension, and displayed a message asking permission for them, then the problem would be averted.

Re:

[Chlorine Trifluoride]

Was the extension automatically installed?

Re:

[Xest]

WGA checks that your version of Windows is legitimate, this is a different issue.

If you are not willing to activate your version of Windows to confirm that it is genuine then yes, it will keep asking.

This is more of an issue with Windows in general than it is anything to do with Windows updates and I agree, I'm not a fan of it. Legitimate users should not have to deal with software phoning home to Microsoft.

Re:So the WaPo reports a story a month obsolete?

[mdm-adph]

Say what you will about people bashing on Microsoft, but this was not an "honest mistake." It was by design, and all Firefox extensions installed this way behave the same way.

Re:So the WaPo reports a story a month obsolete?

[AnalPerfume]

Say what???? Firefox users install addons they want via the addon manager in Firefox itself. They don't expect third parties to use other tricks to install addons, and grey out the "uninstall" option. They specially don't expect third parties from competing products which are losing market share to do this. This is NOT a misunderstanding on behalf of Firefox users.

Microsoft have nothing but contempt for those people who choose not to use Microsoft products. How many more examples do you need to see to understand that Microsoft can't stand ANY competition. They want ALL of the market, not just a share of it.

My guess is that you fall into one of the following categories:

1 - Someone with their heads in the sand, intentionally finding other ways to look when decades of evidence is staring you in the face. A worried Microsoft shareholder perhaps?
2 - A Microsoft astroturfer trying to earn a living by defending Microsoft and passing the blame in vintage Microsoft fashion.....yes, you guessed it, it's them dumbass users again. Of course they're dumbasses, they don't use Microsoft products, right? If they don't use Microsoft products they deserve to be fucked with.
3 - A comedian who makes jokes which can be read as serious.
4 - A troll looking for responses.

From what I understand of the functionality of this plugin, it helps display sites done with Microsoft drugs like .net which is fine as it stands. If Microsoft were genuine about playing well with others, they could easily have done what everyone else does and have it on the addons section of Mozilla's site along with all the other addons. They could have a banner available for .net developers to put on their site saying "This .net addon will improve your .net experience in Firefox, click here to install".

Re:

[oodaloop]

Sadly, I think the majority of visitors to this site never dive into the comments section

I thought conventional wisdom was that slashdotters go directly to posting after failing to RTFA and sometimes TFS. Or even TFT(itle).

What were we talking about again?

Re:

[Blakey Rat]

There's three sets of users:
1) Those who read the summaries only
2) Those who read the summaries and comments
3) Those who read the articles, summaries, and comments (extremely rare!)

Re:So the WaPo reports a story a month obsolete?

[YouWantFriesWithThat]

there also is a small subset that makes lists that don't include a "???"

Re:

[Anpheus]

I skip to the comments without reading the summary, then go back to the summary to laugh at how woefully poor a job the editors are doing.

Re:So the WaPo reports a story a month obsolete?

[ibookdb]

Has firefox fixed the bug where nobody can install extensions that are enabled by default without user intervention?

Re:

[AmiMoJo]

Has anyone produced an add-on to warn users about secretly installed plug-ins and optionally block/remove them yet?

Re:

[CarpetShark]

And of course, since it's found something positive about Microsoft, the universe will cancel itself out.

There, fixed that for you.

Re:So the WaPo reports a story a month obsolete?

[docbrody]

Oh, and it was an honest mistake in the first place, not some horrible malicious act.

Not really buying it. It may not have been some horrible malicious act... but it sure was not some 'innocent mistake.'

Sure, innocent mistakes happen at big companies (like the whole thing with Amazon de-ranking Gay and Lesbian books). But for a company that is a constant target of anti-trust suits, who is notorious for this kind of thing, you think by now that they would be more careful. Its hard to believe that someone internal at Micrsoft didn't realize what was this was doing and just say 'fuck it' - even if it was a low level developer, somebody had to know - at the very least the guy(s) who wrote the code. I mean come on, this took some work to do. Its not like the amazon issue where practically one click of a check box reclassified a whole genre of books... some one had to put finger to keyboard and code this out.

So I think its really really hard to call this an innocent mistake. Maybe not a 'horrible malicious act' but once again they are injecting their shit into other peoples shit.

Re:

[Blakey Rat]

But for a company that is a constant target of anti-trust suits, who is notorious for this kind of thing, you think by now that they would be more careful. Its hard to believe that someone internal at Micrsoft didn't realize what was this was doing and just say 'fuck it' - even if it was a low level developer, somebody had to know - at the very least the guy(s) who wrote the code.

Had to know what? That there's an magical unspoken rule not to install extensions that way?

Look, Firefox offers the ability to in

Re:

[TurboNed]

<sarcasm>Obviously the maliciousness must exist somewhere. Let's blame Mozilla for having an idiotic feature that Microsoft could take advantage of in this way.</sarcasm>

Seriously, I don't ascribe this to maliciousness on anyone's part. Microsoft failed to test this in all circumstances in a way that's not uncommon for them (limited user account usability fail), but if that's "malicious" then so was the entire release and lifetime of their exceedingly popular OS. You know, Windows XP. The

Re:

[PitaBred]

What Microsoft SHOULD have done was not install the add-on automatically at all. Only offer it as an optional update... I know they do that for some things, like .NET in general. Extending .NET to hook into additional software should require additional positive steps.

Re:So the WaPo reports a story a month obsolete?

[DeVilla]

My problem is not with the feature in firefox. My problem is not that that MS used. My problem is that Microsoft used it without asking. My problem is that Microsoft used it, without asking, to add something to my machine that made my 'secure' browser significantly less secure. My problem is that I did not know it happened and because of how they slipped it in, it was very difficult to fix.

To be clear, if they had asked up front "Can we install this for all users on the system?" and if they would have honored my inevitable response (NO!) then we would be ok. They damaged my web browser without asking. I would open a problem to Mozilla about it being possible, but this was the operating system subverting the security of an application. An App can't really defend itself against a malicious OS.

Re:So the WaPo reports a story a month obsolete?

[billcopc]

It's bad because the entire philosophy behind Firefox addons is freedom of choice. How hard would it have been for Microsoft to prompt the user whether they want this thing or not ?

In simpler words: My computer, my decision.

Re:So the WaPo reports a story a month obsolete?

[shutdown -p now]

On a side note, why does Sun's JDK installer bugs me to also install OpenOffice (checked by default), and every single Google desktop application has a "set Google to default search engine", and often also "install Google toolbar for IE", also checked by default?

It's just the established software culture these days. From that perspective, installing a browser plugin which you won't ever see (until you navigate to a website that uses it) is relatively benign - compared to installing a 200Mb Office suite.

Re:So the WaPo reports a story a month obsolete?

[Strilanc]

Everyone seems to be ignoring the fact that uninstallable extensions shouldn't even be allowed by firefox. I remember installing SiteAdvisor, then it was bought by McAfee and they set the "screw you no uninstalls" bit. Not appropriate at all.

If it can't be uninstalled, then it shouldn't be an extension.

Re:

[whoever57]

And of course, since it's negative towards Microsoft, Slashdot dupes it a few dozen times.

/. dupes stories all the time, why would you assume that this was a malicious act against MS?

Oh, and it was an honest mistake in the first place, not some horrible malicious act.

Microsoft makes deliberate anti-open source moves all the time and is a convicted monopolist, why would you assume that is was a mistake? Or are you a MS employee with inside information?

Re:

[MobileTatsu-NJG]

Of course, if you read the Slashdot comments, you knew that Microsoft had already fixed it, since the comments are always about 10 times more on-the-ball than the actual posts.

Unfortunately you have to dig all the way back to 2005 to understand the +5 flying chair jokes.

Re:

[mazarin5]

Not quite, the majority of the people here not only don't read the article, they don't bother to read the summary they are responding to. Some don't even read the comments when they reply.

They are not!

Re:So the WaPo reports a story a month obsolete?

[Propaganda13]

You must be new here. The majority of people here on Slashdot are meme scripts.

signed,
The You Must Be New Here Meme Script

Re:

[krakelohm]

ASL?

We need an new abbreviation

[selven]

LATFDBS - Look At The Date Before Submitting

Re:

[Chlorine Trifluoride]

What about DLkP - Don't Let kdawson Post.

Yeah, a fix

[mysidia]

Now there is an 'uninstall' button, but if you press it, the app is only uninstalled for the user who clicked the button, not other users on the computer; there's still no ready means of permanently opting out system wide.

And they also indicate with every update of the .NET framework it may get re-installed for all users when Windows Presentation components are updated...

Their fix is even more sly possibly. Now you have the false illusion of being able to remove it....

And this still doesn't 'fix' the whole issue of installing components / editing the contents of a third party app a user installed without that user's permission.

Re:

[colfer]

And you must enable it in order to uninstall it.

To properly update the .NET Framework Assistant, this update must be applied while the extension is enabled in Firefox. To remedy the result of installing this update while the extension was disabled, uninstall the update, re-enable the extension, and reinstall the update.

That's what bugs me.

[Ungrounded Lightning]

And you must enable it in order to uninstall it.

That's what bugs me the most.

If some other operation installed malware on your machine then said it would uninstall cleanly if you just TURNED IT ON and ASKED IT, would YOU believe them? Would you enable it just to turn on the uninstall button?

I sure wouldn't. Whether it was (or claimed to be) from Sony, Microsoft, 3FN, or Linus himself. Why the HELL should I enable malware that actually IS from a company that considers Firefox to be a major competing produ

Re:

[Blakey Rat]

Now there is an 'uninstall' button, but if you press it, the app is only uninstalled for the user who clicked the button, not other users on the computer; there's still no ready means of permanently opting out system wide.

Maybe what Microsoft should do is install the add-on into the "All Users" folder, so that if one user removes it then it's removed for all users on the computer!

Oh wait, that's exactly what they did that people are throwing a hissy-fit over.

Seriously, knowing how Windows permissions work,

Re:

[rootofevil]

first, since that update wnt out over windows update, this one should too.

or perhaps just not install it in the first place, thats also a perfectly good option. submit it to mozilla to present in the addons section. you know, like nearly ever addon out there.

but hey, if you want to excuse their behavior, go right ahead.

Re:

[poetmatt]

No, people got pissed because it was installed in the first place without any notification. In my case it was installed without any security updates. I didn't ask for a plugin to install a vulnerability without any confirmation.

If they did all users for the plugin installation has absolutely 0 to do with that.

Re:

[Blakey Rat]

At some point you gave it permission to install. They could make that clearer, I suppose-- it might have been buried in a EULA or "I Agree" button somewhere-- but you gave it permission. Heck, in Vista, it *requires* permission, since an installer can't write to All Users without it.

Or are you seriously suggesting that it's not only an unwanted add-on, but it's literally a virus?

Re:

[poetmatt]

windows update -> turned off
automatic plugin update in firefox -> disabled

It comes in on anything that is required to install .net in any form. That's pretty shady, thus outrage. There was no confirmation of it being installed into firefox, and due to how they did it, none was necessary.

Had this been an accident, I bet they would have installed it as an addon that confirms, as opposed to an automatically installed plugin. Let's be real. It's not a virus, even if some people may feel that way in a sen

Better idea yet

[Todd Knarr]

Instead of installing it and letting you uninstall it if you don't want it, how about they don't install it and make it an optional thing you can choose to install?

Re:

[Ephemeriis]

Instead of installing it and letting you uninstall it if you don't want it, how about they don't install it and make it an optional thing you can choose to install?

That'd be the best solution... When IE8 gets downloaded and queued for installation you're asked if you really want to install it. You can choose not to. And then the updates continue on their merry way.

Why not have the update ask for user input before installing this component?

Install certainly isn't for the "common" user

[JimMcc]

Sure, they've come out with an uninstall process. But who here thinks that Ma and Pa PC User have a chance in hell of correctly performing the necessary steps? For that matter, who thinks that the common user of a PC will even be aware of the issue in the first place?

Yes FF allows add-ons. Yes, MS has every right to create an add-on for FF. What really worries me is when a company creates an add-on for the product of their primary competitor which threatens the stability and security of their competitor's product. At a minimum this is dirty pool. To me it just looks like MS continuing to wallow in the sewage of unfair competition.

Re:

[initdeep]

Who the Hell thinks ma and pa PC user are using Firefox?
The majority aren't.
You may have turned your parents onto it, and I've tried with mine, but the reality is it's still an IE world, webpages are still designed to work in IE, and .Net is a widely used set of tools that more and more webpages are taking advantage of.
having this installed into firefox for all users when the person ELECTS to download the .NEt framework because they've been told they need it for a certain webpage or program to work correctl

Re:

[Anonymous Coward]

Exactly which web pages have you visited that require the .NET framework? I have never encountered one.

Programs don't count. I use Firefox to browse the web. Having .NET installed because a certain program required it doesn't mean I want to visit the 3 websites that require .NET using Firefox.

Re:

[shutdown -p now]

But who here thinks that Ma and Pa PC User have a chance in hell of correctly performing the necessary steps?

Why would they need to? The extension doesn't do anything to impact their performance, privacy, and so on.

... add-on for the product of their primary competitor which threatens the stability and security of their competitor's product.

It does all that? Wow. And I just thought that it lets you do the same things you can do with Java applets, more or less (by the way, did you ever see Sun's JRE prompt you when installing the plugin for running them?).

Re:

[BobMcD]

Oh, AC, how I love your objectivity... You're always such a breath of fresh air...

Now how about Java Quick Starter?

[Anonymous Coward]

Okay, now tell me how to get rid of the similarly-uninstallable "Java Quick Starter" that nobody seems to be mad about because it's not Microsoft?

Re:

[xenolion]

Um you answered your own question there; Its not Microsoft.

Re:

[shutdown -p now]

He was asking how to get rid of it...

Of what, of Sun? He's a bit late to the party.

Or of Microsoft? That... well... is an outstanding issue. I hear they're actively working on it [slashdot.org], but it's been 5 years already, and it's not even 50% done.

~

Re:

[YesIAmAScript]

My understanding is you turn that off in the Java control panel.

And that thing drives me crazy too. It has some kind of bug such that it install two copies of itself in my Firefox. Both without explicit permission.

Microsoft..

[Anonymous Coward]

Knowing them, it will leave about 50% of the junk that the addon installed. And 100% of the registry keys they used for it.

Wiping Microsoft wipes the extension

[Anonymous Coward]

This Anonymous Coward will be removing this extension by wiping Microsoft of his machine and installing Linux. After 25 years of developing commercial applications for Microsoft platforms, I'm done.

Re:

[Nimey]

Somehow I don't believe that you're a longtime MS app developer and this was enough to move you to Linux.

And the rest of the story...

[Anonymous Coward]

Scott Hanselman put up a nice post today outlining the whole story. He points out why it turned out this way, how to uninstall it and even put up the source code so you can see their evil ways for those who were too lazy to unzip the xpi.

http://www.hanselman.com/blog/HowToRemoveTheNETClickOnceFirefoxExtension.aspx

Re:

[Anonymous Coward]

"You use a browser I don't like, therefore it's okay if someone messes with it without your permission!"

And yes, that IS exactly what you're saying, and yes, saying it DOES prove you beyond all possible doubt to be the craven idiot you so rightly fear yourself to be.

And no, you weren't just trolling to get a rise out of those oh-so-predictable Slashbots. And finally, yes, that IS what you were about to say in your pathetically futile defense.

Re:The HORROR!

[Todd Knarr]

The objection isn't to them providing support in Firefox. It's in their forcing the add-on into Firefox without asking the user whether they want it or not, when established convention is that the user elects to install add-ons and that if the user hasn't elected to install something it doesn't get installed. This is made especially annoying by the fact that many Firefox users use it precisely because it doesn't support things like .Net.

Re:

[malevolentjelly]

This is made especially annoying by the fact that many Firefox users use it precisely because it doesn't support things like .Net.

Basically, this is the anti-compatibility mindset. I would wager more users would like this functionality without knowing what it is than would specifically like to see their browser non-integrated with their platform for what I will assume is spiritual reasons.

How else do you offer subtle and clever backend technology to non-technical users? Microsoft is accepting Firefox into the Windows software ecosystem. If you're afraid of this, it's time to hop on over to Chrome, so you can go through the joys of bei

Re:

[TypoNAM]

Last time I checked Microsoft never documents what updates actually do. They just give very vague one-liners and expect you, the user, to know exactly what the hell they're talking about. Also people install .NET service packs to fix .NET application issues, not to all of a sudden have .NET support in Firefox.

Re:

[DigitalSorceress]

I very deliberately set up my FireFox to NOT use Flash, Shockwave, Acrobat, etc... and not have any content type plugins. I browse the web with that and with NoScript installed, and ONLY allow trusted sites to run JavaScript on my browser. IF I run into a site that needs more (YouTube for videos, other sites where I HAVE TO have Flash and really need to use the site, etc...), THEN I fire up IE Tab or a copy of IE for it. The idea being that I will control who executes what on my browser as much as it is pos

Re:

[DigitalSorceress]

Call me Paranoid if you wish, but honestly, there is so much malevolent crap out there in the web that it's fair to say "they" really ARE out to get you. ("They" being the spammers and scareware authors and identity thieves, and all the other baddies breaking into computers and installing god-knows-what)

I'm not so paranoid that I refuse to use IE or ever allow flash, Javascript, PDF, or activex, it's just that I like to make use of such things an explicit, deliberate choice on a site-by-site or even case-by

Re:

[malevolentjelly]

My method of achieving those ends is "FireFox for browsing unknown, untrusted content, and IE (usually via IE Tab) only for trusted sites". It's really not some huge ordeal, and I have a very decent track record in terms of not getting infected with malware. I can not say the same about most of the people in my office.

Would it bother you if I told you that I haven't gotten a virus in about 5-6 years and I don't do all that stuff? It just seems a little overkill. I would usually say that if ClickOnce seems scary to you, you should be deathly afraid of Flash... but incidentally you are.

They're out there. You watch the skies, hombre.

Re:

[malevolentjelly]

You downloaded and installed the framework. My expectation would be anything that uses the framework would work without having to do anything else. Seems nice to me.

Oh crap, it's the seedy counterculture of people who expect technology to work for them and not vice versa. That's pretty subversive around these parts.

Re:

[BobMcD]

I disagree.

To me, the difference is:

A) This plugin is being installed without consent. I'm not talking about the EULA version of the word, but the common definition.

B) At least some people use Firefox on Windows expressly so that it won't be compatible with the OS underneath. I recommend it to Windows people all the time for exactly this reason. Firefox is 'just a browser' and it 'just works' without requiring all this deep integration that isn't really necessary to do 99.5% of all the things one would u

Re:

[malevolentjelly]

B) At least some people use Firefox on Windows expressly so that it won't be compatible with the OS underneath. I recommend it to Windows people all the time for exactly this reason. Firefox is 'just a browser' and it 'just works' without requiring all this deep integration that isn't really necessary to do 99.5% of all the things one would use a browser to do.

Firefox is drastically more secure on Windows than Linux or Mac because it plays well with the Window security model. Just because the application looks and acts non-native doesn't mean it's not decently native.

This argument is simply retarded. The MOST non-native browser I can think of, Safari, is also the most insecure browser you can run on the Windows platform. A lack of integration is not what secures browsers.

Another example: Chrome is (probably more) secure on Windows specifically because it is cater

Re:

[BobMcD]

Non-integration != Security

That's an oversimplification of the issue, and isn't exactly intellectually honest.

In the security world, browser breaches happen because the attackers successfully make assumptions about the target machine.

Re:

[malevolentjelly]

In the security world, browser breaches happen because the attackers successfully make assumptions about the target machine.

Browser security has more to do with proper sandboxing than obscurity. It's all about memory management and privilege level. The Windows platform has better anti-exploit code in that respect than any other platform, anyway.

ClickOnce applications are probably more securely sandboxed than firefox in general.

Re:

[BobMcD]

This is only true in the highest point of view possible. In an ecosystem where all browsers exist and are used, yes, the best sandboxed one would be the most secure.

In the real world, however, that same most secure browser can be the most-often-compromised.

Using Firefox that doesn't support .NET is a way of making yourself less of an opportunity. A hypothetical .NET browser exploit wouldn't work on you unless you had this functionality added. Mind you, it wasn't pointed at your Firefox browser, so it may

Re:

[malevolentjelly]

Using Firefox that doesn't support .NET is a way of making yourself less of an opportunity. A hypothetical .NET browser exploit wouldn't work on you unless you had this functionality added.

I don't think it plays into the browser security model, though. You'd be correct if the plugin actually integrated .NET into Firefox... instead, it just provides a means to execute the permission dialogue launcher for ClickOnce. Any exploitation code connected to this is happening outside of Firefox and within the .NET ecosystem.

Mind you, it wasn't pointed at your Firefox browser, so it may not work at all, unless your Firefox behaves enough like IE (the true target).

The true target is the most popular exploitable target. If firefox ever surpasses IE in popularity. it's going to be in the same boat as IE has been historically. It will be targete

Re:

[Culture20]

It sounds to me like years of opensource Stockholm Syndrome has made freetards deathly frightened of platform integration and compatibility.

Nice trolling paytard. Hopefully you'll get a few +1 Funny moderations.

From the team perspective, they probably viewed it as a positive gesture--while they were updating the clickonce support on IE, they figured they would provide it on Firefox as well to give users a wider range of choice as to what their browser is.

And the MS Office team sure took Sun's ODF plugin positively. If every version of Java started stealth installing the Sun ODF plugin into installed versions of Office to fix the broken compatibility (and made it non-removable) don't you think Sysadmins on both sides of the aisle would be crying foul?

For wingbats on slashdot, it's A GROSS INVASION OF THEIR OMG PRIVACY THAT THEY DEMAND FOR THEIR PIRATED COPY OF WINDOWS XP.

Most of the comments expressing anger were from Windows Sysadmins managing legit Windows machines. The Linux guys laughed. The Mac guys

Re:

[Culture20]

It's Firefox not FireFox

No, it's IceWeasel, with weasel pronounced the way Pauly Shore says it: "Ice Weee-zel"