at least you can disable the extension
I noticed this thing months ago and was quite upset myself. It could not be uninstalled but at least it was possible to disable it, which is what I did.
Firefox fans are up in arms after a recent Microsoft software update silently installed a Firefox extension that is difficult to remove. Users agreeing to install a service pack for the .NET Framework (NET Framework 3.5 Service Pack 1) through Windows update were also pushed a Firefox add-on that is potentially difficult to …
"This is because the update installs itself for all users of a machine, while the Firefox GUI only manages add-ons for a single profile at a time."
So Firefox contains a weakness whereby any software can install an add-on that cannot be removed through the Firefox GUI.
Shame on MS for exploiting this weakness, but surely some explanation and a fix for this weakness should be forthcoming from Mozilla as well...?
And now, before said weakness is fixed, El Reg is publishing details which should make an exploit very easy to reproduce...?
Seems that MS is learning from Apple about pushing stuff onto PCs that people don't want.
I am off to find out how to remove the piece of malware right now. And it is malware no matter what the MS fanbois say. I never gave explicit consent for it to be installed (I never even knew of it existence until this story) ergo it is malware.
The utter, utter bastards.
is that the patch to fix the uninstaller does not seem to be picked up by automatic updates. I had to follow the link to the patch and manually down load it and run it. Then you have to start FF, let it update the plugin, restart it, click to de-install it and restart it before it is gone.
I didn't want this software installing in my FF. MS pushed it there without giving me the option and without telling me they were doing it. But then again that's Microsoft's arrogant bastard attitude for you. Brad Adams in his blog wrote:
"We added this support at the machine level in order to enable the feature for all users on the machine. Seems reasonable right? Well, turns out that enabling this functionality at the machine level, rather than at the user level means that the "Uninstall" button is grayed out in the Firefox Add-ons menu because standard users are not permitted to uninstall machine-level components. "
Sorry, Brad but YOU decided what was right to do on MY machine concerning a piece of sofware (FireFox) which is NOTHING to do with you? Where do you get off? And if you don't understand that standard users can't uninstall machine level components in FF then just what the fuck were you doing pushing something like that out?
So just what else are MS pushing onto our machines in the background that we don't know about and they aren't telling us about. Maybe my copy of Chrome doesn't work well (and thrashes the disk) because MS have hidden something on my computer. Is that odd error I get when I access google mail about the connection failing to transfer data properly really an error or is it MS doing things to break competitors applications?
It's not difficult to remove at all.
There was originally a 'bug' in firefox which disabled the uninstall button for extensions installed for all users. The Microsoft extension installed itself at this level which highlighed this bug.
Microsoft has since rewritten the extension to work around this and it's now able to uninstall like any other extension.
Another case of attacking Microsoft without finding out the facts first .....
Call me cynical, but I suppose their next move would have been to add some unpleasant .net code, then point at it and say "ooh, look at their insecure browser, we told you they couldn't be trusted - IE is much safer".
Bastards. If this isn't illegal, it should be.
That's MS updates disabled permanently now. I'll take my chances.
AFAIK, it is illegal to install software without the permission of the owner. That's why the Sony rootkit affair got ugly very quickly as well. I cannot see any argument why what they did here is legal -there really is no excuse for this.
Let's add this up:
1 - this update did not mention in any way, shape or form that it would "affect" (read: hack) Firefox. If it did, I would have said "no" because the whole reason I use FF is that it tends to be safer (there are sadly a few reasons that lock me to Windows, working on it).
2 - the EULA on display does not reference to this FF add-in, nor does it seek your permission for its installation. In other words, MS has not sought permission, nor abdicated responsibility as usual (not that that is possible with what is AFAIK probably a criminal offence). Before you ask, I did check - it's a lot shorter as "regular" EULAs go. Heck, it even misses the ALL CAPS bit.
3 - MS does not make Firefox, does not contribute to it, cannot even follow the standards it's based on, yet it is installing add-ins. It has nil arguments to mess with it, there is NO excuse whatsoever.
So, when -and where- will the first lawsuit be filed?
Yup - I've got the damn thing on my computer. Disabled it even before I finished reading the article and will now set about removing it. The annoying thing is that I have my windows update set only for security patches, specifically because I don't want MS buggering about with my setup without good reason.
This makes my browser LESS secure. They didn't ask me before they did it and I didn't want it. So now I know I can't trust MS even to add security patches without playing silly buggers.
"MS should not be patching third-party apps through Windows Update PERIOD. The idea of that site is to improve system stability, not fuck it up by messing with unrelated shit"
You do know that a little over a third of the windows codebase in XP is Microsoft bug fixing other vendors applications right?
Anyway the article seems to complete ignore that a clickonce app has to be signed with a trusted certificate before it will even install let alone silently, that clickonce has huge restrictions over what you can change on the system (no reg, no system files etc.
Just taking a peek at the list of extensions I can see:
Java ( but that asked me )
A couple of Real plugins
and a Yahoo activeX plugin bridge
Apart from the Java plugin I believe all of those other ones did not ask me if they wantrf a plugin to be installed.
Perhaps this is an attempt to weaken the security of firefox.
One of the reasons that is mentioned as to why people started using firefox was that it was known to have better security . Perhaps MS are trying to level off the playing field.
P.S : To all these people whinging about unauthorised software being installed I have absolutely no sympathy - you should be using an open system that doesn't do things behind your back.
ANYONE who uses Windows can never know exactly what is going on their systems, there are process / packets hidden from users...
Aside from the general better quality one of my reasons for moving to Linux was the control that it give you.
I cannot see what there is you complain about here. Microsoft are provide us with the system on which the Firefox Javs can run so it is up to them if they wish to correct them to run better. I think we should be thanking the Microsoft people who provide us with the extra .Net functions in the Firefox free of charge. They do not have to help the Firefox people but they do because they want the Windows to always keep being the best it can be.
I don't get it. MS installs a *plug-in* and you're complaining? That the original version was difficult to uninstall was FIREFOX'S FAULT, not MS'. Why the hell they're being flamed for releasing a *workaround for a Firefox BUG* I have no idea.
Note that MS' plug-in is NOT hidden from view, masked, or otherwise camouflaged. If you open up the plugin manager GUI, it shows up just like all the other plug-ins.
This is not a malicious "hack", it's being installed to make web-based .NET apps easier to use for the less IT-literate users. I.e. those who do NOT frequent this website.
You're a *minority*. Deal with it and stop demanding every IT company under the sun panders to your every whim for f*ck's sake. Not everyone who has to use a computer actually gives a shit how the annoying box of tricks does its magic.
Maybe if you whingers and moaners could actually create software worth a damn, you'd have cause to complain, but you can't, so you don't. Get your own effing house in order before you blame people for genuinely caring about making computers *easy to use*.
@Michael B.: The iTunes plug-in redirects iTunes Store-related URLs to the iTunes app, where the resulting info is intended to be viewed.
They released an add on for fire fox, they went about it in the wrong way, but thats all they did, its not like they actually started adding bugs to the core application.
There are 3 main issues here:
1. MS should not have installed the addon silently.
2. FF should have allowed the removal of this more easily.
3. Shouldnt FF warn you when new addons are added through an interface other than its own? - maybe not at the time as it may not be running, but at least on next start up say "Hey, I found these addons and have no record of you telling me you wanted them, do you want them? [Yes] [No] [FILE_NOT_FOUND]"
Sorry, whilst Mankysoft were wrong to go silently deploying an 'extension' into a competing product, there's more to blame than just them. I'm really quite annoyed that the concept of a 'silent' add-in exists at all in FF.
I'm paranoid enough to want _any_ extension to be added only after confirmation with the user. The only silent additions can be updates to existing add-ons as far as I'm concerned, (and personally even then I'd prefer a 'there's an update for xxx - do you want to apply' question). So what I want to know is when Mozilla are going to get their act together and get this hole sorted. Or is someone going to tell me that there's a "Add-on Security" add-on that I can install to do this?
Penguin icon because surely it's only a matter of time before we see MS 'enhancements' being pushed out to Debian et al. In which case I'm going back to paper and pencil.
I remember reading how it was/is possible to get a flash widget to "passthrough" the click to the underlying page, subverted for the intent of getting users to unknowlingly click a button on the webpage - have this add-on installed and the next flash game you play could pwn your machine!!
may well have a problem with the uK Laws at least in tampering with someones computer system with out their knowledge or permission. Surely if someone can get "done" for simply trying to access an insure website then MS are guilty as hell for tampering with Firefox ? I believe a Court may well find them guilty,.
Tell me please, what part of what MS did does NOT fit the below extract from the Computer Misuse Act;
3 Unauthorised modification of computer material
(1) A person is guilty of an offence if—
(a) he does any act which causes an unauthorised modification of the contents of any computer; and
(b) at the time when he does the act he has the requisite intent and the requisite knowledge.
(2) For the purposes of subsection (1)(b) above the requisite intent is an intent to cause a modification of the contents of any computer and by so doing—
(a) to impair the operation of any computer;
(b) to prevent or hinder access to any program or data held in any computer; or
(c) to impair the operation of any such program or the reliability of any such data.
(3) The intent need not be directed at—
(a) any particular computer;
(b) any particular program or data or a program or data of any particular kind; or
(c) any particular modification or a modification of any particular kind.
The other day I found a bunch of .net EULA and installation files lurking on an external drive on one of the Windows boxes. I wonder if each time I was unknowingly installing some MS .net app it was dumping that junk there (I know the article leads to say that you had to click to accept it, but that might not be true in every case - I have noticed some sites behaving differently starting a couple months ago and put it off to them making a change on the site).
I also do wonder about the legality of that. Granted when I installed Norton on the Windows machines, it installed an add-on to scan incoming add-ons, but this is different.
@ statement above about "weaknesses" in Firefox: At least it shows up in the add-on bar; Who knows what they put under the hood of IE that we never know about....
At least I don't see that mess in Firefox on my Linux machines and this confirms why I feel constrained when I use Windows!
You seem to be under the misguided notion that A: Anyone has the kind of money to waste filing lawsuit against MS for this and B: That MS does or would give a rust fuck about said lawsuit. They have in the past, do now, and will in the future ignore rulings against or win these kinds of lawsuits. A suit revolving around this wouldn't even make it out the door given that in relation to the big picture when it comes to MS illegal activities this is such small potatoes that it doesn't even register.
Java Quick Starter does operates in exactly the same way, making it difficult to remove because Firefox doesn't allow multi-user addons to be manually removed.
Seems to me a that this is a pretty huge flaw if you can't remove these addons without a registry edit, even if you can disable them.
It would be really easy for one of those spamware sites to use this to make their toolbars and associated adware generators unremovable.
As for changing to Linux, no thanks. Just avoiding being associated with retards like you makes using Windows a better choice all by itself.
I noticed this unwanted bit of kid install itself ages ago when they first started sending it out. The clue was that it changes the Firefox's user agent to broadcast the currently installed .NET framework version to all and sundry.
Removing the add on does not revert the change made to the user agent string or at least, removing it by force like I did does not. To put change that, open about:config, search for dotnet and clear the value of the general.useragent.extra.microsoftdotnet preference (or set it to something witty, of course).
Also @ Eddie Edwards:
Having the so-called dominating web browser in the market.....Microsoft should not have to resort to this. Eddie is right. Updates should be just that....updates, not some method to screw with other companies' stuff.
I have used Microsoft products since DOS 3 something or other. I moved over to Ubuntu after being mucked about at work far too many times to remember ( and that was in one week!!!). If you don't want Microsoft ruling your life, don't complain! Do something about it!
MS did something that showed a bug in firefox, by doing something that actually helped firefox by making things behave in the same way as it would on IE (which thye would be moaned at otherwise for making it "only work on IE"), the bug has now been fixed and worked around, but i want to throw my toys at microsoft because ....... i dunno its the cool IT thing to do so i whine on internet forums, arn't i smartzzzzz!!!
There , now i have said it so you idiots can stop posting now!
This post has been deleted by a moderator
Contrary to the article, there WAS a big stink on slashdot some time ago about an update installing a hard-to-remove firefox plugin, I guess it was just long enough ago already that slashdot collectively forgot about it 8-)
Anyway, I don't like this at all, but I'm with Ged.... Microsoft released a buggy update, and fixed this bug. I don't like updates that install extra software either, but this is par for the course for Windows (which is one reason why I don't use it.)
Wonderful. This update is almost 4 months old, and all of a sudden people are up in arms about it. So much for "many eyes making bugs shallow".
Interestingly, it's not the people with the skills that count that are up in arms about it, because they understand that there is nothing sneaky or underhand about this (if you install the .Net Framework, it's enabled in all of the "standard" places, including Firefox and Chrome). If Microsoft didn't support those environments, the same people would be complaining that Microsoft wasn't supporting open standards.
As others have pointed out, Adobe, Google and Java all do exactly the same thing - and I'm pretty sure that Java doesn't ask for permission to do this either - when you install Java, you get a "silent" update to the Java starter addon in Firefox.
The only Add-ons I can see my end are:-
Adblock Plus 1.0.2
British English Dictionary 1.19
Gmail Notifier 0.6.3.11
IE Tab 1.5.20090207
LogMeIn, Inc. Remote Access Plugin 184.108.40.2066
Webmail Notifier 1.2.1
Yahoo! Mail Notifier 220.127.116.11
Move along please
if your still daft enough to still be using Windows when you don't need to be.
I think this is solid proof if proof be needed that MS are fucking with your heads. I could never tolerate that. It makes me queasy just to think about it.
I'm also in agreement with Martin Kirk: we should bill MS for the time spent getting rid of it. An invoice is a demand for payment and failure to not pay an invoice is in fact against the law. I'd love to see MS defend themselves against not not paying several million small invoices.
Try moving on to something grown-up (and Microsoft agnostic). Its easy.
The main reason most people have installed Firefox is to avoid the gaping security holes in Windows Internet Explorer, particularly in running uninvited code. And the M$tards are basically patching Firefox - without asking - to make it more likely to do the same thing?
I hope the EU Courts will have something to say about that, since once again M$ is abusing its monopoly position against a competing web browser. You'd think they'd have paid out enough already!
ps Should that be cocks-up?
pps Paris 'cos she doesn't care.
It's hardly a vulnerability. We all install MS updates to (try to) keep our Windows boxes secure. Microsoft exploited this trust by slipping something through that is potentially unwanted, without much disclosure. Once you've given software permission to install---in the case of Windows updates by making them automatic or choosing to install them---the software has the privileges to do whatever it's programmed to do, beneficial or otherwise. It's like blaming the manufacturer of the lock on your front door when your ex still has the key you never got back.
Shame on MS for doing this, and I'm sorry if it (your misunderstanding of the situation) so upset you that you got your diaper in a twist and felt the need to admonish everyone.
There were complaints about this as far back as 12 August 2008, when it was a manual-only download.
The delay between initial complaints and media pick-up could be because those most likely to care about security/privacy downloaded .NET 3.5 SP1 before it was available through Windows Update. If you’re one of only a small number of people being affected, you’re more likely to remove the offending add-on, moan a little and then just get on with things. As Michael B wrote, most people have a whole load of other add-on extensions and plug-ins installed and enabled. There are many reasons for Windows users choosing Firefox over Internet Explorer. Sadly, I can’t imagine security was a significant reason for many.
"I think we should be thanking the Microsoft people who provide us with the extra .Net functions in the Firefox free of charge. "
No. Sorry, but just, no. Not even close.
This is why I was using FF in the first place, to get away from horrid things like ActiveX. And lo! MS come along and open up a colossal potential security hole, injecting it into a third party product, without even asking me. Sigh.
I noticed this thing a while back; it was gone from my system within the hour and our sysadmin informed.
So, Bad Balmer icon from me.
MS was known to do these kinds of things with their updates, if you have no problem using your system do not update it except for very specific patches that you understand to be required for your particular use of a system.
IOW, if you use firefox, do not install every IE patch that comes down the pike. If you aren't interested in DotNet functionality in your browser, don't install any DotNet patch until you're using something else requiring that DotNet level.
I do agree though, MS had no business altering 3rd party software in any way without specific user agreement, it is not enough that it be in a EULA because they release so many patches we'd be reading for days, the value of our time already exceeding the cost of the OS.
I don't think it was malicious though, only arrogant and another sign they have an interest in keeping web technology MS-centric, they want the world to develop DotNet and Silverlight instead of open tech, the same as they wanted the world to develop anything for IE or windows in general.
We let them do it. Just look at all the 'nix snobs that only suggest others run linux, but they don't provide the grass level peep support people had when windows was gaining momentum. With n00b windows users, if John Doe asked in a forum, "How do I see how much free space my hard drive has in Windows", someone would tell him. With n00b 'nix users, if John Doe asked the same question he'd get chastised or at best told something in geek-speak instead of plain and THOROUGH help.
In the Linux community there is this idea that new users are supposed to muck their way through getting a system up and running correctly instead of realize Linux is of no use if it doesn't start out running correctly so the user can remain productive while slowly learning more about the OS their machine runs.
To put it another way, do something basic like install Ubuntu on a laptop. Oops, no networking, seems a wrapper is needed for certain very popular network chips. Now what? System is a paperweight as you have to have a 2nd one to find a solution, but people only say "use a wrapper", they don't go through every single step nor is it automated.
Computers are supposed to do our work for us, not make us learn yet another discipline so we can devolve backwards to doing things manually.
I went on this rant to show the inherent problem, there is a balance needed between what the OS and Apps developers and peer support do for us, and what intervention we want control over. Linux does too little, Windows too much.
There's nothing dodgy going on here. Microsoft have installed a global extension for Firefox. It is picked up by all Firefox profiles on the system. That's what global extensions do. It is working exactly as Mozilla intended it to. If you run a portable apps version of Firefox it will be picked up there too because Firefox sees all global extensions when it loads up.
AVG anti-virus does exactly the same thing if you install their web tools. The add-on-is doing exactly what it's supposed to do. Microsoft are naughty for not advising that they're doing it, and for not providing an easy uninstall for it. But it's perfectly normal Mozilla functionality - if you must rant, have a go at them for designing that architecture into Firefox.
The Registratrix must be so proud! "OMG, Micro$oft installed something on my computer MONTHS ago!!!! I found out because The Reg told me about it!! Oh big bad nasty Micro$oft!!!"
Oh please quit your twaddling, you crybaby little whingy gits. HOW long was this on your system?
But, right on cue, an orchestra of fanboi rants at [whatever El Reg has written about today], regardless of whether knowledge of the issue extends beyond the final paragraph of the article.
I really must commend her; her control is nearly complete.
You're subtle but misleading. Of course if John Doe asks this question on (let's say) Linux kernel developers forum, he will get what (in my opinion) deserves. And for your information, asking this particular question shows he didn't read elementary documentation and more than that, he doesn't have any desire to read and learn about Linux. He just wants someone to give him the exact command line so he can copy and paste it at the prompt. My friend, this is the result of staying too close to Windows. Lack of real documentation (no, "Windows for dummies" doesn't count) makes the Windows user lazy in searching for answers.
I tried in vain to understand your last paragraph but reading again the one just above it, all became clear to me. You are doing way more than letting the computer work for you, you're allowing it to think for you. Tell me please what good is your brain if you don't use it for learning something new ?
Oh, and your example of installing wireless networking Ubuntu is lame. Allmost all ethernet network interfaces that come on recent motherboards do not have drivers in Windows so yes, you'll need a second system to download them too (unless perhaps you have an automated way of connecting to the net before installing Windows).
What are you people astroturfers or M$ spin doctors? How you can defend M$ on this is baffling to me! Could I as a writer of firefox add-on write an add on that surreptitiously that gets control of a machine in this way? NO, because when a USER installs an add on, they do not get that level of permissions to do this. But M$, the true OWNER of the windows system(not YOU, read the license) and by extension YOUR machine gets that level of permission in its update process so it can do such a shiity thing to its cutomers.
Should FF developers have blocked this from happening? No doubt if the OPEN SOURCE community had access to the M$ SOURCE CODE they could head off the ability of M$ to fuck around with things they have no right to fuck around with. Advantage M$, disadvantage PAYING TRUSTING LOYAL CUSTOMER.
M$ apologists, have the dark hearts of lawyers. M$ apologists are also the Republican, Conservative, Liberal ie right wing scum bags of the IT world.
Which popular network card did YOU have the problem with or are you reporting some heresay you read in a forum somewhere?
Wanna know how much disk space left in a drive, in kde you have KDF or 'K Disk Free' a pretty graphic tool in sytem>monitoring. You may have to 'mount' the windows drive first though. In the left pane of Konqueror (the KDE 'explorer') in the 'storage media' bit, click on 'drive C' to mount your windows drive.
Yes this Linux stuff is rocket science is it not? With such complex instruction like I just described, it is no wonder wintards are scared away from it.
Say, for example, you employ a cleaner to clean your house, every room top bottom except the bedroom, YOU will take care of that. The cleaner does their thing, you are happy with them but one day, you go to your bedroom and find in plain view some 'items' of a personal nature that you normally have stored discretely away and a note from the cleaner as how they have moved the items to make it easier for YOU to find/use them.
What would YOU do? Any normal person would feel violated and upset and probably have words or stronger with the cleaner but, judging by the response of the wintards on here, with the 'tard' part of the word been particularly relevant, they would not be concerned and would actually thank and congratulate the cleaner for what they did!
This post has been deleted by a moderator
has ANYONE actaully bothered to check the eula, or did you just click on ok as normal, i am preetty sure a company like MS will have something in the eula to say that either they are installing it or that they are allowed to install it.
Its a addon, if its a major problem then the idea of addons in firefox is not working, but as normal ms are damned if they do and damned if they don't because the internet is full of complete idiots.
Dear Auntie Reg, I have fallen for the old "security update" scam. I run some schill ware for the major copyright holders, I downloaded a "security update" this included a program that significantly altered the function of a third party application without permission or notification. I am told i need to use Reg edit to remove it. Might you send him round ASAP? In the past the worst the schillware did was to change file associations to their app from 3rd party apps and DRMing some mp3 files that where legitimately not DRM'ed.
so my question.. Should i contact PC plod to report that Microsfot buisness network, purveyor of poor quality security colanders to the masses (formerly controlled by the mysterious multi billionaire Byll Gits ( for defamation avoidance , i think that's how you spell it). has hacked and circumvented my careful security measures?
Linux needs a wrapper because the hardware manufacturers are still pandering to the sheeple-OS only.
If you have, say, an Intel chip (small company out of Oregon, you may've heard of them) it just works, on most any recent distribution.
With Windows, it works *not* because MS is doing *anything at all*, but because the hardware manufacturer went all out to make sure.
This, my friend, is a direct result of them being a monopoly, though it's at a level where MS can't be blamed for it in court.
I install and configure Linux for friends and family, even people I only have a nodding acquaintance with, no strings attached. That such level of support is needed is not Linux's fault.
However, I also know people who talk like you do, and I am happy they're on Windows. I took the water to the horse['s ass] but I can't make him drink you know.
Back to this issue: regardless of what is or is not Firefox's fault, installing something onto a **competing** product, that changes the behaviour of the competing product (useragent string), **without** the user's permission, is criminal.
They couldn't come up with even a little dialog saying "oh hey I notice you have FF. I can install foobar onto it to make your experience on FF as foobar as on our own IE. Would you like me to?"
And for those who think this was not intentional, let me assure you MS staff are not idiots. That old line about "never attribute to malice that which can be explained by stupidity" doesn't apply to MS.
In this case, it was to make sure .Net and Moonshine work on as many computers as possible.
Dear AC I'm Preeety sure you'l find that there is no EULA on security updates from Microshaft, otherwise they couldn't install unattended in the background...
Just had a thought , look round the back of your computer Does the label say "vtech toddler computer?" if so look again on a grown-ups computer at the article and Microsoft's website
"You're a *minority*. "
Not in Europe we're not, FF is the most popular browser here.
MS did not *ASK* before installing, that is the issue.
MS did not provide an uninstall, that is also part of the issue.
The fact that FF will not allow me to remove machine level code is a tertiary issue.
Any software vendor (and I mean "any", Apple are equally guilty) that installs code without my explicit consent is installing malware. This may be a breach of the Computer Misuse Act.
"Could I as a writer of firefox add-on write an add on that surreptitiously that gets control of a machine in this way? "
HAHAHAHHAHAHAHA , serious is a firefox addon is "getting control of my machine" as you claim then the problem is with firefox not ms, seriously stop being an idiot.
"Say, for example, you employ a cleaner to clean your house, every room top bottom except the bedroom, YOU will take care of that. The cleaner does their thing, you are happy with them but one day, you go to your bedroom and find in plain view some 'items' of a personal nature that you normally have stored discretely away and a note from the cleaner as how they have moved the items to make it easier for YOU to find/use them."
Incorrect analogy, its like the window cleaner leaving a bottle of car window cleaner on your doorstep. As basically the addon is helping you install stuff using a different browser/
And again to everyone who says it was without notification? DID YOU READ THE EULA (i'm betting no and you just clicked yes, yes,yes, yes each time), if you didn't shut the hell up complaining.AVG etc all do this as well, have a go at them , or have a go at firefox for not putting something in to detect new addons that are installed and telling users about it.
To all of those saying that these were added without your permission. These are plugins NOT extensions. What Microsoft installed without permission, without asking and silently was a new extension to Firefox which added functionality which some of us possibly didn't want, or at least wanted to have the option to choose rather than having our decisions made for us. The add-on also changed the user agent string to include .NET descriptors and also returned information on your system back to websites that supported the .NET extension.
It is NOT in the EULA, go on, read it... it will bore you shitless and you'll be tempted to give up before the end but its not in there (unless my brain imploded from all the legal bollocks it had to cope with).
Ask yourself. Is what they did acceptable in any way. They used a feature of FF to install an extension without it ever been requested. FF add-ons always ask when you are installing if you trust them and are they coming from a site you trust. Microsoft didn't feel they needed to ask us those questions and simply forced it down our throats. They put software into a third party application that affects the way that application works without telling anyone or asking anyone. Hell if I do that to your computer I'm a criminal but Microsoft are apparently above the law.
In the original blog post about it Brad posted : "We added this support at the machine level in order to enable the feature for all users on the machine. Seems reasonable right?"
They took a decision to override individuals preferences and forced it onto everyone and they didn't even check to see if an individual could actually de-install it. Is that reasonable?
I assume that the next time your car is in the in garage for a service, and they just tinker with the engine or the steering to "improve your driving experience" and they don't ask to do it, or tell you that they've done it, or even allow you to take those changes away, that you'll be totally happy?
Even it was just a plug in and they added it silently like some of the other plugins it still does not make what they did right. Just because company X and company Y do it does not make it right.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:18.104.22.168) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)
and the corresponding about:config
general.useragent.extra.microsoftdotnet;(.NET CLR 3.5.30729)
Worst part is that the prompt is unchecked - just go to:
Tools > Add-ons
You'll see "Microsoft .NET Framework Assistant 1.0"
Click the relevant "Options" button and ensure that "Prompt before running ClickOnce applications" is checked - at least then, if something wants to make use of this feature, FF will ask you first.
Yes, SILENTLY installing this update on FF with the .NET patch was distinctly wrong but it's MS, you expect it... normally when something wants to install a browser add-on it'll at least give you a (normally pre-checked) check-box asking if you want to install it.
Oddly enough - couldn't find any trace of this in the Opera about:config
"I assume that the next time your car is in the in garage for a service, and they just tinker with the engine or the steering to "improve your driving experience" and they don't ask to do it, or tell you that they've done it, or even allow you to take those changes away, that you'll be totally happy?"
Err, yeah of course i would, free extras for no cost and no extra time, ride on!
Anyway enough of this, all you whiners would NOT be commenting on this if it was any other company, the only reason you are all up in arms is because ms have done it (and again, you would also be up in arms if they didn't include the functionality because they would be "focusing on IE"), if any other company did it (and they do) nothing would be said.
Finally the proof. And before the fanbums start saying it wasn't Mozzila's fault, it was a third party - I don't care. Microsoft don't go around making viruses and exploits for their own users either, it's third parties who are to blame, yet he fanbums love to atack the 'evil empire'.
Very very bad Firefox here, allowing third parties to do whetever they want with no regard to the user. Trust has been broken, mark my words. Google Chrome is the tiger in the grass, and fox no match for tiger.
This *IS* insidious. I wasn't too concerned (it's like them adding the ASP.NET user account to XP with the .Net installer - annoying, but not altogether unexpected) at first, but having just plugged Firefox Portable into a brand new machine, it's automatically installed the plugin, even though the Windows .NET installer was run days ago.
That, to me, is totally unacceptable. You can almost excuse them messing with an installed copy of firefox, but the whole point of a Portable App is one that YOU control the settings on more than usual because it travels between machines...
MS Installed an extention into non MS software without specific permission: Bad.
FF Allows an extention to be installed without specific user permission: Bad.
FF doesn't allow individual users to disable a globally installed plugin: Dubious
MS change plugin so it can be more easily diabled: Ok, but a bit belated
This is another non-linux story hijacked by Linux zealots: Tedious
I stopped using FF and IE a couple of weeks ago and use Opera now: Ha, ha.
Now get back to work.
Man you Windows fanbois have got a real persecution complex haven't you?! You can dish dish it, but woe betide anyone that besmirches your precious Microsoft and Windows OS. Look, MSFT have been naughty here. The SP1 was for .Net. They have 'sneaked' a plugin UNLAWFULLY onto Windows systems. Thats wrong. Apple did it with Safari and they where rightly derided. So suck it up fanbois. Really, how hard would it have been to prompt the user for permission? It'll be that shite Silverlight next...
[DISCLAIMER] This is not legal advice. Please consult a solicitor for legal concerns [/DISCLAIMER]
@MS = Guilty , By Anonymous Coward Posted Monday 1st June 2009 16:57 GMT
"Tell me please, what part of what MS did does NOT fit the below extract from the Computer Misuse Act;"
Specifically, not one of 3.2.a, 3.2.b, or 3.2.c is met, which means that 3.1.b cannot be met, which means it is not illegal, under the Computer Misuse Act clause you have quoted. To wit:
"(2) For the purposes of subsection (1)(b) above the requisite intent is an intent to cause a modification of the contents of any computer and by so doing—
(a) to impair the operation of any computer;"
- This does not "impair" the operation of the computer. This might make it easier for other code conforming to MS rules (OneClick) to run on the computer, but that would be outside the scope of MS, unless such code was, in fact, written by MS.
"(b) to prevent or hinder access to any program or data held in any computer; or"
- This does not stop FF from running. It does not stop FF from accessing any sites (in and of itself). It does not modify any access to data on the computer. It *does* install for all users, and therefore some versions of FF might have issue *uninstalling* (fixed as of latest version, I hear?), but does not "prevent or hinder" access to any data on your computer. In fact, it provides and eases access to more data (see below).
"(c) to impair the operation of any such program or the reliability of any such data."
- This does not impair the operation of FF. It could, in fact, be argued that the plugin extends the functionality of FF (which one might expect a plugin to do, eh?), not withstanding interference with other plugins. Unfortuneately, there are quite a few examples of plugins that *do not* like to work together (OGame, anyone?), so this is not a isolated, malicious instance. This, in fact, does not impair the reliability of data on your machine; in fact, it might be argued that as site you visit is provided what version of .NET you are running, it can improve the reliabilty of data provided to you by the site.
If MS violated its own EULA or did/did not put appropriate information/clauses in there to allow it to install the plugin (which is still separate software and distinct from FF), is another matter which has been discussed above.
This is not uncommon to those [explictive removed] "shareware" or "free" (as in beer) "tools" that include Google/Yahoo/OpenDNS/etc. Toolbar in FF and IE as a silent(!) *requirement* to installing them. They are also extending FF without my knowledge and against my will, but is tucked away as part and parcel of the app.
Do I feel MS was wrong to do this, *in this way*? Heck yeah. By their own procedures (not necessarily rules), this should have been tucked into "Optional Components" and shouted and jumped pointing to it. That would have allowed them to tout and toot "Look how magnanimous we are!" to provide better functionality to "the lesser masses." But, but putting it in under cover of "Critical Security!", they have simply come off as Evil Empire(tm) again.
"(c) to impair the operation of any such program or the reliability of any such data."- This does not impair the operation of FF. It could, in fact, be argued that the plugin extends the functionality of FF (which one might expect a plugin to do, eh?)
Wrong. It silently allows external code to install and run -silently. (yes, double silent: the plugin installs silently, and the 4th-party code will install silently). So it digs a huge security hole. It _is_ impairing the proper operation of the software. Period. (and I don't give a shit about the ridiculous "but clickonce app has to be signed with a certificate". Who says the certificate is to be trusted? the same company who sneaked the malicious hole in the first place? How trustful!)
Not a big issue for me anyway. It's not like I was foolish enough to use Windows for mission-critical tasks -unless it's on a properly quarantined machine.
Let's say you have an NVIDIA nForce 570 SLI MCP built-in Gigabit MAC with external Marvell PHY, Windows XP will helpfully show you an unknown ethernet controller (if you're lucky). Maybe it's not popular but that's what comes with a lot of Asus motherboards.
Regarding your opinion on getting help in Linux, please imagine for a second what would happen if I would go to a Windows forum (Microsoft TechNet) and ask how can I see the free space on my Linux partitions while I'm in Windows gui. How helpful will they be ? From my Linux experience I know you will have to mount the Linux partition somehow but I doubt you'll find a lot of Microsofties who will tell you how to do it.
Yes this Linux stuff is rocket science is it not? With such complex instruction like I just described, it is no wonder wintards are scared away from it.
I only use Ubuntu and I have never come across a more friendly set of forums than those at Ubuntu. People bending over backwards to help, when the questions are sensible and show a genuine need for help.
What annoys anyone technical, no matter what O/S or application, is some complete prat turning up and asking the most idiotic questions and you know full well they haven't even bothered to attempt a simple bit of reading the help pages or Googling for an answer. You managed to get a browser up somehow, on something and you managed to log into this forum, so you can't be a complete brain-dead zombie then?!
Two of the following are genuine questions:
"Can I run this Linux thing in Windows 7?"
"Duh, I got this Linux thing installed, why won't it run run Access?"
"I got an Apple and IE is not installed, why not? This suxxors!"
"I can't find my arse with both hands, am I a complete twat?".
"Annoyances.org, a Windows gripes site, reports that the update slaps IE-style behaviour on Firefox users, specifically the "ability for Web sites to easily and quietly install software on your PC"."
Note the quotes people, El Reg have not said the plugin does this, Annoyances.org have and they are hopelessly wrong.
The plugin is for a technology called Click Once. It allows developers to publish .net applications via the internet/intranet. I use it at work and its very handy.
It is far from covert, the user sees a web page telling them what app they are installing along with a big install button. Nothing gets downloaded without the user pressing the install button. Once installed, the app, when launched can check the site and see if any newer versions are available. Once again, the user must click on the install button to install the update. The user can also use Add/Remove programs to uninstall the App if they no longer need it. For anyone to publish an App in this way, they must digitally sign the code as well, making it harder for a site to get hacked and the hacker replacing the app with something nasty. And, as far as I am aware, it only works with .net applications.
Far from trying to subvert FireFox or make it “act like IE”, the purpose is to allow users to install .net applications without having to resort to running IE in the first place. This technology is nothing like the godforsaken mess IE’s ActiveX components was.
Granted, the plugin cannot be easily removed unless you have updated it. But the purpose of the update is so you CAN remove it.
I hope this helps to clarify matters!
In a fit of disgust I went to the place you delete shit and ploffed [Specifically anything .NET and arbitrarily Microsoft] it off. Not that I should be bothered that...... later on in the excercise it was saying some of me software would not work if I did it.
HAH!!!!!! KILL KILL KILL
Still..... I did notice that [grumble] when I tried to uninstall one bit of cruft I was told that I did not have the 'Administrative Privilidges' to do so. YahFuckingBut I, don't know who the fuck you think you are but am Admin/Root God and shit coz you let me be.
Strange to say that having arbitrarily got rid of the cruft putre [sic] boots real quick and still works.
I suppose I'll just install Firefox again and gain a lack of .NET compatibilty until my shit get upgraded.
Whoopy Fucking Dooo!!!!
Microsoft is downloading updates to take care of me.... or sniffing about elsewhere after my rape to see what I got rid of.
Used to go cruising online SEX sites - and in the days of the dimwits promoting themselves with 200 pop-up scripts via the Internet Explorer fabulous fuckup of a browser..... 200 pop ups = MUCH annoyance and shutting down of browser to stop said popping up.
Moved to Opera (browser) and a couple of others, and they had popup blocking about 5 or 6 years before the dimwits in Microsoft ever got around to copying more of other peoples ideas...
And the Dimwits in Microsoft - blocked firefox users from getting MS perpetual updating and etc., from the MS sites..... I nailed them with questions like, "If your Internet Explorerer is so good, they why are you blocking Firefox users?".... a question they refused to answer.
Now that stacks of people are so sick of MS and their bullshit software - and fled to Firefox; The Scum-Dums in MS start to copy or steal all the innovations done by other people - who made Firefox...,
Now MS are hacking other peoples systems and browsers...... Big Punch in the FACE for Steve Ball-Me-Er
Biting the hand that feeds IT © 1998–2021