Microsoft Update Slips In a Firefox Extension 803
An anonymous reader writes "While doing a weekly scrub of my Windows systems, which includes checking for driver updates and running virus scans, I found Firefox notifying me of a new add-on. It's labelled 'Microsoft .NET Framework Assistant,' and it 'Adds ClickOnce support and the ability to report installed .NET versions to the web server.' The add-on could not be uninstalled in the usual way. A little Net searching turned up a number of sites offering advice on getting rid of the unrequested add-on." The unasked-for extension has been hitchhiking along with updates to Visual Studio, and perhaps other products that depend on .NET, since August. It appears to have gone wider recently, coming in with updates to XP SP3.
malware.... (Score:5, Insightful)
Huh! (Score:5, Insightful)
Allowed scope of updates (Score:5, Insightful)
Amazing (Score:5, Insightful)
Equal Opportunity Offender... (Score:4, Insightful)
YES Unsuspecting... (Score:5, Insightful)
Re:NOT Unsuspecting... (Score:5, Insightful)
Just because I installed the
A good sign! (Score:4, Insightful)
Although it's not the best approach that could have been taken it is a good sign. If Microsoft can no longer ignore Firefox then all those sites that still require IE to function will begin to follow.
Re:Allowed scope of updates (Score:4, Insightful)
Microsoft gives us updates all the time and we trust them to fix bugs and security holes.
What you mean "we", Kemosabe?
Microsoft will never learn (Score:3, Insightful)
Re:malware.... (Score:5, Insightful)
Having said that, I wonder if this update is stated anywhere in the ToA.
Re:Scumware, eh? (Score:4, Insightful)
That doesn't matter at all. Type in any .DLL file you can think of, and you will see all the "Remove Spyware Now!" type sites that catalog DLL files. Buried in the actual relevant content of the site, hidden beneath all the "Spyware is dangerous, you may have spyware" boilerplate content is a row in a table telling you that the DLL file you searched for is safe. You can't just trust results like that.
Re:A good sign! (Score:4, Insightful)
but... (Score:5, Insightful)
Re:sony (Score:5, Insightful)
Unless that cat is the American public and the time since the last time you caught them is greater than the time since the last episode of American Idol.
Re:NOT Unsuspecting... (Score:2, Insightful)
Re:NOT Unsuspecting... (Score:3, Insightful)
Do you see how that's a different situation than installing an app that adds a browser plugin?
Re:A good sign! (Score:3, Insightful)
All what sites? Aside from internal corporate web apps, has this been a real problem in the last five or so years? I remember having some issues back when Firefox was still having issues picking a proper name (pre-1.0 days), but I honestly don't think I've seen a public site with serious issues since around Firefox 1.0.
There's still some stuff out there with wonky stylesheets, of course, but that almost never is SO bad that it causes a site to be unusable.
Re:Scumware, eh? (Score:5, Insightful)
It does matter because the sites are different. The ones that come up for Microsoft Framework Assistant are forum postings, articles and blogs instead of autogenerated bull-honky.
Re:but... (Score:5, Insightful)
Except in Apple's case, it's somewhat worse... after all, why the fuck would they install MobileMe or Bonjour on my system when I install iTunes?
Why the FUCK do they think I want their networking system along with their player?
Bonjour [wikipedia.org]
Grrrrrrrrrrrrrrrrrrrrrr. Weak. At least the .NET extension is within the realms of making sense.
Re:NOT Unsuspecting... (Score:4, Insightful)
Why are you so amazed? Your control over your computer is illusory when you use closed-source programs -- especially ones that call back home and install "updates"
Re:malware.... (Score:5, Insightful)
Who's to say this thing isn't a security risk? Microsoft?
Of course, we don't *know* that this software is bad, but my policy with my own machine is that if I don't know what something does, it doesn't run on my computer, which is why my computer still runs smoothly even though I haven't reinstalled Windows for several years.
For those of you who are assuming it's probably safe (and admittedly, you're probably right), there's another good reason to get rid of it. Microsoft changing your browser string to indicate that this piece of software is installed in your browser. The purpose of this, most likely, is to increase the installed base for this software, and use that as an argument to ush whatever new web technology they're pushing. Now that non-IE browsers account for 30% of the total browsers on the internet, Microsoft is losing their stranglehold on web "standards", and they're pulling this crap to get it back.
Don't be a part of it. Remove this plugin, then go into about:config and change your browser string back so it doesn't falsely advertise that you have it installed.
Oh, and as far as Firefox goes... why is the uninstall button grayed out? This feels like a UI issue to me; principals of user-friendliness dictate that I ought to be in control of whether or not I can uninstall an add-on. Even having code in the browser that allows someone to take that freedom away from me is a bad thing. (Of course, is it really Firefox's fault? Is there a technical reason that Firefox *can't* uninstall the plugin?)
firefox security hole? (Score:2, Insightful)
it seems very for malware to be installed like this
Maybe I'm looking at this the wrong way, but shouldn't Firefox stop extensions being installed this way?
Re:but... (Score:3, Insightful)
Because some iTunes' features are built around those technologies. Eg. if you have wireless speakers or another library/machine/appliance you want to share your music with, Bonjour will auto-detect it and list it in iTunes. Here Microsoft is including spyware targeted at their competition (Firefox) in their own updates in order to make Firefox look bad. It's like Apple including an update to Microsoft Office so that information on every document gets sent to them or including an Internet Explorer extension to send out personal or system information to the pages they're visiting.
Re:Why get upset? Firefox users avoid proprietary (Score:3, Insightful)
Re:Allowed scope of updates (Score:5, Insightful)
Which most people assume means things like MS Office and other MS components that are not part of a bare Windows install. I can't imagine anyone thinking this means 3rd party software.
Re:but... (Score:4, Insightful)
I don't understand the hatred for Bonjour. It's a discovery protocol, used by Macs for ages. All it does is to make it possible to find other computers. Adobe seem to be using it in their latest products, so you'll be seeing it more. It's not as if Windows programs historically have been satisfied with just one version of a DLL, anyway ;)
Normal for Microsoft (Score:4, Insightful)
Re:NOT Unsuspecting... (Score:2, Insightful)
Yeah, damn those closed source OS's
Re:Why get upset? Firefox users avoid proprietary (Score:5, Insightful)
Maybe because...
Just one of those is enough to make something bad.
Re:Why get upset? Firefox users avoid proprietary (Score:4, Insightful)
What part of "can't uninstall" confuses you?
Re:but... (Score:2, Insightful)
Re:Why get upset? Firefox users avoid proprietary (Score:5, Insightful)
I'm seriously confused as to why this is upsetting considering that the average Firefox user installs plugins ...
The point isn't that MSFT is creating FF plugins.
The point is that MSFT is silently forcing plugins without telling us what they do.
This whole thing would have been a non-issue if they had
But MSFT is too arrogantly stupid to do that.
Re:Profiling, anyone? (Score:3, Insightful)
Then I assume that you have the source for the plugin, no?
If you dont have the source, how can you be sure what exactly it's attaching to? I know if I was Microsoft, I'd attach to parts of the rendering engine and screw around with things. It'd be an easy way to make Firefox seem slower and buggier. And, why disable the "Uninstall" button? Looks rather fishy to me.
I mean, if Firefox is prone to crashing at random times on random websites, wouldnt you think users would go back to IE?
Re:Any real reason to nuke it? (Score:3, Insightful)
Given the ample, well documented evidence of bad behavior by MS, failing to consider evil behavior by MS is a clear example of "fool me once, shame on you, fool me twice....". Just because the "evil behavior" is not so obvious yet, doesn't mean that there is not such a motive behind this action.
updating third party software? (Score:5, Insightful)
So it's really nothing abnormal to install an extension in a third party browser. This leaves us with only one issue, the fact that it was distributed via updates to other applications. I refute this as being a major issue for the exact same reason - quite a few programs update/install Firefox extensions as part of their normal update procedure - I raise Foxit Reader as an example, which as of v3.0 automatically installs a Firefox plugin. No one's yelling about that.
A significant question here: If it wasn't Microsoft, would anyone be nearly as angry?
Re:malware.... (Score:5, Insightful)
You could, but that would basically mean the system administrator can't make extensions available system-wide. A tradeoff, of course, and assumes that you trust your system administrator somewhat...
New Idea (Score:3, Insightful)
I've noticed several of these uninstall-proof extensions lately. How about the Mozilla folks tweaking the extension model to allow an uninstall option?
Re:Allowed scope of updates (Score:5, Insightful)
that's because:
a) most apps in Ubuntu come from the ubuntu servers, not their native homes and are compiled by canonical to work nicely with ubuntu
b) Other apps are hosted in repositories. Some by the program writer, some by other people. But Apt/synamptic manages all the repositories in one place for you! And you can turn them on and off at will. What a concept!! This is what people have been requesting from Microsoft update for the better part of a decade.
Is this SO bad? (Score:5, Insightful)
A lot of you will hate me for this...
MS doing this is them trying to ensure that Firefox will work with their web apps (or, web apps built with their technology). Now, granted that they are taking liberties they should not. It would be better to just make the plugin easy to get and install. Consider however that they are doing this so their technology will work on a standards-compliant browser. That's not nothing. It IS dysfunctional in a passive-aggressive way (aggressive-passive?). On the other hand MS is trying to make the browsing experience BETTER for people who use .Net with Firefox. I'm not so sure this is a bad thing. maybe poorly executed...but...there's an argument for saying it's not.
Look, if you were running Ubuntu, installed Opera, and automatically got plugins from Synaptic for Opera that added new functionality would you complain?
Then again, the convoluted removal process should be reconsidered.
Re:Allowed scope of updates (Score:4, Insightful)
Probably because it's labelled "Microsoft Update" - implying that it updates anything from Microsoft on the computer.
If Microsoft wants everyone to use a new "Computer Update" service, then they better call it that and see how many people they can get to click on it.
Oh come on people... (Score:1, Insightful)
Everybody and their mother does that:
1) Quicktime/iTunes ...
2) Acrobat/Flash/etc
3) RealPlayer
4) Skype
5)
In fact that's what the whole system of extensions and plugins was *designed* to do. Accommodate 3rd party functionality that wasn't built-in to the browser itself.
And that's a GoodThing (TM).
The bad is that you can't uninstall it (easily). But you can always disable it...
Re:NOT Unsuspecting... (Score:3, Insightful)
the adobe products are SPECIFICALLY browser helpers... that's the point of Flash or Acrobat Reader to be plugged in to your browser. There's even a spot in the browser for them to do this.
Microsoft is trying to "fix" Firefox compatibility with .Net tools, that's the big problem people have. On one hand they are adding in the tools needed for Firefox to function properly on Microsoft web pages like any other browser plug-in vendor would. On the other hand Microsoft is doing this without announcing it, and the manor in which they slipped this in is of questionable motive. Remember they had a motto years ago..."DOS ain't done till Lotus won't run" Firefox and others had/have no such intentions.
Re:updating third party software? (Score:4, Insightful)
A significant question here: If it wasn't Microsoft, would anyone be nearly as angry?
Apples & oranges, only MS has the desktop monopoly to make this work.
And the lack of an uninstall makes it malicious by my standards.
Re:Profiling, anyone? (Score:2, Insightful)
Conspiracy theories are not needed here. True, they should have enabled Uninstall, but jumping the gun is absolutely ridiculous.
Fucking up your ACID test via plugin in order to make IE seem better? Are you frakkin' serious? There's absolutely no possible way the community wouldn't notice that, and it'd be a ridiculous waste of time.
If I were Microsoft, I'd fire you for such a terrible idea.
Ah, I was wondering (Score:3, Insightful)
That explains why .NET 3.5 SP1 was tagged as a 'high-priority,' and thus completely automatic and unnotified, install for anyone who allows Automatic Updates self-governance.
It clearly wasn't a security update: I only have .NETs v1 and v2 installed, and yet I still got a notification to install the SP1 update for .NET v3.5! Luckily, I don't automatically trust Microsoft with anything. I told it to ignore the update and never show it to me again.
Basically, MS is once again abusing the high-priority update channel, just like they did with the Genuine Advantage Notification tool. Don't let anyone tell you differently. They are treating machines set to update automatically like a spammer treats his botnet.
--
Toro
Re:Profiling, anyone? (Score:3, Insightful)
The microsoft "helper" plugin cannot be uninstalled like the java or adobe plugins. And since it behaves differently in that respect, I wonder if the .NET "Click-Once" apps trigger all those "security" warning popups like applets do? Maybe this uninstallable characteristic is related to getting around the windows "security" model. If that's the case, then microsoft will be able to call it "a feature".
As in creature feature.
Re:but... (Score:4, Insightful)
Because Bonjour is a dependency for the correct functioning of an iTunes feature? ... the same could be said for the correct functioning of a Microsoft .NET feature here.
Security (Score:5, Insightful)
Given Microsoft's track record with security, I worry:
- Windows user installs Firefox to avoid IE's security flaws. .NET functionality allows websites to host .NET executables.
- Microsoft silently installs a plugin onto Firefox that reports the browser includes
- Hackers discover a way to exploit this.
- Thus, Firefox is now less secure thanks to Microsoft.
Re:updating third party software? (Score:5, Insightful)
Re:malware.... (Score:5, Insightful)
So why didn't MS enable removal through the "add or remove programs" mechanism?
Mod up. 5 is not enough. (Score:5, Insightful)
Shame on MS. They have been through this before and should know better. Bad. Bad. Negative points. Sad, sad negative Karma.
Re:updating third party software? (Score:2, Insightful)
Exactly! (Score:5, Insightful)
They think they have a right to re-configure the software you use, for their own convenience and profit. That they can install things and you should have no say in the matter.
I am serious. On the corporate level (not most individual employees, I am sure), they really think that way. The evidence is incontrovertible.
Which used to serve them well. But which, in today's environment, is suffering a greater and greater disconnect with reality. I am sure you have noticed this yourself... the most obvious explanation for Microsoft's accelerating loss of market share is simply that they have lost touch with the realities of the market: their users' wants and needs, and, not to make too small a point of it, their business ethics.
I am not surprised at all.
Re:Exactly! (Score:2, Insightful)
Or possibly they believe that:
a) You are running Windows .Net framework installed ... then it is quite possible that you want the goddamn thing to actually work. They have delivered an add-in, which brings this support, at their expense, to your browser.
b) You have the
c) You are clicking a "Clickonce" installer link
They have added a goddamn handler for the clickonce mime type. That is all. This is useful. This allows firefox adoption in the many businesses that deliver LOB thick client apps using clickonce.
Before you get on your MS bashing high-horse, you might choose to take a glance at Sun, who has been including the _goddamn google toolbar_ in Java updates as a default option.
Re:malware.... (Score:3, Insightful)
"if I don't know what something does, it doesn't run on my computer" ...but you use a closed operating system?
Quickly forgotten (Score:5, Insightful)
Anybody remember when Windows "Genuine Advantage" validation software was getting slipped in as part of "critical updates" for things like the Microsoft Flash Player patch? It wasn't really that long ago.
You don't seriously expect Microsoft to *not* do these sorts of things on what they consider to be *their* systems, do you?
Re:malware.... (Score:5, Insightful)
there's another good reason to get rid of it. Microsoft changing your browser string to indicate that this piece of software is installed in your browser. The purpose of this, most likely, is to increase the installed base for this software, and use that as an argument to ush whatever new web technology they're pushing. Now that non-IE browsers account for 30% of the total browsers on the internet, Microsoft is losing their stranglehold on web "standards", and they're pulling this crap to get it back.
This. It doesn't very often happen that a point is so important that I feel the need to quote it entirely and just add a "me too", but this is one of those very rare occasions.
They have just hijacked every Firefox install out there, and are using it to advertise their own product. The only appropriate response would be for Mozilla to automatically refuse it from Firefox with the next Firefox update.
Re:NOT Unsuspecting... (Score:3, Insightful)
Well, Yes, MS does automatically install this program. The dotnet update 3.5 SP1 was listed as a critical security update, I have this on two servers that IE can't even access the web on. Firefox is only on it to check an internal website and monitor/access the web interfaces to routers and switches. The update installed the thing as it wasn't there before and yes, I check quite often. It also hasn't attempted to do anything on the internet yet because I monitor port access and nothing out of the ordinary has came up.
So if you had automatic updates on, it would have been installed without you choosing to install it. If you manually install automatic updates, there is no warning of it being installed. Critical updates shouldn't be adding new features or changing the way other software works unless it's specifically to address a security problem. Adding functionality to Firefox isn't a security fix.
Now it doesn't matter if you get this with any DotNet install now because you didn't in the past. Up until this month, it didn't even exist as far as I know. And just because it installs with dotnet now doesn't mean I agreed to installing it a year ago when I installed the last dotnet package to suppose a program we are using.
You have missed the point. (Score:5, Insightful)
(2) Microsoft has every opportunity to give that end user A CHOICE. Yet, typically of Microsoft, they chose not to do so. That was the WRONG decision. And that is how most people view their work machines today: it belongs to me, by damn, and you had better ask me before installing something. As a computer professional, who depends on controlling software versions and so on to guarantee compatibility, this is not an option for me. I insist upon it. Companies that violate that policy are not my friends. They do NOT make my life easier, they make it much more difficult.
(3)They have no right to assume that I want their goddamned "Clickonce" thing to work. Maybe I don't. And in fact, the OP was not about installing it via the web at all, it was about it being installed automatically in the background via SPs and SP updates. This isn't about clicking on a link at all. Please read first before you offer an opinion.
(4) This is NOT about adding a mime-type handler. It is about installing a mime-type handler that some users may not want, secretly, in the background, without asking for permission. And for a BROWSER that isn't even their own product. Not only is this unacceptable to me (because I must always be in control of what is installed on my work machines), it is also typical of Microsoft's arrogant attitude toward their users.
My high-horse is not strictly MS-specific, as you would know if you actually read what I wrote! If any other company did this, I would oppose it just as vehemently. It is just that Microsoft is famous for doing this kind of thing, and here is yet one more example.
Odds are, "ozphx", that I was using Microsoft products professionally before you were out of elementary school. If you don't have a direct counterargument to mine, then please go elsewhere.
Oh... by the way. I agree that including the Google toolbar in Java updates is unethical, too. But at least a choice *IS* offered, and that during a voluntary install. In the case under discussion, it was stated that this software is being added unannounced, as part of an update, without any such option being provided. So there is a bit of a difference.
Re:NOT Unsuspecting... (Score:4, Insightful)
[root@localhost ~]# apt-get update apt-get: ET phone home
You forgot one thing though
# su -
When's the last time any packets installed without your consent?
Re:malware.... (Score:5, Insightful)
The true question here is not how to uninstall it. The question everyone should be asking is: is it messing with other settings in firefox, reporting back to MS what other extensions I use, monitoring my web traffic, going to break my browser, new security holes? Maybe I don't want my f'ing browser to report what other software is installed on my computer.
How about this one: Ok Microsoft, you are making automatic changes to software written by other companies without permission or request of the user. I don't care if you say it's just an extension, you didn't ask me! My trust just went right down the toilet.
Note: I noticed this extension the other night on a system in VMWare but I haven't had a chance to look into it yet.
In all fairness I think Microsoft should be forced to open source things they want to add on to NON MS applications. That way people can go take a look... Especially when you don't ask the user permission.
Are there any legality issues with what they just did here?
Re:malware.... (Score:5, Insightful)
I would give up Microsoft Windows....but I like playing games.....
Re:Allowed scope of updates (Score:5, Insightful)
Microsoft Update sure sounds like it will update Microsoft products. Given that Firefox is not a microsoft product, how the hell was I to know they would update it?
Re:Profiling, anyone? (Score:3, Insightful)
What is ClickOnce and why should I be forced to have a plugin to support it? How is it supposed to work? If my browser crashes unexpectedly, how can you be sure it isn't the mysterious plugin that appeared?
I get jumpy when software starts appearing on my laptop that I didn't put there. It screams 'attack vector', especially when it hasn't been vetted by any agency or group I trust.
How does it do it's job? What information does it send? Why the FUCK did it feel the need to modify my agent string?
I'm going to dig through firewall logs and see what it sends.
Re:Erm, right.... (Score:3, Insightful)
Eh... well not under Extensions, but under Plugins. (I'm looking right at them right now.) Which is where I go to disable them, since they are the Great Satan. Well ok maybe not, but they are annoying. :-D
Re:Huh! (Score:4, Insightful)
This is probably actionnable under whatever covenant MS signed to get out of the antitrust lawsuits against them: they're using the OS (windows update) to modify a competitor's software (FF), in order to give an unfair advantage to one of their technologies/product.
If that behaviour can be proven, someone stands to make a lot of money. Several someones: the states, the competitors...
Re:malware.... (Score:5, Insightful)
Be honest. Have you read the source code of EVERY program you run, and of your operating system? Did you understand all of it? If you have read it all and understand it all, you're either running very few programs and a tiny, simple OS, or you have way too much free time. 'Knowing what someting does' is not a black-and-white thing. To get a good analogy: I can use a car and understand most of its parts without fully understanding the atoms it's made of, or how the car was made. Odds are GP is someone who knowns what all processes on his computer do, even if he doesn't know precisely how they do it. You create a false dichotomy by suggesting it is only possible to know what your programs do when you run an open source operating system.
Car Analogy For You (Score:5, Insightful)
This is like sending in your Microsoft car for servicing at Microsoft and having the Microsoft mechanic install an extension to your "Firefox" add-on car radio - which you installed yourself, because you wanted an alternative to the embedded Microsoft Car Radio (which cannot be removed without disabling a large part of the car).
An extension that allows you to listen to the New & Wonderful Microsoft Radio Stations, and all installed without asking your permission first.
Just because you chose to add that extension on your built-in Microsoft Car Radio, does not give them the right to install it on your non-Microsoft Car Radios, WITHOUT YOUR PERMISSION.
After all many of us have the Firefox Car Radio just so that we can avoid listening to the Microsoft Radio Stations by accident or mistake or "Just Because Microsoft thinks it's time for you to". When we want to listen to those stations we use the Microsoft Car Radio.
So far I have managed to install the Java crap on various computers without having the google tool bar installed without my permission - they made it optional and I usually deselect all such options.
MS deserves a bashing for this. They are trespassing and are arguably doing an "unauthorised modification" to your computer system, which is a Computer Crimes offense in many countries.
They'd probably get away by giving the various usual excuses. After all, the Sony bunch got away without being jailed even though they did something worse.
Unauthorized modification of one to a few hundred computers and it's "hacking/vandalism", and if caught you can go to jail.
Unauthorized modification of millions of computers and it's called "useful and allowing firefox adoption".
Firefox security hole (Score:2, Insightful)
It seems you've found a glaring Firefox security problem there, that ought to be reported immediately.
If it is possible to silently install add-ons, how long will it take until someone finds a way to send you one via Exchange? One that, say, logs your keystrokes whenever you visit a URL starting with "https://", such as your online banking site?
Firefox needs to validate its add-ons and make sure the list can't be manipulated without user interaction.
Re:Ho Hum (Score:4, Insightful)
Very poor assumption. I run firefox specifically to avoid making it so easy to install arbitrary code on my machine behind my back. I installed .net because one program I wanted to run (and purposefully installed) required it. As soon as I remember which one that was I'm going to start looking for an alternative, directly as a result of this hijacking in fact I'll be looking carefully for alternatives to ANY .net program, and whenever possible refusing to run .net programs EVEN IF THERE ARE NO ALTERNATIVES WITHOUT IT.
If you want to add an extension to MY copy of firefox, you need to ask my permission and respect my answer, whether it's yes or no. Leveraging their control of the OS to install it without even asking was a criminal attack they should be prosecuted for. (Yes, I know they wont, they're above the law, but if some 15 year old kid had done the same thing we both know he'd be risking gaol for it.) Doing this in such a way as to disable the uninstall button is just adding insult to injury.
Re:malware.... (Score:5, Insightful)
Re:Firefox is a web broswer (Score:5, Insightful)
I don't use .NET.
I bet you do.
Got Office 2003 ? Some of that is .NET code. Got Live Messenger ? Ditto. Nvidia or ATI graphics cards ? well, those DEFINITELY need .NET to work properly. Let's not forget all those extra bits of freeware you've also got, some of those will be .NET based as well.
As I understand it, this add-on just alters the useragent to declare that the PC it's running on is .NET capable (i.e. you got at least one version of the .NET framework installed). This is a good thing - as it means MORE sites that have .net extensions or controls will work in FF, meaning you can finally ditch IE completely (in theory).
Yes their installation methods were suspect - but remember MS's major user base is The Doe Family, who can just about turn their PC on and off. Do you really thing they know the answer to 'Do you really want to install the .NET Framework Assistant ?' - If course they wont know what that is, or whether they need it.
Does your mechanic, dentist, doctor, explain to you each and every thing they do to you or your car in intimate detail ? No.
The PC is becoming a closed box appliance. You can't fight this.
An finally, if you distrust MS SO much - why did you have Windows Updates on anyway!?
Re:malware.... (Score:3, Insightful)
For those of you who are assuming it's probably safe (and admittedly, you're probably right)
the problem isn't this software in itself (though its pretty bad that the OP got it installed without realising), the software works as a deployment technology - from wikipedia "ClickOnce enables the user to install and run a Windows application by just clicking a link in a web page."
So, once you have this software, its an open-door to installing thin-client .NET applications with just a single click. And we all know how well that'll work out!
Re:malware.... (Score:3, Insightful)
I AM my system administrator, you insensitive clod.
Oh, and no, I don't trust myself!
Re:A good sign! (Score:3, Insightful)
I'm not sure I agree with that, the Mozilla people have always been pretty adamant about not bending their standards implementations to accommodate IE "quirks" - Free Software developers take their ideological purity pretty seriously.
It's a moot point anyway, nowadays almost no one would consider releasing an IE-only site - the "alternative" browsers claim 30% in some countries, but even if it was 10% or 5%, it still represents customers that you can't afford to just ignore (I think that attitude is the real change here - there's money to be made, and every user counts).
And in truth, web designers with a clue still need to limit their options too much in order to remain IE-compatible.
Certainly agree with that - it's even more fun when you have the corporate-mandated IE6 as your primary user-base!
As soon as IE goes below 20%, at least we can finally justify not giving a crap about what our designs look like in IE, put up a warning message saying "Get a browser that supports web standards." and be done with it.
Yeah, not so much - see above. At the very least, designers "with a clue" have their stuff degrade gracefully on legacy platforms.
Re:Firefox is a web broswer (Score:3, Insightful)
Comment removed (Score:5, Insightful)
Re:malware.... (Score:5, Insightful)
If they wanted to do that, they wouldn't be so stupid as to make it an extension that's clearly visible in the Firefox preferences. Since Microsoft control the operating system and can push out updates for it, any trojan they wanted to install would be much more stealthy.
If you run Microsoft Windows then you accept that you run whatever software Microsoft chooses to put on your machine, and without source code you have little hope of finding out exactly what it's doing. If you do not trust Microsoft, I suggest you uninstall Windows from your computer right now.
Comment removed (Score:3, Insightful)
Re:Exactly! (Score:5, Insightful)
They think they have a right to re-configure the software you use, for their own convenience and profit. That they can install things and you should have no say in the matter.
They do. Read the EULA.
Re:malware.... (Score:5, Insightful)
That's the whole point. You install binary crap from a provider you don't trust. So, don't complain.
It's not like at this day and age there's still a gun pointed to you to use Windows (in the past i may recognize there were, but not today)
Re:malware.... (Score:2, Insightful)
This add-on enables the XBAP and ClickOnce functionality to work through Firefox instead of just IE. The "M$ SUX LOLOLOLOLOL" crowd should be happy that they rolled it out because it further reduces reliance on IE.
I imagine they grayed it out because they're trying to make ClickOnce core to the OS without inviting more antitrust horseshit (and rightly, because it's a handy idea that helps address the lack of a package manager for Windows, though adoption has sucked). Calling this a "hijacking" is pretty retarded of you.
Re:malware.... (Score:1, Insightful)
Get rid of that font, man
Re:malware.... (Score:3, Insightful)
>>>they wouldn't be so stupid as to make it an extension that's clearly visible in the Firefox preferences
Irrelevant. The relevant question is: Why the HELL does Microsoft think it's okay to modify *other* people's software? I expect MS to randomly upgrade Internet Exploder since it's their product, but why are they fucking with a Mozilla product????? Reminds me of something a virus programmer would do.
Re:malware.... (Score:5, Insightful)
I dunno, you could equally well say this shows that Microsoft is starting to accept a multi-browser world and distribute software that works with Firefox and not just IE. If there were no Firefox extension available and you had to use Internet Explorer instead to get this thing to work, there would equally be complaints on Slashdot...
Remember that the whole point of an extension mechanism is to let third parties modify Firefox. Linux distributions routinely ship patches and modifications to Firefox (and many other applications). And it's not as if no third party software ever installs extensions to Windows...
Re:sony (Score:5, Insightful)
Not a big deal???
Microsoft modified *another company's products*. What's next? MS is going to start adding updates to VLC player or Utorrent or OpenOffice or WordPerfect?!?!? They shouldn't be messing with non-microsoft products.
Re:Normal for Microsoft (Score:4, Insightful)
Oh dear god....
Looks like someone took an Intro to Philosophy at their university and wants the world to know just how 'deep' they are.
I bet you didn't even get an A in the class.
You can sit around for *years* and debate whether or not Slashdot exits, or if it is simply a construct of your imagination. And you can go on and on, at great length; trying to determine whether you can determine *anything* because, everything, as you said, that you can perceive is from your own reference point. How can 'real' be defined.
The same old, tired, arguments for and against these have been tossed around for, hundreds and hundreds of years. Probably longer.
Pointing them out, in unrelated contexts...like a Slashdot discussion of Microsoft software patch makes you look like a fresh out of Phil101 college d-bag who plays hacky-sack in the quad after lunch and before BIO 102.
Next you'll point out how maybe the colors you see are like...ya know...different from what other people and that perception is all relative. WHOA!
But yeah, the whole 'Like, dude, it's really just a symbol! That's all it is, just a symbol' crap is really a stretch.
Yes, of course, it's a symbol. Symbols are used extensively by people. It makes communication easier. Is it easier to define a large company like MSFT by saying, 'Microsoft' or 'the company responsible for the creation of Windows, Office, .Net, Visual Studio, etc, etc, etc...' or perhaps a complete list of employees start and end dates would make you happier?
Of course it's a symbol. Duh.
Pointing it out adds nothing to the conversation. Nothing. And feeling the need to point it out means that you think you are a LOT more clever than you really are.
Re:malware.... (Score:5, Insightful)
They didn't "sabotage" anything. They simply installed a system-wide extension. If it's not installed in the Firefox profile, Firefox can't very well remove it (especially if the user it's running as is not privileged).
Note that the "Disable" button works just fine, as it should. Had they really wanted to prevent this thing being disabled, they could have done that too, you know.
Why is MS the only one being blasted here? (Score:3, Insightful)
Agreed, what MS is doing is TERRIBLE!
That said, if this was the other way around. Some 3rd party software installing something into / on top of some other software, people would be screaming of security holes and blasting MS or whoever for their shoddy software.
So where are the folks calling out FF for allowing this to happen?
Re:sony (Score:2, Insightful)
Yeah, the nerves of these software companies! I heard a company called Macromedia (well, Adobe now I guess) also installs updates to Internet Explorer and Firefox. Some kind of flash-thing. HOW DARE THEY?! ;-)
Re:Firefox is a web broswer (Score:1, Insightful)
...
As I understand it, this add-on just alters the useragent to declare that the PC it's running on is .NET capable (i.e. you got at least one version of the .NET framework installed). This is a good thing - as it means MORE sites that have .net extensions or controls will work in FF, meaning you can finally ditch IE completely (in theory). ...
How the hell is Microsoft surreptitiously polluting a browser that tries to be standards-compliant with their non-compliant, deliberate-barrier-to-competition CRAP "a good thing"?
What fucking Earth on you on?
Re:sony (Score:4, Insightful)
Do you know what bugs me about this browser plugin? The fact that Microsofts knowledgebase article on the update didn't mention it.
If they did it openly, it would have been recieved much better. But they go "stealth-mode", and install it without the user knowing.
Re:sony (Score:3, Insightful)
Yes.
And if Microsoft had ASKED, I would have said, "No thanks; please leave my Mozilla browser alone." But they didn't even give me the choice. They used a Negative Option where they signed me up automatically, and if I want to get unsigned, I have to do it myself. Negative Options are generally considered illegal. See: http://www.consumeraffairs.com/news04/2005/negative_option.html [consumeraffairs.com]
"Today, with "negative option" marketing, commerce can be anything but simple, and consumers can end up being charged for products or services they never intended to purchase...... In 2001, the Federal Trade Commission cracked down on negative option abuses, suing nine companies for charging customers credit cards for products or services without gaining their express approval.
"Negative option marketing is particularly troubling when marketers already have consumers' credit card or billing account information and can easily charge consumers' accounts without their permission or when marketers fail to disclose that consumers' credit card numbers will be transferred to another company and charged unless consumers call to cancel," the FTCs Elaine Kolish told Congress in November, 2001.
Although in this case Microsoft did not charge for the upgrade, I still find it offensive that they are modifying OTHER companies' programs without my permission. Microsoft should not be practicing negative option upgrades to non-microsoft products.
Re:Why is MS the only one being blasted here? (Score:3, Insightful)
> So where are the folks calling out FF for allowing this to happen?
Huh??? It is impossible for an ordinary application to prevent a system app with root privileges (such as WIndows Update) from doing anything. FF would have to hack Windows Update to block it, which would raise an uproar.
Re:YES Unsuspecting... (Score:3, Insightful)
The .NET framework is not required for Firefox to run. Why would any sane person assume installing a totally unrelated framework would scribble all over Firefox?
It doesn't "Scribble all over Firefox", for God's sake! It installs a plugin which uses public and documented extensibility APIs of the browser.
When you install Java, it similarly installs the browser plugin for viewing applets, and registers Java Web Start MIME type in the browser, as well. Yes, it does that for Firefox as well. This ClickOnce thing is functionally precisely equivalent to JWS. Does that mean it's time for Sun bashing? Maybe we should start calling Java "malware"?