Mozilla Unblocks Microsoft's .NET Addon
275
Posted
by
CmdrTaco
from the tag-yer-it dept.
from the tag-yer-it dept.
bonch writes "Mozilla previously blocked the Firefox addons Microsoft included with .NET, citing security concerns. After talking with Microsoft, they have now unblocked the .NET Framework Assistant addon and are working on a way for enterprise users to unblock the Windows Presentation Foundation addon as well."
Question is... (Score:2, Insightful)
Re:Question is... (Score:1, Insightful)
Still can't uninstall? (Score:2, Insightful)
Mozilla should block the plugin simply on the grounds that a user can't uninstall it from within the approved Mozilla add-ons panel. That should be the case for any plugin that doesn't play by the rules, no matter who it's from or what its use is.
If I can't delete it, it's malware. Oh, wait, I *can* delete it, if I google for some crazy instructions that involve registry editing? Isn't that how I delete malware?
Isn't this a good thing? (Score:5, Insightful)
Now I'll admit that there are only a few posts above mine, but already they are generally negative. Which I don't get.
Isn't this a good thing?
Microsoft releases a couple of Firefox plug-ins.
A security vulnerability was discovered in the plug-ins.
Mozilla disables the plug-ins.
Microsoft and Mozilla has a talk about the the vulnerability and it appears that one of the plug-ins aren't vulnerable.
The plug-in is re-enabled.
As far as I can tell, this is the system working properly.
Imagine if the situation were reversed (Score:1, Insightful)
Re:Isn't this a good thing? (Score:4, Insightful)
Re:Imagine if the situation were reversed (Score:5, Insightful)
Because of course blocking a program the user chose to install is completely comparable to a program the user chose to install blocking a plugin they didn't choose to install or even knew had installed and was just as difficult to get rid of as most malware.
Re:Still can't uninstall? (Score:5, Insightful)
'Ubuntu firefox modifications' plugin also can't be deleted from within firefox.
I'm not arguing for or against your proposal, just that it would need to be consistently applied.
Re:Still can't uninstall? (Score:2, Insightful)
Parent says it all.
Just because Mozilla caves, do not shut up. Make MicroSloth play by the rules.
Please: Post how to make Microsloth get out of my Firefox.
Mod parent up.
Re:Isn't this a good thing? (Score:3, Insightful)
Now I'll admit that there are only a few posts above mine, but already they are generally negative. Which I don't get. Isn't this a good thing?
Microsoft releases a couple of Firefox plug-ins.
A security vulnerability was discovered in the plug-ins.
Mozilla disables the plug-ins.
Microsoft and Mozilla has a talk about the the vulnerability and it appears that one of the plug-ins aren't vulnerable.
The plug-in is re-enabled.
As far as I can tell, this is the system working properly.
I bolded two things I don't agree with. You skipped an important statement: Microsoft forcibly installed said plug-in, and prevented its removal.
Why is not Microsoft playing by the same rules? (Score:5, Insightful)
Further, why is Mozilla.org is allowing a mode where any Tom Dick or Harry can drop in a bunch of files in the install directory and suddenly all the users get the extension on by default? Since it is in the instal dir, individual users cant even disable them or uninstall them. The existence of such a mode itself is a big security hole. If IE has a hole and allows a drive by download of a file into Firefox install dir, boom, you get a vulnerability in Firefox. Already there are reports that installing an HP printer gives and unwanted, unasked for and unpermitted extension added to Firefox. Now every software you install is going to want to add a tool bar or an extension to Firefox.
I wish Firefox will just disallow such a way of installing extensions. The cardinal rule, as for as Firefox is concerned, is that the users rule. They control their browser, they decide which extensions are allowed, which scripts are allowed to run, which user agent string is sent out, whether or not to allow java, applet, or javascript or flash or silverlight or whatever. For corporate deployment, the Mozilla team might allow a script based instal on all machines in a corporate network using proper authentication procedures, like Corportate IT dept has local sysadmin privilege, so they come in and install an extension, and even disable its uninstall option, but that is all done outside the browser using the standard corporate deployment procedures. Allowing anyone to dump cruft in a particular folder and suddenly everybody gets the cruft is totally against the expectations of the standard mozilla firefox user.
Re:Imagine if the situation were reversed (Score:3, Insightful)
If Microsoft were to "block" Firefox from running due a security vulnerability it had, the sheer level of rage released from Slashdot would probably be enough to melt monitors on the other side of the world.
If you're going to draw parallels, at least learn to do it properly. If Mozilla would sneak in a plugin inside IE when you're doing something which you assume should not indulge in that behaviour, say e.g. updating Firefox, upon which Microsoft blocks this snuck piece of software, nobody in their right mind would say a thing. But yes, in your example, which is incorrect and irrelevant, people would -- and they would because they would be completely right in doing so, just like people are now with the .NET plugin which doesn't uninstall. Your kindergarden rhetorics won't work here drsmithy, if that is your real name.
Why is everyone targeting MS on here? (Score:5, Insightful)
Seriously -- I have FAR more of an issue with Firefox disabling a plugin *that I want there* and not providing a way to re-enable it (or at least any obvious way).
Microsoft may choose to say that Firefox integration is part of the .NET framework, and if I choose to have a problem with it, I can uninstall it. But where does the Mozilla organization get off disabling an extension I have, and may be using, without any ability to opt out?
The double standard on this would be funny if people weren't so serious about it.
Re:.NET comes preinstalled (Score:4, Insightful)
What, you're not like all the other /.ers who are using XP or Windows 2000?
Seriously though, this thing is being blown out of proportion. /.ers are in a minority. Firefox is a main stream browser (through choice), and most people don't care for these political shenanigans, and just want it to behave properly (no global blocking of a standard part of the Windows experience).
Re:Isn't this a good thing? (Score:2, Insightful)
That, plus you have to remember that this plugin was being installed without user's knowledge in the first place.
You mean just like dozens of other plugins?
Mike Shaver (Score:3, Insightful)
Re:.NET comes preinstalled (Score:4, Insightful)
slashdotters represent the crowd that companies like MS would like to deny when it is convenient to them.
They represent a group that enterprise and abusive corporations basically try to ignore/minimize to make them sound irrelevant.
Basically, the informed consumer. This is every abusive enterprise's nightmare.
Re:Why is not Microsoft playing by the same rules? (Score:3, Insightful)
How exactly do you propose to stop a process from doing so when it is running outside the scope of firefox? Whatever files Firefox updates to indicate an extension has been installed can also be modified by an outside process. Want to make the file digitally signed? Well, Firefox has to get the signing key from somewhere, but then the other app could just go and get it from the same place. Want to move stuff like this off the local system and have it stored in some network repository...well, no, almost nobody is going to want this, but even if they did it wouldn't matter since the other app could just contact the repository pretending to be firefox.
You see, you run into the same problem you run into with any other sort of malware. The only way to stop it is to have a process loaded beforehand at a higher privilege level than it. That's what virus scanners do, but I don't think it's the sort of thing firefox should be doing (otherwise, why shouldn't every single application have it's own monitoring process to handle this sort of thing).
Re:Still can't uninstall? (Score:1, Insightful)
It's a component of your OS.
<wonka>Wrong, sir! WRONG!</wonka>
Many use Mozilla Firefox for the exact reason that it is NOT a component of the OS. When a web browser gets so deeply entrenched into the OS, you open yourself to more vulnerabilities as we've seen in IE's browser in the past. Now, Microsoft wants to interfere with one of the selling points of their competitors by sticking their nose where it doesn't belong. They don't GET to decide what a competitor's product needs.
We're actually being kind to Microsoft right now. Leveraging a monopoly in one market to sabotage a competitor in another market is against anti-trust laws, something that MS has been slapped with in the past.
Re:Microsoft's updated advisory (Score:3, Insightful)
Somebody has to file a bug against FireFox that plugins/add-ons are even allowed to prevent user from disabling them.
There's a name for programs that prevent the OS from modifying their files, rootkits. Firefox is not a rootkit. Microsoft update installed the plugin by modifying the filesystem, it didn't use firefox API's.
If you don't trust microsoft update, frankly you shouldn't be using windows.
Re:Microsoft's updated advisory (Score:2, Insightful)
Re:Microsoft's updated advisory (Score:3, Insightful)
If I use Firefox, which Internet Explorer update do I need to install?
Replace Firefox with Honda Civic and Internet Explorer with Ford Focus.
"If I use Honda Civic, which Ford Focus update do I need [to install]?"
Not really (Score:3, Insightful)
That flies in the face of the difference in expectations.
Re:.NET comes preinstalled (Score:3, Insightful)
The most annoying thing on the internet by far, is the shenanigans of "internet tough guys"
Re:Question is... (Score:4, Insightful)
That was fixed ages ago. How did this get modded up?
Re:.NET comes preinstalled (Score:1, Insightful)
umm hello- most Firefox users are using it because of how insecure internet explorer is-not because it has great bonus features (although it does). I for one use it cause I use GNU/Linux and Firefox is well supported and looks great. Not so much because of the bonus features. This mashes up with most other users. It is only the very very technical users who are installing add-ons. If Firefox lets this through it is negating its core benefit to the majority of its user base.
Re:Yes!! (Score:3, Insightful)
Re:You don't know what you're talking about (Score:3, Insightful)
"No. You can still use the Win32 API, MFC, ATL, WMI, vbscript, jscript etc."
They go pretty far out of their way to make your life difficult if you do though.
All the current developer tools are targeted towards .NET and newer technologies. That includes things like the shiny new interface elements they introduced with Vista, as well as stuff like the new (hardware accelerated) video decoding/rendering system or the re-designed taskbar in Windows 7. From Vista onwards anything that boils down to Win32 APIs for GUI stuff no longer gets hardware accelerated drawing either.
So yeah, in theory you can still use all those old technologies, but it's an uphill struggle. To be fair most systems are like that - imagine trying to create a modern website in just HTML 3.2 and CGI. You could do it and it might even be faster and less bloated than CSS, PHP and SQL, but you would probably fail and end up with a website that looks like it's from 1995.
Re:Still can't uninstall? (Score:2, Insightful)
The point is, choice. They can make it available, but let me take it out. And do not sneak it in.
Doesn't this seem reasonable?
I think their support is fine. The strong-arming, I can do without.