Mozilla Unblocks Microsoft's .NET Addon
275
Posted
by
CmdrTaco
from the tag-yer-it dept.
from the tag-yer-it dept.
bonch writes "Mozilla previously blocked the Firefox addons Microsoft included with .NET, citing security concerns. After talking with Microsoft, they have now unblocked the .NET Framework Assistant addon and are working on a way for enterprise users to unblock the Windows Presentation Foundation addon as well."
Re:Isn't this a good thing? (Score:4, Interesting)
Mozilla is taking Microsoft's word that these plugins, which install in their software without notice, don't have any vulnerabilities and are working just fine.
Just like every other plugin on the market. Apparently the .Net plug-in isn't vulnerable, the WPF one is.
I know we like to bash Microsoft here, but the plug-in safety process (in FF) seems to work fine.
How do you know that there aren't unknown vulnerabilities in another plug-in somewhere?
Microsoft's plugins should be required to behave as every other responsible plugin. It shouldn't install with stealth, there should be a way to easily disable, and there should be a way to easily uninstall.
You disable it by going to Tools > Add-ons > .Net plugin -> click either 'Disable' or 'Uninstall'
I works fine for me, I just uninstalled the plugin.
And Microsoft aren't the only ones who install by stealth. I don't remember installing Nokias 'PC Sync2 synchronisation' extension. It just installed itself with some other software.
Re:Still can't uninstall? (Score:3, Interesting)
> If I can't delete it, it's malware.
It's a component of your OS. Whether it's crucial to you is an entirely different discussion - if you want your OS to be as bare as possible, Windows is not for you. MS has decided that it is needed on every system so they can make certain assumptions on system usage and updates. Would you like to be able to delete, say, your kernel executable? Is that malware too?
WTF is the summary saying? (Score:2, Interesting)
First the summary says Mozilla have unblocked the ".Net Assistant" add-on. Then it says Mozilla is working on a way to block a "Windows Presentation Framework" add-on _AS WELL_. As well (meaning "in addition to") what? The first item mentioned was unblocked, not blocked. Typo, or incorrect sentence construction, or what? It's 2 lines, can't we get it right?
Or is this a way to make readers RTFA?
Re:Isn't this a good thing? (Score:3, Interesting)
And Microsoft aren't the only ones who install by stealth.
Bonnie and Clyde weren't the only ones to rob banks, either. So does that mak bank robbery OK? The former head of NASDAQ ran a Ponsi scheme for decades, does that make fraud ok? Personally, if I find a vendor doing any kind of stealth installation, I no longer use that vendor's wares. That's why I no longer buy anything with Sony's name on it, and why I'm running Linux at home. As well as why I won't deal with a host of other vendors.
Too bad there are seven billion people on the planet, that allows vendors to completeley dismiss intelligent potential customers. It's sad.
Re:Microsoft's updated advisory (Score:3, Interesting)
Somebody has to file a bug against FireFox that plugins/add-ons are even allowed to prevent user from disabling them.
This whole scandal brings up an interesting point. For "Plug-ins", Firefox has no obvious way to disable the feature. However, because MS's stuff was an "Add-on", people are angry there isn't a one-click UI. (The difference between the two is some technical nonsense which is of no interest to the end user.)
So the moral of the story is if you want to make it hard to uninstall, write a plug-in (like Apple/Adobe) and not an add-on.
Anyway, if anyone knows of an easy way to permanently disable Apple's crappy QuickTime plugin, please let me know. I'm sick of rooting it out every time iTunes has an update.
Re:Microsoft's updated advisory (Score:3, Interesting)
Microsoft installed it without asking, without me even knowing.
They modified a third-party software installation without my permission.
The third-party software maker was within perfect rights to put a stop to that bullshit. They even notified you about it. That's damned good service.
However, through that very same system I see something that could have the potential for severe exploit.
Re:Still can't uninstall? (Score:3, Interesting)
Perhaps not "as bad as the registry hell", but I would still prefer if Firefox blocked both of them until they were deletable like all other addons. I mean, have some backbone mozilla, if people don't do things properly, give them a nice big "FAIL" and send them on their merry way.
Given that the Ubuntu addon is installed system-wide and has root:root owner (as a result of being installed via APT), how, exactly, would you go about enabling the button when the user in question may or may not have root privileges?
Re:Still can't uninstall? (Score:3, Interesting)
This might surprise you, but a lot of people use the net for more than :-
Watching the latest lolcat video - check
Browsing their mail for the latest penis enlargement offer - check
Posting uninformed comments to Slashdot - check
Point taken ?
What specific, popular website (other than *.microsoft.com) is nonfunctional or seriously crippled without ClickOnce?