Microsoft Update Slips In a Firefox Extension 803
An anonymous reader writes "While doing a weekly scrub of my Windows systems, which includes checking for driver updates and running virus scans, I found Firefox notifying me of a new add-on. It's labelled 'Microsoft .NET Framework Assistant,' and it 'Adds ClickOnce support and the ability to report installed .NET versions to the web server.' The add-on could not be uninstalled in the usual way. A little Net searching turned up a number of sites offering advice on getting rid of the unrequested add-on." The unasked-for extension has been hitchhiking along with updates to Visual Studio, and perhaps other products that depend on .NET, since August. It appears to have gone wider recently, coming in with updates to XP SP3.
malware.... (Score:5, Insightful)
Re:malware.... (Score:5, Funny)
Remember Sony?
Yes. Trying not to.
sony (Score:5, Funny)
Never forget.
Forgetting is key to getting caught again. You can only catch a cat in the same trap once.
Re:sony (Score:5, Insightful)
Unless that cat is the American public and the time since the last time you caught them is greater than the time since the last episode of American Idol.
Comment removed (Score:5, Insightful)
Re:sony (Score:4, Interesting)
Re:sony (Score:5, Funny)
Isn't installing BHOs that are not asked for and cannot be uninstalled without hacking pretty much the definition of malware?
Give the guy a chance, he's only been in for two weeks...
Rich
Re:sony (Score:5, Insightful)
Not a big deal???
Microsoft modified *another company's products*. What's next? MS is going to start adding updates to VLC player or Utorrent or OpenOffice or WordPerfect?!?!? They shouldn't be messing with non-microsoft products.
Re:sony (Score:5, Interesting)
Microsoft is doing this in an update without notifying its users (as far as has been reported) that this update will be modifying third party software with no easy way to prevent or uninstall the change.
Given that, I am curious to know how this addon will improve my web experience in Firefox. Will it open security holes beyond what is already in Firefox and my other addons? Will it slow or decrease performance of FF? What benefit is it to FF (I thought
Re:sony (Score:4, Insightful)
Do you know what bugs me about this browser plugin? The fact that Microsofts knowledgebase article on the update didn't mention it.
If they did it openly, it would have been recieved much better. But they go "stealth-mode", and install it without the user knowing.
Quick uninstall (Score:5, Informative)
For a fast removal of the .NET Framework Assistant 1.0 from Firefox, save the following text as decrap.reg and run:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"=-
To run this from a command line (like a login script on all your machines):
regedit.exe /s decrap.reg
Feel free to modify and add the strings of any other extensions you want to auto-kill...
Microsoft has also added to the Firefox prefs.js config file, located at C:\Documents and Settings\USERNAME\Application Data\Mozilla\Firefox\Profiles\XXXXXXXX.default, where USERNAME is the user profile and XXXXXXXX is random characters. You will find these entries added to the file:
user_pref("general.useragent.extra.microsoftdotnet", "(.NET CLR 3.5.30729)");
user_pref("microsoft.CLR.clickonce.autolaunch"
You can remove these lines manually after closing all Firefox windows.
You can type about:config in the URL bar, and filter for 'microsoft' if you want to see what the slimeballs have been adding to your browser.
(high posting so you can find this...)
Normal for Microsoft (Score:4, Insightful)
Re:Normal for Microsoft (Score:5, Funny)
you came here for software? I'm sorry, this is Abuse!
Re:Normal for Microsoft (Score:4, Funny)
I sure am, but then again I'm not claiming I'm smarter than you are. I actually didn't so much prove anything as right out said that I didn't understand what was being said. I don't really feel any shame in that.
I'm still confused. You say that "You can't see the world as it is. It is not possible". If that is true, then you're statement is self-contradictory because you are saying that you are seeing the world as it is, which is that seeing the world as it is is not possible. And thus relativism withers on the vine of postmodernism.
Perhaps you are having issues with facing reality? I know it's tough, but when you mature a little in a few years time it should be possible to start coping.
Re:Normal for Microsoft (Score:4, Insightful)
Oh dear god....
Looks like someone took an Intro to Philosophy at their university and wants the world to know just how 'deep' they are.
I bet you didn't even get an A in the class.
You can sit around for *years* and debate whether or not Slashdot exits, or if it is simply a construct of your imagination. And you can go on and on, at great length; trying to determine whether you can determine *anything* because, everything, as you said, that you can perceive is from your own reference point. How can 'real' be defined.
The same old, tired, arguments for and against these have been tossed around for, hundreds and hundreds of years. Probably longer.
Pointing them out, in unrelated contexts...like a Slashdot discussion of Microsoft software patch makes you look like a fresh out of Phil101 college d-bag who plays hacky-sack in the quad after lunch and before BIO 102.
Next you'll point out how maybe the colors you see are like...ya know...different from what other people and that perception is all relative. WHOA!
But yeah, the whole 'Like, dude, it's really just a symbol! That's all it is, just a symbol' crap is really a stretch.
Yes, of course, it's a symbol. Symbols are used extensively by people. It makes communication easier. Is it easier to define a large company like MSFT by saying, 'Microsoft' or 'the company responsible for the creation of Windows, Office, .Net, Visual Studio, etc, etc, etc...' or perhaps a complete list of employees start and end dates would make you happier?
Of course it's a symbol. Duh.
Pointing it out adds nothing to the conversation. Nothing. And feeling the need to point it out means that you think you are a LOT more clever than you really are.
Re:sony (Score:4, Funny)
Ah I see he was performing a commentary on how we are all really prisoners to our appetites.
Or he was a lazy fatass. I'm going with the second.
Re:malware.... (Score:5, Insightful)
The true question here is not how to uninstall it. The question everyone should be asking is: is it messing with other settings in firefox, reporting back to MS what other extensions I use, monitoring my web traffic, going to break my browser, new security holes? Maybe I don't want my f'ing browser to report what other software is installed on my computer.
How about this one: Ok Microsoft, you are making automatic changes to software written by other companies without permission or request of the user. I don't care if you say it's just an extension, you didn't ask me! My trust just went right down the toilet.
Note: I noticed this extension the other night on a system in VMWare but I haven't had a chance to look into it yet.
In all fairness I think Microsoft should be forced to open source things they want to add on to NON MS applications. That way people can go take a look... Especially when you don't ask the user permission.
Are there any legality issues with what they just did here?
Re:malware.... (Score:5, Funny)
Re:malware.... (Score:5, Funny)
Re:malware.... (Score:5, Funny)
they don't want you to accidentally buy a Zune, or Windows 7. ClickOnce is a deployment techno... oh, hang on.. suddenly I'm not sure I got the first bit right.
Re:malware.... (Score:5, Funny)
How about this one: Ok Microsoft, you are making automatic changes to software written by other companies without permission or request of the user. I don't care if you say it's just an extension, you didn't ask me! My trust just went right down the toilet.
Don't worry, just flush. You'll have some more trust in about 20-30 hours.
(I'm only half-joking)
Re:malware.... (Score:5, Insightful)
If they wanted to do that, they wouldn't be so stupid as to make it an extension that's clearly visible in the Firefox preferences. Since Microsoft control the operating system and can push out updates for it, any trojan they wanted to install would be much more stealthy.
If you run Microsoft Windows then you accept that you run whatever software Microsoft chooses to put on your machine, and without source code you have little hope of finding out exactly what it's doing. If you do not trust Microsoft, I suggest you uninstall Windows from your computer right now.
Re:malware.... (Score:4, Funny)
If they wanted to do that, they wouldn't be so stupid as to make it an extension that's clearly visible in the Firefox preferences.
After some recent events [arstechnica.com], I'm starting to suspect that Microsoft may indeed be stupid.
Re:malware.... (Score:5, Informative)
If they wanted to do [a bunch of Bad Stuff], they wouldn't be so stupid as to make it an extension that's clearly visible in the Firefox preferences.
What kind of argument is this? "See, Microsoft is totally upfront about what they're secretly installing! All you have to do is open Firefox, go to Tools -> Add-ons -> Extensions -> Local Planning Office -> Dark Basement -> Locked File Cabinet..."
If you run Microsoft Windows then you accept that you run whatever software Microsoft chooses to put on your machine
That's not true according to the Windows EULA, nor in a pragmatic sense. The precedent has already been established that the OS can be configured to require the local administrator to give explicit permission for each patch to be applied; the outrage here is that this time, that choice was not offered, and the affected software was neither part of the operating system nor even a Microsoft product.
There's enough FUD surrounding Microsoft Windows without your contributions to it.
Re:malware.... (Score:5, Insightful)
I dunno, you could equally well say this shows that Microsoft is starting to accept a multi-browser world and distribute software that works with Firefox and not just IE. If there were no Firefox extension available and you had to use Internet Explorer instead to get this thing to work, there would equally be complaints on Slashdot...
Remember that the whole point of an extension mechanism is to let third parties modify Firefox. Linux distributions routinely ship patches and modifications to Firefox (and many other applications). And it's not as if no third party software ever installs extensions to Windows...
Re:malware.... (Score:5, Insightful)
They didn't "sabotage" anything. They simply installed a system-wide extension. If it's not installed in the Firefox profile, Firefox can't very well remove it (especially if the user it's running as is not privileged).
Note that the "Disable" button works just fine, as it should. Had they really wanted to prevent this thing being disabled, they could have done that too, you know.
Re:malware.... (Score:5, Insightful)
That's the whole point. You install binary crap from a provider you don't trust. So, don't complain.
It's not like at this day and age there's still a gun pointed to you to use Windows (in the past i may recognize there were, but not today)
Re:malware.... (Score:4, Funny)
This is a good point.
Since copyright infringement is now routinely elevated to the violent robbery of "piracy", then it makes sense that we start calling the insertion of unwanted extensions into our applications "rape".
The charge is "You have inserted your extension into my application without my consent". Yeah, that's rape.
Re:malware.... (Score:5, Insightful)
Having said that, I wonder if this update is stated anywhere in the ToA.
Re:malware.... (Score:5, Insightful)
Who's to say this thing isn't a security risk? Microsoft?
Of course, we don't *know* that this software is bad, but my policy with my own machine is that if I don't know what something does, it doesn't run on my computer, which is why my computer still runs smoothly even though I haven't reinstalled Windows for several years.
For those of you who are assuming it's probably safe (and admittedly, you're probably right), there's another good reason to get rid of it. Microsoft changing your browser string to indicate that this piece of software is installed in your browser. The purpose of this, most likely, is to increase the installed base for this software, and use that as an argument to ush whatever new web technology they're pushing. Now that non-IE browsers account for 30% of the total browsers on the internet, Microsoft is losing their stranglehold on web "standards", and they're pulling this crap to get it back.
Don't be a part of it. Remove this plugin, then go into about:config and change your browser string back so it doesn't falsely advertise that you have it installed.
Oh, and as far as Firefox goes... why is the uninstall button grayed out? This feels like a UI issue to me; principals of user-friendliness dictate that I ought to be in control of whether or not I can uninstall an add-on. Even having code in the browser that allows someone to take that freedom away from me is a bad thing. (Of course, is it really Firefox's fault? Is there a technical reason that Firefox *can't* uninstall the plugin?)
Re:malware.... (Score:5, Informative)
Re:malware.... (Score:5, Interesting)
Interesting... Would it be possible to change Firefox in such a way that it refuses to recognize those plugins that it can't install?
Re:malware.... (Score:5, Insightful)
You could, but that would basically mean the system administrator can't make extensions available system-wide. A tradeoff, of course, and assumes that you trust your system administrator somewhat...
Re:malware.... (Score:5, Insightful)
So why didn't MS enable removal through the "add or remove programs" mechanism?
Re:malware.... (Score:4, Interesting)
I'm not aware of any other Windows updates targeting 3rd party software.
Re:malware.... (Score:5, Insightful)
Re:malware.... (Score:4, Informative)
I did. I can't find "Microsoft .NET Framework Assistant" anywhere.
Re:malware.... (Score:5, Informative)
If you install something (e.g. an extension) via apt or (I assume) rpm on Linux, Firefox can't uninstall it since it isn't running as root. In that scenario, the button is grayed out with no explanation. But, of course, you can always ask apt/rpm to remove the offending software, or not install it in the first place...
Mod up. 5 is not enough. (Score:5, Insightful)
Shame on MS. They have been through this before and should know better. Bad. Bad. Negative points. Sad, sad negative Karma.
Re:Mod up. 5 is not enough. (Score:5, Informative)
Yeah because when you choose to install software on your computer its completely wrong of them to actually install that software on your computer.
This program is mentioned in the new features list of .NET Framework 3.5.
http://msdn.microsoft.com/en-us/library/bb613588.aspx [microsoft.com]
No big deal. Return to your homes. Disaster averted.
Re:malware.... (Score:5, Insightful)
there's another good reason to get rid of it. Microsoft changing your browser string to indicate that this piece of software is installed in your browser. The purpose of this, most likely, is to increase the installed base for this software, and use that as an argument to ush whatever new web technology they're pushing. Now that non-IE browsers account for 30% of the total browsers on the internet, Microsoft is losing their stranglehold on web "standards", and they're pulling this crap to get it back.
This. It doesn't very often happen that a point is so important that I feel the need to quote it entirely and just add a "me too", but this is one of those very rare occasions.
They have just hijacked every Firefox install out there, and are using it to advertise their own product. The only appropriate response would be for Mozilla to automatically refuse it from Firefox with the next Firefox update.
Re:malware.... (Score:5, Funny)
The only appropriate response would be for Mozilla to automatically refuse it from Firefox with the next Firefox update.
I have a better idea, let Firefox add an "extension" to Microsoft Office that improves its usability by downloading and starting OpenOffice when the user starts MS Office.
Re:malware.... (Score:4, Informative)
Re:malware.... (Score:5, Funny)
Is there any difference between Microsoft doing that to Firefox, and Microsoft doing that popup blocker with Internet Explorer when someone does the SP2 update? Or how they force a firewall on you?
You see, Microsoft is akin to a proctologist. Sticking things where they don't belong.
Re:malware.... (Score:5, Insightful)
I would give up Microsoft Windows....but I like playing games.....
Re:malware.... (Score:5, Insightful)
Be honest. Have you read the source code of EVERY program you run, and of your operating system? Did you understand all of it? If you have read it all and understand it all, you're either running very few programs and a tiny, simple OS, or you have way too much free time. 'Knowing what someting does' is not a black-and-white thing. To get a good analogy: I can use a car and understand most of its parts without fully understanding the atoms it's made of, or how the car was made. Odds are GP is someone who knowns what all processes on his computer do, even if he doesn't know precisely how they do it. You create a false dichotomy by suggesting it is only possible to know what your programs do when you run an open source operating system.
Re:Firefox is a web broswer (Score:5, Insightful)
I don't use .NET.
I bet you do.
Got Office 2003 ? Some of that is .NET code. Got Live Messenger ? Ditto. Nvidia or ATI graphics cards ? well, those DEFINITELY need .NET to work properly. Let's not forget all those extra bits of freeware you've also got, some of those will be .NET based as well.
As I understand it, this add-on just alters the useragent to declare that the PC it's running on is .NET capable (i.e. you got at least one version of the .NET framework installed). This is a good thing - as it means MORE sites that have .net extensions or controls will work in FF, meaning you can finally ditch IE completely (in theory).
Yes their installation methods were suspect - but remember MS's major user base is The Doe Family, who can just about turn their PC on and off. Do you really thing they know the answer to 'Do you really want to install the .NET Framework Assistant ?' - If course they wont know what that is, or whether they need it.
Does your mechanic, dentist, doctor, explain to you each and every thing they do to you or your car in intimate detail ? No.
The PC is becoming a closed box appliance. You can't fight this.
An finally, if you distrust MS SO much - why did you have Windows Updates on anyway!?
Re:malware.... (Score:5, Funny)
Huh! (Score:5, Insightful)
Exactly! (Score:5, Insightful)
They think they have a right to re-configure the software you use, for their own convenience and profit. That they can install things and you should have no say in the matter.
I am serious. On the corporate level (not most individual employees, I am sure), they really think that way. The evidence is incontrovertible.
Which used to serve them well. But which, in today's environment, is suffering a greater and greater disconnect with reality. I am sure you have noticed this yourself... the most obvious explanation for Microsoft's accelerating loss of market share is simply that they have lost touch with the realities of the market: their users' wants and needs, and, not to make too small a point of it, their business ethics.
I am not surprised at all.
Re:Exactly! (Score:5, Insightful)
They think they have a right to re-configure the software you use, for their own convenience and profit. That they can install things and you should have no say in the matter.
They do. Read the EULA.
You have missed the point. (Score:5, Insightful)
(2) Microsoft has every opportunity to give that end user A CHOICE. Yet, typically of Microsoft, they chose not to do so. That was the WRONG decision. And that is how most people view their work machines today: it belongs to me, by damn, and you had better ask me before installing something. As a computer professional, who depends on controlling software versions and so on to guarantee compatibility, this is not an option for me. I insist upon it. Companies that violate that policy are not my friends. They do NOT make my life easier, they make it much more difficult.
(3)They have no right to assume that I want their goddamned "Clickonce" thing to work. Maybe I don't. And in fact, the OP was not about installing it via the web at all, it was about it being installed automatically in the background via SPs and SP updates. This isn't about clicking on a link at all. Please read first before you offer an opinion.
(4) This is NOT about adding a mime-type handler. It is about installing a mime-type handler that some users may not want, secretly, in the background, without asking for permission. And for a BROWSER that isn't even their own product. Not only is this unacceptable to me (because I must always be in control of what is installed on my work machines), it is also typical of Microsoft's arrogant attitude toward their users.
My high-horse is not strictly MS-specific, as you would know if you actually read what I wrote! If any other company did this, I would oppose it just as vehemently. It is just that Microsoft is famous for doing this kind of thing, and here is yet one more example.
Odds are, "ozphx", that I was using Microsoft products professionally before you were out of elementary school. If you don't have a direct counterargument to mine, then please go elsewhere.
Oh... by the way. I agree that including the Google toolbar in Java updates is unethical, too. But at least a choice *IS* offered, and that during a voluntary install. In the case under discussion, it was stated that this software is being added unannounced, as part of an update, without any such option being provided. So there is a bit of a difference.
Car Analogy For You (Score:5, Insightful)
This is like sending in your Microsoft car for servicing at Microsoft and having the Microsoft mechanic install an extension to your "Firefox" add-on car radio - which you installed yourself, because you wanted an alternative to the embedded Microsoft Car Radio (which cannot be removed without disabling a large part of the car).
An extension that allows you to listen to the New & Wonderful Microsoft Radio Stations, and all installed without asking your permission first.
Just because you chose to add that extension on your built-in Microsoft Car Radio, does not give them the right to install it on your non-Microsoft Car Radios, WITHOUT YOUR PERMISSION.
After all many of us have the Firefox Car Radio just so that we can avoid listening to the Microsoft Radio Stations by accident or mistake or "Just Because Microsoft thinks it's time for you to". When we want to listen to those stations we use the Microsoft Car Radio.
So far I have managed to install the Java crap on various computers without having the google tool bar installed without my permission - they made it optional and I usually deselect all such options.
MS deserves a bashing for this. They are trespassing and are arguably doing an "unauthorised modification" to your computer system, which is a Computer Crimes offense in many countries.
They'd probably get away by giving the various usual excuses. After all, the Sony bunch got away without being jailed even though they did something worse.
Unauthorized modification of one to a few hundred computers and it's "hacking/vandalism", and if caught you can go to jail.
Unauthorized modification of millions of computers and it's called "useful and allowing firefox adoption".
Re:Huh! (Score:4, Insightful)
This is probably actionnable under whatever covenant MS signed to get out of the antitrust lawsuits against them: they're using the OS (windows update) to modify a competitor's software (FF), in order to give an unfair advantage to one of their technologies/product.
If that behaviour can be proven, someone stands to make a lot of money. Several someones: the states, the competitors...
Allowed scope of updates (Score:5, Insightful)
Re:Allowed scope of updates (Score:4, Insightful)
Microsoft gives us updates all the time and we trust them to fix bugs and security holes.
What you mean "we", Kemosabe?
Re:Allowed scope of updates (Score:5, Interesting)
It is totally unacceptable for Microsoft to interfere with any of the 3rd party software I have installed on my computer whether via their update mechanism or otherwise. If I ever find any of these shenanigans going on I will raise a formal complaint with the appropriate government competition bureau, I encourage others to do the same.
Re:Allowed scope of updates (Score:5, Insightful)
Which most people assume means things like MS Office and other MS components that are not part of a bare Windows install. I can't imagine anyone thinking this means 3rd party software.
Re:Allowed scope of updates (Score:4, Insightful)
Probably because it's labelled "Microsoft Update" - implying that it updates anything from Microsoft on the computer.
If Microsoft wants everyone to use a new "Computer Update" service, then they better call it that and see how many people they can get to click on it.
Re:Allowed scope of updates (Score:5, Insightful)
that's because:
a) most apps in Ubuntu come from the ubuntu servers, not their native homes and are compiled by canonical to work nicely with ubuntu
b) Other apps are hosted in repositories. Some by the program writer, some by other people. But Apt/synamptic manages all the repositories in one place for you! And you can turn them on and off at will. What a concept!! This is what people have been requesting from Microsoft update for the better part of a decade.
Re:Allowed scope of updates (Score:5, Insightful)
Microsoft Update sure sounds like it will update Microsoft products. Given that Firefox is not a microsoft product, how the hell was I to know they would update it?
Re:Why get upset? Firefox users avoid proprietary (Score:5, Insightful)
Maybe because...
Just one of those is enough to make something bad.
Re:Why get upset? Firefox users avoid proprietary (Score:4, Insightful)
What part of "can't uninstall" confuses you?
Re:Why get upset? Firefox users avoid proprietary (Score:5, Insightful)
I'm seriously confused as to why this is upsetting considering that the average Firefox user installs plugins ...
The point isn't that MSFT is creating FF plugins.
The point is that MSFT is silently forcing plugins without telling us what they do.
This whole thing would have been a non-issue if they had
But MSFT is too arrogantly stupid to do that.
Amazing (Score:5, Insightful)
Re:Amazing (Score:5, Funny)
Classic move. People noticed. Two steps forward 10 steps back, eh? [emphasis added]
I can't tell if that's binary or decimal or what.
NOT Unsuspecting... (Score:4, Informative)
YES Unsuspecting... (Score:5, Insightful)
Re:NOT Unsuspecting... (Score:5, Insightful)
Just because I installed the
Re:NOT Unsuspecting... (Score:4, Insightful)
Why are you so amazed? Your control over your computer is illusory when you use closed-source programs -- especially ones that call back home and install "updates"
Re:NOT Unsuspecting... (Score:4, Insightful)
[root@localhost ~]# apt-get update apt-get: ET phone home
You forgot one thing though
# su -
When's the last time any packets installed without your consent?
Intelligence gathering (Score:5, Funny)
Equal Opportunity Offender... (Score:4, Insightful)
Re:Equal Opportunity Offender... (Score:5, Funny)
Don't worry. IE has so many holes they're no longer news-worthy.
Wait. You mean IE has non-hole parts?
XP SP3? (Score:4, Informative)
Are you sure? Did you actually mean .Net 3.5 SP1? That's what just installed it on my machine. I've never seen XP SP3 install it.
A good sign! (Score:4, Insightful)
Although it's not the best approach that could have been taken it is a good sign. If Microsoft can no longer ignore Firefox then all those sites that still require IE to function will begin to follow.
Re:A good sign! (Score:4, Insightful)
Scumware, eh? (Score:5, Informative)
One hint that this "extension" is unwanted garbage is that when you Google (google: Microsoft Framework Assistant) for it and the top links are pages about how to remove it. Then the first link from your site (microsoft.com) is also a forum that mentions getting rid of it...
Anyway, here's how to remove it.
http://www.robertnyman.com/2009/01/26/microsoft-force-installs-firefox-extension/ [robertnyman.com]
Re:Scumware, eh? (Score:4, Insightful)
That doesn't matter at all. Type in any .DLL file you can think of, and you will see all the "Remove Spyware Now!" type sites that catalog DLL files. Buried in the actual relevant content of the site, hidden beneath all the "Spyware is dangerous, you may have spyware" boilerplate content is a row in a table telling you that the DLL file you searched for is safe. You can't just trust results like that.
Re:Scumware, eh? (Score:5, Insightful)
It does matter because the sites are different. The ones that come up for Microsoft Framework Assistant are forum postings, articles and blogs instead of autogenerated bull-honky.
Re:Scumware, eh? (Score:5, Funny)
You have a problem with autogenerated bull-honky? This site [simple-pc-help.com] may have the answer!
but... (Score:5, Insightful)
Re:but... (Score:5, Insightful)
Except in Apple's case, it's somewhat worse... after all, why the fuck would they install MobileMe or Bonjour on my system when I install iTunes?
Why the FUCK do they think I want their networking system along with their player?
Bonjour [wikipedia.org]
Grrrrrrrrrrrrrrrrrrrrrr. Weak. At least the .NET extension is within the realms of making sense.
Re:but... (Score:4, Insightful)
I don't understand the hatred for Bonjour. It's a discovery protocol, used by Macs for ages. All it does is to make it possible to find other computers. Adobe seem to be using it in their latest products, so you'll be seeing it more. It's not as if Windows programs historically have been satisfied with just one version of a DLL, anyway ;)
Re:but... (Score:5, Interesting)
I don't understand the hatred for Bonjour. It's a discovery protocol, used by Macs for ages. All it does is to make it possible to find other computers.
The only reason I have iTunes installed is because I couldn't find a Quicktime download that didn't come with it. The only reason I have Quicktime installed is because of people who only make their content available as Quicktime files for whatever reason.
*Why* would I want Quicktime to be able to discover other devices on my network? Even if I did, why would I want a service running all of the time as opposed to once every few months when I go to play a Quicktime file?
I can only speak for myself, but that's why *I* hate Bonjour. I wanted Apple's poorly-coded (for Windows at least) proprietary video player. In order to get it, I had to get a bunch of extra software I most definitely didn't want.
I already tried Quicktime Alternative. It wasn't able to play the newest Quicktime variants.
Re:but... (Score:4, Interesting)
Depends on when he installed QuickTime. Apple pulled a stunt where is hid and changed the downloed to Quicktime without Itunes. There was a period of a couple of months where they even forgot to make the public page for the standalone download availible from the quicktime page. That means if you didn't follow a link in from a this party site, you wouldn't have found it.
It's possible that both of you are right and neither of you are wrong or not looking very hard depending when he went after the QuickTime. Apple certainly didn't make it easy.
Re:but... (Score:4, Insightful)
Because Bonjour is a dependency for the correct functioning of an iTunes feature? ... the same could be said for the correct functioning of a Microsoft .NET feature here.
Java does this, too (Score:4, Informative)
Re:Java does this, too (Score:4, Informative)
WTF? Do you understand why this is an issue?
Some of the recent updates for Java SE have included "Java Quick Starter". And for those with Ubuntu, there are a number of things that show up in the Add-ons list that are not explained well.
Neither of the examples you cite update an independently installed third party software without giving you an easy way of uninstalling.
FFS.
updating third party software? (Score:5, Insightful)
So it's really nothing abnormal to install an extension in a third party browser. This leaves us with only one issue, the fact that it was distributed via updates to other applications. I refute this as being a major issue for the exact same reason - quite a few programs update/install Firefox extensions as part of their normal update procedure - I raise Foxit Reader as an example, which as of v3.0 automatically installs a Firefox plugin. No one's yelling about that.
A significant question here: If it wasn't Microsoft, would anyone be nearly as angry?
Re:updating third party software? (Score:4, Insightful)
A significant question here: If it wasn't Microsoft, would anyone be nearly as angry?
Apples & oranges, only MS has the desktop monopoly to make this work.
And the lack of an uninstall makes it malicious by my standards.
Re:updating third party software? (Score:5, Insightful)
Is this SO bad? (Score:5, Insightful)
A lot of you will hate me for this...
MS doing this is them trying to ensure that Firefox will work with their web apps (or, web apps built with their technology). Now, granted that they are taking liberties they should not. It would be better to just make the plugin easy to get and install. Consider however that they are doing this so their technology will work on a standards-compliant browser. That's not nothing. It IS dysfunctional in a passive-aggressive way (aggressive-passive?). On the other hand MS is trying to make the browsing experience BETTER for people who use .Net with Firefox. I'm not so sure this is a bad thing. maybe poorly executed...but...there's an argument for saying it's not.
Look, if you were running Ubuntu, installed Opera, and automatically got plugins from Synaptic for Opera that added new functionality would you complain?
Then again, the convoluted removal process should be reconsidered.
Security (Score:5, Insightful)
Given Microsoft's track record with security, I worry:
- Windows user installs Firefox to avoid IE's security flaws. .NET functionality allows websites to host .NET executables.
- Microsoft silently installs a plugin onto Firefox that reports the browser includes
- Hackers discover a way to exploit this.
- Thus, Firefox is now less secure thanks to Microsoft.
Quickly forgotten (Score:5, Insightful)
Anybody remember when Windows "Genuine Advantage" validation software was getting slipped in as part of "critical updates" for things like the Microsoft Flash Player patch? It wasn't really that long ago.
You don't seriously expect Microsoft to *not* do these sorts of things on what they consider to be *their* systems, do you?
Microsoft, huh? (Score:5, Informative)
Here's a look at all the plugins I didn't want and had to disable:
Extensions: .NET Framework Assistant 1.0
- Java Quick Starter 1.0
- Microsoft
Plugins: - Adobe Acrobat
- Java(TM) Platform SE 6 U10
- Java(TM) Platform SE 6 U11
- Java(TM) Platform SE 6 U11 (Yes, again)
- Microsoft(R) DRM
- Microsoft(R) DRM (Yes, again)
- QuickTime Plug-in 7.4.5 (I'll send it to the external player, please)
- RealPlayer Version Plugin (RealAlternative, please)
- RealPlayer(tm) G2 LiveConnet-Enabled Plug-IN (32-bit)
- Windows Media Player Plug-in Dynamic Link Library
So far, that's Sun, Apple, Real, Adobe, and Microsoft messing with my browser without telling me... and only because I'm quite strict with what I install on my system. This isn't Microsoft up to their old tricks, it's just them keeping up with the Joneses, and forcing me to keep up with everyone with an agenda. What else is new?
I do have Silverlight installed, too, but at least the installer for that told me it would work with multiple browsers. Thank goodness the Mozilla people had the fine sense to let people see plugins and extensions, unlike IE6 and friends. Quite a few time I've had to fix someone's compter by hacking out IE extensions from the system registry, and that's not pleasant at all.
Mozilla should include a Linux "OS extension" (Score:4, Funny)
Also changes User-Agent string (Score:5, Informative)
The .Net Framework Assistant also changes the User-Agent string of the Firefox browser, adding "(.NET CLR 3.5.30729)", so infected sites can better detect which MS vulnerability to exploit.
Re:First (Score:5, Funny)
!First. Fail!
...not first, fail not? ugh, this is why I prefer using the bitwise oprtator (~) instead, although in /. lore this is instead in jokes used to mean "home", per the bash usage instead of the one's complement.
Or, I just need to get out more. After asking why all the guys were buying wings and beer on the same day in throngs at the grocery store, I found out the last super bowl was indeed not 32.
Re:Ho Hum (Score:4, Insightful)
Very poor assumption. I run firefox specifically to avoid making it so easy to install arbitrary code on my machine behind my back. I installed .net because one program I wanted to run (and purposefully installed) required it. As soon as I remember which one that was I'm going to start looking for an alternative, directly as a result of this hijacking in fact I'll be looking carefully for alternatives to ANY .net program, and whenever possible refusing to run .net programs EVEN IF THERE ARE NO ALTERNATIVES WITHOUT IT.
If you want to add an extension to MY copy of firefox, you need to ask my permission and respect my answer, whether it's yes or no. Leveraging their control of the OS to install it without even asking was a criminal attack they should be prosecuted for. (Yes, I know they wont, they're above the law, but if some 15 year old kid had done the same thing we both know he'd be risking gaol for it.) Doing this in such a way as to disable the uninstall button is just adding insult to injury.