A routine security update for a Microsoft Windows component installed on tens of millions of computers has quietly installed an extra add-on for an untold number of users surfing the Web with Mozilla’s Firefox Web browser.
Earlier this year, Microsoft shipped a bundle of updates known as a “service pack” for a programming platform called the Microsoft .NET Framework, which Microsoft and plenty of third-party developers use to run a variety of interactive programs on Windows.
The service pack for the .NET Framework, like other updates, was pushed out to users through the Windows Update Web site…I’m here to report a small side effect from installing this service pack that I was not aware of until just a few days ago: Apparently, the .NET update automatically installs its own Firefox add-on that is difficult — if not dangerous — to remove, once installed.
Annoyances.org, which lists various aspects of Windows that are, well, annoying, says “this update adds to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer: the ability for Web sites to easily and quietly install software on your PC.” I’m not sure I’d put things in quite such dire terms, but I’m fairly confident that a decent number of Firefox for Windows users are rabidly anti-Internet Explorer, and would take umbrage at the very notion of Redmond monkeying with the browser in any way.
Big deal, you say? I can just uninstall the add-on via Firefox’s handy Add-ons interface, right? Not so fast. The trouble is, Microsoft has disabled the “uninstall” button on the extension. What’s more, Microsoft tells us that the only way to get rid of this thing is to modify the Windows registry, an exercise that — if done imprecisely — can cause Windows systems to fail to boot up.
Microsoft — this is a great example of how not to convince people to trust your security updates.
How many times has this sort of presumptuous crap rolled out the backdoor of Redmond? I’ve used Microsoft software since 1983. And though there are additional reasons for my disaffection and departure from the realm – I’ve replaced every remaining Microsoft product in my possession with something better in recent years – this sort of quasi-criminal behavior stands alone as reason enough.
Thanks, Cinaedh – who posted this at the Cage Match
Don’t like it?
Don’t accept the EULA!
Brute force solution – uninstall firefox and reinstall sans .net, better yet uninstall windows and install something non M$.
Not surprising to anyone with at least 5 years experience with M$.
I really hate Microsoft!
GO MAC OR DIE!!!!
This message flammed to you via the “Fanboys for a Unified Computer Konglomerate Etiquette Dynasty”
I wouldnt mind MS, if they would stick tot he standard conventions in programming, and security..
WHO remembers that NO game ever played well on Windows, unless WINDOWS BACKED/BOUGHT it??
If MS wouldnt try to BUY OUT/LEASE original content and then AUGMENT it only to work under MS..trying to OVER MAKE a standard thats already solid..
Microsoft isn’t the only one adding unrequested addons: Java Quick Starter anyone?
Hmmmm that’s some hard sh*t..
as always, MS trying to get the best of things.. geeeez… they should try adding this for Firefox Mac !! lool
The commenters here need to get up to speed, as does the author.
Microsoft used the interfaces provided by firefox to install a plugun that would benefit firefox users when they encounter web sites using .net functionality.
In other words, to make more of those “ie only” sites firefox compatible.
You idiots really have a problem with that? Where’s the rant about Adobe, Sun, Apple for fuck’s sake? Definitely a bunch of ignorant whiners, sorry I stumbled across this blog.
#48,
IE compatible??
why not IE being internet compatible??
NOT letting CRAP install itself on your computer..
Stop panicking you grumpy old lefty! geee.. install Mr TEch Toolkit, restart firefox, right click on ms extension and you can now “browse install directory” delete all contents, and then directory… done.. I did it and vista boots just fine..
I just opened the ‘Add-ons’ tab of my FF install, hit the “disable” button next to the .Net extension you speak of and it appears to be disabled. Am I wrong in making this assumption?
I have also just “disabled” but all my friends are sKAreaming at me to “uninstall” via registry etc. and are trying to convince me the program can still run from the registry. Is this a scare tactic?
It’s amazing how the world of on-line journalism works. It’s mostly “Monkey see, Monkey do”. The .Net Framework Assistant was added last February:
http://www.ghacks.net/2009/02/09/remove-microsoft-net-framework-assistant-from-firefox/
I first heard about it on Slashdot. Months later someone notices it, assumes it’s new, and proceeds to throw a fit. Other tech journalists scour the web to see what everyone else is saying, then print their own version of the same crybaby rant. Research? What research? Light the torch, it’s about Microsoft!