A routine security update for a Microsoft Windows component installed on tens of millions of computers has quietly installed an extra add-on for an untold number of users surfing the Web with Mozilla’s Firefox Web browser.

Earlier this year, Microsoft shipped a bundle of updates known as a “service pack” for a programming platform called the Microsoft .NET Framework, which Microsoft and plenty of third-party developers use to run a variety of interactive programs on Windows.

The service pack for the .NET Framework, like other updates, was pushed out to users through the Windows Update Web site…I’m here to report a small side effect from installing this service pack that I was not aware of until just a few days ago: Apparently, the .NET update automatically installs its own Firefox add-on that is difficult — if not dangerous — to remove, once installed.

Annoyances.org, which lists various aspects of Windows that are, well, annoying, says “this update adds to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer: the ability for Web sites to easily and quietly install software on your PC.” I’m not sure I’d put things in quite such dire terms, but I’m fairly confident that a decent number of Firefox for Windows users are rabidly anti-Internet Explorer, and would take umbrage at the very notion of Redmond monkeying with the browser in any way.

Big deal, you say? I can just uninstall the add-on via Firefox’s handy Add-ons interface, right? Not so fast. The trouble is, Microsoft has disabled the “uninstall” button on the extension. What’s more, Microsoft tells us that the only way to get rid of this thing is to modify the Windows registry, an exercise that — if done imprecisely — can cause Windows systems to fail to boot up.

Microsoft — this is a great example of how not to convince people to trust your security updates.

How many times has this sort of presumptuous crap rolled out the backdoor of Redmond? I’ve used Microsoft software since 1983. And though there are additional reasons for my disaffection and departure from the realm – I’ve replaced every remaining Microsoft product in my possession with something better in recent years – this sort of quasi-criminal behavior stands alone as reason enough.

Thanks, Cinaedh – who posted this at the Cage Match




  1. DarkFox says:

    “wah wah! We don’t like MS so we won’t use IE!” …. but you still use Windows… Good one. You almost had me there… Now go ahead and install Linux or get a Mac!

  2. Patrick says:

    Eideard said, “Microsoft cannot be trusted!”

    Very good. I’m glad you figured this out. 😉

  3. miaminice says:

    I love how those that type “M$” fail to see that they are in the pocket of Apple, a company that charges high prices for its products.

    Linux? It just copies Apple and Microsoft.

    I’m fine with Microsoft.

  4. chuck says:

    And after a simple Google search, I found this:

    http://wyday.com/blog/2008/how-to-uninstall-microsoft-net-framework-assistant-from-firefox/

    I like this line in the article: “Microsoft tells us that the only way to get rid of this thing is to modify the Windows registry, an exercise that — if done imprecisely — can cause Windows systems to fail to boot up.”

    Microsoft trying to scare people so they won’t uninstall it.

  5. ECA says:

    21,

    HOW WELL, do you understand Computer programming??

    Lets add this up, and dont say its an apology from the writer over his OWN suggestions.

    A PROGRAMMING language written by MS.
    Making an OS out of that language..

    You dont WRITE anything to the programming directories. you LOCK them down so they dont get messed up.
    YOU dont allow OTHER programs to install, ANYTHING into the programming Language Areas.
    IF you need ADJUSTMENTS/ADDONS/FIXES..make another DIR and set reg. TO LOOK in that dir for any requests. OR if a special driver/augmented driver is needed, Leave it in the programs DIR and tell the computer to LOOK THERE. you NEVER add to the OS or programming DIR.

    I hope you understand. As Others write programs, they Need the original OS/programming. IF someone augmented the command, they may have changed something. Even if its 100% compatible, you must be sure it wont corrupt the other programs. Thats compatibility. It really is a problem when ANYONE with a web site can write to WIN DIR. Its a problem when ANY program wants to WRITE to WIN DIR. “the program you are installing wishes to OVER WRITE ?????.??? program in windows….Yes or NO” is NOT what a person should see. 99% of customers/users SHOULD NOT need to see this popup. AND it shouldnt happen.
    MS programming has been full of HOLES for years. And I hope that the WRITER knows this.
    When a game or program WANTS to write to your OS..just say NO.
    Another fun thing about this, is the BOT that was installed in 1999 in windows media player and never removed until about 1 year ago.
    It was made by the person that wrote the program to collect DATA, and he forgot to remove it?? It collected data for almost 10 years, before MS removed it.

  6. Don’t like it?
    Don’t accept the EULA!

  7. amodedoma says:

    Brute force solution – uninstall firefox and reinstall sans .net, better yet uninstall windows and install something non M$.
    Not surprising to anyone with at least 5 years experience with M$.

  8. sargon says:

    I really hate Microsoft!

  9. orangertiki says:

    GO MAC OR DIE!!!!

    This message flammed to you via the “Fanboys for a Unified Computer Konglomerate Etiquette Dynasty”

  10. ECA says:

    I wouldnt mind MS, if they would stick tot he standard conventions in programming, and security..
    WHO remembers that NO game ever played well on Windows, unless WINDOWS BACKED/BOUGHT it??
    If MS wouldnt try to BUY OUT/LEASE original content and then AUGMENT it only to work under MS..trying to OVER MAKE a standard thats already solid..

  11. Badcam says:

    Microsoft isn’t the only one adding unrequested addons: Java Quick Starter anyone?

  12. tipat says:

    Hmmmm that’s some hard sh*t..
    as always, MS trying to get the best of things.. geeeez… they should try adding this for Firefox Mac !! lool

  13. c'mon you clowns says:

    The commenters here need to get up to speed, as does the author.

    Microsoft used the interfaces provided by firefox to install a plugun that would benefit firefox users when they encounter web sites using .net functionality.

    In other words, to make more of those “ie only” sites firefox compatible.

    You idiots really have a problem with that? Where’s the rant about Adobe, Sun, Apple for fuck’s sake? Definitely a bunch of ignorant whiners, sorry I stumbled across this blog.

  14. ECA says:

    #48,
    IE compatible??
    why not IE being internet compatible??
    NOT letting CRAP install itself on your computer..

  15. verycheeky says:

    Stop panicking you grumpy old lefty! geee.. install Mr TEch Toolkit, restart firefox, right click on ms extension and you can now “browse install directory” delete all contents, and then directory… done.. I did it and vista boots just fine..

  16. ratboy says:

    I just opened the ‘Add-ons’ tab of my FF install, hit the “disable” button next to the .Net extension you speak of and it appears to be disabled. Am I wrong in making this assumption?

  17. mrsha says:

    I have also just “disabled” but all my friends are sKAreaming at me to “uninstall” via registry etc. and are trying to convince me the program can still run from the registry. Is this a scare tactic?

  18. Yonah says:

    It’s amazing how the world of on-line journalism works. It’s mostly “Monkey see, Monkey do”. The .Net Framework Assistant was added last February:

    http://www.ghacks.net/2009/02/09/remove-microsoft-net-framework-assistant-from-firefox/

    I first heard about it on Slashdot. Months later someone notices it, assumes it’s new, and proceeds to throw a fit. Other tech journalists scour the web to see what everyone else is saying, then print their own version of the same crybaby rant. Research? What research? Light the torch, it’s about Microsoft!


0

Bad Behavior has blocked 6677 access attempts in the last 7 days.