A routine security update for a Microsoft Windows component installed on tens of millions of computers has quietly installed an extra add-on for an untold number of users surfing the Web with Mozilla’s Firefox Web browser.
Earlier this year, Microsoft shipped a bundle of updates known as a “service pack” for a programming platform called the Microsoft .NET Framework, which Microsoft and plenty of third-party developers use to run a variety of interactive programs on Windows.
The service pack for the .NET Framework, like other updates, was pushed out to users through the Windows Update Web site…I’m here to report a small side effect from installing this service pack that I was not aware of until just a few days ago: Apparently, the .NET update automatically installs its own Firefox add-on that is difficult — if not dangerous — to remove, once installed.
Annoyances.org, which lists various aspects of Windows that are, well, annoying, says “this update adds to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer: the ability for Web sites to easily and quietly install software on your PC.” I’m not sure I’d put things in quite such dire terms, but I’m fairly confident that a decent number of Firefox for Windows users are rabidly anti-Internet Explorer, and would take umbrage at the very notion of Redmond monkeying with the browser in any way.
Big deal, you say? I can just uninstall the add-on via Firefox’s handy Add-ons interface, right? Not so fast. The trouble is, Microsoft has disabled the “uninstall” button on the extension. What’s more, Microsoft tells us that the only way to get rid of this thing is to modify the Windows registry, an exercise that — if done imprecisely — can cause Windows systems to fail to boot up.
Microsoft — this is a great example of how not to convince people to trust your security updates.
How many times has this sort of presumptuous crap rolled out the backdoor of Redmond? I’ve used Microsoft software since 1983. And though there are additional reasons for my disaffection and departure from the realm – I’ve replaced every remaining Microsoft product in my possession with something better in recent years – this sort of quasi-criminal behavior stands alone as reason enough.
Thanks, Cinaedh – who posted this at the Cage Match
Just looked, it’s not in my add-ons list.
thanks for the heads up I took that update a while ago and when I looked that was in my addons list, for now I just disabled it. But I smell a well deserved lawsuit
ohh and just an addendum it appears msn broke hotmail again for Firefox I have not been able to get into it all day with firefox but ie8 works fine
Are you ready for Linux yet?
Let’s face it. Software comapnies are inherently evil, Apple included. I put this on par with anyone owning an iPod being forced to use the most obnoxious piece of shit software ever written. They call it iTunes.
This is relatively old news. You can disable the the extension and I have. This sort of crap is why I loath Microsoft and why I am trying to move everyone I know to Apple or Linux.
@#5 Sorry, but while I own 5 working (and more dead or unused/old) iPods I do not have or have ever had iTunes account or software on any of my computers. Music and podcasts work just fine placed on the device using other (OpenSource) software.
Problem here is also much greater than just being forced to use someones software by set of circumstances. Problem is that MS fails to understand (legal) boundary of where their rights end and ours begin. I saw this trend in few “gafs” they made in Summer/Fall of 2007 and since that time I consider MS updates greater security risk than the malware infesting their products. Hence, since that time my MS auto-updates are off (and I suggest everyone to do the same) and I update manually after the fact and after no issues were reported. I must be careful of my MS usage and protect both by behavior and non-MS security software of all kinds. But, I find that worth it.
I didn’t need the update, as I chose to install .NET Framework myself.
I noticed them a while back and disabled all of them.
I just removed it. Thanks for the update.
Apple – Macintosh!
Try it, you will really like it.
Nope, not on my computer. But I read everything from MS and for services I don’t want, I decline.
Pedro,
Donde fracasaba Lenin, Microsoft va a unir la proletaria de todo pais.
Bwahahahaha.
I’m with the pinquos and macfans here. I don’t put any other MS software on my Windows PC, and I resent MS’s apparent ability to install a “kick me” sign on my behind. I don’t have the extension on Firefox for the same reason: MS Update (amongst other things) is turned OFF.
If they did it they are asking for a truly ugly lawsuit by firefox and others. You don’t mess with another company’s software unless you are insane and that goes double if you bleep it up!
I’d have most likely uninstalled then reinstalled firefox though MS might just stick it back in.
They made two major blunders:
They installed it without asking.
They made it hard to uninstall.
Should cost them a few $100,000,000 I hope.
Can’t uninstall??…
huh, just uninstalled.
Clicked “disable”, waited a second, pressed “uninstall”, restarted FF, no MS…
Hmm,
why would MS make an OS that deviates from standard architecture??
WHY would MS make a browser, that has HOLES/BACKDOORS/ALLOWS anyone to install stuff/GIVES admin RIGHTS which you cant turn off, unless you cripple IE..
THEn STEALS software to protect the system(anti virus/anti bot) and cripples it, so it cant protect the system from ALL that IE does..
Microsoft:
We can’t make our browser secure so we will poke holes in our main competitor that you can’t close, now open your wallet for our vacuum.
Those wacky, Microsoftonians.
#16 – RTFA. The article cited is reviewing a disaster that has been in place since “earlier this year”. It took a while for all the crap to settle out and discussions have been taking place in various nooks and crannies of geekdom.
The dude in the Washington Post wrote this piece to apologize to folks who may have let the original Service Pack download – on his recommendation.
One would hope that in the past week or two – Microsoft may have noted the discussion and remedied (somewhat) their rolling disaster.
switched to linux about 4 years ago and havent looked back… 🙂
except at work……… that is nightmarish..
as far as lawsuits go… not with the all encompassing EULA that microsoft has, you use windows you agree to it…
M$ EULA
http://www.microsoft.com/windowsxp/eula/home.mspx
APPLE ELUAs!!! EULAs????
http://www.apple.com/legal/sla/
GPL V3
http://www.gnu.org/copyleft/gpl.html
#6 & #12 – you do realise that Apple do far far worse with EVERY install of iTunes right?
Ever wondered where that umpteen Mb install of Safari (a FULL program, not just an update or plugin) came from that you never asked to be installed?
Or their Bonjour networking service, another useless piece of Apple crap 99.9% of iPod users will never need?
Grow the fuck up and stop defending a MUCH WORSE culprit than MS is.
Wow. The unwanted and unasked for Safari junkware takes up huge 63Mb.
Now thats thousands of times larger than MS’s tiny little plugin, and its well documented security faults make it a much larger risk.
Industrial SABOTAGE and FELONY COMPUTER HACKING !!! Lock ’em up !!! These aren’t any pimply teen crackers, M$ is a CRIMINAL CONSPIRACY !!! Let’s have some LAW AND ORDER HERE !!!
Right, Bonjour, another lovely Apple piece of s*it that macfans love. Goood Grieeef.
iTunes should be awarded worst piece of crap ever made re: software. Jerks.
Apple and gorgonzola — they’re sorta like what they’re supposed to be, but not.
#28 – Oh god, I’d forgotten about that! Soooo annoying when Chrome suddenly appears on my desktop just coz I installed Google earth a few months back and the google desktop thing materializes next to my tooltray and disables Sidebar.
I seriously can’t think of any MS thing that is as intrusive as those by apple and google, at least the MS stuff is generally opt-in.
Either way though, I’m sure they all mention the crapware they are going to install in their EULAs and like idiots we ALWAYS click ‘accept’.
Linux for 4 years now.
I’m still amused by how MS abuses their flock.
Windows users should at least have Windows/Linux dual boot and for internet activity use only use Linux.
ff3.5b seems to break this
Linux is great, so is Dos.. Apple makes pretty computers and has a great sales pitch.
Now if only I could run all the software I use on anyone of them, boy would I ever switch.
Version 1.1 on Windows 7, does have the uninstall feature. But yea, the Windows update installs it automatically. Bastards.
I don’t have it in my add-ons list, but this is a prime reason to NOT let WU blindly install stuff.
I’ve used the custom option every time and I always find stuff that I don’t need/want and I don’t install it.