Microsoft sneaks Firefox add-on without user knowledge
 

Wasn't sure how many were aware of this or not. Feedback is appreciated.

http://www.threatpost.com/blogs/micr...user-knowledge

Intersting to say the least ....

Why on Earth is MS adding "compatibility" to Firefox??

Shouldn't Mozilla be adding support for .Net themselves??

Thankfully it is easily removed if the user wants to remove it using Firefox's addon feature.

No, it isn't. You have to do some registry hacking, start FireFox, enter its config, change things, close it, then look for files and get rid of them, then open FireFox and make sure it's really gone.

I had to do a regedit to remove it. The "Uninstall" button on the addon tab was disabled. I just followed the instructions to find all the information I needed to uninstall completely (Thanks for the link Silenia). I had been having slow internet loading since this "update" (also had to uninstall a Java addon "Java Quick Start", in order to keep it off my puter). Loading seems a lot faster (tested slightly, if more problems arise, I'll post).

Another craptastic move by Microsoft Windows.

Sure is bad news man and in a way not surprising at all.

When will Microsoft ever learn? It's a good thing I don't have that Service Pack or the "extension". Then again, I am quite aware of what gets installed on my machine. However once I get my other drive installed, my shiny new Ubuntu 9.04 disc (just arrived in the mail) gets used.

subject line of OP is misleading. "Sneaks" implies the user has no way of seeing it coming. In this case, it is mentioned quite clearly on the download page as well as how to remove it. http://www.microsoft.com/downloads/d...1-6383ba034eab.

The only way that is sneaky is if the person installing it is blind and not using any kind of text to speech. Or if the user is too mentally challenged to make sure they find out what they are installing when they do an update. I would expect a wowmatrix user to consider it as "sneaking" but not someone here on Wowinterface.

Meh. I know I'm half asleep and there's no real way to gauge tone on the Internet, but I believe you were trying to be at least mildly insulting. :D

Only trying to be insulting of the media that had the bad headlines! Those of you who actually bought into it without digging a bit to find out they sensationalized the event are just victims of the media. :D

Firefox sucks anyway. it's a bloated waste of space.

Google Chrome ftw.

Heh, thanks for the tip, it is fast!

So, it's your position that those users who have automatic updates for MS setup ("You have updates.") are really to blame when Microsoft adds a component to someone else' software that increases their security risks?

That the headlines informing people that such a breach of both ethics and etiquette are wrong for so doing? That those who have this installed without knowing about it are "mentally challenged"?

Finally, the removal method is well documented, but requires editing the registry and cannot be done through the standard mozilla methods of removing the plugin. But, because it's documented, they aren't "sneaking"? When the license that said that any document transmitted through any MSN service, including Hotmail, was property of Microsoft, you believe that because it so stated (in the fine print), that anyone who didn't like it was in error?

Must be nice to live in your glass house.

Where I came from sneaking means you are trying to avoid detection. If they were trying to avoid detection they wouldn't say right in the details what it does and how to remove it. Call it underhanded if you want, but "Sneaky" it wasn't.

And btw, yes, I consider it foolish to have completely "automatic updates" for anything other than AV/Anti-spyware foolish. Windows Update has a very nice tool that tells you what is available and lets you first read the details, and then choose what to update. It's the smart thing to do so that if something DOES go wrong you actually know what the heck recently changed.

The simple fact is that a person's PC is NOT going to have anything they don't want installed onto it unless they CHOOSE to do so. Choosing to let MS automatically install what they want by having auto-update on is user choice, plain and simple. And there's no one the user can blame but themself, imho. MS doesn't do stealth auto-updates. The updates are documented and users only get them automatically if they have chosen to do so. Yet you think the blame should fall more on the company than on the users who told them "go ahead and put what you want on my machine"? That's the problem with society today, no one wants to be accountable for their own choices.

Um....

Click tools>Add ons>disable...

Done.

The issue is that Microsoft does not provide service to just technology enthusiasts, who know their way around a computer. They have their product reach, I want to say 75% of household computers today? The issue is that for many of these people, they are trusting Microsoft with keeping them safe. That's why they pay the cash for the operating system, and whatever needs to be done down the road to keep them safe.

It's not a stupidity thing. It's an ignorance thing. Millions of people around the world don't know a computer much more than a text editor and an internet browser. They trust Microsoft to keep their digital data secure. When Microsoft says that an update is either "urgent" or "highly recommended" or something to that sort, the communication that is made is "this is critical in keeping your digital data and your entire system safe from hackers". Believe it or not.

Are they technically sneaky? No. You correctly asserted that they documented the update, and even a way to undo it. Is it at all clear exactly what happened to the end user who may not be completely tech-savvy, who never looks at an update beyond the "update now" (or are even on auto-update and auto-install)? Further, is there a simple "undo" method? Technically, yes there is a method, but not one that could be called "simple" or approachable. While you or I may not have an issue with editing the registry, that command either gives the ordinary person with low to moderate computer experience hives, or confuses the hell out of them. (To be honest, most will never know it's even there, or even an issue, to begin with.)

You said it yourself - you see the sense in turning an antivirus or firewall on auto-update. This is the same mentality that many, many people approach updating their OS with.

Well I did say that I would certainly call what they did "underhanded".

I still think it's a bad idea to auto-update most software. It makes it very hard for us folks who DO know computers well to fix the PC's of users who have no idea what software changes were made immediately prior to their system needing to be fixed. Especially because these same people are more than familiar with running Disk cleanup thoroughly, deleting all system restore points, becaues they dont' have hard drives big enough for all the crap on them.. :D

PS. Google Chrome really is nice.

Okay, so we have established the fact, according to Stormkeep, that I'm foolish. I didn't read every detail of what my OS updated.

Now, is there a way to disable the excessively annoying "Updates are ready for your computer" messages? I use a 3rd party firewall / security, because I know MS products fail with actual security, so I'd be comfortable with not getting updates IF I did not have to see that annoying frigging message every time I turn around.

Edit: Also, Evolution85, did you read the 3rd and 4th posts in this thread, or even the link that this thread is about? The uninstall button is disabled for this "addon".

I'll uninstall FF in the same day, they implement no-script and plugin system to Chrome.

/back on topic

Thanks for the info!

There absolutely is. In the settings for automatic updates (how you get their varies depending on your version of windows) you can choose "Never check for updates."

It is a good idea to actually run windows update and manually check now and again...most of their updates are a good idea to install. But at the same time, you already know MS products fail at actual security, so it's also a really good idea to make sure you find out what they are installing first. There's a reason large corporate IT departments don't roll out updates until well after MS puts them up. So other users crazy enough to use auto-update find all the problems first. Such as the one that started this whole thread. :)