Thread Tools Display Modes
05-29-09, 04:04 PM   #1
Petrah
A Pyroguard Emberseer
 
Petrah's Avatar
AddOn Author - Click to view addons
Join Date: Jan 2008
Posts: 2,988
Microsoft sneaks Firefox add-on without user knowledge

Wasn't sure how many were aware of this or not. Feedback is appreciated.

http://www.threatpost.com/blogs/micr...user-knowledge
__________________
♪~ ( ) I My Sonos!
AddOn Authors: If your addon spams the chat box with "Addon v8.3.4.5.3 now loaded!", please add an option to disable it!
  Reply With Quote
05-29-09, 04:37 PM   #2
Sepioth
A Molten Giant
AddOn Author - Click to view addons
Join Date: Apr 2005
Posts: 894
Intersting to say the least ....

Why on Earth is MS adding "compatibility" to Firefox??

Shouldn't Mozilla be adding support for .Net themselves??

Thankfully it is easily removed if the user wants to remove it using Firefox's addon feature.
  Reply With Quote
05-29-09, 05:10 PM   #3
Torhal
A Pyroguard Emberseer
 
Torhal's Avatar
AddOn Author - Click to view addons
Join Date: Aug 2008
Posts: 1,196
Originally Posted by Sepioth View Post
Thankfully it is easily removed if the user wants to remove it using Firefox's addon feature.
No, it isn't. You have to do some registry hacking, start FireFox, enter its config, change things, close it, then look for files and get rid of them, then open FireFox and make sure it's really gone.
__________________
Whenever someone says "pls" because it's shorter than "please", I say "no" because it's shorter than "yes".

Author of NPCScan and many other AddOns.
  Reply With Quote
05-29-09, 05:12 PM   #4
Yhor
A Pyroguard Emberseer
 
Yhor's Avatar
Join Date: May 2007
Posts: 1,077
Originally Posted by Sepioth View Post
Intersting to say the least ....



Thankfully it is easily removed if the user wants to remove it using Firefox's addon feature.
I had to do a regedit to remove it. The "Uninstall" button on the addon tab was disabled. I just followed the instructions to find all the information I needed to uninstall completely (Thanks for the link Silenia). I had been having slow internet loading since this "update" (also had to uninstall a Java addon "Java Quick Start", in order to keep it off my puter). Loading seems a lot faster (tested slightly, if more problems arise, I'll post).

Another craptastic move by Microsoft Windows.
  Reply With Quote
05-29-09, 08:00 PM   #5
Xarl
A Warpwood Thunder Caller
 
Xarl's Avatar
AddOn Compiler - Click to view compilations
Join Date: Nov 2008
Posts: 94
Sure is bad news man and in a way not surprising at all.
__________________
  Reply With Quote
05-30-09, 02:04 AM   #6
Zyonin
Coffee powered Kaldorei
 
Zyonin's Avatar
AddOn Author - Click to view addons
Join Date: May 2006
Posts: 1,443
When will Microsoft ever learn? It's a good thing I don't have that Service Pack or the "extension". Then again, I am quite aware of what gets installed on my machine. However once I get my other drive installed, my shiny new Ubuntu 9.04 disc (just arrived in the mail) gets used.
__________________
Twitter

Last edited by Zyonin : 05-30-09 at 02:06 AM.
  Reply With Quote
05-30-09, 02:51 AM   #7
stormkeep
Drunken Dorf
 
stormkeep's Avatar
Premium Member
Join Date: Dec 2008
Posts: 66
subject line of OP is misleading. "Sneaks" implies the user has no way of seeing it coming. In this case, it is mentioned quite clearly on the download page as well as how to remove it. http://www.microsoft.com/downloads/d...1-6383ba034eab.

The only way that is sneaky is if the person installing it is blind and not using any kind of text to speech. Or if the user is too mentally challenged to make sure they find out what they are installing when they do an update. I would expect a wowmatrix user to consider it as "sneaking" but not someone here on Wowinterface.
  Reply With Quote
05-30-09, 04:12 AM   #8
Torhal
A Pyroguard Emberseer
 
Torhal's Avatar
AddOn Author - Click to view addons
Join Date: Aug 2008
Posts: 1,196
Meh. I know I'm half asleep and there's no real way to gauge tone on the Internet, but I believe you were trying to be at least mildly insulting.
__________________
Whenever someone says "pls" because it's shorter than "please", I say "no" because it's shorter than "yes".

Author of NPCScan and many other AddOns.
  Reply With Quote
05-30-09, 04:17 AM   #9
stormkeep
Drunken Dorf
 
stormkeep's Avatar
Premium Member
Join Date: Dec 2008
Posts: 66
Originally Posted by Torhal View Post
Meh. I know I'm half asleep and there's no real way to gauge tone on the Internet, but I believe you were trying to be at least mildly insulting.
Only trying to be insulting of the media that had the bad headlines! Those of you who actually bought into it without digging a bit to find out they sensationalized the event are just victims of the media.
  Reply With Quote
05-30-09, 06:59 AM   #10
break19
A Flamescale Wyrmkin
AddOn Author - Click to view addons
Join Date: Dec 2006
Posts: 116
Originally Posted by stormkeep View Post
Only trying to be insulting of the media that had the bad headlines! Those of you who actually bought into it without digging a bit to find out they sensationalized the event are just victims of the media.
Firefox sucks anyway. it's a bloated waste of space.

Google Chrome ftw.
  Reply With Quote
05-30-09, 07:13 AM   #11
stormkeep
Drunken Dorf
 
stormkeep's Avatar
Premium Member
Join Date: Dec 2008
Posts: 66
Originally Posted by break19 View Post
Firefox sucks anyway. it's a bloated waste of space.

Google Chrome ftw.
Heh, thanks for the tip, it is fast!
  Reply With Quote
05-30-09, 07:13 AM   #12
Astrocanis
A Black Drake
Join Date: Mar 2005
Posts: 84
Originally Posted by stormkeep View Post
subject line of OP is misleading. "Sneaks" implies the user has no way of seeing it coming. In this case, it is mentioned quite clearly on the download page as well as how to remove it. http://www.microsoft.com/downloads/d...1-6383ba034eab.

The only way that is sneaky is if the person installing it is blind and not using any kind of text to speech. Or if the user is too mentally challenged to make sure they find out what they are installing when they do an update. I would expect a wowmatrix user to consider it as "sneaking" but not someone here on Wowinterface.
So, it's your position that those users who have automatic updates for MS setup ("You have updates.") are really to blame when Microsoft adds a component to someone else' software that increases their security risks?

That the headlines informing people that such a breach of both ethics and etiquette are wrong for so doing? That those who have this installed without knowing about it are "mentally challenged"?

Finally, the removal method is well documented, but requires editing the registry and cannot be done through the standard mozilla methods of removing the plugin. But, because it's documented, they aren't "sneaking"? When the license that said that any document transmitted through any MSN service, including Hotmail, was property of Microsoft, you believe that because it so stated (in the fine print), that anyone who didn't like it was in error?

Must be nice to live in your glass house.
  Reply With Quote
05-30-09, 07:47 AM   #13
stormkeep
Drunken Dorf
 
stormkeep's Avatar
Premium Member
Join Date: Dec 2008
Posts: 66
Originally Posted by Astrocanis View Post
So, it's your position that those users who have automatic updates for MS setup ("You have updates.") are really to blame when Microsoft adds a component to someone else' software that increases their security risks?

That the headlines informing people that such a breach of both ethics and etiquette are wrong for so doing? That those who have this installed without knowing about it are "mentally challenged"?

Finally, the removal method is well documented, but requires editing the registry and cannot be done through the standard mozilla methods of removing the plugin. But, because it's documented, they aren't "sneaking"? When the license that said that any document transmitted through any MSN service, including Hotmail, was property of Microsoft, you believe that because it so stated (in the fine print), that anyone who didn't like it was in error?

Must be nice to live in your glass house.
Where I came from sneaking means you are trying to avoid detection. If they were trying to avoid detection they wouldn't say right in the details what it does and how to remove it. Call it underhanded if you want, but "Sneaky" it wasn't.

And btw, yes, I consider it foolish to have completely "automatic updates" for anything other than AV/Anti-spyware foolish. Windows Update has a very nice tool that tells you what is available and lets you first read the details, and then choose what to update. It's the smart thing to do so that if something DOES go wrong you actually know what the heck recently changed.

The simple fact is that a person's PC is NOT going to have anything they don't want installed onto it unless they CHOOSE to do so. Choosing to let MS automatically install what they want by having auto-update on is user choice, plain and simple. And there's no one the user can blame but themself, imho. MS doesn't do stealth auto-updates. The updates are documented and users only get them automatically if they have chosen to do so. Yet you think the blame should fall more on the company than on the users who told them "go ahead and put what you want on my machine"? That's the problem with society today, no one wants to be accountable for their own choices.

Last edited by stormkeep : 05-30-09 at 08:13 AM.
  Reply With Quote
05-30-09, 07:48 AM   #14
Evolution85
A Black Drake
 
Evolution85's Avatar
Join Date: Nov 2007
Posts: 84
Um....

Click tools>Add ons>disable...

Done.
  Reply With Quote
05-30-09, 08:53 AM   #15
BWarner
A Black Drake
 
BWarner's Avatar
Join Date: May 2008
Posts: 87
Originally Posted by stormkeep View Post
Where I came from sneaking means you are trying to avoid detection. If they were trying to avoid detection they wouldn't say right in the details what it does and how to remove it. Call it underhanded if you want, but "Sneaky" it wasn't.

And btw, yes, I consider it foolish to have completely "automatic updates" for anything other than AV/Anti-spyware foolish. Windows Update has a very nice tool that tells you what is available and lets you first read the details, and then choose what to update. It's the smart thing to do so that if something DOES go wrong you actually know what the heck recently changed.

The simple fact is that a person's PC is NOT going to have anything they don't want installed onto it unless they CHOOSE to do so. Choosing to let MS automatically install what they want by having auto-update on is user choice, plain and simple. And there's no one the user can blame but themself, imho. MS doesn't do stealth auto-updates. The updates are documented and users only get them automatically if they have chosen to do so. Yet you think the blame should fall more on the company than on the users who told them "go ahead and put what you want on my machine"? That's the problem with society today, no one wants to be accountable for their own choices.
The issue is that Microsoft does not provide service to just technology enthusiasts, who know their way around a computer. They have their product reach, I want to say 75% of household computers today? The issue is that for many of these people, they are trusting Microsoft with keeping them safe. That's why they pay the cash for the operating system, and whatever needs to be done down the road to keep them safe.

It's not a stupidity thing. It's an ignorance thing. Millions of people around the world don't know a computer much more than a text editor and an internet browser. They trust Microsoft to keep their digital data secure. When Microsoft says that an update is either "urgent" or "highly recommended" or something to that sort, the communication that is made is "this is critical in keeping your digital data and your entire system safe from hackers". Believe it or not.

Are they technically sneaky? No. You correctly asserted that they documented the update, and even a way to undo it. Is it at all clear exactly what happened to the end user who may not be completely tech-savvy, who never looks at an update beyond the "update now" (or are even on auto-update and auto-install)? Further, is there a simple "undo" method? Technically, yes there is a method, but not one that could be called "simple" or approachable. While you or I may not have an issue with editing the registry, that command either gives the ordinary person with low to moderate computer experience hives, or confuses the hell out of them. (To be honest, most will never know it's even there, or even an issue, to begin with.)

You said it yourself - you see the sense in turning an antivirus or firewall on auto-update. This is the same mentality that many, many people approach updating their OS with.
  Reply With Quote
05-30-09, 08:59 AM   #16
stormkeep
Drunken Dorf
 
stormkeep's Avatar
Premium Member
Join Date: Dec 2008
Posts: 66
Well I did say that I would certainly call what they did "underhanded".

I still think it's a bad idea to auto-update most software. It makes it very hard for us folks who DO know computers well to fix the PC's of users who have no idea what software changes were made immediately prior to their system needing to be fixed. Especially because these same people are more than familiar with running Disk cleanup thoroughly, deleting all system restore points, becaues they dont' have hard drives big enough for all the crap on them..
  Reply With Quote
05-30-09, 09:01 AM   #17
stormkeep
Drunken Dorf
 
stormkeep's Avatar
Premium Member
Join Date: Dec 2008
Posts: 66
PS. Google Chrome really is nice.
  Reply With Quote
05-30-09, 09:08 AM   #18
Yhor
A Pyroguard Emberseer
 
Yhor's Avatar
Join Date: May 2007
Posts: 1,077
Okay, so we have established the fact, according to Stormkeep, that I'm foolish. I didn't read every detail of what my OS updated.

Now, is there a way to disable the excessively annoying "Updates are ready for your computer" messages? I use a 3rd party firewall / security, because I know MS products fail with actual security, so I'd be comfortable with not getting updates IF I did not have to see that annoying frigging message every time I turn around.

Edit: Also, Evolution85, did you read the 3rd and 4th posts in this thread, or even the link that this thread is about? The uninstall button is disabled for this "addon".

Last edited by Yhor : 05-30-09 at 09:14 AM.
  Reply With Quote
05-30-09, 09:12 AM   #19
Drauer
A Fallenroot Satyr
 
Drauer's Avatar
AddOn Author - Click to view addons
Join Date: Mar 2008
Posts: 22
Originally Posted by stormkeep View Post
PS. Google Chrome really is nice.
I'll uninstall FF in the same day, they implement no-script and plugin system to Chrome.

/back on topic

Thanks for the info!
__________________
Quando omni flunkus moritati
  Reply With Quote
05-30-09, 09:12 AM   #20
stormkeep
Drunken Dorf
 
stormkeep's Avatar
Premium Member
Join Date: Dec 2008
Posts: 66
Originally Posted by Yhor View Post
Okay, so we have established the fact, according to Stormkeep, that I'm foolish. I didn't read every detail of what my OS updated.

Now, is there a way to disable the excessively annoying "Updates are ready for your computer" messages? I use a 3rd party firewall / security, because I know MS products fail with actual security, so I'd be comfortable with not getting updates IF I did not have to see that annoying frigging message every time I turn around.
There absolutely is. In the settings for automatic updates (how you get their varies depending on your version of windows) you can choose "Never check for updates."

It is a good idea to actually run windows update and manually check now and again...most of their updates are a good idea to install. But at the same time, you already know MS products fail at actual security, so it's also a really good idea to make sure you find out what they are installing first. There's a reason large corporate IT departments don't roll out updates until well after MS puts them up. So other users crazy enough to use auto-update find all the problems first. Such as the one that started this whole thread.
  Reply With Quote

WoWInterface » General Discussion » Chit-Chat » Microsoft sneaks Firefox add-on without user knowledge

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off