A number of users have come aware to the fact that Microsoft with the .NET 3.5 SP1 installation secretly installs a Firefox add-on. This is why for instance on the download-site of Google Chrome a license agreement has to be accepted: without further notification the application is being downloaded and installed. Standard the settings for the “.NET Frameworks Assistant” are that no alert is being shown when so-called ClickOne applications are being opened: http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2009/05/22/the-sneaky-ms-clickonce-firefox-add-on.aspx
The settings of the add-on can be changed around, but it is very hard to uninstall. “We have added support on machine level, so the feature can be used by all computer users, also the add-on has been grayed out and cannot be uninstalled just like that by standard users, while standard users are not allowed to uninstall software on machine-level”, according to Microsoft’s Brad Abrams here: http://blogs.msdn.com/brada/archive/2009/02/27/uninstalling-the-clickonce-support-for-firefox.aspx
So if malcoders add software that cannot be easily uninstalled on machine-level they are considered cybercriminals, but when MS applies an add-on through the same sneaky methods (without being open and upfront about it, with the lame excuse it is because the poor n00b-users would else be without this feature (that does not benefit them) everything at once is OK.
I think that is not even the issue here. I think this goes a bit beyond spyware even… Changing the working of third party software (here Mozilla’s) without an explicit acceptance by the end user, and it does not matter if this is through a hack or via an add-on, is judiciously unacceptable. While MS is the owner of the Operational System does not give them the automatic right to change the workings of third party software.
And I think they understood this was bad PR for them, because they want to offer the support now at an install on a per-user basis and not further install it over the user’s head per machine level.
What we can do inside Fx with this sneaky Microsoft propriety software install is disable it, it can be uninstalled but that is not that easy for the common user.
IE has it by default, and I do not have it in Fx, because I run a developers test version:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1pre) Gecko/20090525 Shiretoko/3.5pre ID:20090525041408 which does not have this MS present,
When download Adobe free products (Reader, Flash Player, Shockwave, etc…) you have to read every page carefully to make sure you are not picking up extra addons, mainly Google toolbar.
Flash Player download will already have the checkbox ticked for addon Google toolbar (from my local connect to web anyway - there may be a difference depending on where you connect from, Google seem to be very forward with their localisation functionality(s).
In spite of your Fx being portable, these install settings are on your main drive, even when you for instance have the portable running from a pen drive,
Had a look in the registry, turns out it’s not there so it doesn’t really matter
Odd though that there is stuff in the registry, FF Portable is advertised as not leaving anything on the host machine, but I suppose that only covers the program itself, not the addons
Still though very wrong on Microsoft’s account, as DavidR said, had the tables been turned - there would have been uproar
That is true, always need an additional crap cleaner to cleanse all trails of it, like ATF Cleaner or ClearProg. I use these tools to cleanse crap just before I shut down after every Windows session.
The man responsible for this Firefox add-on: http://weblogs.asp.net/scottgu/archive/2008/05/12/visual-studio-2008-and-net-framework-3-5-service-pack-1-beta.aspx
Every time the MS propriety application is being updated, you would get it for free in Fx. I have put a posting in the NoScript forum, because it also has scripting implications as well. I am rather curious about Giorgio Maone’s reply to this silent MS-add-on install into Fx and at what level they made the decision in Fx development to go along with this install performed over the heads of the common users of the browser.
It is a sign of the times that the end user now has to look out for himself referring here. Policies that are getting more and more “out of balance” as you grasp what I mean to say here,
I have FF clear everything itself after every session, but then this may not be enough…
That guy probably wont be very popular for a while
As you said, we have to be VERY careful what we install nowadays, with MS exploiting every loophole possible.
It’s a good thing there are some out there that can help us who don’t know (you included ;))
Thanks for that explanation, but is not it unusual for MS to install propriety software in this way without asking the end user specifically if they like to install this? What they will do to their OS that’s their business, but what they do to third party software (Mozilla’s fx) can that be done over the head of the users or was this brought in with explicit consent of the developers of Firefox 3.5
and here:
can you confirm this was being brought in by developer consent? I think it will be a better policy if these silent global add-on installs can be performed on a "per user basis", where the end user can decide whether he wants the added feature installed or not
So where you come to your conclusion that you have to be very attentive to what you agree when installing something onto your machine, you are absolutely right. Sign of the times that is where it is going. If users don't wake up or protest to it it will be customary policy,
From fx standpoint this is what is meant by a global install: http://www.ghacks.net/2007/11/12/install-firefox-add-ons-for-all-users/
About the dangers of this add-on in Fx: This update adds to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer: the ability for websites to easily and quietly install software on your PC. Since this design flaw is one of the reasons you may've originally choosen to abandon IE in favor of a safer browser like Firefox, you may wish to remove this extension with all due haste.
Unfortunately, Microsoft in their infinite wisdom has taken steps to make the removal of this extension particularly difficult - open the Add-ons window in Firefox, and you’ll notice the Uninstall button next to their extension is grayed out! re: http://www.annoyances.org/exec/show/article08-600
Damien,
I still want to know what harm this install is doing to my system if any ???
Up till now, that question hasn’t been answered. The M$ bashing is in full force but,
I still can’t figure out what harm that install is doing to my system ???
I still can't figure out what harm that install is doing to my system
it's in my add-ons also but should i disable it-leave as is if it is doing no harm as Bob mentioned or
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=cecc62dc-96a7-4657-af91-6383ba034eab As a result, the Uninstall button will be functional in the Firefox Add-ons list after this install and then uninstall it or WHAT ::) ::) ??? ??? ???
This has nothing to do with MS bashing. You can read:
the ability for websites to easily and quietly install software on your PC
, and that is a reason for some to switch to Fx in the past. If MS brings this silently into Fx with or without consent of the Fx developers it “could” be putting my OS at risk while using Fx.
I liked MS from the days that they neatly prompted us in a polite way like “Do you really want to do this?”.
Since Vista I missed that.
And again this has nothing to do with MS or Mac or linux. This is upbuilding criticism, not windows bashing. If one has criticism of something that is wrong with the Windows platform is that Windows bashing, or is it so that there is no room anymore for criticism. I do not care if it is Windows or Google or whatever, I just want the users of Firefox to know, and the users of IE8 also since this was brought in and did not add security.
Bob3160, I am trained at Microsoft Education Center and my Certificates of Achievement are hanging on the wall in my computer room. Am I a Windows basher?