http://voices.washingtonpost.com/securityfix/2009/05/microsoft_update_quietly _insta.html[1] Microsoft Update Quietly Installs Firefox Extension A routine security update for a Microsoft Windows component installed on tensof millions of computers has quietly installed an extra add-on for an untold number of users surfing the Web with Mozilla's Firefox Web browser. Earlier this year, Microsoft shipped a bundle of updates known as a "service pack" for a programming platform called the Microsoft .NET Framework, which Microsoft and plenty of third-party developers use to run a variety of interactive programs on Windows. The service pack for the .NET Framework, like other updates, was pushed out to users through the Windows Update Web site. A number of readers had never heard of this platform before Windows Update started offering the service pack for it, and many of you wanted to know whether it was okay to go ahead and install this thing. Having earlier checked to see whether the service pack had caused any widespread problems or interfered with third-party programs -- and not finding any that warranted waving readers away from this update -- I told readers not to worry and to go ahead and install it. I'm here to report a small side effect from installing this service pack thatI was not aware of until just a few days ago: Apparently, the .NET updateautomatically installs its own Firefox add-on that is difficult -- if not dangerous -- to remove, once installed......... Big deal, you say? I can just uninstall the add-on via Firefox's handy Add-ons interface, right? Not so fast. The trouble is, Microsoft has disabledthe "uninstall" button on the extension. What's more, Microsoft tellsus that the only way to get rid of this thing is to modify the Windows registry[2], an exercise that -- if done imprecisely -- can cause Windows systems to fail to boot up. When I first learned of this, three thoughts immediately flashed through my mind: 1) How the %#@! did I miss this? 2) The right way would have been to just publish the add-on at Mozilla's Add Ons page[3]. 3) This kind of makes you wonder what else MS is installing without your knowledge. Then I found that I wasn't the only one who had these ideas. Microsoft has heard these criticisms from others who long ago commented on this unfortunatedevelopment (see the comments underneath this post[4]). Anyway, I'm sure it's not the end of the world, but it's probably infuriatingto many readers nonetheless. Firstly -- to my readers -- I apologize for overlooking this..."feature" of the .NET Framework security update. Secondly -- to Microsoft -- this is a great example of how not to convince people to trust your security updates. For those Windows users that got caught by this potential .NET spyware here is the removal sequence: http://blogs.msdn.com/brada/archive/2009/02/27/uninstalling-the-clickonce -support-for-firefox.aspx[5] -- ---- GreyGeek “They’ll get sort of addicted, and then we’ll somehow figure out how to collect sometime in the next decade.” –Bill Gates “Bill Gates looks at everything as something that should be his. He acts inany way he can to make it his. It can be an idea, market share, or a contract. There is not an ounce of conscientiousness or compassion in him. The notion of fairness means nothing to him. The only thing he understands isleverage.” –Philippe Kahn I don't think it's any coincidence that Microsoft achieved dominance in the American market during the same period that bottled water became omnipresent. In both instances, clever marketing convinced the general public that something that was clean, safe and free wasinferior to a product encased in plastic. --- Links --- 1 http://voices.washingtonpost.com/securityfix/2009/05/microsoft_update_quietly_insta.html 2 http://blogs.msdn.com/brada/archive/2009/02/27/uninstalling-the-clickonce-support-for-firefox.aspx 3 https://addons.mozilla.org/en-US/firefox/ 4 http://blogs.msdn.com/brada/archive/2009/02/27/uninstalling-the-clickonce-support-for-firefox.aspx 5 http://blogs.msdn.com/brada/archive/2009/02/27/uninstalling-the-clickonce-support-for-firefox.aspx ---- Husker Linux Users Group mailing list To unsubscribe, send a message to huskerlug-request@xxxxxxxxxxxxx with a subject of UNSUBSCRIBE