Author Topic: Microsoft exposes Firefox users to drive-by malware downloads  (Read 31281 times)

0 Members and 1 Guest are viewing this topic.

roro

  • Guest
Re: Microsoft exposes Firefox users to drive-by malware downloads
« Reply #15 on: October 17, 2009, 12:13:27 PM »
Also,
I don't have the:

Windows Presentation Foundation 3.5.30729.1 (Plugin)
Microsoft. Net framework assistant 1.1           (Extension)

In Firefox, but I do have these:

Microsoft DRM  Netscape Network object (plugin)
Microsoft DRM store Netscape plugin

Should these be disabled too?

RoRo

Hermite15

  • Guest
Re: Microsoft exposes Firefox users to drive-by malware downloads
« Reply #16 on: October 17, 2009, 12:17:39 PM »
don't know how you managed to get these  ;D yes of course they should be disabled.

Avastfan1

  • Guest
Re: Microsoft exposes Firefox users to drive-by malware downloads
« Reply #17 on: October 17, 2009, 12:38:58 PM »
Are you sure?

I have them as well.......

Hermite15

  • Guest
Re: Microsoft exposes Firefox users to drive-by malware downloads
« Reply #18 on: October 17, 2009, 12:44:43 PM »
well unless you're a DRM worshiper  ;)

Offline Omid Farhang

  • Frontend Developer
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1660
  • I wish I could write longer personal text!!
    • Homepage
Re: Microsoft exposes Firefox users to drive-by malware downloads
« Reply #19 on: October 17, 2009, 12:51:49 PM »
Also,
I don't have the:

Windows Presentation Foundation 3.5.30729.1 (Plugin)
Microsoft. Net framework assistant 1.1           (Extension)
if you don't have them, it's mean you have not installed .Net Framework +3, don't worry, it's okay, just for some new programs you may get a warning that they need it to run.

In Firefox, but I do have these:

Microsoft DRM  Netscape Network object (plugin)
Microsoft DRM store Netscape plugin

Should these be disabled too?
if you buy songs from a location which need these (or use some stuff else which need it), no, don't disable, but if not, you can disable them and re-enable them when you need them.
« Last Edit: October 17, 2009, 12:57:32 PM by Omid Farhang »
Twitter: OmidFarhangEn - OS: Manjaro KDE

roro

  • Guest
Re: Microsoft exposes Firefox users to drive-by malware downloads
« Reply #20 on: October 17, 2009, 12:56:54 PM »
Thank you,
I don't purchase songs on line so I will disable them.
RoRo

Avastfan1

  • Guest
Re: Microsoft exposes Firefox users to drive-by malware downloads
« Reply #21 on: October 17, 2009, 01:33:52 PM »
Sorry for the repost, just that I am still a little uncertain.

1. What do these extensions and plugins actually do?

2. Is my computer (and Firefox) secure now that I have disabled:

Extensions: 'Microsoft .NET Framework Assistant 1.1'
Plugins: 'Windows Presentation Foundation 3.5.30729

but not disabled:
Plugin: Microsoft DRM 9.0.0.4503 - DRM Netscape Network Object
Plugin: Microsoft DRM 9.0.0.4503 - DRM Store Netscape Plugin?

3. Should I disable or uninstall the above?

4. If I did disable or uninstall them, what would the effect be on my system?

Thanks!

Avastfan1

Offline Omid Farhang

  • Frontend Developer
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1660
  • I wish I could write longer personal text!!
    • Homepage
Re: Microsoft exposes Firefox users to drive-by malware downloads
« Reply #22 on: October 17, 2009, 01:44:07 PM »
Sorry for the repost, just that I am still a little uncertain.
it's ok, no problem ;)

1. What do these extensions and plugins actually do?
.Net Framwork plugin allow you run programs directly from Web/Internet
WPF: http://en.wikipedia.org/wiki/Windows_Presentation_Foundation

2. Is my computer (and Firefox) secure now that I have disabled:

Extensions: 'Microsoft .NET Framework Assistant 1.1'
Plugins: 'Windows Presentation Foundation 3.5.30729
Yes, Disable is enough, maybe one day you need them, so you can easily enable them, use them and then again disable it ;)

but not disabled:
Plugin: Microsoft DRM 9.0.0.4503 - DRM Netscape Network Object
Plugin: Microsoft DRM 9.0.0.4503 - DRM Store Netscape Plugin?

3. Should I disable or uninstall the above?
Yes, you can "Disable" them.

4. If I did disable or uninstall them, what would the effect be on my system?
You would "Prevent" running some application from "Web" into your computer when you are visiting unknown sites using that browser which has those Plugin/addons installed, usually all those applications are dangerous applications, so it's more safe we use none of those online applications. almost every good programs is available to download manually and scan via antivirus/spyware and then run inside computer, not using those plugins and online in browser.

Thanks!
you're welcome, I hope none of my advices are wrong.
« Last Edit: October 17, 2009, 05:11:41 PM by Omid Farhang »
Twitter: OmidFarhangEn - OS: Manjaro KDE

Alan Baxter

  • Guest
Re: Microsoft exposes Firefox users to drive-by malware downloads
« Reply #23 on: October 17, 2009, 04:58:05 PM »
Good questions, Avastfan1.  Omid Farhang is giving you good advice on all four items.

but not disabled:
Plugin: Microsoft DRM 9.0.0.4503 - DRM Netscape Network Object
Plugin: Microsoft DRM 9.0.0.4503 - DRM Store Netscape Plugin?

3. Should I disable or uninstall the above?
Yes, you can "Disable" them.

You don't need to disable them to make Firefox more secure, but there's no need to leave them enabled if they're not being used.

Quote
4. If I did disable or uninstall them, what would the effect be on my system?
You would "Prevent" running some application from "Web" into your computer when you are visiting unknown sites using that browser which has those Plugin/addons installed, usually all those applications are dangerous applications, so it's more safe we use none of those online applications. almost every good programs is available to download manually and scan via antivirus/spyware and then run inside computer, not using those plugins and online in browser.

I agree.  Disabling 'Microsoft .NET Framework Assistant 1.1' and 'Windows Presentation Foundation 3.5.30729' will make Firefox more secure.  That's why Mozilla started doing that automatically twelve hours ago.

Avastfan1

  • Guest
Re: Microsoft exposes Firefox users to drive-by malware downloads
« Reply #24 on: October 17, 2009, 08:05:41 PM »
Dear Omid and Alan,

I thank you both very much for sharing your expertise and advice. It really is very much appreciated.

Enjoy the rest of the weekend!

Best wishes,

Avastfan1

Alan Baxter

  • Guest
Re: Microsoft exposes Firefox users to drive-by malware downloads
« Reply #25 on: October 17, 2009, 09:28:13 PM »
You're welcome.  Enjoy your weekend too!

Offline Omid Farhang

  • Frontend Developer
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1660
  • I wish I could write longer personal text!!
    • Homepage
Re: Microsoft exposes Firefox users to drive-by malware downloads
« Reply #26 on: October 17, 2009, 10:42:26 PM »
Dear Omid and Alan,

I thank you both very much for sharing your expertise and advice. It really is very much appreciated.

Enjoy the rest of the weekend!

Best wishes,

Avastfan1
you're welcome

have fun!
Twitter: OmidFarhangEn - OS: Manjaro KDE

Sesame

  • Guest
Re: Microsoft exposes Firefox users to drive-by malware downloads
« Reply #27 on: October 18, 2009, 01:13:08 PM »
Update: Mozilla took a move on this issue.
Mozilla Disables Microsoft's Insecure Firefox Add-on

YoKenny

  • Guest
Re: Microsoft exposes Firefox users to drive-by malware downloads
« Reply #28 on: October 18, 2009, 01:43:57 PM »
Reads like a tempest in a teapot to me.

Sesame

  • Guest
Re: Microsoft exposes Firefox users to drive-by malware downloads
« Reply #29 on: October 18, 2009, 02:21:02 PM »
Of course, for IE users, it shouldn't be a problem.

To be honest, as a use of Firefox, it's quite shocking since this kind of vulnerability is tough to be recognized by the users.  I linked Secunia's vulnerability reports at times but the info is pretty useless for this type of vulnerability.  Also, some of us use browsers other than IE since IE is too tied to the OS.  However, this kind of recognition is proven wrong when the OS "introduces" the same vulnerability with IE like in this case.

I leave the readers whether they take this as yet another anti-MS message or not (to be honest, I'm rather tired of "political" discussions simply because their repetitive nature) but, practically, as users, we have to deal with the outcome of any kind of vulnerability issues to protect our "assets", no matter how it managed to come into our systems.
« Last Edit: October 18, 2009, 02:22:59 PM by Rumpel »