Other > General Topics
Microsoft stealthily installs a Firefox add-on that cannot easily be uninstalled
(1/9) > >>
Hi malware fighters,

A number of users have come aware to the fact that Microsoft with the .NET 3.5 SP1 installation secretly installs a Firefox add-on. This is why for instance on the download-site of Google Chrome a license agreement has to be accepted: without further notification the application is being downloaded and installed. Standard the settings for the ".NET Frameworks Assistant" are that no alert is being shown when so-called ClickOne applications are being opened: http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2009/05/22/the-sneaky-ms-clickonce-firefox-add-on.aspx

The settings of the add-on can be changed around, but it is very hard to uninstall. "We have added support on machine level, so the feature can be used by all computer users, also the add-on has been grayed out and cannot be uninstalled just like that by standard users, while standard users are not allowed to uninstall software on machine-level", according to Microsoft's Brad Abrams here: http://blogs.msdn.com/brada/archive/2009/02/27/uninstalling-the-clickonce-support-for-firefox.aspx

So if malcoders add software that cannot be easily uninstalled on machine-level they are considered cybercriminals, but when MS applies an add-on through the same sneaky methods (without being open and upfront about it, with the lame excuse it is because the poor n00b-users would else be without this feature (that does not benefit them) everything at once is OK.

Is it affecting my security? Does it slow down FF or my system?
Does it compromise my security ?
Does it make things easier or quicker ?
Hi bob3160,

I think that is not even the issue here. I think this goes a bit beyond spyware even.... Changing the working of third party software (here Mozilla's) without an explicit acceptance by the end user, and it does not matter if this is through a hack or via an add-on, is judiciously unacceptable. While MS is the owner of the Operational System does not give them the automatic right to change the workings of third party software.

And I think they understood this was bad PR for them, because they want to offer the support now at an install on a per-user basis and not further install it over the user's head per machine level.
What we can do inside Fx with this sneaky Microsoft propriety software install is disable it, it can be uninstalled but that is not that easy for the common user.
IE has it by default, and I do not have it in Fx, because I run a developers test version:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1pre) Gecko/20090525 Shiretoko/3.5pre ID:20090525041408 which does not have this MS present,

spg SCOTT:
This is quite interesting, and very sly

How can we tell if we have it?
would it be in the addon list?


--- Quote ---I think that is not even the issue here.
--- End quote ---
For me, that is or would be an issue. The rest is simply symantecs ....
Message Index
Next page

Go to full version