Microsoft stealthily installs a Firefox add-on that cannot easily be uninstalled

[polonus]

Hi malware fighters,

A number of users have come aware to the fact that Microsoft with the .NET 3.5 SP1 installation secretly installs a Firefox add-on. This is why for instance on the download-site of Google Chrome a license agreement has to be accepted: without further notification the application is being downloaded and installed. Standard the settings for the ".NET Frameworks Assistant" are that no alert is being shown when so-called ClickOne applications are being opened: http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2009/05/22/the-sneaky-ms-clickonce-firefox-add-on.aspx

The settings of the add-on can be changed around, but it is very hard to uninstall. "We have added support on machine level, so the feature can be used by all computer users, also the add-on has been grayed out and cannot be uninstalled just like that by standard users, while standard users are not allowed to uninstall software on machine-level", according to Microsoft's Brad Abrams here: http://blogs.msdn.com/brada/archive/2009/02/27/uninstalling-the-clickonce-support-for-firefox.aspx

So if malcoders add software that cannot be easily uninstalled on machine-level they are considered cybercriminals, but when MS applies an add-on through the same sneaky methods (without being open and upfront about it, with the lame excuse it is because the poor n00b-users would else be without this feature (that does not benefit them) everything at once is OK.

polonus

[bob3160]

Damien,
Is it affecting my security? Does it slow down FF or my system?
Does it compromise my security ?
Does it make things easier or quicker ?

[polonus]

Hi bob3160,

I think that is not even the issue here. I think this goes a bit beyond spyware even.... Changing the working of third party software (here Mozilla's) without an explicit acceptance by the end user, and it does not matter if this is through a hack or via an add-on, is judiciously unacceptable. While MS is the owner of the Operational System does not give them the automatic right to change the workings of third party software.

And I think they understood this was bad PR for them, because they want to offer the support now at an install on a per-user basis and not further install it over the user's head per machine level.
What we can do inside Fx with this sneaky Microsoft propriety software install is disable it, it can be uninstalled but that is not that easy for the common user.
IE has it by default, and I do not have it in Fx, because I run a developers test version:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1pre) Gecko/20090525 Shiretoko/3.5pre ID:20090525041408 which does not have this MS present,

polonus

[spg SCOTT]

This is quite interesting, and very sly

How can we tell if we have it?
would it be in the addon list?

-Scott-

[bob3160]

I think that is not even the issue here.

Damien,
For me, that is or would be an issue. The rest is simply symantecs ....

[DavidR]

It would be an issue and MS would be screaming blue murder if Mozilla added something to IE.

[YoKenny]

I guess I don't have to worry as I don't use Firefox.

[Avastfan1]

Here we go.

Micro$oft at it again. They really are cunning stunts.

Can anyone tell me how to check if this piece of shit is installed on my machine?

Would be very grateful!

Thanks in advance!

[mkis]

Hi Polonus

to include Adobe in topic thread as well.

When download Adobe free products (Reader, Flash Player, Shockwave, etc...) you have to read every page carefully to make sure you are not picking up extra addons, mainly Google toolbar.

Flash Player download will already have the checkbox ticked for addon Google toolbar (from my local connect to web anyway - there may be a difference depending on where you connect from, Google seem to be very forward with their localisation functionality(s).

[Avastfan1]

Wise advice from Mkis.

I really dislike stuff like that.

[polonus]

Hi Avastfan1,

Here is the uninstall information:
http://blogs.msdn.com/brada/archive/2009/02/27/uninstalling-the-clickonce-support-for-firefox.aspx

polonus

[spg SCOTT]

I'm using firefox portable, would this be a problem for me?
The uninstall instructions refer to the registry but my version is not local

-Scott-

[polonus]

Hi Scott,

In spite of your Fx being portable, these install settings are on your main drive, even when you for instance have the portable running from a pen drive,

polonus

[spg SCOTT]

Hi Scott,

In spite of your Fx being portable, these install settings are on your main drive, even when you for instance have the portable running from a pen drive,

polonus

Thanks for confirming Polonus,

Had a look in the registry, turns out it's not there so it doesn't really matter

Odd though that there is stuff in the registry, FF Portable is advertised as not leaving anything on the host machine, but I suppose that only covers the program itself, not the addons


Still though very wrong on Microsoft's account, as DavidR said, had the tables been turned - there would have been uproar

AvastFan1,
Like the wordplay


-Scott-

[polonus]

Hi Scott,

That is true, always need an additional crap cleaner to cleanse all trails of it, like ATF Cleaner or ClearProg. I use these tools to cleanse crap just before I shut down after every Windows session.
The man responsible for this Firefox add-on: http://weblogs.asp.net/scottgu/archive/2008/05/12/visual-studio-2008-and-net-framework-3-5-service-pack-1-beta.aspx
Every time the MS propriety application is being updated, you would get it for free in Fx. I have put a posting in the NoScript forum, because it also has scripting implications as well. I am rather curious about Giorgio Maone's reply to this silent MS-add-on install into Fx and at what level they made the decision in Fx development to go along with this install performed over the heads of the common users of the browser.
It is a sign of the times that the end user now has to look out for himself referring here. Policies that are getting more and more "out of balance" as you grasp what I mean to say here,

polonus