×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

275 comments

Microsoft's updated advisory (5, Informative)

lseltzer (311306) | more than 4 years ago | (#29792653)

MS09-054 [microsoft.com]

FAQ for HTML Component Handling Vulnerability - CVE-2009-2529

If I use Firefox, which Internet Explorer update do I need to
install?

If a computer system is configured for Automatic Update, the
correct update will be downloaded and made available for installation depending
on the Automatic Update configuration. In the event that a computer system is
not configured for Automatic Update, users should verify which version of the
Windows operating system and Internet Explorer is on their system and download
the appropriate update.

If I install this security update, do I need to disable the Windows
Presentation Foundation Plug-in in Firefox to be protected from this
vulnerability?

No. Customers who have installed the security updates
associated with this security bulletin are protected from this
vulnerability.

If I have not yet applied this security update, how do I disable the
Windows Presentation Foundation plug-in in Firefox?

If you have not yet
applied this update, you can disable the Windows Presentation Foundation plug-in
in Firefox to block this vulnerability. To do this, launch the Firefox browser,
select the Tools pull-down menu, and then click Add-ons. Select
the Plugins icon at the top of the Add-ons window. In the list of
Plugins, select Windows Presentation Foundation 3.5.30729.1 and click
Disable.

If I uninstall the .NET Framework Assistant extension, does it disable or
remove the Windows Presentation Foundation plug-in?

If the .NET
Framework Assistant extension is uninstalled it does not disable or remove the
Windows Presentation Foundation plug-in. The .NET Framework Assistant and
Windows Presentation Foundation plug-in are controlled through different screens
in the Firefox Add-ons management window.

The real FAQ (Frequently Asked Question... (3, Informative)

jkrise (535370) | more than 4 years ago | (#29793569)

Why did it take 7 long months for Microsoft to issue this patch? Fixes using Registry hacking were available on theweb immediately then...

Re:The real FAQ (Frequently Asked Question... (3, Funny)

rvw (755107) | more than 4 years ago | (#29793701)

Why did it take 7 long months for Microsoft to issue this patch? Fixes using Registry hacking were available on theweb immediately then...

7 is the answer!

Re:Microsoft's updated advisory (1)

ThePhilips (752041) | more than 4 years ago | (#29793847)

If I install this security update, do I need to disable the Windows Presentation Foundation Plug-in in Firefox to be protected from this vulnerability?
No. Customers who have installed the security updates associated with this security bulletin are protected from this vulnerability.

Uhm... "Protected from this vulnerability"?? What the hell?

Somebody has to file a bug against FireFox that plugins/add-ons are even allowed to prevent user from disabling them.

Still can't uninstall? (2, Insightful)

dschuetz (10924) | more than 4 years ago | (#29792749)

Mozilla should block the plugin simply on the grounds that a user can't uninstall it from within the approved Mozilla add-ons panel. That should be the case for any plugin that doesn't play by the rules, no matter who it's from or what its use is.

If I can't delete it, it's malware. Oh, wait, I *can* delete it, if I google for some crazy instructions that involve registry editing? Isn't that how I delete malware?

Re:Still can't uninstall? (5, Insightful)

sakdoctor (1087155) | more than 4 years ago | (#29792819)

'Ubuntu firefox modifications' plugin also can't be deleted from within firefox.
I'm not arguing for or against your proposal, just that it would need to be consistently applied.

he doesn't have Ubuntu (0)

Anonymous Coward | more than 4 years ago | (#29793049)

you insensitive sakdoctor!!!

Re:Still can't uninstall? (4, Informative)

SanityInAnarchy (655584) | more than 4 years ago | (#29793179)

It can, however, be removed via the package manager.

Can the .NET addon be removed at all, without hacking the registry?

No, using the package manager is not even remotely comparable to hacking the registry.

Re:Still can't uninstall? (1)

LordAndrewSama (1216602) | more than 4 years ago | (#29793515)

Perhaps not "as bad as the registry hell", but I would still prefer if Firefox blocked both of them until they were deletable like all other addons. I mean, have some backbone mozilla, if people don't do things properly, give them a nice big "FAIL" and send them on their merry way.

Re:Still can't uninstall? (1)

ThePhilips (752041) | more than 4 years ago | (#29793871)

Probably not deletable, but at least user should be able to disable *any* add-on or plugin. Without ifs.

Re:Still can't uninstall? (0)

Anonymous Coward | more than 4 years ago | (#29793941)

...but I would still prefer if Firefox blocked both of them until they were deletable like all other addons...

These aren't add-ons, they're plug-ins, which function slightly differently than add-ons. No plug-ins are uninstallable from within Firefox. That is the intended functionality as decided by the Mozilla team.

Re:Still can't uninstall? (1)

BrentH (1154987) | more than 4 years ago | (#29793965)

Well, although I appreciate Ubuntu's motives for the plugin, I'm going to disagree here: forcing users to use a (complicated, and potentially dangerous) application to remove such a thing is not so great. Although the registry is perhaps a little more complicated than synaptic, they're certainly equally dangerous tools if you don't know what you're doing.

Re:Still can't uninstall? (1)

ryanov (193048) | more than 4 years ago | (#29794119)

But if you let people remove it from Firefox, then how does that information get back to APT? That seems like that could be MORE confusing.

Re:Still can't uninstall? (1)

Thyamine (531612) | more than 4 years ago | (#29793187)

I think that's what he's saying. It's not Microsoft bashing, but a need for consistent rules. If something cannot be uninstalled by the user, then it's along the lines of malware. Certain OS upgrades can't be uninstalled which is understandable, but for a browser? That's just lazy or hubris on the part of the company to assume no one would _ever_ want to uninstall _their_ addon.

Re:Still can't uninstall? (0)

Anonymous Coward | more than 4 years ago | (#29793245)

Then it can go to hell as well.
Anything that tries to force installation and makes it a chore to remove is badware, and badware needs to die.
And yes, i do realize the irony of Google helping Stop Badware, yet still haven't addressed Autoupdater fully.

Re:Still can't uninstall? (2, Informative)

Arancaytar (966377) | more than 4 years ago | (#29794009)

Note that that one's bundled with the Launchpad package. I downloaded the binaries directly from Mozilla to get the Minefield trunk, and I see no Ubuntu addon listed in there.

In this case, MS added the plugin to the self-installed version of Firefox, not a version of Firefox they distributed (not that they'd likely be able to cut a branding agreement the way Ubuntu did, so MS would have to distribute it under a different name).

Re:Still can't uninstall? (0)

Malc (1751) | more than 4 years ago | (#29792827)

Does uninstalling .Net remove it?

If you don't like this plug-in, don't install .Net. It's part of that package. You have a choice, which although you might argue you didn't know about before, you certainly do know. Or disable the plug-in yourself.

.NET comes preinstalled (0, Flamebait)

tepples (727027) | more than 4 years ago | (#29793017)

If you don't like this plug-in, don't install .Net. It's part of that package.

If you don't like .NET Framework. don't install recent versions of Windows. It's part of that package.

If you don't like recent versions of Windows, don't buy a national-brand PC. It's part of that package.

Re:.NET comes preinstalled (3, Insightful)

Malc (1751) | more than 4 years ago | (#29793073)

What, you're not like all the other /.ers who are using XP or Windows 2000?

Seriously though, this thing is being blown out of proportion. /.ers are in a minority. Firefox is a main stream browser (through choice), and most people don't care for these political shenanigans, and just want it to behave properly (no global blocking of a standard part of the Windows experience).

Re:.NET comes preinstalled (0)

Anonymous Coward | more than 4 years ago | (#29793547)

Since when was Clickonce or other bullshit features supported by said plugins part of the "standard part of the Windows experience". It isn't, as most some enterprise users who use said technology might but in the end a normal desktop user doesn't use this crap that's added in.

Re:.NET comes preinstalled (1, Informative)

Anonymous Coward | more than 4 years ago | (#29793887)

It's not added in. It's part of Windows 7. It's a part of a service pack to stock Vista. It's part of a service pack to an add-on to XP.

Thus, it's now standard in Windows.

Re:.NET comes preinstalled (3, Insightful)

poetmatt (793785) | more than 4 years ago | (#29793553)

slashdotters represent the crowd that companies like MS would like to deny when it is convenient to them.

They represent a group that enterprise and abusive corporations basically try to ignore/minimize to make them sound irrelevant.

Basically, the informed consumer. This is every abusive enterprise's nightmare.

Re:.NET comes preinstalled (1)

ThePhilips (752041) | more than 4 years ago | (#29793987)

Those are not "political shenanigans."

MS essentially implemented a floodgate for the same malware that plagues IE users. And just like in IE, they do not allow you to disable it or disabling it (e.g. removal of .NET) means turning your desktop into a dust collector. (Unless you install Linux on it of course.)

Because now even on XP many programs and games require .Net: MS forced everybody to adopt it by simply dropping support for all other development technologies.

Re:Still can't uninstall? (2, Insightful)

Jimmy_Slimmy (1499943) | more than 4 years ago | (#29792839)

Parent says it all.

Just because Mozilla caves, do not shut up. Make MicroSloth play by the rules.

Please: Post how to make Microsloth get out of my Firefox.

Mod parent up.

Re:Still can't uninstall? (1)

BarMonger (884208) | more than 4 years ago | (#29792957)

I can uninstall my .Net plug-in from within the standard FF add-ons panel just fine.
I don't know about the WPF one, I don't have that installed at work.

Re:Still can't uninstall? (5, Informative)

aetherworld (970863) | more than 4 years ago | (#29793027)

Is this a failed attempt at trolling?

It's a PLUGIN, not an ADD-ON. There is no way to uninstall ANY Plugins in Firefox. You can disable Add-Ons, you can uninstall Add-Ons and you can disable Plugins. But you cannot uninstall Plugins from within Firefox. Firefox simply loads all files in a specific Internet Plugins folder (not a Firefox-only plugin folder) and if it detects a plugin, it uses it.

Delete the file and you're good to go.

Re:Still can't uninstall? (1)

BarMonger (884208) | more than 4 years ago | (#29793353)

Is this a failed attempt at trolling?

It's a PLUGIN, not an ADD-ON. There is no way to uninstall ANY Plugins in Firefox. You can disable Add-Ons, you can uninstall Add-Ons and you can disable Plugins. But you cannot uninstall Plugins from within Firefox. Firefox simply loads all files in a specific Internet Plugins folder (not a Firefox-only plugin folder) and if it detects a plugin, it uses it.

Delete the file and you're good to go.

Someone should mod parent up.
You cannot uninstall plug-ins, no matter who releases them or how they were installed, from inside the Firefox add-on panel.

Re:Still can't uninstall? (2, Interesting)

sosume (680416) | more than 4 years ago | (#29793145)

> If I can't delete it, it's malware.

It's a component of your OS. Whether it's crucial to you is an entirely different discussion - if you want your OS to be as bare as possible, Windows is not for you. MS has decided that it is needed on every system so they can make certain assumptions on system usage and updates. Would you like to be able to delete, say, your kernel executable? Is that malware too?

Re:Still can't uninstall? (1, Insightful)

Anonymous Coward | more than 4 years ago | (#29793825)

It's a component of your OS.

<wonka>Wrong, sir! WRONG!</wonka>

Many use Mozilla Firefox for the exact reason that it is NOT a component of the OS. When a web browser gets so deeply entrenched into the OS, you open yourself to more vulnerabilities as we've seen in IE's browser in the past. Now, Microsoft wants to interfere with one of the selling points of their competitors by sticking their nose where it doesn't belong. They don't GET to decide what a competitor's product needs.

We're actually being kind to Microsoft right now. Leveraging a monopoly in one market to sabotage a competitor in another market is against anti-trust laws, something that MS has been slapped with in the past.

Re:Still can't uninstall? (0)

Anonymous Coward | more than 4 years ago | (#29793845)

What a load of crap, do you even know what these plugins do? The answer is no, you have no clue. It's ClickOnce and the other enterprise crap which nearly all desktop users won't and don't use, hell, the people who do or might use it are probably using Internet Explorer anyway!

MS has decided that it is needed on every system

Are you truly that stupid? The great Microsoft has spoken!... I bet you wouldn't be saying this if it was Windows Genuine Advantage that was being spoken about, but going by your previous comment you'd probably agree with that too.

Re:Still can't uninstall? (2, Informative)

CNeb96 (60366) | more than 4 years ago | (#29793449)

I can't comment on MS's plugin because I don't know how it works, but Firefox does support extensions which are not displayed to the user. If they are installed in locations besides the profile directory (ie are not a normal extension a user chooses to install). I don't think Mozilla's policy is quite that clear cut about when you should or shouldn't make something viewable by the user.

https://developer.mozilla.org/en/Install_Manifests#hidden [mozilla.org]

"hidden

Firefox 1.0 - 3.5 A boolean value that when true makes the add-on not show up in the add-ons list, provided the add-on is installed in a restricted access area (so it does not work for add-ons installed in the profile). This is for bundling integration hooks to larger applications where having an entry in the Extensions list does not make sense."

Re:Still can't uninstall? (1)

cyclocommuter (762131) | more than 4 years ago | (#29793487)

You don't have to google for crazy instructions and edit the registy to uninstall the Microsoft .NET Framework Assistant 1.1 add-on. Just launch the add-ons dialog in FF, go to the Extensions Tab, select the .NET add-on and click the Uninstall button or the Disable button if you just wish to disable but not to uninstall it. These 2 options are available for this add-on just like the other add-ons. For the WPF Plugin, select the Plugin Tab, select the Windows Presentation Foundation plug-in from the list and click Disable. This is the only option available for Plug-ins which includes those from Java (of which there are 3 in my machine I may add), Adobe, Shockwave, and others.

Re:Still can't uninstall? (1)

poetmatt (793785) | more than 4 years ago | (#29793531)

there's ongoing discussion on how the issue is that people can drop something in the folder and it will be included when the program is run. The issue is that there is no opt-in requirement, so MS has done the same thing that other programs have done in the past.

Thankfully, this time something was done about it, without MS simply removing it in an update as of yet.

Isn't this a good thing? (5, Insightful)

BarMonger (884208) | more than 4 years ago | (#29792757)

Now I'll admit that there are only a few posts above mine, but already they are generally negative. Which I don't get.
Isn't this a good thing?

Microsoft releases a couple of Firefox plug-ins.
A security vulnerability was discovered in the plug-ins.
Mozilla disables the plug-ins.
Microsoft and Mozilla has a talk about the the vulnerability and it appears that one of the plug-ins aren't vulnerable.
The plug-in is re-enabled.

As far as I can tell, this is the system working properly.

Re:Isn't this a good thing? (4, Insightful)

lunatic1969 (1010175) | more than 4 years ago | (#29792779)

The system isn't working perfectly. Mozilla is taking Microsoft's word that these plugins, which install in their software without notice, don't have any vulnerabilities and are working just fine. Microsoft's plugins should be required to behave as every other responsible plugin. It shouldn't install with stealth, there should be a way to easily disable, and there should be a way to easily uninstall.

Re:Isn't this a good thing? (4, Interesting)

BarMonger (884208) | more than 4 years ago | (#29792901)

Mozilla is taking Microsoft's word that these plugins, which install in their software without notice, don't have any vulnerabilities and are working just fine.

Just like every other plugin on the market. Apparently the .Net plug-in isn't vulnerable, the WPF one is.
I know we like to bash Microsoft here, but the plug-in safety process (in FF) seems to work fine.
How do you know that there aren't unknown vulnerabilities in another plug-in somewhere?

Microsoft's plugins should be required to behave as every other responsible plugin. It shouldn't install with stealth, there should be a way to easily disable, and there should be a way to easily uninstall.

You disable it by going to Tools > Add-ons > .Net plugin -> click either 'Disable' or 'Uninstall'
I works fine for me, I just uninstalled the plugin.

And Microsoft aren't the only ones who install by stealth. I don't remember installing Nokias 'PC Sync2 synchronisation' extension. It just installed itself with some other software.

Re:Isn't this a good thing? (0)

Anonymous Coward | more than 4 years ago | (#29793545)

So just because Nokia did it first means it's ok? The reason this is getting news is because this happened to -everyone- running Windows and Firefox. The news hit critical mass and now we're figuring out how to make the system work better.

It's like Sony's rootkit. They weren't the first, but it took something that wide-spread to make an impact. Unfortunately in that case it was the Malware writers who took over the rootkit idea first, and then came the rootkit scanners. In this case we're all hoping the problem gets fixed before Malware writers get a hold of the idea of stealth installing plugins!

Re:Isn't this a good thing? (2, Interesting)

mcgrew (92797) | more than 4 years ago | (#29793585)

And Microsoft aren't the only ones who install by stealth.

Bonnie and Clyde weren't the only ones to rob banks, either. So does that mak bank robbery OK? The former head of NASDAQ ran a Ponsi scheme for decades, does that make fraud ok? Personally, if I find a vendor doing any kind of stealth installation, I no longer use that vendor's wares. That's why I no longer buy anything with Sony's name on it, and why I'm running Linux at home. As well as why I won't deal with a host of other vendors.

Too bad there are seven billion people on the planet, that allows vendors to completeley dismiss intelligent potential customers. It's sad.

Re:Isn't this a good thing? (1)

plague3106 (71849) | more than 4 years ago | (#29793089)

Mozilla is taking Microsoft's word that these plugins don't have any vulnerabilities and are working just fine.

How exactly is that different from any other plugin?

Microsoft's plugins should be required to behave as every other responsible plugin.

Isn't it the way FF handles plugins the reason it can't be uninstalled? It sounds like a globally installed extension, and if that behavior is a problem, why does FF allow for such extensions to begin with?

Re:Isn't this a good thing? (0)

Anonymous Coward | more than 4 years ago | (#29793255)

Microsoft's plugins should be required to behave as every other responsible plugin. It shouldn't install with stealth, there should be a way to easily disable, and there should be a way to easily uninstall.

Microsoft's plugins do behave like every other responsible plugin. They all install with stealth, and none of them can be uninstalled from within Firefox.

The plugin system, which is different from the add-on system, works like this: you put your plugin files in the plugin directory, and the next time Firefox starts, the new functionality is just magically there and cannot be uninstalled from Firefox, although it can be disabled.

If you don't like that system, let the Mozilla team know.

Depends on who you are (1)

Rogerborg (306625) | more than 4 years ago | (#29792841)

If you're the default Free Tech Support Guy for a friends and family circle, and you've mandated Mozilla apps as a condition of said support, then you might get a bit tired of getting worried calls asking about their "internets popup point net problem".

Granted, that's pretty much what you signed up for, but it does worry Joe and Josephine User when their internets start acting up. Yes, Mozilla, I'm looking at you here [mozillazine.org] .

Re:Isn't this a good thing? (2, Insightful)

Culture20 (968837) | more than 4 years ago | (#29792847)

Now I'll admit that there are only a few posts above mine, but already they are generally negative. Which I don't get. Isn't this a good thing?

Microsoft releases a couple of Firefox plug-ins.
A security vulnerability was discovered in the plug-ins.
Mozilla disables the plug-ins.
Microsoft and Mozilla has a talk about the the vulnerability and it appears that one of the plug-ins aren't vulnerable.
The plug-in is re-enabled.

As far as I can tell, this is the system working properly.

I bolded two things I don't agree with. You skipped an important statement: Microsoft forcibly installed said plug-in, and prevented its removal.

Re:Isn't this a good thing? (4, Informative)

Rary (566291) | more than 4 years ago | (#29793371)

Microsoft forcibly installed said plug-in, and prevented its removal.

The first statement is debatable, since the plugin is a part of the .NET Framework, and people can choose not to install the .NET Framework — although I realize newer versions of Windows have it preinstalled, so there's less of a choice there, which is why I say it's debatable.

However, the second statement is just wrong. It's not Microsoft who prevented removal of the plugin, it's Mozilla. Firefox does not provide a mechanism for removing any plugins.

Re:Isn't this a good thing? (0)

Nursie (632944) | more than 4 years ago | (#29792877)

You forgot the part where MS installed the plugins directly into firefox, without asking (proper behaviour) and having circumvented the usual removal methods (crossing over into malicious behaviour here).

So no, there is something to complain about, it's MS messign with non-MS browsers against the user's wishes. Given that one of the main reasons people switch to FF is the insecurity of all the MS plugins in IE, this is a Bad Thing.

Re:Isn't this a good thing? (1)

tech10171968 (955149) | more than 4 years ago | (#29792889)

"The system isn't working perfectly. Mozilla is taking Microsoft's word that these plugins, which install in their software without notice, don't have any vulnerabilities and are working just fine. Microsoft's plugins should be required to behave as every other responsible plugin. It shouldn't install with stealth, there should be a way to easily disable, and there should be a way to easily uninstall."

That, plus you have to remember that this plugin was being installed without user's knowledge in the first place. Where I come from, anything which installs something on your machine without the knowledge or consent of either the owner or the admin is generally considered a Bad Thing (tm). It would have been nice for Microsoft to have been upfront about installing the plug-in in the first place, and the security hole was a glaring example of why.

Re:Isn't this a good thing? (2, Insightful)

plague3106 (71849) | more than 4 years ago | (#29793169)

That, plus you have to remember that this plugin was being installed without user's knowledge in the first place.

You mean just like dozens of other plugins?

Re:Isn't this a good thing? (1)

Rary (566291) | more than 4 years ago | (#29793447)

That, plus you have to remember that this plugin was being installed without user's knowledge in the first place.

Unfortunately, that's how plugins work. I just checked, and the install of Firefox that I'm using right now has 8 plugins in it. I expected two of them (Quicktime and Flash). All the rest just came along as part of something else.

That's how the Firefox plugin system works. It would be nice if Firefox provided a message to the user saying "I've detected a new plugin", but it doesn't. That's something to complain to Mozilla about, not Microsoft.

Re:Isn't this a good thing? NO! (0, Flamebait)

schwit1 (797399) | more than 4 years ago | (#29793115)

"Microsoft releases a couple of Firefox plug-ins."

You have a funny definition of 'released'. I was never asked if I wanted it installed and there was no simple option to uninstall.

Sounds like MS is taking a page from the malware playbook.

Re:Isn't this a good thing? (1)

beemishboy (781239) | more than 4 years ago | (#29793231)

I think the post-process is a good thing - dialog. The better thing would be for Microsoft to have gone to Mozilla to find out how plugins should work and not produce a hackish way of installing plugins that are a terrible user and security experience.

It gives Microsoft a black eye when they do stuff like this - to me it perpetuates their arrogant image.

MS hand wave (5, Funny)

kaaposc (1515329) | more than 4 years ago | (#29792759)

Mozilla: Do you have any identification?
Microsoft: *waving hand* We do not need any identification.
Mozilla: You do not need any identification.

Re:MS hand wave (0, Troll)

impaledsunset (1337701) | more than 4 years ago | (#29792903)

As identifying as Microsoft should only remove credentials and reduce privileges, you shouldn't need to ID for this. You don't show your ID to prove that you're under 18 to get kicked out.

Re:MS hand wave (1)

TaoPhoenix (980487) | more than 4 years ago | (#29793949)

I'll add notice of just how FAST this was!

(Other times: "Breaking News! Code Red Security Breach!" MS: "Yah, after my 2 week golf trip.")

But no, Firefox blocks some weird piece of .NET on a weekend, and it's reversed as soon as SomeBorg gets back to his desk at 6AM on Monday.

Why not click "Enable"? (0)

Anonymous Coward | more than 4 years ago | (#29792773)

nt

Re:Why not click "Enable"? (3, Funny)

LordKronos (470910) | more than 4 years ago | (#29792871)

Would you be referring to the "Enable" button that is greyed out? Click on it as much as you like, but it's not doing anything.

Imagine if the situation were reversed (1, Insightful)

drsmithy (35869) | more than 4 years ago | (#29792775)

If Microsoft were to "block" Firefox from running due a security vulnerability it had, the sheer level of rage released from Slashdot would probably be enough to melt monitors on the other side of the world.

Re:Imagine if the situation were reversed (5, Insightful)

Shadow of Eternity (795165) | more than 4 years ago | (#29792801)

Because of course blocking a program the user chose to install is completely comparable to a program the user chose to install blocking a plugin they didn't choose to install or even knew had installed and was just as difficult to get rid of as most malware.

Re:Imagine if the situation were reversed (0)

Anonymous Coward | more than 4 years ago | (#29792883)

Virus scanners do it all the time

Re:Imagine if the situation were reversed (0, Troll)

Dunbal (464142) | more than 4 years ago | (#29792855)

the sheer level of rage released from Slashdot would probably be enough to melt monitors on the other side of the world.

      You are probably the only person on slashdot NOT running linux. What rage? Microsoft can do what it wants with it's POS OS. In fact, it's perfectly legally entitled to. Enjoy your tax.

Please, let the sitiation be reversed! (1)

argent (18001) | more than 4 years ago | (#29792933)

If the situation was reversed? You mean if Microsoft blocked some obscure add-on or application that nobody knew about and was installed as a plug-in to Internet Explorer without my knowledge or approval? This isn't Firefox blocking IE or Windows Media Player, this is Firefox blocking something that most people have no idea exists, don't use, have no reason to care about, and never asked to have installed in the first place.

I wish Firefox would block more things like this. In fact I wish IE would block things like this. Every time I install or update Acrobat Reader I have to go through and physically remove the plugin components from the install to keep it from opening PDFs in my browser. When I check my Windows box at work and look at what's been installed in Firefox (and IE, and Windows Explorer, and...) I *always* find something new that I didn't ask to have installed, that sneaked in from some other package or program. I want an option in the Addins page in Firefox that lets me say "remove this now, and don't let it get installed again, ever."

Re:Imagine if the situation were reversed (2, Insightful)

noundi (1044080) | more than 4 years ago | (#29792993)

If Microsoft were to "block" Firefox from running due a security vulnerability it had, the sheer level of rage released from Slashdot would probably be enough to melt monitors on the other side of the world.

If you're going to draw parallels, at least learn to do it properly. If Mozilla would sneak in a plugin inside IE when you're doing something which you assume should not indulge in that behaviour, say e.g. updating Firefox, upon which Microsoft blocks this snuck piece of software, nobody in their right mind would say a thing. But yes, in your example, which is incorrect and irrelevant, people would -- and they would because they would be completely right in doing so, just like people are now with the .NET plugin which doesn't uninstall. Your kindergarden rhetorics won't work here drsmithy, if that is your real name.

Re:Imagine if the situation were reversed (1)

Culture20 (968837) | more than 4 years ago | (#29793277)

If Microsoft were to "block" Firefox from running due a security vulnerability

If Mozilla started installing Firefox onto my machine in a security update for Thunderbird (and prevented its uninstall), I'd welcome such a block, no matter how good Firefox is. I don't care if .NET Assistant will pick up my dry cleaning; I want it perma-blocked.

Re:Imagine if the situation were reversed (1)

BZ (40346) | more than 4 years ago | (#29793391)

If Microsoft contacted the Mozilla folks first and the OKed said blocking?

I'd certainly hope people wouldn't be angry in that situation, but as you point out reason is hard to come by.

Already? (1)

lordandmaker (960504) | more than 4 years ago | (#29792863)

My firefox install has only just (about 20mins ago) popped up and told me it's disabled the add-on and would like to restart.

Why is that? (0)

Anonymous Coward | more than 4 years ago | (#29792867)

why? Is anyone using it?

spo86e (-1, Redundant)

Anonymous Coward | more than 4 years ago | (#29792911)

support GNAA, fanatic known people playing can the political mess How is tHe GNAA but now they're Fact: *BSD IS A a sad world. At it will be among

Why is not Microsoft playing by the same rules? (4, Insightful)

140Mandak262Jamuna (970587) | more than 4 years ago | (#29792983)

Why would Microsoft submit its extension to Mozilla and follow the standard operating procedures as far as the dot net thingie is concerned? The user base and use cases for Mozilla/Firefox has always been, you get extensions from one authorized source. That is mozilla.org. If Microsoft wants an enabler they should just submit it to mozilla.org. Installing it in stealth mode is not expected from mozilla user base.

Further, why is Mozilla.org is allowing a mode where any Tom Dick or Harry can drop in a bunch of files in the install directory and suddenly all the users get the extension on by default? Since it is in the instal dir, individual users cant even disable them or uninstall them. The existence of such a mode itself is a big security hole. If IE has a hole and allows a drive by download of a file into Firefox install dir, boom, you get a vulnerability in Firefox. Already there are reports that installing an HP printer gives and unwanted, unasked for and unpermitted extension added to Firefox. Now every software you install is going to want to add a tool bar or an extension to Firefox.

I wish Firefox will just disallow such a way of installing extensions. The cardinal rule, as for as Firefox is concerned, is that the users rule. They control their browser, they decide which extensions are allowed, which scripts are allowed to run, which user agent string is sent out, whether or not to allow java, applet, or javascript or flash or silverlight or whatever. For corporate deployment, the Mozilla team might allow a script based instal on all machines in a corporate network using proper authentication procedures, like Corportate IT dept has local sysadmin privilege, so they come in and install an extension, and even disable its uninstall option, but that is all done outside the browser using the standard corporate deployment procedures. Allowing anyone to dump cruft in a particular folder and suddenly everybody gets the cruft is totally against the expectations of the standard mozilla firefox user.

Re:Why is not Microsoft playing by the same rules? (1)

Culture20 (968837) | more than 4 years ago | (#29793433)

why is Mozilla.org is allowing a mode where any Tom Dick or Harry can drop in a bunch of files in the install directory and suddenly all the users get the extension on by default? I wish Firefox will just disallow such a way of installing extensions.

I wish I had a pony. Mozilla can't prevent what the OS or other programs do with Firefox on your PC. Also, allowing a mode where a sysadmin can drop in a bunch of files in the install directory and suddenly all the users get the extension is a *good* thing for enterprise... usually.

Re:Why is not Microsoft playing by the same rules? (2, Insightful)

LordKronos (470910) | more than 4 years ago | (#29793619)

How exactly do you propose to stop a process from doing so when it is running outside the scope of firefox? Whatever files Firefox updates to indicate an extension has been installed can also be modified by an outside process. Want to make the file digitally signed? Well, Firefox has to get the signing key from somewhere, but then the other app could just go and get it from the same place. Want to move stuff like this off the local system and have it stored in some network repository...well, no, almost nobody is going to want this, but even if they did it wouldn't matter since the other app could just contact the repository pretending to be firefox.

You see, you run into the same problem you run into with any other sort of malware. The only way to stop it is to have a process loaded beforehand at a higher privilege level than it. That's what virus scanners do, but I don't think it's the sort of thing firefox should be doing (otherwise, why shouldn't every single application have it's own monitoring process to handle this sort of thing).

Re:Why is not Microsoft playing by the same rules? (1)

blue_goddess (1416183) | more than 4 years ago | (#29793637)

[...] but that is all done outside the browser using the standard corporate deployment procedures. Allowing anyone to dump cruft in a particular folder [...]

"corporate deployment procedures outside the browser" AFAIK _do_ involve dropping something somewhere and (optionally) messing with some sort of config, in this case the registry

Why is everyone targeting MS on here? (5, Insightful)

tgd (2822) | more than 4 years ago | (#29793039)

Seriously -- I have FAR more of an issue with Firefox disabling a plugin *that I want there* and not providing a way to re-enable it (or at least any obvious way).

Microsoft may choose to say that Firefox integration is part of the .NET framework, and if I choose to have a problem with it, I can uninstall it. But where does the Mozilla organization get off disabling an extension I have, and may be using, without any ability to opt out?

The double standard on this would be funny if people weren't so serious about it.

Re:Why is everyone targeting MS on here? (1)

Churla (936633) | more than 4 years ago | (#29793143)

You're new around here... aren't you?

Although I agree with your point. One lesson people should have learned from the UAC debacle in Vista is that if you have a security feature which will disable or prevent something from running make sure that the user has an easily accessible way to override that decision should they so choose.

What should have happend: (0)

Anonymous Coward | more than 4 years ago | (#29793693)

(Allowing myself to control Mozilla, not Microsoft)

1) Microsoft installs plug-ins, people get upset
2) Firefox disables these plug-ins by default, alerts user, and enables uninstall for them
3) People run Firefox, see new extensions that have been installed without permission, decide for themselves if they should allow
4) Firefox disables the ability to add extensions without an uninstall option
5) Firefox creates an automated method to check plug-ins that existed at closing and opening, compare them and ask user about all such instances

Now Microsoft has the ability to screw with your plug-ins all they want (which since they have your system rooted, isn't preventable), but Firefox can at least detect and inform users about such activity.

Translation, fixed that for you (0, Troll)

192939495969798999 (58312) | more than 4 years ago | (#29793101)

"After Microsoft drove a dump truck full of money up to Mozilla headquarters..."

There, fixed that for you.

Re:Translation, fixed that for you (1)

AHuxley (892839) | more than 4 years ago | (#29793535)

Dont forget MS can reach a few well placed developers on the FF team.
Once tainted by MS, always MS.

WTF is the summary saying? (2, Interesting)

Nexus7 (2919) | more than 4 years ago | (#29793295)

First the summary says Mozilla have unblocked the ".Net Assistant" add-on. Then it says Mozilla is working on a way to block a "Windows Presentation Framework" add-on _AS WELL_. As well (meaning "in addition to") what? The first item mentioned was unblocked, not blocked. Typo, or incorrect sentence construction, or what? It's 2 lines, can't we get it right?

Or is this a way to make readers RTFA?

Re:WTF is the summary saying? (1)

Nexus7 (2919) | more than 4 years ago | (#29793347)

I see they've fixed it now. Without making a note of it either. In most forums, you edit your post, and it'll say "Edited on xxx. Reason:...". Perhaps the editors should be held to a higher standard?

Re:WTF is the summary saying? (0)

Anonymous Coward | more than 4 years ago | (#29793525)

Based on your UID, I know you're not new here, but come on.... Slashdot editors being the least bit responsible?

Mike Shaver (2, Insightful)

socsoc (1116769) | more than 4 years ago | (#29793343)

Didn't Mike Shaver [slashdot.org] spend hours yesterday defending FF's stance in the original article? Now they've backtracked from blocking an already patched vulnerability, but he's still sleeping! We require your insight!

Re:Mike Shaver (1)

glassware (195317) | more than 4 years ago | (#29794105)

Does anyone know what the plugin actually does? Why would .NET need an assistant? Why would that assistant only need to run when I'm using Firefox?

Something completely left aside is that so many programs love to install "assistants", "launch helpers", "watchdogs" and "update managers" nowadays. I'm getting really tired of having every program install something that runs every time windows starts, or whenever I launch my browser.

There is no reason for a .NET assistant that I am aware of.

we've been here millions of years? (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#29793369)

& managed to FUDge up our pristine (gift from the creators? very possibly not a 'fluke' at all?) environment to a likely beyond salvage state, in less than 300 years. remarkable, no? the lights continue to come up all over now.

Next: skype. (0, Offtopic)

leuk_he (194174) | more than 4 years ago | (#29793543)

The skype plugin is buggy and causes crashes and weird behviour on sites. Ik kan be disabled by normal pluging behaviour however.

skype funcions ok without this plugin.

Will it be the next plugin to be blocked?

sweet christ on a crispix! (1)

nimbius (983462) | more than 4 years ago | (#29793903)

I think Slashdot as a community needs to take a step back, relax, and reconfirm: its just a browser.
if your OS is modifying the functionality of your favorite browser in a way you dont like, or forcing you to do things you dont like, then change your operating system.
similarly, if your browser isn't performing to your expectations, or disabling functionality you want, change your browser

for a real treat, try changing both at the same time! but for god sake stop with the asinine speculation and quit trying to turn this into legitimate news for nerds.

Re:sweet christ on a crispix! (0)

Anonymous Coward | more than 4 years ago | (#29793967)

Firefox and Mozilla aren't browsers, they are heaping stinking piles of poop.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...