Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Explains Mystery Firefox Extension

Soulskill posted more than 4 years ago | from the barn-doors-and-horses dept.

Microsoft 142

Ricky writes with a followup to news we discussed a couple days ago that a Microsoft toolbar update was installing an IE add-on and a Firefox extension without the user's consent. Quoting Ars: "Microsoft has fixed the distribution scope of a toolbar update that, without the user's knowledge, installed an add-on in Internet Explorer and an extension in Firefox called Search Helper Extension. Microsoft told us that the new update is actually the same as the old one; the only difference is the distribution settings. In other words, the update will no longer be distributed to toolbars that it shouldn't be added to. End users won't see the tweak, Microsoft told Ars, and also offered an explanation on what the mystery add-on actually does. 'The Search Enhancement Pack is a shared component used by the Windows Live Toolbar, MSN Toolbar, and Bing Bar. This component enables toolbar search functionality, like the toolbar search suggestions drop down. It is not the toolbar. It is a component used by the toolbars.'"

Sorry! There are no comments related to the filter you selected.

English Doc? (5, Insightful)

commodore64_love (1445365) | more than 4 years ago | (#32549004)

(looking perplexed)

I still don't understand why it was added to Firefox when I'm not using MSN, Bing, or any other crap
.

Re:English Doc? (2, Informative)

Voulnet (1630793) | more than 4 years ago | (#32549020)

It wasn't added to Firefox users who didn't use MSN or Bing toolbars.

Re:English Doc? (4, Interesting)

arth1 (260657) | more than 4 years ago | (#32549540)

Wrong. It got added to Firefox if any of the toolbars were detected on the system, even if it was for IE. So someone with an OEM install of Windows with an IE toolbar, but who never used IE, would still get the Firefox add-on forced upon him.

Now why Firefox would allow extensions to be installed from the outside without the user's permission is the question I have. That makes Firefox a good target for malware writers.

Re:English Doc? (0)

Anonymous Coward | more than 4 years ago | (#32549866)

Which means that they had the Bing or MSN toolbar installed. That in no way contradicts Voulnet's post that you're calling "wrong".

Re:English Doc? (2, Insightful)

arth1 (260657) | more than 4 years ago | (#32551956)

Which means that they had the Bing or MSN toolbar installed. That in no way contradicts Voulnet's post that you're calling "wrong".

Bzzt. Good thing for your karma that you post as AC. The claim was that it wouldn't install unless you used these toolbars, not whether you had them installed.

Re:English Doc? (4, Informative)

rvw (755107) | more than 4 years ago | (#32549878)

Wrong. It got added to Firefox if any of the toolbars were detected on the system, even if it was for IE. So someone with an OEM install of Windows with an IE toolbar, but who never used IE, would still get the Firefox add-on forced upon him.

Now why Firefox would allow extensions to be installed from the outside without the user's permission is the question I have. That makes Firefox a good target for malware writers.

I suppose Firefox isn't running when this happens. So it can't block anything. Firefox can block addons to be installed if they are activated from a page that Firefox visits. This is a different situation. And if Firefox is running, it's probably possible to install something that is activated after a restart. And if it shouldn't, this is Windows, MS territory, and they may be able to do anything if they want to.

Re:English Doc? (0)

Anonymous Coward | more than 4 years ago | (#32550234)

Firefox can activate or uninstall the extension when it runs. Or at least warn the user. They've done this before with an insecure Microsoft .net extension. If Firefox couldn't check for such modifications when it runs, the software would be useless.

Re:English Doc? (0, Informative)

Anonymous Coward | more than 4 years ago | (#32550242)

This is Windows, MS territory, and they may be able to do anything if they want to.

Microsoft (and the NSA) have root access to your windows machine, just accept this as a fact of life, don't like it, move to Linux.

http://en.wikipedia.org/wiki/NSAKEY

Re:English Doc? (4, Insightful)

AusIV (950840) | more than 4 years ago | (#32549928)

How do you propose Firefox prevent the installation of an extension by software that has direct file system access? Firefox is open source, so anyone can look and see how an extension is installed. Third party software need only update the right files and the extension would be installed. Firefox had no control over any step.

Now, this doesn't make Firefox a good target for malware writers. Anyone who can execute arbitrary code on your system doesn't need Firefox to cause problems.

Re:English Doc? (0)

Anonymous Coward | more than 4 years ago | (#32551216)

Its quite simple actually, just have the program check some encrypted database for the installed extensions. Still arbitrary code execution is possible in any operating system given enough user stupidity, so relying on its non-existence is just as stupid.

Re:English Doc? (0)

Anonymous Coward | more than 4 years ago | (#32551764)

And how do you prevent some arbitrary extension installer from decrypting the database? The key has to be stored somewhere, and if the installer is running with administrative privileges it will be able to access it.

Re:English Doc? (1)

Voulnet (1630793) | more than 4 years ago | (#32550002)

Which means they had the toolbar installed. I wasn't wrong there, I just wasn't very specific. Firefox now does prompt you when a website tries to install a plugin, but how this one got installed is beyond my knowledge. Apparently Microsoft knows its way around its system.

Re:English Doc? (0)

Anonymous Coward | more than 4 years ago | (#32550110)

You can avoid this with Firefox by using the PluginChecker plugin, which will check for plugins installed without permission.

Re:English Doc? (3, Interesting)

buchner.johannes (1139593) | more than 4 years ago | (#32550218)

Now why Firefox would allow extensions to be installed from the outside without the user's permission is the question I have. That makes Firefox a good target for malware writers.

Windows Update can remove or rewrite your Firefox install any way you like, Firefox can't in any way control that.
Also, your profile folder can be rewritten in any way by user run program (malware). There is no way Firefox could prevent that.

The only way to prevent things like this is OS security packages that enforce security policies (program A can write to folder B, program C may have TCP sockets). AFAIK RSBAC and SELinux are capable of this on Linux. But user home dirs, no way (how?).

Re:English Doc? (1)

arth1 (260657) | more than 4 years ago | (#32551894)

Have Firefox require user signing of all extensions that are allowed to run.
With the signing key protected by TPM on systems that support it, or an option to store it on an external location (like a USB key or a WEBDAV location) for those that don't.

To get around that, Microsoft would have to hack and binary-patch Firefox' own code, which would no longer be merely immoral, but illegal. Not to say exceedingly difficult, considering how many different versions and revisions of browsers there are out there with Mozilla/Gecko engines.

Re:English Doc? (1)

starfishsystems (834319) | more than 4 years ago | (#32550784)

Firefox can't prevent a process with elevated privileges from making configuration changes to an existing Firefox installation, that's true.

It could, however, provide an option which requires the user to sign every extension and plugin that the user wants to install or update.

The only way a rogue process could imitate this effect would be to capture keystrokes. And subverting that sort of security would be no "accident". It's the sort of thing that would lead to lawsuits.

Re:English Doc? (0)

Anonymous Coward | more than 4 years ago | (#32550806)

It is an excellent target and it gets even better: you can write your malware in javascript and just append it to another plugin. In fact I had a small botnet running on firefox, controlled by twitter!

Re:English Doc? (2, Interesting)

Hurricane78 (562437) | more than 4 years ago | (#32550888)

Uuum because Windows Update is software that has to have full control over the system to do its job of updating core system files. And because Firefox, being a normal user program and maybe not even running, can’t override a program with full access and rights to everything.

Re:English Doc? (1, Funny)

Anonymous Coward | more than 4 years ago | (#32549096)

Then that MS PR flack did their job well.

Re:English Doc? (0)

Anonymous Coward | more than 4 years ago | (#32549290)

I still don't understand why it was added to Firefox when I'm not using MSN, Bing, or any other crap

That's because it wasn't added to your copy of Firefox. Have you actually looked to check? I'm going to guess that the answer is no and that you're instead having knee-jerk reactions to something you don't understand fully (which seems to be the case with you many times).

p.s. plugin container SUCKS (0)

Anonymous Coward | more than 4 years ago | (#32549326)

SUCKS i tell ya its awful
im now using chrome
its that bad

Re:English Doc? (0)

Anonymous Coward | more than 4 years ago | (#32549666)

So it would be ready for you to enhance features, if and when you choose to install the other part of the complimentry component or when someone chooses for you.

Zombie Install? (1)

DaveRexel (887813) | more than 4 years ago | (#32549830)

Bah! Not welcome! Why is the uninstall button broken for this extension Microsoft?

Re:English Doc? (0)

Anonymous Coward | more than 4 years ago | (#32549934)

(looking perplexed)

I still don't understand why it was added to Firefox when I'm not using MSN, Bing, or any other crap .

Yet you use Windows?

Google is just as bad (1)

Joce640k (829181) | more than 4 years ago | (#32549946)

I just checked and there's about as many plugins labelled 'Google" as there are "Microsoft'. I don't recall installing any of them.

But still...this is a a Microsoft bashing board, right?

Re:English Doc? (0)

Anonymous Coward | more than 4 years ago | (#32550846)

The real question is: why do you use Microsoft's shitty closed platform.

Re:English Doc? (1)

the old rang (1671218) | more than 4 years ago | (#32551656)

The reason, as posted in the article, was clearly explained by (I believe) one of their lawyers from the firm of Gobel D. Gook, Flim, Flam and Muddywaters. The conciseness of the explanation, narrowed to the most broad base terms of contradiction, should have been clearly understood by any writer of the Health Care Bill, as to be non-sequitur. Simple,Huh?

Huh? (2)

Zumbs (1241138) | more than 4 years ago | (#32549030)

The Search Enhancement Pack is a shared component used by the Windows Live Toolbar, MSN Toolbar, and Bing Bar. This component enables toolbar search functionality, like the toolbar search suggestions drop down. It is not the toolbar. It is a component used by the toolbars.

And this explains why it was silently added to Firefox how? Wouldn't the reasonable way of accomplishing this be to download the pack with the extensions in question?

Re:Huh? (0)

Anonymous Coward | more than 4 years ago | (#32549198)

And yet, Slashdot is overwhelmingly in favor of automatic updates for security reasons. Not to mention, no users in the world manually update software.

What if the old MSN toolbar was subject to a vulnerability? Would you still insist Microsoft push out a non-automatic update?

Seriously. It's 2010. Software either updates on its own, or it doesn't update at all. Asking the user to browse to a website and download the new version (aka, Adobe Flash) is painfully reminiscent of 1990.

(I'm just waiting for some troll to say that SEP is somehow monopoly-pushed "new software" and not simply a v1-v2 software stack update.)

Re:Huh? (3, Insightful)

erroneus (253617) | more than 4 years ago | (#32549264)

1. Yes, we are all in favor of automatic updates... for Microsoft Software. This includes Office and Windows and more. But Not Mozilla Firefox.
2. Firefox does it's own automatic updates. It tells the users when there are updates for addons and for Firefox itself. Let Firefox manage itself! Microsoft only needs to place the update out on the web and tell its own addon where to find them. If people want this addon, they will install it and it will remain updated.

Re:Huh? (0)

Anonymous Coward | more than 4 years ago | (#32549432)

I know nothing about this extension, never having installed toolbars in my life... but even I can tell that this update goes beyond just Firefox.

Search Helper is agnostic, i.e., it isn't just for Firefox. The extension DLL is for Firefox, but this is 99% sure to be a tiny wrapper for the actual system-wide DLL.

To update this extension, Microsoft would have had three options.
1) Rely on Firefox update.
2) Rely on Windows update + Firefox update.
3) Rely on Windows update.

#1 can't touch the system DLLs without hell breaking loose. Thus this has no way to actually update the Search Helper.
#2 Relies on both being done at virtually the same instant. If WU is first, Firefox breaks. If Firefox is first, Firefox breaks again.
#3 Is the only remaining option to update all components reliably.

It seems your method depends on the fact that all Firefox extensions are fully self-contained.

Re:Huh? (1, Troll)

erroneus (253617) | more than 4 years ago | (#32549454)

Indeed! It is an application independent of the OS. Let it be self-contained as applications independent of the OS should be. Part of Microsoft's problem is their propensity to integrate and tie things together. This is, was and remains a key problem with their dubious activities and what gets them into legal trouble.

They haven't yet learned their lesson and need to be broken up so that their OS division only does OS things and not Internet things.

Re:Huh? (0)

Anonymous Coward | more than 4 years ago | (#32550106)

So, as a web developer, using this stand-alone plugin approach, what happens when I test a webpage after an update to Flash or Silverlight is released? IE, Firefox, Chrome, Safari, Opera... five independent update downloads, versus the 1 that occurs now?

Not that Flash can be commended for having a good update model or anything. Google made a good choice in integrating it in Chrome for this reason.

I realize this suggested model has its benefits, particularly for security. But let's not pretend it doesn't also have its issues. Among them, additional forced maintenance and labor for plugin authors.

Re:Huh? (1)

Zumbs (1241138) | more than 4 years ago | (#32549874)

As I understand the issue, the "update" added an extension to FF, even if the toolbar weren't installed in the first place. So, the problem you sketch isn't there. MS update can place the dll on the users system, and if the user install the toolbar on FF, the MSN toolbar can simply reference the dll. If the toolbar needs to be updated, Windows Update can handle it.

Re:Huh? (0)

Anonymous Coward | more than 4 years ago | (#32550174)

You're right, barring the existence of the Firefox extension beforehand, this update should have been separated. I didn't know this and wrongly assumed it was already installed. I still don't know whether to reason it as negligence or conspiring intent however.

...Yup, knowing Microsoft, I am going to have to say there is one very embarassed and internally berated, under-paid grad student feeling quite stupid right now.

Re:Huh? (1)

Vahokif (1292866) | more than 4 years ago | (#32549770)

The toolbars are Microsoft software.

Re:Huh? (1)

Zumbs (1241138) | more than 4 years ago | (#32549838)

Unless I missed something, the "update" doesn't patch an existing piece of software. It *adds* an extension to Firefox where none were earlier. If the old MSN toolbar were subject to a vulnerability, and I had it installed on IE, I would expect Microsoft to update the IE extension, *not* to add a new extension to FF.

Re:Huh? (1)

Qantravon (1466953) | more than 4 years ago | (#32549914)

Actually, I do update Windows manually. Automatic Updates is turned off, and I check the Microsoft update site about once a week. Why? There have been times that there were pieces that I didn't want to install (such as the Firefox extension they snuck in with another update, a while back).

I've also had issues with Automatic Updates in the past, where it somehow got to a point where it would download the data, but couldn't actually install. Then I'd restart, and it would stay stuck at the same point. The issue was never resolved on that machine.

Beyond all that, I just like to know what's on my computer.

More than just my personal idiosyncrasies, I know of a piece of software that every user in the world must update manually, especially if they want to play new games. Graphics drivers. To my knowledge, no graphics manufacturer has a system to auto update their drivers. Sure, Nvidia occasionally puts new drivers out via Windows Update, but it's always listed under "Optional," which tells me that it probably doesn't get picked up by Automatic Updates.

This is all just in the interest of full disclosure.

Re:Huh? (0)

Anonymous Coward | more than 4 years ago | (#32550308)

I do the exact same thing as you. For pretty much the last 15 years. But, perhaps unlike you, I don't believe people like me to number anything more than 0.1%.

Windows itself used to default to manual updates. And we all know how that turned out. Graphics drivers are one of the most commonly unupdated products on a Windows machine -- just ask a few game developers sometime. (It was much much worse before Microsoft started including vendor WHQL drivers in WU.)

I think, perhaps incorrectly, if you have a Microsoft-signed video driver installed, and an update to that driver is released, then it will be listed as "recommended." I have seen important driver updates before, but not after installing drivers from higher-up.

Re:Huh? (1)

maxume (22995) | more than 4 years ago | (#32549944)

It explains why it has a separate install process, and the separate install process makes it more plausible that the update would mistakenly installed in browsers that do not have the toolbar installed, because of some error in the roll out process.

The outcry-backlash for stuff like this is way too loud for Microsoft to bother trying to 'get away with something', it seems pretty likely that it was a mistake.

dubious response (0)

Anonymous Coward | more than 4 years ago | (#32549048)

It's a dubious answer. Why would this "shared component" of the MS toolbars be installed SEPARATELY from the toolbars themselves?
Do it have any effect on systems that don't have MS toolbars?

Is this update going to remove this "shared component" where the MS toolbars aren't present? In other words, is it going to fix what it broke, or
is it just not going to break any more systems?

This seems like one of those mistakes that work to their benefit since it's safe to assume that unless is removes itself or doesn't have any effect
it will work to their benefit -- most users it effects aren't going to know about it or do anything about it.

Always pushing... (4, Insightful)

popo (107611) | more than 4 years ago | (#32549056)

Why must constant vigilance be required? There need to be fines against companies who install software without consent. It doesn't matter who you are, it should be an illegal act.

Re:Always pushing... (2)

Voulnet (1630793) | more than 4 years ago | (#32549070)

The worst part is that you can't find it Control Panel->Add/Remove--> Installed Updates so you can uninstall it. You basically need to hack around to be able to remove it.

Re:Always pushing... (3, Insightful)

jack2000 (1178961) | more than 4 years ago | (#32549112)

None of that would be a problem if Mozilla had made it so third party programs can't install plugins.

Re:Always pushing... (2, Insightful)

Nerdfest (867930) | more than 4 years ago | (#32549280)

Open API's are generally a good thing, although these days you seem to need some sort of user confirmation to stop them from being abused. The open API is not the bad part, the abuse is.

Re:Always pushing... (1)

Derek Pomery (2028) | more than 4 years ago | (#32549360)

And that would suck for Firefox in the corporate world where they need to apply a company-wide extension.

Re:Always pushing... (0)

Anonymous Coward | more than 4 years ago | (#32549918)

Firefox already sucks in the corporate world due to the lack of a msi and GPO support.

And people doesn't understand why large corporations rely on IE.

Suckers.

Re:Always pushing... (1)

Vellmont (569020) | more than 4 years ago | (#32549828)


None of that would be a problem if Mozilla had made it so third party programs can't install plugins.

How would that even be possible for a program where the source code is available, and the 3rd party has admin level access? Even for a close source program it's not possible if you're willing to reverse-engineer the program.

Not mucking with a program is essentially a gentleman's agreement. We all know Microsoft is NOT a gentleman, so they'll do whatever suits them the best.

That will happen when you vote for it (1)

SmallFurryCreature (593017) | more than 4 years ago | (#32549184)

That will happen when you vote for it, with your dollars.

MS will get the message when Windows sales drop because nobody buys their bullshit anymore... looks at MS sales figures... not yet it seems.

Customer: I demand you do what I say or else I will continue to buy your products like the sheep I am.

Company: Oh look, a talking sheep. Anyone want shiskebab? Dibs on the eyeballs.

Re:That will happen when you vote for it (1)

pizzach (1011925) | more than 4 years ago | (#32549310)

Unlike most software, it wouldn't surprise me if MS Windows sales mostly follows an inelastic demand curve. People buy it because they need it much like they need gas.

Re:That will happen when you vote for it (2, Insightful)

IANAAC (692242) | more than 4 years ago | (#32549386)

People buy it because they need it much like they need gas.

People don't *need* it at all. They get it most of the when they purchase a new PC.

No matter how easy Ubuntu (or whatever flavor of Linux we could talk about) is to install, people have already got an operating system on their PC and won't bother to install another one unless MS does something to truly piss them off. I say this as someone who pretty much immediately installs Ubuntu on any new machine I buy.

Re:That will happen when you vote for it (2, Insightful)

pizzach (1011925) | more than 4 years ago | (#32549998)

People don't *need* gas at for transport either. They could just live close enough to work to bike or walk.

No matter how easy Ubuntu (or whatever flavor of Linux we could talk about) is to install, people have already got an operating system on their PC and won't bother to install another one unless MS does something to truly piss them off. I say this as someone who pretty much immediately installs Ubuntu on any new machine I buy.

Most people wouldn't change their operating system even if MS pissed them off. Most people don't know they have the option and they don't have a clue how to do it. This is part of the basis for my previous assertion. You might like doing what you do. Some people love biking, too.

If you look at job descriptions, many are asking for ability to use specific programs instead of generic skills. Many web programming gigs still require testing for older version of Internet Explorer. AutoCAD does not run on linux. Many people don't realize that OpenOffice opens Word documents with high accuracy. Many companies ask that resumes are submitted in specifically doc format. Not PDF. Newer versions of Internet Explorer don't run in Wine. Games are still mostly on Windows. Sometimes there just plain aren't Linux drivers available for some hardware. People like what they know and dislike change.

These are some of the generic reasons floating in people's minds, even if many are misguided. You can spend your time shooting down a large number of the above down with the people you meet. I am sure someone will do that in a reply to this exact post, even though they are preaching to the choir. There are a lot of people out in the worcld who don't know that they don't need Windows, and they likely won't rethink computer and software purchases that quickly when the correct answer seems simple right now.

And so, that is why I made the general assertion that Windows sales are mostly inelastic. When the market share of Windows does drop below a certain point, my assertion will suddenly not hold any weight anymore.

Re:That will happen when you vote for it (1)

cynyr (703126) | more than 4 years ago | (#32550024)

autocad, solidworks, ProE, VBA macros in a spreadsheet, VB app from vendor, in house product selection system in VB.Net, A large amount of other business critical windows only software. Home users do't *need* it, but does "$2 pack of games from best buy" work with anything but windows? how about that cursor set from "the Internets"? yep, thats what i thought.

Any move needs to be tested and verified to work at 100% feature complete or if not 100% the cost in time of moving to the new system needs to be added. Simply moving HR from their IE6 only web page to IE9, costs programing/install time(assuming an update to the ten year old software is available), and retraining time for HR(mind you they are not doing what them normally would be doing during that time). Now if you work at a small company you may only have 2-3 HR people(if you have in house HR). it's still a huge cost to move people.

Re:That will happen when you vote for it (0)

Anonymous Coward | more than 4 years ago | (#32549394)

it's those few program that only run on windows like Autocad, the statement microsoft made also reminds me of the USSR and the chernobyl incident.

Re:That will happen when you vote for it (0)

Anonymous Coward | more than 4 years ago | (#32549354)

Right cause the other shit they did in the past wasn't good enough, some stupid firefox addon makes all the difference.

Re:Always pushing... (1, Informative)

Anonymous Coward | more than 4 years ago | (#32549246)

If you use Windows Update, then Microsoft already has your consent to install software on your computer. And that consent isn't limited to any particular kind of software, either; by agreeing to the EULA, you've given them blanket consent to install whatever they think you should have.

Re:Always pushing... (1)

hedwards (940851) | more than 4 years ago | (#32549422)

That's why I've set it to only download the updates, not install them. If MS is doing installing anyways that's not something that can reasonably be considered agreed to.

Re:Always pushing... (1)

Khyber (864651) | more than 4 years ago | (#32551400)

"by agreeing to the EULA, you've given them blanket consent to install whatever they think you should have."

That won't matter in a case of Unauthorized Access of a Computer/Misuse of Computer against Microsoft for modifying software that does not belong to them without permission. EULAs can NOT circumvent the law.

Typical Microsoft. (3)

jack2000 (1178961) | more than 4 years ago | (#32549076)

No excuse, no sir. And here i was foolishly thinking they would make a public apology.

Why is this allowed from FF? (4, Interesting)

beakerMeep (716990) | more than 4 years ago | (#32549128)

I remember when this happened with some Silverlight thing in the past, but I can't remember what the reason was the Mozilla devs gave for allowing this type of silent local add on installation.

Found an old bugzilla debate/bug from 2009 (!) about when this happened previously. It seems some consider it a moot point because Firefox reports add-ons have been installed when it boots. Did this MS update get around that somehow?

Here's the link: https://bugzilla.mozilla.org/show_bug.cgi?id=476430 [mozilla.org]

And the old story from the last time MS did this: http://voices.washingtonpost.com/securityfix/2009/06/microsoft_patch_to_fix_firefox.html [washingtonpost.com]

Re:Why is this allowed from FF? (1)

Machtyn (759119) | more than 4 years ago | (#32549194)

What's great about Silverlight is that I had to install Firefox on a Windows 7 64-bit computer to get it to work (Netflix). Microsoft Silverlight doesn't currently work with Microsoft Internet Explorer 64-bit.

Re:Why is this allowed from FF? (0)

Anonymous Coward | more than 4 years ago | (#32549286)

This is a stupid over-simplification. Silverlight has no 64-bit build. Thus it cannot be used with IE64, as 32-bit DLLs cannot be mapped into the address space of a 64-bit application. The only reason Silverlight functions on Firefox for you is because you were running 32-bit Firefox. In other words, your Firefox build is actually worse than IE64. Just more functional (Flash etc).

Re:Why is this allowed from FF? (1)

hedwards (940851) | more than 4 years ago | (#32549438)

It's not worse, there's no good reason why IE needs to be 64bit native. Nothing that IE does really needs the extensions and you're paying the 64bit toll without really getting anything out of it.

Re:Why is this allowed from FF? (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32549794)

No good reason? You do know that hardware DEP is default-disabled for 32-bit processes, no? Enabling it can cause all sorts of shittily-programmed plugins and applications to fail.

and you're paying the 64bit toll without really getting anything out of it.

This makes me think you have no idea what you are talking about and are stuck with a circa 2005 attitude. There is no toll, unless you count literally unnoticeable memory overhead. Performance benefit far outweighs this on average CPU intensive case.

Re:Why is this allowed from FF? (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32549886)

There is no reason that the browser and all plug ins aren't 64-bit native today. There is no "64bit toll", quite the opposite. There is a "32bit toll" when running on a 64-bit OS.

Re:Why is this allowed from FF? (1)

Khyber (864651) | more than 4 years ago | (#32551408)

"There is a "32bit toll" when running on a 64-bit OS."

Citation, please. just because you don't use the entire address space doesn't mean it will take a 'toll' on the OS unless the OS has been programmed in the shittiest manner possible in the first place.

Re:Why is this allowed from FF? (0)

Anonymous Coward | more than 4 years ago | (#32549572)

WTF? Windows 7 64 bit comes with IE 32 bit. In fact, it's still the default version of IE to use on Windows 7 64 bit. No one actually uses the 64-bit browser... except you, apparently, not realizing that only the browser marked "(64 bit)" is 64 bit.

Re:Why is this allowed from FF? (0)

Anonymous Coward | more than 4 years ago | (#32550588)

If the extension installer is running with enough privileges, then it will be able to write the necessary files and registry entries; there is nothing Mozilla can do about that. Maybe they could figure out a mechanism to keep track of which extensions are installed inside the browser vs outside the browser, but if the extension installer has enough privileges it would be able to bypass that as well. I think people are confusing the issue. The problem is not that extensions can be installed silently; the problem is that software is installing extensions silently. Don't complain to Mozilla; complain to the authors of the installers.

Re:Why is this allowed from FF? (0)

Anonymous Coward | more than 4 years ago | (#32551808)

The Sun Java Console extension (included with Java) has the "hidden" property set, so doesn't appear in the extensions list.

So not only does Microsoft shove their extension down everyone's throats, but they can't even manage to conceal it properly.

It was installed on my system (1, Funny)

Anonymous Coward | more than 4 years ago | (#32549244)

I was only able to uninstall this unwelcome extension by thinking in Russian.

So then. Microsoft is packing updates for bing (1)

unity100 (970058) | more than 4 years ago | (#32549250)

with its updates to its oses.

werent they recently bitchslapped by Eu for doing the very same thing, bundling and pushing their internet browser for decades to unsuspecting users ?

corporations never learn. apparently it will be up to Eu again to bitchslap them for the sake of justice.

Hand Wave (4, Funny)

FrostedWheat (172733) | more than 4 years ago | (#32549254)

"This isn't the extension you're looking for."

Re:Hand Wave (0)

Anonymous Coward | more than 4 years ago | (#32549882)

Oh, he's right... this isn't the extension we're looking for... Go about your business... Move along, move along.

This made things worse (4, Interesting)

Posting=!Working (197779) | more than 4 years ago | (#32549278)

Nothing was said about silently installing an extension to Firefox being completely wrong. No mention that it won't happen again. They've just about publicly admitting that they see nothing wrong with secretly installing changes to other companies software without need, notice, justification or a way to remove it.

Fuck Microsoft. Everybody who had this happened needs to file a complaint with the police under the hacking laws, installing unauthorized modifications to software of a competitor without permission is illegal, it doesn't matter if Microsoft does it, it's still illegal. Here in Kentucky, it's either a class A or B misdemeanor, depending on whether your time undoing it can be considered monetary damage.

Also, we only have Microsoft's word that it just affects search results in their toolbar. For all we know it's logging credit card numbers, recording your webcam, and copying your personal information and contents of your c:/porn folder for public display/blackmail later. They probably aren't, but then again, what have they done that's trustworthy lately?

"WGA thinks your copy of XP is unauthorized because you added memory and a graphics card. Your credit card has been charged $399.99 for a license."

Re:This made things worse (0)

Anonymous Coward | more than 4 years ago | (#32549442)

Did you even read the article? The update was intended only for people who already had the relevant software installed, there was a bug where it would get installed inappropriately, they fixed the bug in the latest update, and they apologized for the inconvenience.

Re:This made things worse (1)

cynyr (703126) | more than 4 years ago | (#32550032)

did they remove it from those places that it had happened accidentally? provided a 1 click tool to do so? instructions to remove it?

Re:This made things worse (1, Informative)

Anonymous Coward | more than 4 years ago | (#32550394)

You know, all of these questions would be answered if you people read the fucking article. They did provide instructions on how to remove it.

Re:This made things worse (0)

Anonymous Coward | more than 4 years ago | (#32549932)

I hate to say this BUT, if you are running a Microsoft product, especially Windows, you only actually have a license and under the terms of the license you agree to by using Windows, Microsoft probably has EULA terms that cover this in a manner that allows them to address stability issues of their software in a discrete fashion(if not explicitly, implicitly).

A solution to this problem could starts with doing a clean install of Ubuntu or some other flavor of Linux.

Re:This made things worse (0)

Anonymous Coward | more than 4 years ago | (#32551978)

or a way to remove it.

BULLSHIT. RTFA.

Again? (2, Informative)

Anonymous Coward | more than 4 years ago | (#32549288)

Didn't they do a similar thing with a .net addon?

Oh yes, they did. [annoyances.org]

Douchebags (1)

Runaway1956 (1322357) | more than 4 years ago | (#32549298)

If Microsoft wants to make an addon, update, toolbar, or any other damned thing for Firefox, they should submit it through proper channels. If it's alright for them to make updates to Firefox, then it's equally alright for Jumpin' Jack Haxor Flash to start distributing updates for Windows.

Re:Douchebags (1)

FlyByPC (841016) | more than 4 years ago | (#32549336)

You imply that they're *not* the aforementioned J&k H@xx0r?

Re:Douchebags (1)

Runaway1956 (1322357) | more than 4 years ago | (#32549380)

I dunno - before I make up my mind, I want to hear them play this:

http://www.youtube.com/watch?v=mwmuiq4oMYc [youtube.com]

(and I think that baby doll in black is pretty hot - wish I was about 35 years younger!)

i never realized... (0)

Anonymous Coward | more than 4 years ago | (#32549300)

...why they keep saying this things weeks after the problem arose.
i mean, if you tell me something a day or two after the problem was found, i can take it as explaining/apology, but weeks after?
It still looks as an excuse even through it probably isn't.

Competition... (1)

wannabgeek (323414) | more than 4 years ago | (#32549320)

Way to go MS. I guess you got jealous that Apple is hogging all the bad press, so you had to do something to prove you're still the original evil company.

This is why I don't use toolbars (3, Interesting)

FlyByPC (841016) | more than 4 years ago | (#32549328)

No toolbars installed == no MS update. I don't even use Google's toolbar -- and I more-or-less trust them (at least more than M$, anyway).

Re:This is why I don't use toolbars (1, Insightful)

SteveFoerster (136027) | more than 4 years ago | (#32549408)

Me too, and moreover, this is one reason why I don't use Windows.

Re:This is why I don't use toolbars (1)

rvw (755107) | more than 4 years ago | (#32549972)

Me too, and moreover, this is one reason why I don't use Windows.

At home OSX, at work Ubuntu, and for testing I use Virtualbox with an XP or 7 VM.

Re:This is why I don't use toolbars (1)

Khyber (864651) | more than 4 years ago | (#32551442)

You think you're safer by using OSX.

I don't know whether to laugh or cry, knowing the exploits I know about OSX.

The joys of having been an Apple Laptop repair tech in charge of the image servers - There are SO many vulnerabilities leftover from the days of 10.2 in the codebase that are still present even today. When people bork their Macs, it usually takes me four of five seconds after boot-up to know which exploit was used, assuming it wasn't a hardware issue that caused it in the first place (which was the normal mode of failure for the G3-based iBooks and then-new G4 Powerbooks.)

Bogus! (1, Offtopic)

woboyle (1044168) | more than 4 years ago | (#32549426)

What cruft! The number one reason why I am boycotting Microsoft and Apple is that they seem to think that they own my computing and communication devices and can install anything they want on them without my explicit permission. To heck with that! When are these pinheads going to get with the program, that doing so compromises the integrity and security of our systems and personal or proprietary information. I can accept auto-updates of already installed components, provided I opt-in to that, but if they are going to install ANY new components for whatever reason, I want to know what and why as well as what the possible side-effects of it may be to the operation and integrity of my system.

So, I have totally migrated to Linux on my workstations, laptops, and mobile devices. I run Windows XP SP2 in a virtual machine solely to run one stock/options trading application that isn't available for Linux and incapable of running with Wine. I don't update it except infrequently, and then only manually. In any event, there could conceivably be made a case that Microsoft has violated any number of laws related to installation or operation of unauthorized software on a system that you do not own (hacking). That is a criminal offense, and should be treated as such. Fines should be levied and penalties should apply... That's how angry I am about this sort of behavior.

Re:Bogus! (1)

maxume (22995) | more than 4 years ago | (#32550008)

I don't think you know what a boycott is.

Also, if you manually applied the updates, it seems a bit tough to argue that they did anything unauthorized on your systems.

Auto update (1)

p51d007 (656414) | more than 4 years ago | (#32549464)

Another reason to keep your automatic updates DISABLED.

Re:Auto update (0)

Anonymous Coward | more than 4 years ago | (#32549638)

Another reason to keep your automatic updates DISABLED.

Then you need to be very quick and diligent about checking for and immidiately installing the important updates.

Conficker becoming the big problem it became was due to people having automatic updates disabled. Microsoft actually had it patched really early.

To MIcrosoft: Mystery meat is not sweet! (0)

Anonymous Coward | more than 4 years ago | (#32549684)

Enable the "Uninstall" button on your POS plugin instead of you usual Imperial and intrusive Uncle Fester.

Jackasses (0)

Anonymous Coward | more than 4 years ago | (#32549706)

"the update will no longer be distributed "

The "oh we won't do that anymore" response is bullcrap. The fact that they _were_ doing it in the first place speaks volumes about how MS conducts business, and they never stop trying to pull these stunts. Do they honestly believe that people aren't watching them closely and that they won't get caught? I don't care _what_ the update is, there is no excuse for trying to sneak it past users. And somewhere in these comments, I will read some M$ defender's assertion that /. bashes M$ just for the sake of bashing M$. But given their track record --over the past 14 years that I've been paying close attention-- of these incessant games, how am I supposed to take them seriously? No company is perfect, but M$ is --and always was-- out of control with this type of garbage. I think I just answered my own question: they'll always be this way; I will never take them seriously [throws chair across the room in digust, realizes that this is how the dark side reacts. Doh!]

Toolbars? (3, Insightful)

BCW2 (168187) | more than 4 years ago | (#32550186)

People are still foolish enough to add them? Wow, I thought they were all mal ware just like all pop ups. Who has time to check which ones aren't?

"Microsoft explains..." (3, Interesting)

QuietLagoon (813062) | more than 4 years ago | (#32550594)

Microsoft has always been under the false impression that just because "Microsoft explains" a bad deed, that the deed suddenly becomes OK.

The Apple way (0)

Anonymous Coward | more than 4 years ago | (#32550954)

I guess they saw that it worked for Apple too push their new software as an update (Safari) and are hoping to take some market share for Bing that way

Meanwhile at Apple headquarters... (1)

cereda (1610079) | more than 4 years ago | (#32551882)

... Steve Jobs is very sad because his brand-new Safari was forgotten by Microsoft.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?