Forgot your password?
typodupeerror
Firefox Internet Explorer Microsoft News

Microsoft Hides Firefox Extension In Toolbar Update 285

Posted by CmdrTaco
from the because-they-can dept.
Jan writes "As part of its regular Patch Tuesday, Microsoft released an update for its various toolbars, and this update came with more than just documented fixes. The update also installs an add-on for Internet Explorer and an extension for Mozilla Firefox, both without the user's permission."
This discussion has been archived. No new comments can be posted.

Microsoft Hides Firefox Extension In Toolbar Update

Comments Filter:
  • stop it MS (Score:2, Insightful)

    by Anonymous Coward

    MS stop acting like spyware....

    • Again? (Score:4, Interesting)

      by tom17 (659054) on Thursday June 10, 2010 @09:32AM (#32522706) Homepage
      Didn't they do this before with a .net update?
      • Re:Again? (Score:5, Insightful)

        by ashridah (72567) on Thursday June 10, 2010 @09:39AM (#32522778)

        The difference being that that add-in was arguably useful. It enabled click-once in firefox, iirc, which is a fairly handy experience for running small apps over the web. If I recall, Java does the same thing. The problem then was that firefox had no way to distinguish between a version with a flaw, and a version without a flaw, so they had no choice but to temporarily blacklist it (and there was that issue with not being able to disable it due to permissions).

        Browser toolbars, however, never strike me as a nice addition to a product without asking.

        • Re:Again? (Score:5, Informative)

          by Anonymous Coward on Thursday June 10, 2010 @09:47AM (#32522838)

          The difference being that that add-in was arguably useful. It enabled click-once in firefox, iirc, which is a fairly handy experience for running small apps over the web. If I recall, Java does the same thing. The problem then was that firefox had no way to distinguish between a version with a flaw, and a version without a flaw, so they had no choice but to temporarily blacklist it (and there was that issue with not being able to disable it due to permissions).

          Browser toolbars, however, never strike me as a nice addition to a product without asking.

          The update doesn't install a browser toolbar, it updates the browser toolbar for users that already have it installed. Users who haven't installed it won't see this update.

          For once the Slashdot summary actually got this correct, and from the original article: "Additional testing determined that the update is only being offered to those with one of the Microsoft toolbars installed,"

          • Re: (Score:3, Interesting)

            by logjon (1411219)
            One of. If you have it installed on IE, it installs it on firefox, even if you didn't have the firefox one. Even if you don't even have firefox installed.
            • Re:Again? (Score:5, Funny)

              by Yvan256 (722131) on Thursday June 10, 2010 @10:00AM (#32522972) Homepage Journal

              So, to use a car analogy, it's like Microsoft is installing a new rooftop on their own car, and if you don't own a car from the other company they just install a new rooftop that just floats in mid-air next to your Microsoft car?

              Neat!

              • Re: (Score:2, Insightful)

                by logjon (1411219)
                Yeah, and if you do wind up buying another car from the other company, the roof installs itself as soon as you park it in the driveway.
              • Re:Again? (Score:5, Funny)

                by Anonymous Coward on Thursday June 10, 2010 @11:05AM (#32523758)

                It's more like them installing a public bathroom on the roof of your car where the plumbing consists of an open pipe directly over the driver's head.

                At least that's how I view toolbars.

              • Re:Again? (Score:5, Funny)

                by dna_(c)(tm)(r) (618003) on Thursday June 10, 2010 @05:01PM (#32528200)

                So, to use a car analogy, it's like Microsoft is installing a new rooftop on their own car, and if you don't own a car from the other company they just install a new rooftop that just floats in mid-air next to your Microsoft car?

                Neat!

                No, not on their car, on your car that they manufactured and sold to you.

                So it's more like they disconnected the brakes and replaced the pedal with a super-rocket-booster-hyper-activator overnight - without telling you. You will be pleasantly surprised at the next crossroads.

          • Re:Again? (Score:5, Informative)

            by Spad (470073) <slashdotNO@SPAMspad.co.uk> on Thursday June 10, 2010 @09:50AM (#32522864) Homepage

            Additional testing determined that the update is only being offered to those with one of the Microsoft toolbars installed

            Yes, but irrespective of whether it's installed for IE or Firefox. Just because I have the Live Search Toolbar installed for IE doesn't mean I want it turning up in Firefox unannounced.

            • Re:Again? (Score:5, Informative)

              by logjon (1411219) on Thursday June 10, 2010 @09:51AM (#32522890)

              Additional testing determined that the update is only being offered to those with one of the Microsoft toolbars installed

              Yes, but irrespective of whether it's installed for IE or Firefox. Just because my OEM put the Live Search Toolbar on IE doesn't mean I want it turning up in Firefox unannounced.

              fix'd

  • yay (Score:3, Interesting)

    by Pojut (1027544) on Thursday June 10, 2010 @09:31AM (#32522700) Homepage

    I like your products, Microsoft...but I still abhor your business practices.

    Kinda like Sony, Apple, etc...

    • Re: (Score:3, Insightful)

      by couchslug (175151)

      "I like your products, Microsoft...but I still abhor your business practices."

      Not enough to stop using their software, hence not enough to matter.

  • Microsoft needs to just go ahead and buy out [videosift.com] Mozilla.
  • I'm pretty sure this was done at least once before sometime in May in 2009. I was managing a conference and a "debate" about MS doing this broke out because supposedly if you tried to disable the plug-in Firefox would break. If I can find a reference to this I'll post it.
  • by Chameleon Man (1304729) on Thursday June 10, 2010 @09:35AM (#32522738)
    Microsoft hides extension in awkward zipper malfunction.

    (Sorry, it's one of those mornings)
    • by Red Flayer (890720) on Thursday June 10, 2010 @10:18AM (#32523156) Journal

      (Sorry, it's one of those mornings)

      What, one of those mornings where you wake up, roll out of bed, step on a rusty nail that protrudes from the floorboards, limp to the bathroom, have the cold water stop during your shower so you get scalded, the toilet gets clogged and overflows, the coffeemaker shorts out and starts a small fire in your kitchen, your dog eats something bad and barfs all over your feet, and then you get your penis caught in your zipper?

      Wait, that is not really analogous to this update... that kind of morning is more analogous to installing windows in the first place.

  • by Anonymous Coward on Thursday June 10, 2010 @09:39AM (#32522774)

    Why the hell hasn't Mozilla made it easy to remove plugins from Firefox? You have to Google solutions to find out how to remove Microsoft (and in some cases old Java) shit.

    • by gstoddart (321705) on Thursday June 10, 2010 @10:00AM (#32522978) Homepage

      Why the hell hasn't Mozilla made it easy to remove plugins from Firefox? You have to Google solutions to find out how to remove Microsoft (and in some cases old Java) shit.

      Mozilla has -- there's supposed to be an Uninstall button next to them.

      Unfortunately, Microsoft didn't allow the Uninstall button to work, and you could only Disable. This is not a Mozilla problem in not providing a mechanism -- this is Microsoft and Sun making shitty add-ons.

      • by jack2000 (1178961) on Thursday June 10, 2010 @10:18AM (#32523162)
        No it's Mozilla's problem. They should make it impossible for anyone to install plugins/extensions without user interaction and further more they should make it impossible for the uninstall button to be disabled. Have a damn "delete plugin dlls" button if nothing else damn it!
        • by denmarkw00t (892627) on Thursday June 10, 2010 @10:42AM (#32523446) Homepage Journal

          They should make it impossible for anyone to install plugins/extensions without user interaction

          Normally you're prompted to install extensions, and add-ons are usually by way of installer. The problem here is that the user DID interact - at some point they opted to receive an update from Microsoft. MS is COMPLETELY at fault here as they slipped a DLL into a folder where Firefox would find it and go "Geez, thats an add-on!" No install necessary in FF, just put the extension in the right place and bingo!

          As far as not being able to uninstall it...if its a "plugin" like Shockwave or Flash, you should note that the ability to Disable/Enable ONLY is there because any user can and should have access to that plugin. Extensions, on the other hand, should have the ability to be uninstalled unless they fall into this "any user could and probably wants" this extension category.

          • by protektor (63514) on Thursday June 10, 2010 @11:29AM (#32524010)

            HP Web Printing does this and Move Media Player does this. Both are old plug-ins that are disabled because they don't work with the current version of Firefox that I have, and they won't update, and I can't uninstall them either. So there are many companies that are making Firefox add-ons/plug-ins that are not able to be installed. That should not be an option at all. If you can't uninstall it then it shouldn't be possible to install it all. This is something that Mozilla/Firefox people need to work on fixing.

            The Move Media Player is what you have to have to watch streaming TV from the CW network. HP Web Printing was installed when I installed the drivers and software for my printer. Now I am stuck with both of them that don't work and can't be removed and won't update either.

          • Re: (Score:3, Interesting)

            by unix1 (1667411)

            they slipped a DLL into a folder where Firefox would find it and go "Geez, thats an add-on!" No install necessary in FF, just put the extension in the right place and bingo!

            That's the problem. Firefox should say - "hey user, I've never seen this extension file before (and you didn't download it via Firefox either); you didn't mean to install this stuff did you?" The default answer should be to skip installation of the extension. Problem solved. MS would be a lot more hesitant to try to "hack" around to circumvent this process.

            if its a "plugin" like Shockwave or Flash, you should note that the ability to Disable/Enable ONLY is there because any user can and should have access to that plugin.

            How so? If a user is able to install the plugin (systemwide for all users - assuming that's what you mean), that same user should be able to uninstall it

      • by laron (102608)

        IMHO it is a flaw in the way FF handles extensions, if an extension can protect itself from being uninstalled.

    • by mister_playboy (1474163) on Thursday June 10, 2010 @10:13AM (#32523086)

      The problem is these add-ons (they are not plugins) aren't installed with user privileges, but admin privileges. How would you have Mozilla fix this? By magically circumventing the permissions system in Windows?

      Perhaps MS hopes that people will place the blame on Mozilla as you have done.

      • Re: (Score:2, Funny)

        by vlueboy (1799360)

        The problem is these add-ons aren't installed with user privileges, but admin privileges. How would you have Mozilla fix this?

        Easy! FF needed these same admin privileges to be installed at some point; programs routinely ask for elevation, and FF is just trying to play 'usermode' too much, without a general picture of general systems management. Put the now-standard API call that "elevates" my rights to do sys admin tasks in Windows, and presto.

        By magically circumventing the permissions system in Windows?

        If a virus can "magically circumvent permissions", to root a Windows machine just because the writers learn the Windows API better, then a legal program ain't trying hard enough. After all,

      • Re: (Score:3, Funny)

        by bill_mcgonigle (4333) *

        By magically circumventing the permissions system in Windows?

        But Mom, everybody else is doing it!

  • by DIplomatic (1759914) on Thursday June 10, 2010 @09:51AM (#32522884) Journal
    My friend and I played a drinking game to /. once. One person clicks on a story involving Microsoft or Apple or Linux or polotics and the other person has to take a drink for every bullsh*t post about "M$" or Apple's App Store or Android FTW and everything else completely unrelated to what the actual post is about. Let me just say, don't attempt this in the morning...


    ps. Slashdot community, I love you all but some days you make me pull my hair out. :)
  • by Toad-san (64810) on Thursday June 10, 2010 @09:51AM (#32522886)

    I don't have no steenking Bing searchbar in my Firefox browser (no searchbars at all, in fact). The new extension did NOT show up in my Firefox addons, although I received my Windows updates yesterday.

    So I'm not affected directly. But, as many others have said, I do NOT appreciate Microsoft changing ANYTHING in my computer without my specific, informed permission. Okay, they can change their own OS if necessary (since they usually accept responsibility for disasters that occur). But leave MY programs the hell alone!

    • by Skarecrow77 (1714214) on Thursday June 10, 2010 @09:56AM (#32522936)

      Sonny, I remember the days when we had to manually type in http://www.altavista.com/ [altavista.com] or http://www.lycos.com/ [lycos.com] into our browsers to get to a search engine. We had to use our keyboards and everything! Then the search engine took a long time and returned bad results... and we liked it!

      These newfangled search bars, they're the devil's work I tell ya.

    • Re: (Score:3, Informative)

      by gbjbaanb (229885)

      nor mine, but then I never installed the PoC Microsoft toolbar that needs to be updated:

      From TFA:
      Additional testing determined that the update is only being offered to those with one of the Microsoft toolbars installed, regardless of whether they are enabled or disabled. It's unknown how many users fall into that scenario, but the toolbars often come bundled with new PCs and popular Microsoft downloads.

      So.. the moral here is: don't install any Microsoft software and you won't have these problems :)

  • by Tei (520358) on Thursday June 10, 2010 @09:54AM (#32522914) Journal

    I have two windows, a netbook with windows 7, and a XP, and the general malpractices of the software that this OS use is really anoying. Stuff like the printer driver creates a resident program (HP something) on the toolbar. Other applications after running only once, set itself to start at restart. WTF LOL!?. How is that possible? a OS sould ask user permission with something like sudo for setting apps to auto-run at restart. All these apps that start and are doing nothing at all make the start very long, and take screen space.
    So.. is bad enough wen people like HP, Impulse or others do this, but.. Microsoft? In a way, is like Microsoft is sanctioning this evil practice thenselves.

    • The HP thing is actually optional. You can install just the driver or the driver and all the add-ons. The HP web site and every HP driver CD I've used allow installing just the drivers.

      The add-ons offer things like ink level updates, scanning across the network (if you have a multi-function), mapping the card reader on your HP printer as a drive on your desktop system (even across the network), and some fax/image fixup/color matching/misc. other document-related software.

      HP does charge a metric shit-ton of

  • My Ubuntu installation at work installed a Firefox extension by default. It also made numerous modifications to packages installed on my computer - from bash to Xorg to Gnome. Both legal and morally acceptable.

    Same thing is with Microsoft, with the only difference being that there is no assumed connection between Windows and Firefox (Microsoft doesn't package Firefox)

    Your OS will tamper with the rest of your machine. The question is: do you trust your operating system with your computer?

    • by NullProg (70833)

      Same thing is with Microsoft, with the only difference being that there is no assumed connection between Windows and Firefox (Microsoft doesn't package Firefox)

      It is not the same difference. All those updated packages came with the distribution.

      This is more like installing Opera on your Ubuntu system and Canonical adding plugins and changing the default behavior without your permission? (Hint, Opera isn't in the default repositories).

      Enjoy,

  • by SCHecklerX (229973) <thecaptain@captaincodo.net> on Thursday June 10, 2010 @10:13AM (#32523090) Homepage

    Every time ubuntu updates firefox, it slams it's own list of search engines into my browser, and I have to yet again remove them. Why would a system update muck with personal settings like that?

    • by Krneki (1192201)
      <quote><p>Every time ubuntu updates firefox, it slams it's own list of search engines into my browser, and I have to yet again remove them. Why would a system update muck with personal settings like that?</p></quote>

      Who gives a shit about users anyway?
    • by Rhys (96510) on Thursday June 10, 2010 @11:03AM (#32523728) Homepage

      Because you installed the 'ubufox' package (probably by default), by chance? The package even says something about "remove this to have a vanilla firefox."

  • In the U.S. there has emerged a business model that uses the math of, "it is better to ask for forgiveness than permission." Personally, I'm getting more "bang for the buck" by going to other businesses and asking, "how much?"
  • by YA_Python_dev (885173) on Thursday June 10, 2010 @10:18AM (#32523158) Journal

    Dear Mozilla developers, please disable by default *all* extensions except:

    1. the ones that are manually installed by the user using the standard UI inside Firefox;
    2. the ones that are manually enabled by the user using a menu switch inside Firefox for EACH externally installed extension (do NOT show a confirmation dialog if a new extension appears out of nowhere: users always click "yes").

    The power to choose what to install in their browsers must reside only in the hands of the users.

    If a vendor actively tries to circumvent this new protection mechanism, permanently blacklist ALL its extensions, plugins and whatnot. Report them to antivirus vendors as malware.

    It's not the first time this happens and it actively damages users, with slower browsing experience, less screen space for actual content, huge undisclosed privacy and security breaches (you can BET they exists, even if they are not made public).

    This shit has to stop.

    P.S. to the users of Microsoft products: please any time you can, try to avoid this company, you're not their customer, you're their victim. There are other software vendors that respect you much more than that.

    • by Culture20 (968837)

      Dear Mozilla developers, please disable by default *all* extensions except:

      1. the ones that are manually installed by the user using the standard UI inside Firefox;
      2. the ones that are manually enabled by the user using a menu switch inside Firefox for EACH externally installed extension (do NOT show a confirmation dialog if a new extension appears out of nowhere: users always click "yes").

      The power to choose what to install in their browsers must reside only in the hands of the users.

      Ah, but what if sysadmins want their users to - by default - be using adblock or noscript?

    • by Simetrical (1047518) <Simetrical+sd@gmail.com> on Thursday June 10, 2010 @03:35PM (#32526932) Homepage

      Dear Mozilla developers, please disable by default *all* extensions except:

      1. the ones that are manually installed by the user using the standard UI inside Firefox;
      2. the ones that are manually enabled by the user using a menu switch inside Firefox for EACH externally installed extension (do NOT show a confirmation dialog if a new extension appears out of nowhere: users always click "yes").

      So it should be impossible for Windows Update, running as administrator, to add extensions to Firefox? How exactly is this miracle to be accomplished? Last I checked, the administrator can modify any program arbitrarily, such as by adding an entry to a database saying that the user manually installed a particular add-on.

  • The first thing I think of when I see that is; spyware. The enhancement is probably only to their benefit, not yours.

  • by erroneus (253617) on Thursday June 10, 2010 @11:18AM (#32523900) Homepage

    As small and simple as this may be this is a monopoly desktop OS vendor using its position to push out things to support its internet and marketing activities. Using one position as monopoly to prop up or support another activity in another market place. That pretty much defines what they have been getting in trouble for over the past 20 years in multiple jurisdictions.

    They show no signs or intention of change. They need to be broken up.

  • by bobdehnhardt (18286) on Thursday June 10, 2010 @12:02PM (#32524370)

    From the article:

    Both seem to be installed in "C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\." Inside, there is a file called "SEPsearchhelperie.dll" that is responsible for the IE add-on and a "firefoxextension" folder responsible for Firefox.

    See? It's surrounded by a SEP field. Nobody will notice it.

    Still, it is nice to see Slartibartfast is gainfully employed...

Line Printer paper is strongest at the perforations.

Working...