Microsoft Explains Mystery Firefox Extension 142
Ricky writes with a followup to news we discussed a couple days ago that a Microsoft toolbar update was installing an IE add-on and a Firefox extension without the user's consent. Quoting Ars:
"Microsoft has fixed the distribution scope of a toolbar update that, without the user's knowledge, installed an add-on in Internet Explorer and an extension in Firefox called Search Helper Extension. Microsoft told us that the new update is actually the same as the old one; the only difference is the distribution settings. In other words, the update will no longer be distributed to toolbars that it shouldn't be added to. End users won't see the tweak, Microsoft told Ars, and also offered an explanation on what the mystery add-on actually does. 'The Search Enhancement Pack is a shared component used by the Windows Live Toolbar, MSN Toolbar, and Bing Bar. This component enables toolbar search functionality, like the toolbar search suggestions drop down. It is not the toolbar. It is a component used by the toolbars.'"
Why is this allowed from FF? (Score:5, Interesting)
Found an old bugzilla debate/bug from 2009 (!) about when this happened previously. It seems some consider it a moot point because Firefox reports add-ons have been installed when it boots. Did this MS update get around that somehow?
Here's the link: https://bugzilla.mozilla.org/show_bug.cgi?id=476430 [mozilla.org]
And the old story from the last time MS did this: http://voices.washingtonpost.com/securityfix/2009/06/microsoft_patch_to_fix_firefox.html [washingtonpost.com]
This made things worse (Score:5, Interesting)
Nothing was said about silently installing an extension to Firefox being completely wrong. No mention that it won't happen again. They've just about publicly admitting that they see nothing wrong with secretly installing changes to other companies software without need, notice, justification or a way to remove it.
Fuck Microsoft. Everybody who had this happened needs to file a complaint with the police under the hacking laws, installing unauthorized modifications to software of a competitor without permission is illegal, it doesn't matter if Microsoft does it, it's still illegal. Here in Kentucky, it's either a class A or B misdemeanor, depending on whether your time undoing it can be considered monetary damage.
Also, we only have Microsoft's word that it just affects search results in their toolbar. For all we know it's logging credit card numbers, recording your webcam, and copying your personal information and contents of your c:/porn folder for public display/blackmail later. They probably aren't, but then again, what have they done that's trustworthy lately?
"WGA thinks your copy of XP is unauthorized because you added memory and a graphics card. Your credit card has been charged $399.99 for a license."
This is why I don't use toolbars (Score:4, Interesting)
Re:English Doc? (Score:5, Interesting)
Wrong. It got added to Firefox if any of the toolbars were detected on the system, even if it was for IE. So someone with an OEM install of Windows with an IE toolbar, but who never used IE, would still get the Firefox add-on forced upon him.
Now why Firefox would allow extensions to be installed from the outside without the user's permission is the question I have. That makes Firefox a good target for malware writers.
Re:English Doc? (Score:4, Interesting)
Now why Firefox would allow extensions to be installed from the outside without the user's permission is the question I have. That makes Firefox a good target for malware writers.
Windows Update can remove or rewrite your Firefox install any way you like, Firefox can't in any way control that.
Also, your profile folder can be rewritten in any way by user run program (malware). There is no way Firefox could prevent that.
The only way to prevent things like this is OS security packages that enforce security policies (program A can write to folder B, program C may have TCP sockets). AFAIK RSBAC and SELinux are capable of this on Linux. But user home dirs, no way (how?).
"Microsoft explains..." (Score:4, Interesting)
Re:English Doc? (Score:3, Interesting)
Uuum because Windows Update is software that has to have full control over the system to do its job of updating core system files. And because Firefox, being a normal user program and maybe not even running, can’t override a program with full access and rights to everything.
Here we go again. (Score:2, Interesting)
If i ever get a chance to interview an M$ executive, I'm going to ask if they feel that they have any rights to a comp that was built by me from parts, and had slackware installed as the only OS from the beginning. I think their response would show everyone exactly how they feel. Hell, anything other than a straight "No" would show their true colors.