Microsoft Explains Mystery Firefox Extension - Slashdot

Slashdot

Microsoft Explains Mystery Firefox Extension 142

Posted by Soulskill on Saturday June 12 2010, @09:24AM
from the barn-doors-and-horses dept.

Ricky writes with a followup to news we discussed a couple days ago that a Microsoft toolbar update was installing an IE add-on and a Firefox extension without the user's consent. Quoting Ars: "Microsoft has fixed the distribution scope of a toolbar update that, without the user's knowledge, installed an add-on in Internet Explorer and an extension in Firefox called Search Helper Extension. Microsoft told us that the new update is actually the same as the old one; the only difference is the distribution settings. In other words, the update will no longer be distributed to toolbars that it shouldn't be added to. End users won't see the tweak, Microsoft told Ars, and also offered an explanation on what the mystery add-on actually does. 'The Search Enhancement Pack is a shared component used by the Windows Live Toolbar, MSN Toolbar, and Bing Bar. This component enables toolbar search functionality, like the toolbar search suggestions drop down. It is not the toolbar. It is a component used by the toolbars.'"

This discussion has been archived. No new comments can be posted.

Microsoft Explains Mystery Firefox Extension

Search 142 Comments Log In/Create an Account

Comments Filter:

Why is this allowed from FF? (Score:5, Interesting)

by beakerMeep (716990) writes: on Saturday June 12 2010, @09:45AM (#32549128)

I remember when this happened with some Silverlight thing in the past, but I can't remember what the reason was the Mozilla devs gave for allowing this type of silent local add on installation.

Found an old bugzilla debate/bug from 2009 (!) about when this happened previously. It seems some consider it a moot point because Firefox reports add-ons have been installed when it boots. Did this MS update get around that somehow?

Here's the link: https://bugzilla.mozilla.org/show_bug.cgi?id=476430 [mozilla.org]

And the old story from the last time MS did this: http://voices.washingtonpost.com/securityfix/2009/06/microsoft_patch_to_fix_firefox.html [washingtonpost.com]

Share
twitter facebook
This made things worse (Score:5, Interesting)

by Posting=!Working (197779) writes: on Saturday June 12 2010, @10:10AM (#32549278)

Nothing was said about silently installing an extension to Firefox being completely wrong. No mention that it won't happen again. They've just about publicly admitting that they see nothing wrong with secretly installing changes to other companies software without need, notice, justification or a way to remove it.
Fuck Microsoft. Everybody who had this happened needs to file a complaint with the police under the hacking laws, installing unauthorized modifications to software of a competitor without permission is illegal, it doesn't matter if Microsoft does it, it's still illegal. Here in Kentucky, it's either a class A or B misdemeanor, depending on whether your time undoing it can be considered monetary damage.
Also, we only have Microsoft's word that it just affects search results in their toolbar. For all we know it's logging credit card numbers, recording your webcam, and copying your personal information and contents of your c:/porn folder for public display/blackmail later. They probably aren't, but then again, what have they done that's trustworthy lately?
"WGA thinks your copy of XP is unauthorized because you added memory and a graphics card. Your credit card has been charged $399.99 for a license."

Share
twitter facebook
This is why I don't use toolbars (Score:4, Interesting)

by FlyByPC (841016) writes: on Saturday June 12 2010, @10:17AM (#32549328) Homepage

No toolbars installed == no MS update. I don't even use Google's toolbar -- and I more-or-less trust them (at least more than M$, anyway).

Share
twitter facebook
Re:English Doc? (Score:5, Interesting)

by arth1 (260657) writes: on Saturday June 12 2010, @10:51AM (#32549540) Homepage Journal

Wrong. It got added to Firefox if any of the toolbars were detected on the system, even if it was for IE. So someone with an OEM install of Windows with an IE toolbar, but who never used IE, would still get the Firefox add-on forced upon him.
Now why Firefox would allow extensions to be installed from the outside without the user's permission is the question I have. That makes Firefox a good target for malware writers.

Parent Share
twitter facebook
Re:English Doc? (Score:4, Interesting)

by buchner.johannes (1139593) writes: on Saturday June 12 2010, @12:15PM (#32550218) Homepage Journal

Now why Firefox would allow extensions to be installed from the outside without the user's permission is the question I have. That makes Firefox a good target for malware writers.
Windows Update can remove or rewrite your Firefox install any way you like, Firefox can't in any way control that.
Also, your profile folder can be rewritten in any way by user run program (malware). There is no way Firefox could prevent that.
The only way to prevent things like this is OS security packages that enforce security policies (program A can write to folder B, program C may have TCP sockets). AFAIK RSBAC and SELinux are capable of this on Linux. But user home dirs, no way (how?).

Parent Share
twitter facebook
"Microsoft explains..." (Score:4, Interesting)

by QuietLagoon (813062) writes: on Saturday June 12 2010, @12:58PM (#32550594)

Microsoft has always been under the false impression that just because "Microsoft explains" a bad deed, that the deed suddenly becomes OK.

Share
twitter facebook
Re:English Doc? (Score:3, Interesting)

by Hurricane78 (562437) writes: <deleted@@@slashdot...org> on Saturday June 12 2010, @01:30PM (#32550888)

Uuum because Windows Update is software that has to have full control over the system to do its job of updating core system files. And because Firefox, being a normal user program and maybe not even running, can’t override a program with full access and rights to everything.

Parent Share
twitter facebook
Here we go again. (Score:2, Interesting)

by penguinman1337 (1792086) writes: on Saturday June 12 2010, @07:18PM (#32553166)

M$ still thinks that they own every PC in the world. It doesn't matter if it even runs Windows or not. They've demonstrated this time and time again. Anyone remember the Suse linux controversy a couple years back? They still haven't gotten the idea through their corporate heads that the end user has a choice now on what to do with their system. Lets say you buy a computer with windows pre-installed. They pretty much say now that by even opening the box you agree to their EULA. Even if the first time you boot is solely to pop open the DVD drive to put in a Linux install CD. Last comp i bought didn't even have a initial "You officially sign your life and your computer over to us" dialog come up. And you know how they supposedly give refunds on the windows tax to ppl who never use it. Good luck on that one. M$ is still the same bully they always were, they just try to put a nice face on it from time to time.

If i ever get a chance to interview an M$ executive, I'm going to ask if they feel that they have any rights to a comp that was built by me from parts, and had slackware installed as the only OS from the beginning. I think their response would show everyone exactly how they feel. Hell, anything other than a straight "No" would show their true colors.

Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

995 commentsZimmerman Charged With 2nd-Degree Murder
910 commentsIn Nothing We Trust
811 commentsTSA's mm-Wave Body Scanner Breaks Diabetic Teen's $10K Insulin Pump
743 comments$60 Light Bulb Debuts On Earth Day
734 commentsWindows 8 Won't Play DVDs Unless You Pay For the Media Center Pack

"And remember: Evil will always prevail, because Good is dumb." -- Spaceballs