Microsoft Explains Mystery Firefox Extension

Ricky writes with a followup to news we discussed a couple days ago that a Microsoft toolbar update was installing an IE add-on and a Firefox extension without the user's consent. Quoting Ars: "Microsoft has fixed the distribution scope of a toolbar update that, without the user's knowledge, installed an add-on in Internet Explorer and an extension in Firefox called Search Helper Extension. Microsoft told us that the new update is actually the same as the old one; the only difference is the distribution settings. In other words, the update will no longer be distributed to toolbars that it shouldn't be added to. End users won't see the tweak, Microsoft told Ars, and also offered an explanation on what the mystery add-on actually does. 'The Search Enhancement Pack is a shared component used by the Windows Live Toolbar, MSN Toolbar, and Bing Bar. This component enables toolbar search functionality, like the toolbar search suggestions drop down. It is not the toolbar. It is a component used by the toolbars.'"

English Doc?

[commodore64_love]

(looking perplexed)

I still don't understand why it was added to Firefox when I'm not using MSN, Bing, or any other crap
.

Re:

[Voulnet]

It wasn't added to Firefox users who didn't use MSN or Bing toolbars.

Re:English Doc?

[arth1]

Wrong. It got added to Firefox if any of the toolbars were detected on the system, even if it was for IE. So someone with an OEM install of Windows with an IE toolbar, but who never used IE, would still get the Firefox add-on forced upon him.

Now why Firefox would allow extensions to be installed from the outside without the user's permission is the question I have. That makes Firefox a good target for malware writers.

Re:English Doc?

[rvw]

Wrong. It got added to Firefox if any of the toolbars were detected on the system, even if it was for IE. So someone with an OEM install of Windows with an IE toolbar, but who never used IE, would still get the Firefox add-on forced upon him.

Now why Firefox would allow extensions to be installed from the outside without the user's permission is the question I have. That makes Firefox a good target for malware writers.

I suppose Firefox isn't running when this happens. So it can't block anything. Firefox can block addons to be installed if they are activated from a page that Firefox visits. This is a different situation. And if Firefox is running, it's probably possible to install something that is activated after a restart. And if it shouldn't, this is Windows, MS territory, and they may be able to do anything if they want to.

Re:

[Kalriath]

Informative? What the fuck?

Since when has bullshit conspiracy theory been informative?

Re:English Doc?

[AusIV]

How do you propose Firefox prevent the installation of an extension by software that has direct file system access? Firefox is open source, so anyone can look and see how an extension is installed. Third party software need only update the right files and the extension would be installed. Firefox had no control over any step.

Now, this doesn't make Firefox a good target for malware writers. Anyone who can execute arbitrary code on your system doesn't need Firefox to cause problems.

Re:

[Auckerman]

"How do you propose Firefox prevent the installation of an extension by software that has direct file system access?"

Don't use filesystem placement as the method of registering extensions. Keep registered extensions in an encrypted database which only Firefox has access to. Only add extensions when the user interacts with a secure API verifying they want the extension added. /next question?

Re:

[radarsat1]

"Keep registered extensions in an encrypted database which only Firefox has access to."

You mean, like DRM? Yeah, hackers will never figure that out.

(i.e., this solution would be vulnerable to the _exact_ same problem seen with media rights management.. the browser would need the key to access the database, thus it is also available to anyone who looks in the right place.)

Re:English Doc?

[Polumna]

You're obviously right, but there's an implication worth mentioning for this specific instance. *Microsoft* would have had to violate the DMCA publicly. Even if they did it with some legal sleight-of-hand, it would at least make for a >500 comment slashdot story. :P

Re:

[Your.Master]

Except that if Microsoft circumvented the DRM, it would be flagrantly illegal and could not happen by accident.

We're not talking about defending against a hypothetical foreign attack by a malicious adversary here, we're talking about preventing unwanted accidental or incidental installs.

Re:

[AusIV]

The DMCA applies to "technological measures used by copyright owners to protect their works." I think it would be hard to argue that it applies to this kind of protection.

Re:

[sumdumass]

Wouldn't that cause issues with software updates by extensions in general? I mean often when wanted extensions and addons like Java or Flash are updated, they need to point the references to a new file name or version. If that can be done without accessing the encrypted DB, like through windows update or when another browser is open, then the entire point of the encrypted database is mooted because you can install anything by simple adding to the existing plugins.

Re:

[AusIV]

I'm not suggesting it has to do with filesystem placement, but that Microsoft's software has the ability to read and modify everything Firefox has access to. How do you propose creating an encrypted database that only Firefox has access to? Where do you plan to keep the key that Firefox can get it but Windows updates can't? This works (for a while) for proprietary software employing security through obscurity, but it could never work for open source software.

Re:

[Voulnet]

Which means they had the toolbar installed. I wasn't wrong there, I just wasn't very specific. Firefox now does prompt you when a website tries to install a plugin, but how this one got installed is beyond my knowledge. Apparently Microsoft knows its way around its system.

Re:English Doc?

[buchner.johannes]

Now why Firefox would allow extensions to be installed from the outside without the user's permission is the question I have. That makes Firefox a good target for malware writers.

Windows Update can remove or rewrite your Firefox install any way you like, Firefox can't in any way control that.
Also, your profile folder can be rewritten in any way by user run program (malware). There is no way Firefox could prevent that.

The only way to prevent things like this is OS security packages that enforce security policies (program A can write to folder B, program C may have TCP sockets). AFAIK RSBAC and SELinux are capable of this on Linux. But user home dirs, no way (how?).

Re:

[arth1]

Have Firefox require user signing of all extensions that are allowed to run.
With the signing key protected by TPM on systems that support it, or an option to store it on an external location (like a USB key or a WEBDAV location) for those that don't.

To get around that, Microsoft would have to hack and binary-patch Firefox' own code, which would no longer be merely immoral, but illegal. Not to say exceedingly difficult, considering how many different versions and revisions of browsers there are out there wi

Re:

[sumdumass]

It wouldn't have to be that difficult. All MS would have to do is create a sub-shell like program that Firefox runs in. with this, they could intercept or manipulate anything- including using scripts or whatever to overlay boxes on the ui.

Think of it as the same principle that spyware and popups work/used to work. They installed a program that intercepted your internet sessions, vied them and injected their own ads or content in the replies. Even in some cases, they would recognize the competitions ads on a

Re:

[starfishsystems]

Firefox can't prevent a process with elevated privileges from making configuration changes to an existing Firefox installation, that's true.

It could, however, provide an option which requires the user to sign every extension and plugin that the user wants to install or update.

The only way a rogue process could imitate this effect would be to capture keystrokes. And subverting that sort of security would be no "accident". It's the sort of thing that would lead to lawsuits.

Re:

[Hurricane78]

Uuum because Windows Update is software that has to have full control over the system to do its job of updating core system files. And because Firefox, being a normal user program and maybe not even running, can’t override a program with full access and rights to everything.

Re:

[eulernet]

It got added to Firefox if any of the toolbars were detected on the system, even if it was for IE.

No, I never install toolbars, and it got installed on one of my computers...

I guess I'll have to investigate...

Re:

[arth1]

The toolbar doesn't have to be installed by you. If the Windows version is OEM, it might have been pre-installed by the manufacturer. And if you've installed a program that requires java, it might have installed java with the silent option, and the Yahoo toolbar is opt-out. And a plethora of other options, including it being installed and disabled. If you don't use IE at all, chances are you never noticed it.

Re:

[SeaFox]

Wrong. It got added to Firefox if any of the toolbars were detected on the system, even if it was for IE. So someone with an OEM install of Windows with an IE toolbar, but who never used IE, would still get the Firefox add-on forced upon him.

I don't use any of the toolbars mentioned. I built this machine myself and installed Windows on it from a corporate XP installation CD. Why did I get that mysterious Microsoft extension?

Re:

[arth1]

If it was a corporate XP CD, it's far from inconceivable that it has been slipstreamed.
Open Internet Settings, choose Programs, then choose "Manage add-ons". If you don't see any of the toolbars there, and don't see it in the Add-ons in any of your Gecko based browsers, contact Microsoft support -- I'm quite sure they would like to figure out how it was detected as installed on your system.

Re:

[arth1]

Which means that they had the Bing or MSN toolbar installed. That in no way contradicts Voulnet's post that you're calling "wrong".

Bzzt. Good thing for your karma that you post as AC. The claim was that it wouldn't install unless you used these toolbars, not whether you had them installed.

Re:

[Anonymous Coward]

Then that MS PR flack did their job well.

Zombie Install?

[DaveRexel]

Bah! Not welcome! Why is the uninstall button broken for this extension Microsoft?

Google is just as bad

[Joce640k]

I just checked and there's about as many plugins labelled 'Google" as there are "Microsoft'. I don't recall installing any of them.

But still...this is a a Microsoft bashing board, right?

Re:

[commodore64_love]

No I pretty much hate all megacorps.....

It's just that my hatred for MS has been burning longer (since the 80s), that's all. I started hating Apple when they started locking-out customers from installing apps or OSes, and making exploding iPod owners sign non-disclosure agreements. And Google..... well just a few months ago actually.

Re:

[the old rang]

The reason, as posted in the article, was clearly explained by (I believe) one of their lawyers from the firm of Gobel D. Gook, Flim, Flam and Muddywaters. The conciseness of the explanation, narrowed to the most broad base terms of contradiction, should have been clearly understood by any writer of the Health Care Bill, as to be non-sequitur. Simple,Huh?

Huh?

[Zumbs]

The Search Enhancement Pack is a shared component used by the Windows Live Toolbar, MSN Toolbar, and Bing Bar. This component enables toolbar search functionality, like the toolbar search suggestions drop down. It is not the toolbar. It is a component used by the toolbars.

And this explains why it was silently added to Firefox how? Wouldn't the reasonable way of accomplishing this be to download the pack with the extensions in question?

Re:Huh?

[erroneus]

1. Yes, we are all in favor of automatic updates... for Microsoft Software. This includes Office and Windows and more. But Not Mozilla Firefox.
2. Firefox does it's own automatic updates. It tells the users when there are updates for addons and for Firefox itself. Let Firefox manage itself! Microsoft only needs to place the update out on the web and tell its own addon where to find them. If people want this addon, they will install it and it will remain updated.

Re:

[Vahokif]

The toolbars are Microsoft software.

Re:

[ivucica]

So why doesn't the toolbar use Firefox's extension update system to update itself, or the components, or whatever? Seriously, this is either incompetence, or bad intentions. Pick one.

Re:

[Vahokif]

Or they want to use the update infrastructure they control and are familiar with. Not evetything is a conspiracy.

Re:

[ivucica]

When in Rome, do as Romans do. If they want to create a Firefox addon, they should use Firefox update infrastructure. Otherwise they're just incompetent. (Or it might be a conspiracy.)

Re:

[erroneus]

Indeed! It is an application independent of the OS. Let it be self-contained as applications independent of the OS should be. Part of Microsoft's problem is their propensity to integrate and tie things together. This is, was and remains a key problem with their dubious activities and what gets them into legal trouble.

They haven't yet learned their lesson and need to be broken up so that their OS division only does OS things and not Internet things.

Re:

[Zumbs]

As I understand the issue, the "update" added an extension to FF, even if the toolbar weren't installed in the first place. So, the problem you sketch isn't there. MS update can place the dll on the users system, and if the user install the toolbar on FF, the MSN toolbar can simply reference the dll. If the toolbar needs to be updated, Windows Update can handle it.

Re:

[maxwell demon]

#2 Relies on both being done at virtually the same instant. If WU is first, Firefox breaks. If Firefox is first, Firefox breaks again.

Then write the modules so that independent updates work. Basically that means to make the browser-independent component's interface stable (Microsoft has plenty of experience with this type of compatibility!), and make new versions of the Firefox extension work with older versions of the browser independent component's interface (new features which need the new system compone

Re:

[ivucica]

Search Helper is bad engineering, then. Windows is not a platform with one central packaging system a la apt/dpkg, and let's not pretend Windows Update should be that replacement. Not because it's a bad thing, but because nobody expects that.

When on Windows, do it the Windows way. Each app should stand on its own. What Microsoft is doing in the last few years is just customer disappointments like this waiting to happen.

Cure is simple: Update system components! Don't automatically update plugins for othe

Re:

[Zumbs]

Unless I missed something, the "update" doesn't patch an existing piece of software. It *adds* an extension to Firefox where none were earlier. If the old MSN toolbar were subject to a vulnerability, and I had it installed on IE, I would expect Microsoft to update the IE extension, *not* to add a new extension to FF.

Re:

[Qantravon]

Actually, I do update Windows manually. Automatic Updates is turned off, and I check the Microsoft update site about once a week. Why? There have been times that there were pieces that I didn't want to install (such as the Firefox extension they snuck in with another update, a while back).

I've also had issues with Automatic Updates in the past, where it somehow got to a point where it would download the data, but couldn't actually install. Then I'd restart, and it would stay stuck at the same point.

Re:

[Qantravon]

Oh, I wasn't suggesting that the number of people who update manually was in any way large, I was just saying that it is incorrect to assume there is absolutely no one who does. Although, I do think it is a little higher than you do. Maybe 1%, a little less.

And I'm willing to believe that graphics drivers go unupdated a lot, however, every one of my friends who games knows enough to check for updates every so often, so I guess I just surround myself with unusual people.

Re:

[maxume]

It explains why it has a separate install process, and the separate install process makes it more plausible that the update would mistakenly installed in browsers that do not have the toolbar installed, because of some error in the roll out process.

The outcry-backlash for stuff like this is way too loud for Microsoft to bother trying to 'get away with something', it seems pretty likely that it was a mistake.

Always pushing...

[popo]

Why must constant vigilance be required? There need to be fines against companies who install software without consent. It doesn't matter who you are, it should be an illegal act.

Re:

[Voulnet]

The worst part is that you can't find it Control Panel->Add/Remove--> Installed Updates so you can uninstall it. You basically need to hack around to be able to remove it.

Re:Always pushing...

[jack2000]

None of that would be a problem if Mozilla had made it so third party programs can't install plugins.

Re:

[Nerdfest]

Open API's are generally a good thing, although these days you seem to need some sort of user confirmation to stop them from being abused. The open API is not the bad part, the abuse is.

Re:

[Derek Pomery]

And that would suck for Firefox in the corporate world where they need to apply a company-wide extension.

Re:

[Derek Pomery]

http://www.frontmotion.com/Firefox/ [frontmotion.com]

Re:

[Vellmont]

None of that would be a problem if Mozilla had made it so third party programs can't install plugins.

How would that even be possible for a program where the source code is available, and the 3rd party has admin level access? Even for a close source program it's not possible if you're willing to reverse-engineer the program.

Not mucking with a program is essentially a gentleman's agreement. We all know Microsoft is NOT a gentleman, so they'll do whatever suits them the best.

Re:

[LiquidFire_HK]

That's not really possible. If you have filesystem access, you can install the add-ons the same way the browser does. How would Firefox stop that?

However, Firefox does show on startup if any new extensions have been installed - that's the way this thing was spotted.

Re:

[mjwx]

None of that would be a problem if Mozilla had made it so third party programs can't install plugins without express permission from the user.

There, finished that for you.

That will happen when you vote for it

[SmallFurryCreature]

That will happen when you vote for it, with your dollars.

MS will get the message when Windows sales drop because nobody buys their bullshit anymore... looks at MS sales figures... not yet it seems.

Customer: I demand you do what I say or else I will continue to buy your products like the sheep I am.

Company: Oh look, a talking sheep. Anyone want shiskebab? Dibs on the eyeballs.

Re:

[pizzach]

Unlike most software, it wouldn't surprise me if MS Windows sales mostly follows an inelastic demand curve. People buy it because they need it much like they need gas.

Re:

[IANAAC]

People buy it because they need it much like they need gas.

People don't *need* it at all. They get it most of the when they purchase a new PC.

No matter how easy Ubuntu (or whatever flavor of Linux we could talk about) is to install, people have already got an operating system on their PC and won't bother to install another one unless MS does something to truly piss them off. I say this as someone who pretty much immediately installs Ubuntu on any new machine I buy.

Re:

[pizzach]

People don't *need* gas at for transport either. They could just live close enough to work to bike or walk.

No matter how easy Ubuntu (or whatever flavor of Linux we could talk about) is to install, people have already got an operating system on their PC and won't bother to install another one unless MS does something to truly piss them off. I say this as someone who pretty much immediately installs Ubuntu on any new machine I buy.

Most people wouldn't change their operating system even if MS pissed them off. Most people don't know they have the option and they don't have a clue how to do it. This is part of the basis for my previous assertion. You might like doing what you do. Some people love biking, too.

If you look at job descriptions, many are asking for ability to use specific programs instead of generic skills. Many w

Re:

[cynyr]

autocad, solidworks, ProE, VBA macros in a spreadsheet, VB app from vendor, in house product selection system in VB.Net, A large amount of other business critical windows only software. Home users do't *need* it, but does "$2 pack of games from best buy" work with anything but windows? how about that cursor set from "the Internets"? yep, thats what i thought.

Any move needs to be tested and verified to work at 100% feature complete or if not 100% the cost in time of moving to the new system needs to be added

Re:

[Anonymous Coward]

If you use Windows Update, then Microsoft already has your consent to install software on your computer. And that consent isn't limited to any particular kind of software, either; by agreeing to the EULA, you've given them blanket consent to install whatever they think you should have.

Re:

[hedwards]

That's why I've set it to only download the updates, not install them. If MS is doing installing anyways that's not something that can reasonably be considered agreed to.

Re:

[Khyber]

"by agreeing to the EULA, you've given them blanket consent to install whatever they think you should have."

That won't matter in a case of Unauthorized Access of a Computer/Misuse of Computer against Microsoft for modifying software that does not belong to them without permission. EULAs can NOT circumvent the law.

Re:

[jim_v2000]

Somewhere along the line, you consented.

Typical Microsoft.

[jack2000]

No excuse, no sir. And here i was foolishly thinking they would make a public apology.

Why is this allowed from FF?

[beakerMeep]

I remember when this happened with some Silverlight thing in the past, but I can't remember what the reason was the Mozilla devs gave for allowing this type of silent local add on installation.

Found an old bugzilla debate/bug from 2009 (!) about when this happened previously. It seems some consider it a moot point because Firefox reports add-ons have been installed when it boots. Did this MS update get around that somehow?

Here's the link: https://bugzilla.mozilla.org/show_bug.cgi?id=476430 [mozilla.org]

And the old story from the last time MS did this: http://voices.washingtonpost.com/securityfix/2009/06/microsoft_patch_to_fix_firefox.html [washingtonpost.com]

Re:

[Machtyn]

What's great about Silverlight is that I had to install Firefox on a Windows 7 64-bit computer to get it to work (Netflix). Microsoft Silverlight doesn't currently work with Microsoft Internet Explorer 64-bit.

Re:

[hedwards]

It's not worse, there's no good reason why IE needs to be 64bit native. Nothing that IE does really needs the extensions and you're paying the 64bit toll without really getting anything out of it.

Re:

[Anonymous Coward]

No good reason? You do know that hardware DEP is default-disabled for 32-bit processes, no? Enabling it can cause all sorts of shittily-programmed plugins and applications to fail.

and you're paying the 64bit toll without really getting anything out of it.

This makes me think you have no idea what you are talking about and are stuck with a circa 2005 attitude. There is no toll, unless you count literally unnoticeable memory overhead. Performance benefit far outweighs this on average CPU intensive case.

Re:

[Your.Master]

The 32-bit version of IE enables DEP on itself by default (at least since IE8), so that's not much of an advantage.

A 64-bit version of Windows has both 32-bit IE and 64-bit IE installed, so you can run both side-by-side and compare the performance toll without much issue. That said, there is a 64-bit toll: plugins like Flash and Silverlight that only have 32-bit versions don't work in 64-bit IE. If you hate all plugins, then fantastic; if you ever want to watch hulu, there's your toll.

Re:

[Anonymous Coward]

There is no reason that the browser and all plug ins aren't 64-bit native today. There is no "64bit toll", quite the opposite. There is a "32bit toll" when running on a 64-bit OS.

Re:

[Khyber]

"There is a "32bit toll" when running on a 64-bit OS."

Citation, please. just because you don't use the entire address space doesn't mean it will take a 'toll' on the OS unless the OS has been programmed in the shittiest manner possible in the first place.

Re:

[Khyber]

Again that is just shit programming and software architecture.

It was installed on my system

[Anonymous Coward]

I was only able to uninstall this unwelcome extension by thinking in Russian.

So then. Microsoft is packing updates for bing

[unity100]

with its updates to its oses.

werent they recently bitchslapped by Eu for doing the very same thing, bundling and pushing their internet browser for decades to unsuspecting users ?

corporations never learn. apparently it will be up to Eu again to bitchslap them for the sake of justice.

Hand Wave

[FrostedWheat]

"This isn't the extension you're looking for."

This made things worse

[Posting=!Working]

Nothing was said about silently installing an extension to Firefox being completely wrong. No mention that it won't happen again. They've just about publicly admitting that they see nothing wrong with secretly installing changes to other companies software without need, notice, justification or a way to remove it.

Fuck Microsoft. Everybody who had this happened needs to file a complaint with the police under the hacking laws, installing unauthorized modifications to software of a competitor without permission is illegal, it doesn't matter if Microsoft does it, it's still illegal. Here in Kentucky, it's either a class A or B misdemeanor, depending on whether your time undoing it can be considered monetary damage.

Also, we only have Microsoft's word that it just affects search results in their toolbar. For all we know it's logging credit card numbers, recording your webcam, and copying your personal information and contents of your c:/porn folder for public display/blackmail later. They probably aren't, but then again, what have they done that's trustworthy lately?

"WGA thinks your copy of XP is unauthorized because you added memory and a graphics card. Your credit card has been charged $399.99 for a license."

Re:

[blankoboy]

And this is exactly (also WGA) why I am leaving the Windows platform. It has been a long ride with Bill Gates since W3.11 but I am done. I am leaving for greener pastures and never coming back.

Re:

[jim_v2000]

Why does everyone on this site go full retard when Microsoft is involved? I just looked in my addons/plugins on Firefox and I've got plugins for:

* Google's Picasa
* Hulu Desktop
* Google Update
* Google Earth
* Adobe Acrobat


I didn't specifically install any of those plugins, and yet they are there. Are you going to call out Google, Hulu, and Adobe for installing their plugins "silently"?

Re:

[cynyr]

did they remove it from those places that it had happened accidentally? provided a 1 click tool to do so? instructions to remove it?

Re:

[Anonymous Coward]

You know, all of these questions would be answered if you people read the fucking article. They did provide instructions on how to remove it.

Re:

[Posting=!Working]

I'm sure the EULA says all sorts of things. That doesn't make them legal.

Again?

[Anonymous Coward]

Didn't they do a similar thing with a .net addon?

Oh yes, they did. [annoyances.org]

Douchebags

[Runaway1956]

If Microsoft wants to make an addon, update, toolbar, or any other damned thing for Firefox, they should submit it through proper channels. If it's alright for them to make updates to Firefox, then it's equally alright for Jumpin' Jack Haxor Flash to start distributing updates for Windows.

Re:

[FlyByPC]

You imply that they're *not* the aforementioned J&k H@xx0r?

Re:

[Runaway1956]

I dunno - before I make up my mind, I want to hear them play this:

http://www.youtube.com/watch?v=mwmuiq4oMYc [youtube.com]

(and I think that baby doll in black is pretty hot - wish I was about 35 years younger!)

Competition...

[wannabgeek]

Way to go MS. I guess you got jealous that Apple is hogging all the bad press, so you had to do something to prove you're still the original evil company.

This is why I don't use toolbars

[FlyByPC]

No toolbars installed == no MS update. I don't even use Google's toolbar -- and I more-or-less trust them (at least more than M$, anyway).

Re:

[SteveFoerster]

Me too, and moreover, this is one reason why I don't use Windows.

Re:

[rvw]

Me too, and moreover, this is one reason why I don't use Windows.

At home OSX, at work Ubuntu, and for testing I use Virtualbox with an XP or 7 VM.

Re:

[Khyber]

You think you're safer by using OSX.

I don't know whether to laugh or cry, knowing the exploits I know about OSX.

The joys of having been an Apple Laptop repair tech in charge of the image servers - There are SO many vulnerabilities leftover from the days of 10.2 in the codebase that are still present even today. When people bork their Macs, it usually takes me four of five seconds after boot-up to know which exploit was used, assuming it wasn't a hardware issue that caused it in the first place (which was th

Bogus!

[woboyle]

What cruft! The number one reason why I am boycotting Microsoft and Apple is that they seem to think that they own my computing and communication devices and can install anything they want on them without my explicit permission. To heck with that! When are these pinheads going to get with the program, that doing so compromises the integrity and security of our systems and personal or proprietary information. I can accept auto-updates of already installed components, provided I opt-in to that, but if they ar

Re:

[maxume]

I don't think you know what a boycott is.

Also, if you manually applied the updates, it seems a bit tough to argue that they did anything unauthorized on your systems.

Auto update

[p51d007]

Another reason to keep your automatic updates DISABLED.

Toolbars?

[BCW2]

People are still foolish enough to add them? Wow, I thought they were all mal ware just like all pop ups. Who has time to check which ones aren't?

Re:

[josath]

I use the one from googlebar.mozdev.org all day long...i like being able to one-click access the many various google searches (maps / products / images / video / web / etc)

"Microsoft explains..."

[QuietLagoon]

Microsoft has always been under the false impression that just because "Microsoft explains" a bad deed, that the deed suddenly becomes OK.

Re:

[jim_v2000]

And people like you seem to be under the false impression that just because you don't understand something, it is bad.

I didn't get this installed on any of my computers. Guess what I don't have? The Bing toolbar! Who would have guessed?

Here we go again.

[penguinman1337]

M$ still thinks that they own every PC in the world. It doesn't matter if it even runs Windows or not. They've demonstrated this time and time again. Anyone remember the Suse linux controversy a couple years back? They still haven't gotten the idea through their corporate heads that the end user has a choice now on what to do with their system. Lets say you buy a computer with windows pre-installed. They pretty much say now that by even opening the box you agree to their EULA. Even if the first time you boo

Get the crap out

[larrythethird]

Has anyone tried to remove this crap from Firefox? All I can do is disable it.

Re:

[Kalriath]

They can't do that. The uninstall button being disabled is a design decision by Mozilla. Go bitch to them about it.