Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Firefox Mozilla IT Technology

Mozilla Has Defeated Microsoft's Default Browser Protections in Windows (theverge.com) 140

Mozilla has quietly made it easier to switch to Firefox on Windows recently. From a reporrt: While Microsoft offers a method to switch default browsers on Windows 10, it's more cumbersome than the simple one-click process to switch to Edge. This one-click process isn't officially available for anyone other than Microsoft, and Mozilla appears to have grown tired of the situation. In version 91 of Firefox, released on August 10th, Mozilla has reverse engineered the way Microsoft sets Edge as default in Windows 10, and enabled Firefox to quickly make itself the default. Before this change, Firefox users would be sent to the Settings part of Windows 10 to then have to select Firefox as a default browser and ignore Microsoft's plea to keep Edge. Mozilla's reverse engineering means you can now set Firefox as the default from within the browser, and it does all the work in the background with no additional prompts. This circumvents Microsoft's anti-hijacking protections that the company built into Windows 10 to ensure malware couldn't hijack default apps. Microsoft tells us this is not supported in Windows.
This discussion has been archived. No new comments can be posted.

Mozilla Has Defeated Microsoft's Default Browser Protections in Windows

Comments Filter:
  • by shm ( 235766 ) on Monday September 13, 2021 @10:32AM (#61791673)

    Set up a friendâ(TM)s Windows 10 machine for him and Edge insists on whining to be the default when itâ(TM)s already the default.

    Microsoft is the Macâ(TM)s star campaigner.

  • by bill_mcgonigle ( 4333 ) * on Monday September 13, 2021 @10:35AM (#61791687) Homepage Journal

    ... 'till Lotus won't run.

    2021 edition.

    • Revenge of the AARDs
    • ... 'till Lotus won't run.

      2021 edition.

      I'll note that I have Lotus 123 (and AmiPro) from SmartSuite 9.8.0 installed on my Windows 10 system, for some legacy spreadsheets I've been too lazy to migrate to MS Office (mine's at 2010) or LibreOffice, and it works just fine.

      • by janeil ( 548335 )

        Sure, it works now, but can you buy it? Still pretty cool that it works. So does vc.com, the first killer app.

    • Yuck Notes.
      Used that at my second tech job that I had for 5 years. It was a giant piece of slow crap.
      And we couldn't get anything newer or even Outlook since the CEO was a cheap bastard.

      Computer Generated Solutions. Tampa, FL. Don't work for them. Don't hire them. Unless cheap is the only thing you want.
  • "But we use it anyway"

  • by couchslug ( 175151 ) on Monday September 13, 2021 @10:41AM (#61791717)

    Only Samsung Internet and Opera are lower:

    Statcounter Global Stats
    Browsers Percentage Market Share
    Browser Market Share Worldwide - August 2021
    Chrome 64.92%
    Safari 18.77%
    Edge 3.56%
    Firefox 3.54%
    Samsung Internet 3.06%
    Opera 2.17%

    • other than firefox all those browsers are webkit based under the hood so other than the UI they are all about the same browser (except firefox)
      • Plus Samsung Internet is a mobile browser. By it's nature one isn't going to see it elsewhere.

        • mostly true, it is also in samsung tablets and i bet most tablets are used at home, i wonder if some samsung smartTVs have samsung browser since the OS in the TV is android it could be samsung's browser
      • by Merk42 ( 1906718 )
        Well most are Blink under the hood, Safari is the only one that is WebKit.
        Yes Blink branched from Webkit, but then might as well say most are KTHML.
      • other than firefox all those browsers are webkit based under the hood so other than the UI they are all about the same browser (except firefox)

        So why choose one over the other? If they were all "about the same browser" then it wouldn't matter which you chose but the fact that they aren't the same browser is the reason why people choose one over the other. Users don't care whether the engine is WebKit or Gecko or Blink or whether Blink is based on WebKit or that WebKit is based on KHTML, in fact the overwhelming majority of users wouldn't even know that.

    • by Tx ( 96709 )

      Presumably since Firefox is open source, this could make its way into other browsers, if they want to go that route, so it might have an effect regardless of Firefox's market share. But yes, as an ex Firefox user, it's sad to see those numbers. How the mighty have fallen.

      • by kalpol ( 714519 )
        sad also because Firefox is really quite good still, and not Google.
        • by Anonymice ( 1400397 ) on Monday September 13, 2021 @11:38AM (#61792005)

          I really don't understand the hate that Firefox gets. I run a lot of tabs & for me it has always out performed Chrome. I just don't understand why it lost so much ground to Chrome or why the tech community has been so happy to jump unquestioningly into the embraces of Google.

          The Mozilla organisation as a whole may have made a couple of missteps along the way, but I still trust it far more than I trust Google.

          The tech community is usually extremely resistant about unquestionably handing so much power over our open infrastructure to commercial monopolies, and yet it's skipped into the embraces of our Google overlords with open arms.

          I don't get it!?!

          • by Alumoi ( 1321661 ) on Monday September 13, 2021 @12:35PM (#61792317)

            I really don't understand the hate that Firefox gets. I run a lot of tabs & for me it has always out performed Chrome. I just don't understand why it lost so much ground to Chrome or why the tech community has been so happy to jump unquestioningly into the embraces of Google.

            It's the chromification and the dumbing dowon of Firefox that broke it.

            • It's the chromification and the dumbing dowon of Firefox that broke it.

              "They dumbed down Firefox & made it more chromelike, I'm moving to Chrome in protest!"

              WTF people?!

              • Makes sense, if you're using Android or ChromeOS why go to the effort to switch those from their defaults to Firefox?
          • Most people aren't aware that Quantum is a thing and think Firefox is still a browser that runs all tabs in the same process and has blocking JavaScript. And Mozilla doesn't have the marketing money to change that perception. Also, a personal pet peeve of mine is that the UI is strange, with things like digging into history and restoring tabs being way more complicated than they need to be.

            At this point, the best Mozilla can do is copy the Chrome UI to a certain extent (sorry purists) and offer a built-i
            • Basically, Mozilla is deluding themselves if they think they can beat Google at their own game, aka UI usability and online services integration. They need to offer a browser with a familiar experience for converts (remember that, at this point, Mozilla is the underdog) and also be the browser that offers what Chrome can't due to corporate aka Google ad revenue reasons.
          • Biggest bitching recently with Firefox was every time there's a new update everyone complains that there's yet another update. But it's just following the Chrome model of rapid pace of updates with irrelevant features. So it's baffling that some bitch at Firefox for this but aren't bitching about Chrome. I really saw very little complaints about Chrome's update model - when was the last Slashdot story listing the irrelevant features in its latest update? Meanwhile there's a long history of Slashdot stor

            • Biggest bitching recently with Firefox was every time there's a new update everyone complains that there's yet another update. But it's just following the Chrome model of rapid pace of updates with irrelevant features. So it's baffling that some bitch at Firefox for this but aren't bitching about Chrome. I really saw very little complaints about Chrome's update model - when was the last Slashdot story listing the irrelevant features in its latest update? Meanwhile there's a long history of Slashdot stories about this on Firefox.

              This is if anything selection bias. Nobody here is foolish enough to use Google malware known as Chrome. Chromium perhaps yet certainly not Chrome.

          • Follow the money? How much does Google pay (or provide credit) for converting a web site to Chrome-only, blocking Firefox? How much does it pay your company to make Chrome your local default? How much did it pay MS to convert Edge to a Chromium skin? All under the table of course, or through barter of some kind.

            I've been quite happy with Firefox. Did divert to Pale Moon and Waterfox for a while when FF was going through some hard times with its UI (mostly working OK now) and extensions system (also mostly w

          • Everybody in the "tech community" uses Firefox despite the fact they hate it. It's just like the current political climate where your only choice is to vote for the person you hate the least.

            I kinda fall into the "independent" category, where I use a fork of Firefox for everyday use and the official Firefox when compatibility is an issue. Supposedly, that's just helping to kill Firefox, but that's the only way I can send a message to Mozilla that they should start doing what the forks are doing, rather th

          • Because Firefox's audience may not like their browser vendor call for more 'deplatforming' : https://blog.mozilla.org/en/mo... [mozilla.org]

            Or the firing of Stallman from the FSF board: https://mobile.twitter.com/moz... [twitter.com]

            Or pushing out the creator of Javascript for opinions from half a decade earlier: https://eu.usatoday.com/story/... [usatoday.com]

        • And adblock/noscript work with Firefox. The only reason I have Chrome is for the in-house corporate web apps where I have no security plugins, and at home for a couple web sites only that don't play well with security.

          • This! I use FF at home, with Edge (hey, I'm mostly in Windows) as a backup if something I *really* want to see blocks FF. Without NoScript (and even with Adblock), Edge/Chrome let just too much junk through. FF gives me more control. The price of that is inability to use web sites that have bought completely into the Chrome system and don't work without unlimited ad/malware access to your computer. Most of the time, no great loss.

      • by Ksevio ( 865461 )

        It's probably even worse than that since Chrome and Safari would be more on Windows/Mac

      • How the mighty have fallen.

        Heh, the real might was/is in Netscape [seamonkey-project.org], never Firefox, which was nothing but a crippled version of Netscape in the beginning anyway. That's why it was initially popular. Then they wanted to imitate Chrome, so why not just use Chrome?

    • by godrik ( 1287354 ) on Monday September 13, 2021 @11:16AM (#61791879)

      Oh, WOW!

      I did not realize that firefox's share dropped SO much recently. (spoiler alert, they did not drop THAT much)
      Not long ago, they were still at 15% (5 years ago). I wonder what happened.

      (investigating)

      Looking at the charts, there seem to be two stories that unfolded at the same time.

      1/ The share of mobile phone browser increased significantly. There are about twice the number of mobile browsers as desktop browser. And firefox is essentially absent from that market. But still even on the desktop, they are only 8%.

      2/ The second story is pretty much that chrome ate everybody else.

      • by waspleg ( 316038 )

        about:config doesn't exist at all on the mobile version, I use it, but it's worse than the desktop and this one still has plenty of undesirable recent changes (mostly related to attempts at monetization and terrible UI changes made by morons)..

        • by godrik ( 1287354 )

          I tried to use the mobile version of firefox to be able to use plug ins like noscript and stylus.
          I haven't tried in a couple of years. But it was just plain unusable.

          • I use NoScript and uBlock Origin on my mobile Firefox. Works fine.

          • Mobile browsers are just shit. You can't use adblock, so any time I am using a browser on the phone or ipad the web performance is absolutely terrible as you wait for more and more ads and scripts and image and videos to load before you see any of your content. I gave up trying to get a browser that was useful on a phone. Instead I just limit using the phone for anything that's not a phone call, work mail, text, or podcast in the car. If I get a link to click on I wait until I'm at my desk.

        • about:config doesn't exist at all on the mobile version, I use it, but it's worse than the desktop and this one still has plenty of undesirable recent changes (mostly related to attempts at monetization and terrible UI changes made by morons)..

          Fennec 68 is the last usable version of Firefox for Android. Mozilla has some batshit crazy people making some batshit crazy decisions.

      • by AmiMoJo ( 196126 )

        The lack of a decent mobile version keeps people off the desktop version too. It's getting better but a lot of stuff is still broken in Firefox for Android, and getting it fixed is proving very difficult.

    • Damn, I didn't realize Firefox has dropped market share as sharply as it appears. *cue Netcraft confirmation*

    • This is perhaps why Firefox use has declined, it was harder (more clicks) to set it as the default. Users getting nagged to use Edge may have shifted back to Edge, just to cut out the nag.

      I like Mozilla's energy on this, the OS wasn't playing nice, so they fixed it their way. If I used MS then I'd be very inclined to take notice o this.

    • I htink you may be counting smart phone browsers in that list? Which really is unfair because clearly the Firefox on desktop versus phone is drastically different in everything except the logo; same with Chrome, same with Safari.

    • by janeil ( 548335 )

      That can't be right, where is Seamonkey in this list?

    • I would expect it to drop below Samsung Internet soon, and that is pretty fucking sad given how dismal that app is.
  • Dope (Score:5, Funny)

    by ThurstonMoore ( 605470 ) on Monday September 13, 2021 @10:47AM (#61791735)

    Firefox is dope and does dope shit.

  • by takionya ( 7833802 ) on Monday September 13, 2021 @10:51AM (#61791757)
    This circumvents Microsoft's anti-hijacking protections that the company built into Windows 10 to ensure malware couldn't hijack default apps

    This is bullshit and you know it. The only purpose of these “protections” is to force Edge onto the end user. How sad to see slashdot reduced to regurgitating Microsoft propaganda on what used to be a technology forum.
    • It's also bullshit because it's Microsoft that wrote the bypass for Edge. I'm actually a little bit surprised that it was Mozilla who hijacked it rather than some malware writer.

    • by Ksevio ( 865461 )

      I can see that being in general a good protection, but it looks like they added an exploit to the protection to push Edge which Firefox is now taking advantage of

      • This. I don't know how many computers I used to see with some malware-laden build of Chromium set as default before the change. It's a change for the better, but they should have followed their own rule.

        • by sjames ( 1099 )

          MS has apparently learned nothing in 20 years. This is FAR from the first time MS has been called into question for enhanced APIs in Windows available only to other MS products being used as an illegal competitive advantage.

          It's especially sad now that Edge is really just re-packaged Chromium.

        • Why do you need to go to the trouble of creating a malware-laden build of Chromium when Edge comes pre-installed as a malware-laden build of Chromium?

    • The article is not really off base. Mozilla is just exploiting another hole in Microsoft's garden walls. If they lose a bit of market share, like say down to 50-60%, they can lock it down completely without getting sued

    • Re: (Score:2, Informative)

      by thegarbz ( 1787294 )

      The only purpose of these “protections” is to force Edge onto the end user.

      Hi Gen Z'er welcome to the world of technology. Since you're new here let us give you a brief history lesson. Once upon a time there was a browser, and it was the default. There were not protections. Then 5 minutes later that wasn't your browser anymore because EVERY FUCKING PIECE OF SOFTWARE HIGHJACKED IT. Literally hundreds of pieces of software happily installed another browser covertly highjacking every URL with the sole purpose of of displaying you ads. And no not the "Edge is faster" ads, but the "her

      • by TheNameOfNick ( 7286618 ) on Monday September 13, 2021 @12:14PM (#61792213)

        People wanted to download any software without care and then asked to be treated like toddlers to not have to deal with the consequences of their stupid behavior. THAT is how we got to where we are now, to being treated like toddlers by all the big tech companies. Of course Microsoft is going to exploit that and tell you it's all for your own good, you silly child. And apparently everybody's loving it, because these companies rake in the money, even though free and less exploitative options are still available.

      • Re: (Score:2, Informative)

        by BAReFO0t ( 6240524 )

        I lived through those times,
        and literally not a single bit of that is true.

        Nobody complained to MS about that, let alone those people who can't tell the difference between a browser and Google* that install such crapware.
        and MS also changed nothing about that either.
        Not even with this very change we're talking about here.
        This very article is proof that of that.

        So quit your revisionist history bullshit.

        ___
        * That's a literal question I was asked once: "What's the difference between a browser and Google?".

      • by Spamalope ( 91802 ) on Monday September 13, 2021 @01:06PM (#61792473)
        Once upon a time a company made a browser that would auto download programs that'd run as admin on your PC with no restrictions. None. On the Internet!

        They made it the default on the primary OS of non-technical users. On the Internet, the most hostile of networks.
        Then they engaged in scandalous tactics to force users into keeping it. Really. I mean, who wouldn't want to let just anyone control their PC, right?
        Eventually this company lost an anti-trust case. In part for doing anti-competitive things to competing web browsers. Remember?
      • These days it's Microsoft hijacking default app settings (and not just browsers). Every fucking Windows update resets a bunch of file types (including e.g. most images) to open with bundled applications.

      • Relevent historical documentary: https://www.youtube.com/watch?... [youtube.com]

      • The only purpose of these “protections” is to force Edge onto the end user.

        Hi Gen Z'er welcome to the world of technology. Since you're new here let us give you a brief history lesson. Once upon a time there was a browser, and it was the default. There were not protections. Then 5 minutes later that wasn't your browser anymore because EVERY FUCKING PIECE OF SOFTWARE HIGHJACKED IT. Literally hundreds of pieces of software happily installed another browser covertly highjacking every URL with the sole purpose of of displaying you ads. And no not the "Edge is faster" ads, but the "here's 3/4 of your screen covered with blinking bullshit spanking monkey, hot singles in your area, you need viagra, and you have viruses (yeah no shit) click here to clean them now" kind of ads.

        People got sick of it. People complained. OS vendors listened and added protections to prevent the default browser being changed without human consent.

        That's where we got to where we were today. The fact you're too young and don't remember a time where computers were a shitshow, and never had to clean multiple "fake" browsers off your parent's computer doesn't make you right, it makes you ignorant.

        Sincerely - Slashdot users who remember.

        That the old situation was broken doesn't mean the new solution was the only way.

        Microsoft could have set up an API call where the user is very clearly told what is happening (default browser changing from X to Y and don't do this if changing browsers isn't exactly what you want).

        If this was still too exploitable they could have set up a whitelist where trusted organizations could sign their binaries and only these browsers could use the API call.

        Instead, Microsoft used the opportunity to try discouraging p

      • by vbdasc ( 146051 )

        Hi Gen Z'er welcome to the world of technology. Since you're new here let us give you a brief history lesson. Once upon a time there was a browser, and it was the default. There were not protections. Then 5 minutes later that wasn't your browser anymore because EVERY FUCKING PIECE OF SOFTWARE HIGHJACKED IT.

        Honestly, the story you tell looks suspicious to me. What you describe is simply an infestation with malware, and how, for Pete's sake, a protection mechanism which just makes switching default browsers difficult, does stop the malware? It can't and doesn't. If you already have invited malware to your system, then it's game over and you've lost. If it can't change the handler for .html files and URLs, then it will change the handler for .xls, .txt and .exe files for even more interesting results. If it does

    • This circumvents Microsoft's anti-hijacking protections that the company built into Windows 10 to ensure malware couldn't hijack default apps

      This is bullshit and you know it. The only purpose of these “protections” is to force Edge onto the end user.

      It's both. For a while toward the end Win7/beginning of Win10 era, on more than one occasion I had users' computers using sketchy Chrome counterfeit. Some of them were at least somewhat-okay ("AVG Secure Browser" comes to mind), others were not, slightly replicating the Google look-and-feel while feeding spammy ads and doing lots of extra tracking and DNS hijacking, probably Monero mining in the background...and that's assuming it wasn't slurping passwords, which I couldn't check. And, of course, nobody eve

      • My mom would get Chrome (the real Chrome) added all the time. And she didn't know how. I knew how she got it though, she just clicked on "ok" because her malware would insist that it should install Chrome and she didn't read that part. Because it thought you had to install a browser over IE but it never check that it wasn't actually overwriting Firefox or Opera or something else. And of course the new Chrome that got installed had no default protections applied, or ad block, and all the malware would sh

      • by Rhipf ( 525263 )

        I guess I must be doing something wrong. I have never had Edge reassert itself as the default browser. Ever. Once I have set my browser preference it has always stayed until I manually change it. This has been true over multiple updates of Windows 10.
        There are several occasions when Edge or IE will run instead of the default (usually when using Microsoft programs that specifically call Edge/IE) but even then the default browser has always stayed at whatever I had set it to.

        • I've had, for the most part, similar experience. The only time it's changed is when a feature update is the real thing - a new version of Windows. That hasn't happened for more than a year, recently. It does constantly nag me that a "restore is needed" in the Settings dialog, but I can ignore that.

          Feature updates *have* changed other defaults, seemingly randomly. Sometimes PDF gets reset from Sumatra or Adobe to Edge. Other times images get reset from Irfanview to Photos. Switching back is usually fairly st

    • i bet the guy that figured this out for mozilla is the same guy that thought it would be good to have firefox constantly rewrite the file association for JPEG in the windows registry to save images as dot jfif sliently such that i had to set that key to be read only.
  • I have karma to burn, let's go.

    I see Microsoft Edge picked on a lot, and to a lesser degree Chrome, but everyone seemingly forgives Apple. Apple even goes farther; other browsers are all but banned, they must use the Safari rendering engine.

    Modern OSs also have default application settings that can only be set by the user, not be random applications which may or may not have user permission. This is a good change. It's worth noting Microsoft has extended this feature to default file associations, pinned tas

    • Re: (Score:3, Interesting)

      by chx496 ( 6973044 )

      The problem here is that it's not a level playing field.

      In the settings dialog, it's not just that Edge is marked as the default, it's that there's a lot of pestering if you switch away from Edge, but no pestering at all if you switch to edge. Edge is also marked as "Recommended for Windows 10" there. I'd have no issue with a text "Default in Windows 10", but "recommended" goes quite a bit further here.

      If you start Edge on a system where Edge is not the default browser (for example because a third-party app

    • by ichthus ( 72442 )

      Apple even goes farther; other browsers are all but banned, they must use the Safari rendering engine.

      I don't have a Mac, so I can't directly refute this, but it seems weird that Mozilla provides a version of Firefox for Mac [mozilla.org], if nobody can install or use it.

      • by Rhipf ( 525263 )

        For iOS you can install other browsers (such as Firefox) but those browsers have to use the Safari (Webkit) rendering engine (i.e. Firefox cannot use their usual Gecko/Quantum rendering engine in iOS). On a Mac with MacOS it is a different beast and browsers other than Safari can use their own rendering engines (i.e. Firefox on MacOS uses the Gecko/Quantum rendering engine).

    • by Bert64 ( 520050 )

      Apple does not ban other browsers on MacOS. You can install your own browsers, change the default or even remove Safari.

      iOS is a different game, but then windows phone didn't let you install other browsers either. Most other appliance type devices (tv sets, games consoles etc) also don't let you change the default browser if they have a browser built in.

    • Apple even goes farther; other browsers are all but banned, they must use the Safari rendering engine.

      on iOS. This is not true on MacOS

  • anti-trust enforcement.

    How different would the landscape be if they had any real penalties in the 90s?

  • Is this why Firefox has been acting dodgy lately? It keeps crashing on me, for one. Anyone else see such? I'm my dozen years of using it, I've almost never seen it screw up so often. I tried switching off the pluggins.

  • Microsoft will claim to see this as a zero-day attack vector, and will quickly patch the "vulnerability."

  • If your software app uses a different approach for changing default browsers than the one sanctioned by Microsoft (which is the one that nags people to stay with Chrome), then Microsoft (per their policy docs) will use their anti-malware functionality to uninstall your app. IOW, they recognize that people can/will reverse engineer solutions like this and came up with a different way to dissuade people from using it.

    TBD if Microsoft carries through on that policy threat with Firefox, but this is a/the reaso

  • All that energy would have been better spent on making Firefox more user-friendly and sticking with an interface that both works and makes sense, instead of trying to look like a chrome clone.

  • Title says it all. Go ahead Firefox, kick the butts. Let's go!

  • Microsoft tells us this is not supported in Windows.

    "Windows API calls for me, but not for thee." You know what else isn't supported in Windows? Users.

  • Installing free software

    Microsoft Corp.

    1. Install the Microsoft product you want to install.
    2. ...
  • Now we will be able to enjoy our new-found freedom, until the next week, when the vulnerability will be patched with an update. Honestly Mozilla, it would be better if you concentrated your efforts towards something useful, but not the next UI change, please.

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...