Microsoft inserts Firefox add-on with new updates (was: Surprised!)
Microsoft Basher "98 Guy" excerpted only the parts he
wanted to respond to, and replied in message
news:4C1246C6.2DB57565@Guy.com...
> glee wrote:
>
>> > Speaking of a criminal organization, how many of you are aware
>> > that Microsoft's last auto-update package delivered a firefox
>> > add-on that tampers with your browser's search functionality
>>
>> The Firefox extension and IE add-on from the "Search Enhancement"
>> update were only installed on systems that had the Live, MSN, or
>> Bing browser toolbar installed, since it is part of an update that
>> involves those toolbars.
>
> http://arstechnica.com/microsoft/ne...ips-ie-firefox-add-on-into-toolbar-update.ars
>
> ---------
> On one of our Windows systems, we had the Windows Live Toolbar
> installed
> for Internet Explorer but not for Firefox. Nevertheless, installing
> this update added the add-on/extension to both browsers without
> telling
> us that it would do so. On our second system, we had the Bing Bar
> installed for Internet Explorer, but it was disabled. Firefox was not
> installed. This system already had the update in question, so we
> decided to install Firefox. Not only was the Bing Bar extension
> present
> upon Firefox's first launch, but so was the Search Helper Extension.
>
> Additional testing determined that the update is only being offered to
> those with one of the Microsoft toolbars installed, regardless of
> whether they are enabled or disabled. It's unknown how many users
> fall
> into that scenario, but the toolbars often come bundled with new PCs
> and
> popular Microsoft downloads.
>
> The worst part of this issue is that Microsoft does not seem to be
> aware
> of it: a Microsoft spokesperson simply pointed us to the
> aforementioned
> Microsoft Support page that inaccurately describes the update. We
> asked
> the company for an explanation of why the extension was installed and
> what it does, but have yet to receive a reply.
> ---------
>
>> It was not installed as a "critical" update, it was listed as
>> an "important" update.
>
> My mistake. It was listed as important - not optional. Which means
> it
> will likely be downloaded automatically on most systems - without
> their
> owners knowledge or approval.
>
>> Exactly how does it "tamper" with your search functionality?
>
> This is the second time that Microsoft has tried to tinker with
> Firefox
> on people's PC's. Some people don't like it when new tool bars appear
> in their browser.
>
>> It updates browser integration for the toolbar, and is only
>> installed if the toolbar is already installed.
>
> Not true - read above. This firefox add-on is being installed even
> when
> those systems did not previously have a Bing / MS search add-on
> installed.
>
>> As usual, you report half-truths, and are only interested in
>> attacking Microsoft...
>
> Now that you know the full story, are you still sure that this add-on
> behavior is desirable for end-users, or is it desirable for Microsoft?
> Is it really an important add-on?
>
> Or will you be a Micro$haft appologist and psycophant and believe
> otherwise?
Oh I see....if I don't agree with you, I'm an apologist for Microsoft,
or Microshaft as you so childishly put it? It's obvious you're the one
with an agenda here.
So far, none of us knows the "full story", and I'd rather reserve
judgment until details of the update are made available, than just start
making unfounded conjecture. So far MS has not given details, which
certainly makes them look bad....something they don't need help doing.
You again made an inaccurate statement, when you wrote:
"Not true - read above. This Firefox add-on is being installed even
when those systems did not previously have a Bing /MS search add-on
installed."
I did "read above" and the article you cited clearly states:
"Additional testing determined that the update is only being offered to
those with one of the Microsoft toolbars installed, regardless of
whether they are enabled or disabled."
The update installs on the "system" into a folder tree that contains the
files for every browser that can install the toolbars and the "search
enhancement". If the toolbar is installed in IE but not in Firefox,
when the update is installed (with the files for both browsers), the
add-on for Firefox is installed from those files. I don't think that's
unreasonable, as otherwise the updater has to snoop into the Firefox
profile folders to determine whether the toolbar is installed in that
particular browser for EACH user profile (Firefox has separate profiles
for each user on the system)....and THEN you would be screaming bloody
murder that the update process was spying into the Firefox profile
folders! So the PROCESS used to install is actually not bad, given the
details of what's involved.
That said, is the update itself needed in the first place? Is it
actually "important" as it is listed? We don't know, because MS hasn't
given any info about it. Why not? Good question. Possibly because the
update is only delivered and installed by the Microsoft Update team, but
was written by the Windows Live Team...which covers all the
Windows Live applications. My Guess is it is far from important, and
doesn't do a darn thing of use for the user.
Graying out the Uninstall button for the add-on? Really bad practice!
Not indicating that it will install the add-on in Firefox, and that it
will even if the toolbar is only installed in IE? REALLY bad practice!
From what I've heard, the MS Update Services team is "looking into" what
this update does....they'll probably have to pull teeth from the Live
team to get answers. Left hand not knowing what Right hand is doing is
typical of large corporations, and MS is especially good at it.
Now, I'm still waiting to hear why you've had nothing to say for years
about the Sun Java Firefox add-on that's installed without warning by
Sun Java updates. It allows Java apps to run in the browser...not in a
sandbox...a potentially large security risk. Yet we hear not a peep
from anyone about that....why is that, I wonder? Because you're not
really interested in bringing real security issues to light, your only
interested in bashing Microsoft.
--
Glen Ventura, MS MVP Oct. 2002 - Sept. 2009
A+
http://dts-l.net/