Is Microsoft Sabotaging Firefox With Sneaky .NET Updates?

[ñòóKýçrÕôK]

After mentioning this story in the Microsoft Word thread I decided to look into it a little more as the page I point to about it seemed more like a flame thatan actual story. So I did a little more searching and came up with this story.

Sabotage may be a strong choice of word, but it immediately came to mind with the news of Microsoft’s latest .NET update.

The Microsoft .NET Framework 3.5 Service Pack 1, unleashed in February, forces an undisclosed Firefox extension on Windows users, called “Microsoft .NET Framework Assistant 1.0″, and it does so without asking the users permission.

To add insult to injury, the extension not only injects a serious security vulnerability into Firefox (also present in Internet Explorer), but it disables the uninstall button, meaning the only way to get rid of it, is to edit the Windows registry - a course of action not recommended for your usual non-tech-savvy user, as dabbling in the dark arts of registry editing can open you up to a slew of problems, and potentially kill Windows altogether.

A report by annoyances.org ominously states..

“This update adds to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer: the ability for websites to easily and quietly install software on your PC. Since this design flaw is one of the reasons you may’ve originally choosen to abandon IE in favor of a safer browser like Firefox, you may wish to remove this extension with all due haste.”

The official purpose of the add-on is to add ‘One-Click’ support and the ability to report installed .NET framework versions to the web server, but it also allows websites to install software on a users PC without their knowledge. This is a very serious security flaw that effectively turns Firefox into an open gateway for malware, much like Microsoft’s own web browser, Internet Explorer.

At best, one could call this stealth install a serious conflict of interest between competing browsers - at worst, it’s out-and-out sabotage, not only of a user’s PC, but of Firefox itself, which has gained a reputation for stability and security, much to the chagrin of Microsoft.

In forcing this add-on down the throats of faithful Firefox users, Microsoft have circumvented the more honest approach to installing Firefox extensions, via the offical Mozilla Add-ons page, betraying the trust of its users in the process.

Microsoft Internet Explorer currently enjoys a market share of 66% due only to it’s forced integration with the Windows operating system, but Firefox is rapidly gaining ground, currently at an estimated 22% and climbing. Being a competitor in the browser market, Microsoft have absolutely no business injecting stealth add-ons into Firefox, let alone blocking them from the uninstall process.

http://startupearth.com/2009/05/31/microsoft-sabotaging-firefox-with-sneaky-net-updates/

It also goes on to say you can remove this update by following the instructions at this address. http://annoyances.org/exec/show/article08-600 . The reason I decided to go ahead and post this is because no sooner than I had entered my post in the Microsoft Word thread I got a notification updates were waiting to be installed on my computer. So I click on the notice and I'm scrolling through the LONG list only to find this.

Update to .NET Framework 3.5 Service Pack 1 for the .NET Framework Assistant 1.0 x86 (KB963707)

The description for this update reads

The update to .NET Framework 3.5 Service Pack 1 for the .NET Framework Assistant 1.0 for Firefox addresses several compatibility issues with version 1.0 of the extension.

More information for this update can be found at http://support.microsoft.com/kb/963707

More and more Microsoft is giving people less reason to trust anything they pretend to stand for as a business with their "I will do as I please" attitude.

[Cobra]

Oh for crying out loud!

Bad enough being worried about MS vulnerabilities, but now they are ADDING vulnerabilities to non-MS software? 

[ñòóKýçrÕôK]

Ok. I did some further checking on this "security update". Funny how they claim this as a security update yet it's their own doing huh? The particular update I show in my  post above is actually to make it so you can disable this .NET version reporting and uninstall it if I wish to. Here's the thing, I never installed that update that put the addon in my Firefox. According to the article it's another backdoor update courtesy of Microsoft. The support link I posted is actually another link on how to safely remove the addon. The one thing I didn't see at the support link was an apology to Mozilla for altering a competitors software without permission and risking their reputation in the software market. No apologies to any Firefox  users for knowingly making them vulnerable to web attacks to their computers without first, offering the user the right to decide to install the update or not, second, sneaking it in under the radar with a stealth install, third, making it so that a user who might actually recognise the threat and wish to remove it would HAVE TO uninstall Firefox just to get rid of it and even then it was written to the registry so that may not have actually gotten rid of it, and fourth, just showing absolutely no class by not being muture enough as a company to come out and at the very least saying "hey were sorry, we know we really screwed up!". What I would like to see come out of this is some sort of suit from Mozilla against Microsoft for knowingly and willingly violating yet another copywritten peice of software. I would also see some of the legit Microsoft operating system users caome out and sue them for violation of trust and opening their private property (their pcs, not the operating system) up to a legitimate threat.

[White Stripes]

if you have no apps that use .NET there is no reason to have it installed at all.... so do a check of what apps you have installed (to make sure) and just be rid of it.... it'll free up quite a bit on your hdd if nothing else >.>

PS they also consider the unfinished IE8 a critical update.... if that says anything...

[p2p rules]

Thanks ñòóKýçrÕôK, I followed the instructions and removed .NET Framework Assistant 1.0 from Firefox.