Home   Groups   Digests   Personalise   Search   Login
  POV-Ray : Newsgroups : povray.off-topic : Warning: Microsoft silently installing firefox extension : Re: Warning: Microsoft silently installing firefox extension Server Time
6 Sep 2024 11:17:07 EDT (-0400)
  Re: Warning: Microsoft silently installing firefox extension  
From: Lance Birch
Date: 12 Mar 2009 02:44:29
Message: <49b8af4d$1@news.povray.org>
 
Chris Cason wrote:
 > I found this article after searching on the subject of an extension that
 > had appeared in my Vista firefox install - one that I had not installed,
 > nor been asked permission to install. I checked my work PC (XP) and it,
 > also, had the extension. I'm surprised there's not more fireworks going
 > off about this, as it's precisely the sort of thing that makes IE so
 > much of a trundling disaster waiting for a place to happen.
 >
 >   http://www.annoyances.org/exec/show/article08-600
 >
 > Bonus: the extension installed by Microsoft has the 'uninstall' option
 > disabled.
 >
 > -- Chris

Thanks for letting us know about this.

I've just watched the .NET Framework update install via Windows Update and 
I can confirm that it does indeed install the extension without asking you 
and with no indication that it's doing it (and it also installed a plug-in 
called Windows Presentation Foundation without asking or notification as 
well).

I had Firefox running while the Windows Update was running and at no time 
was I prompted that an extension or plug-in was being installed and I was 
never presented with the normal extension install warning dialog that 
allows you to allow/reject an install.

Upon restarting Firefox after the Windows Update had completely finished, 
Firefox popped up the Extensions window telling me 1 extension had been 
installed, but I never was asked whether I wanted to install it (so 
couldn't tell it not to install it) and the Uninstall button is disabled - 
not happy.  Additionally the plug-in installation was completely silent; 
even Firefox didn't note that a plug-in had been installed.

I'm extremely surprised that it does this without telling you it's going 
to or giving you the option not to, and I'm surprised that Firefox doesn't 
pop up the standard "do you want to install this extension" dialog asking 
for permission.

Even more alarming is that the extension's option of "Prompt before 
running ClickOnce applications" is not enabled by default!

I have three words for Microsoft:  DO NOT WANT.

I'm astounded that this invasive install practice hasn't been all over IT 
news websites by now.  I use Firefox precisely because I don't want 
websites to be able to do whatever they feel like doing, and in wanders 
Microsoft and force-installs an extension that has the potential to let 
them do just that.

Now I'm going to have to go through the process that the article outlines 
to try to get rid of all this stuff...

I'm amazed that Mozilla hasn't taken Microsoft to task over this; it's 
exactly these kinds of sneaky force-install issues that create attack vectors.

NOT HAPPY.

Lance.

thezone - thezone.firewave.com.au


Post a reply to this message

Copyright 2003-2023 Persistence of Vision Raytracer Pty. Ltd.