|
|
Chris Cason wrote:
> I found this article after searching on the subject of an extension that
> had appeared in my Vista firefox install - one that I had not installed,
> nor been asked permission to install. I checked my work PC (XP) and it,
> also, had the extension. I'm surprised there's not more fireworks going
> off about this, as it's precisely the sort of thing that makes IE so
> much of a trundling disaster waiting for a place to happen.
>
> http://www.annoyances.org/exec/show/article08-600
>
> Bonus: the extension installed by Microsoft has the 'uninstall' option
> disabled.
>
> -- Chris
Thanks for letting us know about this.
I've just watched the .NET Framework update install via Windows Update and
I can confirm that it does indeed install the extension without asking you
and with no indication that it's doing it (and it also installed a plug-in
called Windows Presentation Foundation without asking or notification as
well).
I had Firefox running while the Windows Update was running and at no time
was I prompted that an extension or plug-in was being installed and I was
never presented with the normal extension install warning dialog that
allows you to allow/reject an install.
Upon restarting Firefox after the Windows Update had completely finished,
Firefox popped up the Extensions window telling me 1 extension had been
installed, but I never was asked whether I wanted to install it (so
couldn't tell it not to install it) and the Uninstall button is disabled -
not happy. Additionally the plug-in installation was completely silent;
even Firefox didn't note that a plug-in had been installed.
I'm extremely surprised that it does this without telling you it's going
to or giving you the option not to, and I'm surprised that Firefox doesn't
pop up the standard "do you want to install this extension" dialog asking
for permission.
Even more alarming is that the extension's option of "Prompt before
running ClickOnce applications" is not enabled by default!
I have three words for Microsoft: DO NOT WANT.
I'm astounded that this invasive install practice hasn't been all over IT
news websites by now. I use Firefox precisely because I don't want
websites to be able to do whatever they feel like doing, and in wanders
Microsoft and force-installs an extension that has the potential to let
them do just that.
Now I'm going to have to go through the process that the article outlines
to try to get rid of all this stuff...
I'm amazed that Mozilla hasn't taken Microsoft to task over this; it's
exactly these kinds of sneaky force-install issues that create attack vectors.
NOT HAPPY.
Lance.
thezone - thezone.firewave.com.au
Post a reply to this message
|
|