14 June 2010 | 17,948 views

Microsoft Installs Firefox Add-on Without Asking During Recent Patch Tuesday

Check For Vulnerabilities with Acunetix

It’s not the first time Microsoft has had some issues with Firefox and add-ons they installed on users machines through Windows Update.

Back in October of last year, Mozilla forcefully disabled a .NET add-on as it was causing ‘instability’ rather a security/vulnerability issue. I did notice the issue with my own Firefox and also noticed that Microsoft likes to install their add-ons with NO uninstall button, which is dodgy in my books.

If they did it in IE, it wouldn’t be so bad as it’s their own product and if people choose to use it they have the rights to update it. But pushing their badly written add-ons into a 3rd party browser and not even giving people the change to uninstall them? That’s just wrong.

Microsoft has silently slipped a Firefox extension onto user machines via an automatic software update. Again.

This week, as part of its regular Patch Tuesday, Redmond released an update for its various browser toolbars, and as Ars Technica noticed, this update also installed an entire add-on for Internet Explorer and an extension for Mozilla Firefox – without asking users. Ars was unable to identify the installs, but Microsoft now tells The Reg that the update was installing the latest version of its Bing toolbar on machines that were running the older Windows Live Toolbar or MSN Toolbar.

The company says it has now, um, updated the update, and the silent toolbar install no longer occurs. The company calls the silent install “a bug.”

“We discovered a bug in the latest update that was installing the Firefox extension for users with the Windows Live Toolbar and MSN Toolbar (specifically people who have not upgraded to the latest version of the Bing Bar),” the company tells us. “We fixed the update so that going forward folks who still have only the older Windows Live Toolbar or MSN Toolbar will not see this behavior anymore.”

Oh so now a silent install is a bug? Usually people label it as spyware or malware. With the kind of marketshare Bing currently has – I’m really not surprised Microsoft is resorting to these kind of tactics.

The worst part seems to be, may users have removed it by following the Technet instructions…and it just keeps coming back and silently reinstalling itself!

But then it’s a risk you take, if you are using a Microsoft OS…you have to deal with this kind of behaviour. You can’t even escape their crapware by using a 3rd party browser!

The company apologizes for any inconvenience this may have caused.

Microsoft says that the update was supposed to include only its Search Enhancement Pack, a shared component used by the Windows Live Toolbar, MSN Toolbar, and Bing Bar. The Pack, the company says, enables certain toolbar features, such as the search suggestions drop down. The update was originally tagged with the Search Enhancement Pack label, but it also installed the Bing toolbar on certain machines.

The update was marked “important,” not “optional.” And Firefox users at MozillaZone weren’t too happy about the silent extension install. “I am still annoyed that Microsoft thinks it is ok to arbitrarily tack on something to my FF browser WITHOUT asking, and worst of all, disabling the Uninstall button! Why do they keep doing stupid things like that?!” says one posted.

Users were similarly peeved a year ago, when a service pack for the .NET Framework silently pushed a Firefox add-on. This add-on – Microsoft .NET Framework Assistant – enabled .NET apps to be installed with one click. It also shipped with a disabled uninstall button.

Seems like Microsoft are making a lot of excuses this time and why on earth is the update marked as important and not optional? Surely if it’s just a browser search add-on it should be optional, it’s not a security flaw so for most people it’s certainly not important.

Another reason why people who care switch to Linux, I wouldn’t say Linux or Mac…because Apple have a tendency to do the exact same thing with iTunes and QuickTime.

Source: The Register



Recent in General News:
- Google’s Chrome Apps – Are They Worth The Risk?
- Twitter Breach Leaks 250,000 User E-mails & Passwords
- More Cyberterrorism – Taiwan Political Party Accuses China of Hacking

Related Posts:
- Microsoft Preps Windows Security Fix for Patch Tuesday
- Microsoft IE7 Exploit Allows Remote Code Execution on XP & Vista
- Microsoft Rushes Out ‘Fix It’ For Internet Explorer 0-day Exploit

Most Read in General News:
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,080 views
- eEye Launches 0-Day Exploit Tracker - 85,068 views
- One Of The World’s Most Prolific Music Piracy Groups Busted - 43,464 views

Low-cost VPS Hosting

5 Responses to “Microsoft Installs Firefox Add-on Without Asking During Recent Patch Tuesday”

  1. Larry 14 June 2010 at 4:28 pm Permalink

    The first time Bing came up in my browser I though “MALWARE” and have avoided it since.

  2. CBRP1R8 15 June 2010 at 4:14 pm Permalink

    typical MS …..slick though….

  3. axm 1 July 2010 at 3:43 am Permalink

    I don’t have to worry as I have permanently disabled all MS updates. I just run Windows XP for some legacy programs through VirtualBox running on Linux machine. No worries either about any virus and stuff …

  4. Frank 15 July 2010 at 4:15 am Permalink

    I’ve been Microsoft free since 2003. Thanks Linus!

  5. anon 15 July 2010 at 8:20 pm Permalink

    I don’t agree with the author, because I do agree with the author. The author’s “If they did it in IE, it wouldn’t be so bad as it’s their own product and if people choose to use it they have the rights to update it.” is why. The users installed the MS toolbar of old, and MS decided to change its functionality. The only thing unusual is the vehicle, that the update was written as a firefox extension. As long as it only happened on machines running the “old” toolbars, then I don’t see an issue.