Back in October of last year, Mozilla forcefully disabled a .NET add-on as it was causing ‘instability’ rather a security/vulnerability issue. I did notice the issue with my own Firefox and also noticed that Microsoft likes to install their add-ons with NO uninstall button, which is dodgy in my books.
If they did it in IE, it wouldn’t be so bad as it’s their own product and if people choose to use it they have the rights to update it. But pushing their badly written add-ons into a 3rd party browser and not even giving people the change to uninstall them? That’s just wrong.
Microsoft has silently slipped a Firefox extension onto user machines via an automatic software update. Again.
This week, as part of its regular Patch Tuesday, Redmond released an update for its various browser toolbars, and as Ars Technica noticed, this update also installed an entire add-on for Internet Explorer and an extension for Mozilla Firefox – without asking users. Ars was unable to identify the installs, but Microsoft now tells The Reg that the update was installing the latest version of its Bing toolbar on machines that were running the older Windows Live Toolbar or MSN Toolbar.
The company says it has now, um, updated the update, and the silent toolbar install no longer occurs. The company calls the silent install “a bug.”
“We discovered a bug in the latest update that was installing the Firefox extension for users with the Windows Live Toolbar and MSN Toolbar (specifically people who have not upgraded to the latest version of the Bing Bar),” the company tells us. “We fixed the update so that going forward folks who still have only the older Windows Live Toolbar or MSN Toolbar will not see this behavior anymore.”
Oh so now a silent install is a bug? Usually people label it as spyware or malware. With the kind of marketshare Bing currently has – I’m really not surprised Microsoft is resorting to these kind of tactics.
The worst part seems to be, may users have removed it by following the Technet instructions…and it just keeps coming back and silently reinstalling itself!
But then it’s a risk you take, if you are using a Microsoft OS…you have to deal with this kind of behaviour. You can’t even escape their crapware by using a 3rd party browser!
The company apologizes for any inconvenience this may have caused.
Microsoft says that the update was supposed to include only its Search Enhancement Pack, a shared component used by the Windows Live Toolbar, MSN Toolbar, and Bing Bar. The Pack, the company says, enables certain toolbar features, such as the search suggestions drop down. The update was originally tagged with the Search Enhancement Pack label, but it also installed the Bing toolbar on certain machines.
The update was marked “important,” not “optional.” And Firefox users at MozillaZone weren’t too happy about the silent extension install. “I am still annoyed that Microsoft thinks it is ok to arbitrarily tack on something to my FF browser WITHOUT asking, and worst of all, disabling the Uninstall button! Why do they keep doing stupid things like that?!” says one posted.
Users were similarly peeved a year ago, when a service pack for the .NET Framework silently pushed a Firefox add-on. This add-on – Microsoft .NET Framework Assistant – enabled .NET apps to be installed with one click. It also shipped with a disabled uninstall button.
Seems like Microsoft are making a lot of excuses this time and why on earth is the update marked as important and not optional? Surely if it’s just a browser search add-on it should be optional, it’s not a security flaw so for most people it’s certainly not important.
Another reason why people who care switch to Linux, I wouldn’t say Linux or Mac…because Apple have a tendency to do the exact same thing with iTunes and QuickTime.
Source: The Register
- Google’s Chrome Apps – Are They Worth The Risk?
- Twitter Breach Leaks 250,000 User E-mails & Passwords
- More Cyberterrorism – Taiwan Political Party Accuses China of Hacking
- Microsoft Preps Windows Security Fix for Patch Tuesday
- Microsoft IE7 Exploit Allows Remote Code Execution on XP & Vista
- Microsoft Rushes Out ‘Fix It’ For Internet Explorer 0-day Exploit
Most Read in General News:
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,129 views
- eEye Launches 0-Day Exploit Tracker - 85,161 views
- One Of The World’s Most Prolific Music Piracy Groups Busted - 43,471 views