It’s not the first time Microsoft has had some issues with Firefox and add-ons they installed on users machines through Windows Update.

Back in October of last year, Mozilla forcefully disabled a .NET add-on as it was causing ‘instability’ rather a security/vulnerability issue. I did notice the issue with my own Firefox and also noticed that Microsoft likes to install their add-ons with NO uninstall button, which is dodgy in my books.

If they did it in IE, it wouldn’t be so bad as it’s their own product and if people choose to use it they have the rights to update it. But pushing their badly written add-ons into a 3rd party browser and not even giving people the change to uninstall them? That’s just wrong.

Microsoft has silently slipped a Firefox extension onto user machines via an automatic software update. Again.

This week, as part of its regular Patch Tuesday, Redmond released an update for its various browser toolbars, and as Ars Technica noticed, this update also installed an entire add-on for Internet Explorer and an extension for Mozilla Firefox – without asking users. Ars was unable to identify the installs, but Microsoft now tells The Reg that the update was installing the latest version of its Bing toolbar on machines that were running the older Windows Live Toolbar or MSN Toolbar.

The company says it has now, um, updated the update, and the silent toolbar install no longer occurs. The company calls the silent install “a bug.”

“We discovered a bug in the latest update that was installing the Firefox extension for users with the Windows Live Toolbar and MSN Toolbar (specifically people who have not upgraded to the latest version of the Bing Bar),” the company tells us. “We fixed the update so that going forward folks who still have only the older Windows Live Toolbar or MSN Toolbar will not see this behavior anymore.”

Oh so now a silent install is a bug? Usually people label it as spyware or malware. With the kind of marketshare Bing currently has – I’m really not surprised Microsoft is resorting to these kind of tactics.

The worst part seems to be, may users have removed it by following the Technet instructions…and it just keeps coming back and silently reinstalling itself!

But then it’s a risk you take, if you are using a Microsoft OS…you have to deal with this kind of behaviour. You can’t even escape their crapware by using a 3rd party browser!

The company apologizes for any inconvenience this may have caused.

Microsoft says that the update was supposed to include only its Search Enhancement Pack, a shared component used by the Windows Live Toolbar, MSN Toolbar, and Bing Bar. The Pack, the company says, enables certain toolbar features, such as the search suggestions drop down. The update was originally tagged with the Search Enhancement Pack label, but it also installed the Bing toolbar on certain machines.

The update was marked “important,” not “optional.” And Firefox users at MozillaZone weren’t too happy about the silent extension install. “I am still annoyed that Microsoft thinks it is ok to arbitrarily tack on something to my FF browser WITHOUT asking, and worst of all, disabling the Uninstall button! Why do they keep doing stupid things like that?!” says one posted.

Users were similarly peeved a year ago, when a service pack for the .NET Framework silently pushed a Firefox add-on. This add-on – Microsoft .NET Framework Assistant – enabled .NET apps to be installed with one click. It also shipped with a disabled uninstall button.

Seems like Microsoft are making a lot of excuses this time and why on earth is the update marked as important and not optional? Surely if it’s just a browser search add-on it should be optional, it’s not a security flaw so for most people it’s certainly not important.

Another reason why people who care switch to Linux, I wouldn’t say Linux or Mac…because Apple have a tendency to do the exact same thing with iTunes and QuickTime.

Source: The Register

This is another tool that has been around for a long time and I’ve been using it for years since it’s earliest versions, oddly however I’ve never posted about it.

So here it for the few of you that haven’t heard of it, probably the best port scanner on the Windows platform, very fast and compact and has good banner grabbing functionality.

SuperScan 4 is an update of the highly popular Windows port scanning tool, SuperScan.

Windows XP Service Pack 2 has removed raw sockets support which now limits SuperScan and many other network scanning tools. Some functionality can be restored by running the following at the Windows command prompt before starting SuperScan:

net stop SharedAccess

Same goes if you’re using nmap for Windows.

Features

Here are some of the new features in this version.

• Superior scanning speed
• Support for unlimited IP ranges
• Improved host detection using multiple ICMP methods
• TCP SYN scanning
• UDP scanning (two methods)
• IP address import supporting ranges and CIDR formats
• Simple HTML report generation
• Source port scanning
• Fast hostname resolving
• Extensive banner grabbing
• Massive built-in port list description database
• IP and port scan order randomization
• A selection of useful tools (ping, traceroute, Whois etc)
• Extensive Windows host enumeration capability

You can download Superscan v4.0 here:

Superscan v4.0

Or read more here.

Note that SuperScan 4 is intended for Windows 2000 and XP only. Administrator privileges are required to run the program. It will not run on Windows 95/98/ME. You may need to try SuperScan v3 if this will not work with your system.

thc-Amap (Application MAPper) is another excellent tool more towards banner grabbing and protocol detection than OS-fingerprinting. But from the services running on a machine you can get a good idea of the OS and the purpose of the server.

Amap is a next-generation scanning tool for pentesters. It attempts to identify applications even if they are running on a different port than normal. It also identifies non-ascii based applications. This is achieved by sending trigger packets, and looking up the responses in a list of response strings.

Without filled databases containing triggers and responses, the tool is worthless, the authors would like you to help fill the database. How to do this? Well, whenever a client application connects to a server, some kind of handshake is exchanged (at least, usually. Syslogd for instance won’t say nothing, and snmpd without the right community string neither). Anyway, Amap takes the first packet sent back and compares it to a list of signature responses. Really simple, actually. And in reality, it turns out really to be that simple, at least, for most protocols.

Send the initial packets (sent and received) in tcpdump format for all wacko, proprietary and obscure applications. Send them to: amap-dev@thc.org. Please include application name and version.

Currently there are two tools for this purpose: Amap, and nmap – Both have their strength and weaknesses, as they deploy different techniques. We recommend to use both tools for reliabe identification.

The newer versions of nmap also have a banner grabbing feature.

You can download Amap here:

The source code of Amap: amap-5.2.tar.gz

The Win32/Cywin binary release: amap-5.2-win.zip

Or read more here.