Sneaky Microsoft Add-On Put Firefox Users At Risk

CWmike writes to mention that the "Windows Presentation Foundation" plugin that Microsoft slipped into Firefox last February apparently left the popular browser open to attack. This was among the many things recently addressed in the massive Tuesday patch. "What was particularly galling to users was that once installed, the .NET add-on was virtually impossible to remove from Firefox. The usual 'Disable' and 'Uninstall' buttons in Firefox's add-on list were grayed out on all versions of Windows except Windows 7, leaving most users no alternative other than to root through the Windows registry, a potentially dangerous chore, since a misstep could cripple the PC. Several sites posted complicated directions on how to scrub the .NET add-on from Firefox, including Annoyances.org."

Re:Sabotage?

[Voulnet]

On the other hand MS shouldn't want Windows machines to be anymore vulnerable.

Re:Not true

[Neon Spiral Injector]

That may not be entirely true. Have a look at this:
http://adblockplus.org/blog/the-return-of-net-framework-assistant [adblockplus.org]

Re:Sabotage?

[Thinboy00]

Given that Nintendo is legally required to warn you prior to updating your Wii that such updates break homebrew, I cannot possibly imagine that Microsoft is allowed to break your software without your consent.

Re:Sabotage?

[jamstar7]

Too many movies makes you think strange things. For instance most people see the CIA as a bunch of bad asses with cell phone watches that project holograms of your dossier into thin air while sending you messages via ESP. Real life: rotary phones, paperwork in triplicate, and a gigantic fucking bureaucracy that thinks pagers are still useful.

Or the idea of NSA 'agents' running around shooting up everything in sight (because the CIA isn't the big Boogie Man anymore). Real life: Bunch of bureaucrats overseeing a bunch of pastyfaced nerds and cubicle rats busy doing signal intercepts and codebreaking. Though the bandwidth and internet access is great, I hear...

Re:except Windows 7

[Anonymous Coward]

What was particularly galling to users was that once installed, the .NET add-on was virtually impossible to remove from Firefox. The usual "Disable" and "Uninstall" buttons in Firefox's add-on list were grayed out ...

As is the add-on "Ubuntu Firefox Modifications"; that you get - whether you want it or not - when installing Ubuntu.

Re:except anything but Windoze

[Evil Shabazz]

Yeah, but where can I find free and secure alternatives to Windows that run the applications I want to run? Specifically, I'm currently only using my home computer for - Internet, Email, and Gaming. The first two, okay. But where can I find this free, secure OS that will run both Aion and NBA 2K10 for me? I'm not asking to be completely sarcastic - I actually would consider moving away from Windows if I could find an alternative for gamers... It's getting here, slowly. Didn't Valve recently say they'd make their games for Linux?

Re:Sabotage?

[interkin3tic]

Not surprisingly this comment is sitting here unmoderated

Only for half an hour. An hour later, it is up to +5. I guess the "nucleation" for moderations is the slow step, it has seemed to me that most moderations are done on posts already moderated once. Looking over my comments, I usually notice that most of my posts are unmoderated, the ones that are are usually moderated more than once. I don't really think my posts are either +5 great or +0 meh. Most people with mod points must be lazy and don't browse in full.

Re:Almost

[edxwelch]

I have automatic windows updates disabled and it was installed on my machine. To tell you the truth I found half a dozen microsoft addins and plugins installed stealthly

Re:Almost

[Kell Bengal]

Also the case for me - I review each and every update to make sure it's something I really want/need.

Isn't this like corporate espionage?

[Orion Blastar]

Placing an "add-in" in a competitor's product to render it more vulnerable to attacks and crashes seems like more the DOJ needs to investigate into Microsoft. Because it is hard to remove or disable, it could also be considered malware of some type. There might even be a class action lawsuit against Microsoft for Firefox users. If so sign me up, as that add-in caused my Firefox to crash more often and caused me to lose productivity and gave me emotional and psychological damage. I suffer from schizo affective disorder and the add-in caused crashes and lockups that activated my disorder and made it worse. That makes me more sensitive than normal people.

It took a registry hack and deletion of hidden files to get rid of it, but my Windows XP crashes every three days now since I removed it. Automatic updates of Dotnet frameworks add it back in for some reason.

Re:Sabotage?

[hAckz0r]

You had me going there right up to the "Algol-60" part. In 2009? After all everybody her on SlashDot knows that Algol-68 is the most recent version! Why would anybody be using a back-dated version of a language?

Ok, seriously. Why Algol-60?

Re:Sabotage?

[shutdown -p now]

Ok, seriously. Why Algol-60?

Because it is one of the three languages that started it all, and one that affected all existing mainstream languages most. Curly braces of C, and the block construct that they represent, began their life as "begin .. end" in Algol-60.

Because it is at the same time a very beautiful language - especially considering the time when it was designed - and one with some very advanced constructs, not found even in many modern languages, that can pose significant challenge to implement efficiently, especially in an otherwise constrained environment such as sandboxed CLR. To list a few such features: computed goto, label variables/function arguments and the associated nonlocal goto, arbitrarily nested functions with variable capturing, and call-by-name. Challenges are fun.

Because it's a very important milestone in history of CompSci in general, and language design in particular (in case it's not quite obvious yet, I'm a language design geek), a piece of it that I wish to preserve. Apparently, I'm not alone in that, either - there's also GNU Marst [gnu.org] - curiously enough, written by another Russian dude.

Because Simula-67 (the first OOP language ever, and the ultimate ancestor of virtually every statically typed OO language today, including C++, Java and C#) is a strict superset of Algol-60, and I wanted to go after it next.

And, of course, just for fun. I mean, this is Slashdot, right? We routinely get people installing KDE2 on NetBSD running on toasters with 7-segment indicators here; I think my little fetish is relatively benign in contrast.

(To bring the above references to Algol-60 language features into some context for those not familiar with the subject, the final Algol-60 language spec is here [masswerk.at]; it's a fairly short read.)

After all everybody her on SlashDot knows that Algol-68 is the most recent version!

Algol-68 is an entirely different language from Algol-60. It's not evolutionary, but a complete, ground-up redesign, by very different people. It's also a very interesting one, and important in its own right, since C borrowed a lot of things from it, down to keywords (VOID, INT, SHORT, LONG, STRUCT and UNION are all Algol-68 keywords with virtually the same meaning they have retained in C).

It would be fairly interesting thing to implement as well, but in many ways it's a much more rationally designed language than Algol-60, dropping some overly exotic and complicated features, and, consequently, implementing it is less of a challenge (I guess they had had enough real-world experience writing compilers by then to conclude that some features of Algol-60 looked good on paper only...).

Re:Sabotage?

[interkin3tic]

I mean browsing in full while moderating: actually reading those posts which haven't been modded up yet so that you can spot good ones deserving a mod. Such as the one in question.

Mozilla is on top of it, though

[macraig]

This screen capture of a dialog [photobucket.com] I saw tonight demonstrates that Mozilla is paying attention and doing something about it, though:

Re:except Windows 7

[CrossChris]

Those MS bastards also did it to two of my products (Stacker) back in the 1990s. My company sued them, and they tied us up in court for nearly three years. At that point, we were almost broke, and the board sold the company to MS. We each got a lot of cash from the sale, but it still rankles today.

Remember - if MS like your product, or if it poses a threat to them, they'll either kill you off in court or they will buy / steal the technology (Doublespace) and still tie you up in legal knots.

Nowadays, they screw around with other company's products, and there's (effectively) nothing that anyone can do.

Remember - anyone who can afford to buy the judge can get whatever "legal" ruling they want!