Slashdot Mirror
Microsoft Update Slips In a Firefox Extension
An anonymous reader writes "While doing a weekly scrub of my Windows systems, which includes checking for driver updates and running virus scans, I found Firefox notifying me of a new add-on. It's labelled 'Microsoft .NET Framework Assistant,' and it 'Adds ClickOnce support and the ability to report installed .NET versions to the web server.' The add-on could not be uninstalled in the usual way. A little Net searching turned up a number of sites offering advice on getting rid of the unrequested add-on." The unasked-for extension has been hitchhiking along with updates to Visual Studio, and perhaps other products that depend on .NET, since August. It appears to have gone wider recently, coming in with updates to XP SP3.
One hint that this "extension" is unwanted garbage is that when you Google (google: Microsoft Framework Assistant) for it and the top links are pages about how to remove it. Then the first link from your site (microsoft.com) is also a forum that mentions getting rid of it...
Anyway, here's how to remove it.
http://www.robertnyman.com/2009/01/26/microsoft-force-installs-firefox-extension/
Firefox cannot uninstall plugins that are installed to "sensitive" areas, like the actual Program Files folder. Skype does this also. It shouldn't prevent you from disabling the add-on though.
The .Net Framework Assistant also changes the User-Agent string of the Firefox browser, adding "(.NET CLR 3.5.30729)", so infected sites can better detect which MS vulnerability to exploit.
If they wanted to do [a bunch of Bad Stuff], they wouldn't be so stupid as to make it an extension that's clearly visible in the Firefox preferences.
What kind of argument is this? "See, Microsoft is totally upfront about what they're secretly installing! All you have to do is open Firefox, go to Tools -> Add-ons -> Extensions -> Local Planning Office -> Dark Basement -> Locked File Cabinet..."
If you run Microsoft Windows then you accept that you run whatever software Microsoft chooses to put on your machine
That's not true according to the Windows EULA, nor in a pragmatic sense. The precedent has already been established that the OS can be configured to require the local administrator to give explicit permission for each patch to be applied; the outrage here is that this time, that choice was not offered, and the affected software was neither part of the operating system nor even a Microsoft product.
There's enough FUD surrounding Microsoft Windows without your contributions to it.
For a fast removal of the .NET Framework Assistant 1.0 from Firefox, save the following text as decrap.reg and run:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"=-
To run this from a command line (like a login script on all your machines):
regedit.exe /s decrap.reg
Feel free to modify and add the strings of any other extensions you want to auto-kill...
Microsoft has also added to the Firefox prefs.js config file, located at C:\Documents and Settings\USERNAME\Application Data\Mozilla\Firefox\Profiles\XXXXXXXX.default, where USERNAME is the user profile and XXXXXXXX is random characters. You will find these entries added to the file:
user_pref("general.useragent.extra.microsoftdotnet", "(.NET CLR 3.5.30729)");
user_pref("microsoft.CLR.clickonce.autolaunch"
You can remove these lines manually after closing all Firefox windows.
You can type about:config in the URL bar, and filter for 'microsoft' if you want to see what the slimeballs have been adding to your browser.
(high posting so you can find this...)