Sneaky Microsoft Add-On Put Firefox Users At Risk

CWmike writes to mention that the "Windows Presentation Foundation" plugin that Microsoft slipped into Firefox last February apparently left the popular browser open to attack. This was among the many things recently addressed in the massive Tuesday patch. "What was particularly galling to users was that once installed, the .NET add-on was virtually impossible to remove from Firefox. The usual 'Disable' and 'Uninstall' buttons in Firefox's add-on list were grayed out on all versions of Windows except Windows 7, leaving most users no alternative other than to root through the Windows registry, a potentially dangerous chore, since a misstep could cripple the PC. Several sites posted complicated directions on how to scrub the .NET add-on from Firefox, including Annoyances.org."

Re:Registry Danger!

[drsmithy]

This kinda invalidates the argument that Windows fanboys have been spouting for years, namely "...but in Linux/BSD/Whatever, you have to edit files, which is too hard for Joe Sixpack to do!"

The big difference is that Registry editing is extremely uncommon in Windows. Trawling through textfiles in Linux (or BSD) is - ironically - something you're almost certainly going to have to do as soon as you step off the narrow path of basic setup and usage.

If you bork the registry, discover it's borked only after a full reboot/log-in, then try to reboot again thinking it's some other problem, that backup copy of the registry just went 'pfft!', and you may or may not be able to get to a point where you can use System Restore

If it booted far enough the first time to delete the backup, then it booted far enough to get to System Restore.

The registry makes a great place to hide stuff in (see also half the malware to come down the pike in the past 9 years)

No more so (and probably far less so) than the maze of rc scripts in your average Linux or BSD.

Re:Registry Danger!

[BikeHelmet]

You're absolutely correct. It's far more dangerous editing a linux conf file than it is editing the registry. (I should know - all my mounts vanished when I used spaces rather than tabs in fstab)

But some stupid person will go crazy and delete everything in the registry if you don't put up those scary warnings.

In all my years of windows use, and frequent registry editing, I've never caused a serious problem by deleting stuff. I always make a backup of keys, just in case, but I've never needed to restore one.

Re:except Windows 7

[BitZtream]

Dear moron,

The way this hooks in is a FEATURE OF FIREFOX. MS didn't do anything special. It takes 1 registry key to do this. Please shut the fuck up about stuff you don't know anything about.

They aren't modifying Firefox, they are adding a registry key, which firefox checks, that tells it to load a plugin as if you installed the plugin yourself.

Its made so you can install firefox plugins globally, to all users rather than one specific user. Its a way that sysadmins can roll out a plugin to an entire organization.

They aren't sabotaging a rival product, the added a plugin which had a bug in it.

Again, please shut the fuck up about things you completely don't understand, its not outrageous, its not unique, its not special, its just a fucking bug. God damn, I've been a fan of OSS for years, I am however, beginning to get incredibly tired of hearing morons like yourself shoot off at the mouth as if you have a clue and talking about how evil some non-OSS software package is.

Get a fucking clue or shut the fuck up, you're just making yourself and the rest of the OSS look like morons to anyone with even half a clue about how this works. The world isn't out to get your favorite pet OSS project, really, no one really gives a fuck, not even Microsoft. God, ignorant loud mouths like yourself need to be hung up by your balls until you learn to get a clue before running your trap.