Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Hides Firefox Extension In Toolbar Update

Posted by CmdrTaco on from the because-they-can dept.

Jan writes "As part of its regular Patch Tuesday, Microsoft released an update for its various toolbars, and this update came with more than just documented fixes. The update also installs an add-on for Internet Explorer and an extension for Mozilla Firefox, both without the user's permission."

47 of 285 comments (clear)

  1. yay by Pojut · · Score: 3, Interesting

    I like your products, Microsoft...but I still abhor your business practices.

    Kinda like Sony, Apple, etc...

    --
    Living With a Nerd
  2. Again? by tom17 · · Score: 3, Interesting

    Didn't they do this before with a .net update?

    1. Re:Again? by ashridah · · Score: 4, Insightful

      The difference being that that add-in was arguably useful. It enabled click-once in firefox, iirc, which is a fairly handy experience for running small apps over the web. If I recall, Java does the same thing. The problem then was that firefox had no way to distinguish between a version with a flaw, and a version without a flaw, so they had no choice but to temporarily blacklist it (and there was that issue with not being able to disable it due to permissions).

      Browser toolbars, however, never strike me as a nice addition to a product without asking.

    2. Re:Again? by Anonymous Coward · · Score: 5, Informative

      The difference being that that add-in was arguably useful. It enabled click-once in firefox, iirc, which is a fairly handy experience for running small apps over the web. If I recall, Java does the same thing. The problem then was that firefox had no way to distinguish between a version with a flaw, and a version without a flaw, so they had no choice but to temporarily blacklist it (and there was that issue with not being able to disable it due to permissions).

      Browser toolbars, however, never strike me as a nice addition to a product without asking.

      The update doesn't install a browser toolbar, it updates the browser toolbar for users that already have it installed. Users who haven't installed it won't see this update.

      For once the Slashdot summary actually got this correct, and from the original article: "Additional testing determined that the update is only being offered to those with one of the Microsoft toolbars installed,"

    3. Re:Again? by logjon · · Score: 3, Interesting

      One of. If you have it installed on IE, it installs it on firefox, even if you didn't have the firefox one. Even if you don't even have firefox installed.

      --
      The stories and info posted here are artistic works of fiction and falsehood.
      Only fools would take it as fact.
    4. Re:Again? by Spad · · Score: 5, Informative

      Additional testing determined that the update is only being offered to those with one of the Microsoft toolbars installed

      Yes, but irrespective of whether it's installed for IE or Firefox. Just because I have the Live Search Toolbar installed for IE doesn't mean I want it turning up in Firefox unannounced.

    5. Re:Again? by logjon · · Score: 5, Informative

      Additional testing determined that the update is only being offered to those with one of the Microsoft toolbars installed

      Yes, but irrespective of whether it's installed for IE or Firefox. Just because my OEM put the Live Search Toolbar on IE doesn't mean I want it turning up in Firefox unannounced.

      fix'd

      --
      The stories and info posted here are artistic works of fiction and falsehood.
      Only fools would take it as fact.
    6. Re:Again? by Yvan256 · · Score: 4, Funny

      So, to use a car analogy, it's like Microsoft is installing a new rooftop on their own car, and if you don't own a car from the other company they just install a new rooftop that just floats in mid-air next to your Microsoft car?

      Neat!

    7. Re:Again? by Anonymous Coward · · Score: 5, Funny

      It's more like them installing a public bathroom on the roof of your car where the plumbing consists of an open pipe directly over the driver's head.

      At least that's how I view toolbars.

    8. Re:Again? by spun · · Score: 3, Insightful

      Why does an OEM have to put in the Live Search Toolbar? Couldn't the user have installed it him/herself?

      It's possible. It is also possible that the user could deliberately stab themselves in the eye with a rusty nail, exfoliate with a belt sander, or give themselves dozens of tiny paper cuts on their genitalia. Many things are possible, and some of those things indicate mental illness of some sort.

      --
      - None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
    9. Re:Again? by clone53421 · · Score: 3, Informative

      Both.

      If the toolbar exists (either because Windows Update installed it automatically, or because somebody for some reason actually installed the toolbar manually), then Windows Update will automatically update the toolbar. It does not install the toolbar, only updates it.

      The update also installs an extension for both Internet Explorer and Mozilla Firefox... and nobody seems to know what the extension is for or what it does.

      The extension is not the toolbar, and it does not seem to be an update to the toolbar. It just comes piggy-backed with an update to the toolbar.

      --
      Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
    10. Re:Again? by dna_(c)(tm)(r) · · Score: 4, Funny

      So, to use a car analogy, it's like Microsoft is installing a new rooftop on their own car, and if you don't own a car from the other company they just install a new rooftop that just floats in mid-air next to your Microsoft car?

      Neat!

      No, not on their car, on your car that they manufactured and sold to you.

      So it's more like they disconnected the brakes and replaced the pedal with a super-rocket-booster-hyper-activator overnight - without telling you. You will be pleasantly surprised at the next crossroads.

    11. Re:Again? by Khyber · · Score: 4, Informative

      No EULA may violate the law. We already have laws expressly concerning unauthorized access of computer resources.

      Their EULA is null and void in this instance. EA tried this same BS with me when I sued the crap out of them for Spore and the SecuROM DRM. That argument HELD NO WATER.

      --
      Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
  3. Re:Wow! by Culture20 · · Score: 5, Insightful

    Old news is so exciting!

    Is it old news, or did MS decide that since only "Firefox geeks" complained about it last time that it's open season to add Firefox extensions without asking?

  4. Microsoft hides... by Chameleon+Man · · Score: 5, Funny

    Microsoft hides extension in awkward zipper malfunction.

    (Sorry, it's one of those mornings)

    1. Re:Microsoft hides... by Red+Flayer · · Score: 5, Funny

      (Sorry, it's one of those mornings)

      What, one of those mornings where you wake up, roll out of bed, step on a rusty nail that protrudes from the floorboards, limp to the bathroom, have the cold water stop during your shower so you get scalded, the toilet gets clogged and overflows, the coffeemaker shorts out and starts a small fire in your kitchen, your dog eats something bad and barfs all over your feet, and then you get your penis caught in your zipper?

      Wait, that is not really analogous to this update... that kind of morning is more analogous to installing windows in the first place.

      --
      "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
  5. Plugin uninstaller for Firefox? by Anonymous Coward · · Score: 5, Insightful

    Why the hell hasn't Mozilla made it easy to remove plugins from Firefox? You have to Google solutions to find out how to remove Microsoft (and in some cases old Java) shit.

    1. Re:Plugin uninstaller for Firefox? by gstoddart · · Score: 5, Insightful

      Why the hell hasn't Mozilla made it easy to remove plugins from Firefox? You have to Google solutions to find out how to remove Microsoft (and in some cases old Java) shit.

      Mozilla has -- there's supposed to be an Uninstall button next to them.

      Unfortunately, Microsoft didn't allow the Uninstall button to work, and you could only Disable. This is not a Mozilla problem in not providing a mechanism -- this is Microsoft and Sun making shitty add-ons.

      --
      Lost at C:>. Found at C.
    2. Re:Plugin uninstaller for Firefox? by mister_playboy · · Score: 4, Insightful

      The problem is these add-ons (they are not plugins) aren't installed with user privileges, but admin privileges. How would you have Mozilla fix this? By magically circumventing the permissions system in Windows?

      Perhaps MS hopes that people will place the blame on Mozilla as you have done.

      --
      Do what thou wilt shall be the whole of the Law ::: Love is the law, love under will
    3. Re:Plugin uninstaller for Firefox? by jack2000 · · Score: 5, Insightful

      No it's Mozilla's problem. They should make it impossible for anyone to install plugins/extensions without user interaction and further more they should make it impossible for the uninstall button to be disabled. Have a damn "delete plugin dlls" button if nothing else damn it!

    4. Re:Plugin uninstaller for Firefox? by denmarkw00t · · Score: 3, Informative

      They should make it impossible for anyone to install plugins/extensions without user interaction

      Normally you're prompted to install extensions, and add-ons are usually by way of installer. The problem here is that the user DID interact - at some point they opted to receive an update from Microsoft. MS is COMPLETELY at fault here as they slipped a DLL into a folder where Firefox would find it and go "Geez, thats an add-on!" No install necessary in FF, just put the extension in the right place and bingo!

      As far as not being able to uninstall it...if its a "plugin" like Shockwave or Flash, you should note that the ability to Disable/Enable ONLY is there because any user can and should have access to that plugin. Extensions, on the other hand, should have the ability to be uninstalled unless they fall into this "any user could and probably wants" this extension category.

    5. Re:Plugin uninstaller for Firefox? by Alpha830RulZ · · Score: 5, Insightful

      This is a really bad idea. Browsers shouldn't be able to elevate privileges. That's a key mechanism in preventing content from being able to hijack the system. The LAST thing I want in a browser is for it to operate as admin/root.

      --
      I was taught to respect my elders. The trouble is, it's getting harder and harder to find some.
    6. Re:Plugin uninstaller for Firefox? by protektor · · Score: 5, Insightful

      HP Web Printing does this and Move Media Player does this. Both are old plug-ins that are disabled because they don't work with the current version of Firefox that I have, and they won't update, and I can't uninstall them either. So there are many companies that are making Firefox add-ons/plug-ins that are not able to be installed. That should not be an option at all. If you can't uninstall it then it shouldn't be possible to install it all. This is something that Mozilla/Firefox people need to work on fixing.

      The Move Media Player is what you have to have to watch streaming TV from the CW network. HP Web Printing was installed when I installed the drivers and software for my printer. Now I am stuck with both of them that don't work and can't be removed and won't update either.

  6. Re:Here we go again by Pojut · · Score: 5, Insightful

    Disclaimer: This is only my opinion, nothing more.

    It's the same problem I have with Apple keeping people locked into the Appstore. It's not that the action itself is a big deal, it's the fact that they are actually doing it that's the problem. The consequences of that action is irrelevant; the action itself is bad.

    --
    Living With a Nerd
  7. Re:It is just an update to an existing toolbar by logjon · · Score: 5, Informative

    No. From TFA:

    On one of our Windows systems, we had the Windows Live Toolbar installed for Internet Explorer but not for Firefox. Nevertheless, installing this update added the add-on/extension to both browsers without telling us that it would do so. On our second system, we had the Bing Bar installed for Internet Explorer, but it was disabled. Firefox was not installed. This system already had the update in question, so we decided to install Firefox. Not only was the Bing Bar extension present upon Firefox's first launch, but so was the Search Helper Extension.

    --
    The stories and info posted here are artistic works of fiction and falsehood.
    Only fools would take it as fact.
  8. Re:It is just an update to an existing toolbar by LightningTH · · Score: 4, Informative

    Except even if the toolbar is disabled it still installs and enables the toolbar in Firefox. It also auto-enables the toolbar upon a new installation of Firefox if Firefox was not previously installed.

  9. Re:A different kind. by Skarecrow77 · · Score: 5, Informative

    no evil? how about deliberatly holding back on the browser hooks and infrastructure to allow for comprehensive robust adblock/scriptblock/etc ad-ons, due to such things being completely against their business model that is based on supplying advertisements?

    I suppose that's not "evil", bit it is a pretty damn big roadblock to me adopting chrome over FF.

  10. /. Drinking Game by DIplomatic · · Score: 4, Funny

    My friend and I played a drinking game to /. once. One person clicks on a story involving Microsoft or Apple or Linux or polotics and the other person has to take a drink for every bullsh*t post about "M$" or Apple's App Store or Android FTW and everything else completely unrelated to what the actual post is about. Let me just say, don't attempt this in the morning...


    ps. Slashdot community, I love you all but some days you make me pull my hair out. :)

  11. Didn't Change My Firefox by Toad-san · · Score: 5, Insightful

    I don't have no steenking Bing searchbar in my Firefox browser (no searchbars at all, in fact). The new extension did NOT show up in my Firefox addons, although I received my Windows updates yesterday.

    So I'm not affected directly. But, as many others have said, I do NOT appreciate Microsoft changing ANYTHING in my computer without my specific, informed permission. Okay, they can change their own OS if necessary (since they usually accept responsibility for disasters that occur). But leave MY programs the hell alone!

    1. Re:Didn't Change My Firefox by Skarecrow77 · · Score: 4, Funny

      Sonny, I remember the days when we had to manually type in http://www.altavista.com/ or http://www.lycos.com/ into our browsers to get to a search engine. We had to use our keyboards and everything! Then the search engine took a long time and returned bad results... and we liked it!

      These newfangled search bars, they're the devil's work I tell ya.

    2. Re:Didn't Change My Firefox by tehcyder · · Score: 3, Funny

      Then the search engine took a long time and returned bad results...

      But on the plus side, you got a lot more links to random pr0n sites. Apparently.

      --
      To have a right to do a thing is not at all the same as to be right in doing it
  12. Re:It is just an update to an existing toolbar by clang_jangle · · Score: 5, Insightful

    The more MS tries to force Bing down everyone's throats, the more determined I am to boycott Bing. It pissed me off so much the day I found that Verizon had signed a deal with MS to make Bing the exclusive (not merely default) search provider on my Blackberry. Of course, I countered by putting google at the top of my bookmarks, but really I shouldn't have to maneuver around microsoft's asshat shenanigans just to use my search provider of choice on my phone (and yes, I resent verizon for that as well).

    Plus obviously one has to wonder: "If Bing is so freaking great than why is MS paying to have it force-fed all over? Like all those pop-up ads so many sites have now that resolve to Bing -- and they count those as hits for their search engine, which probably at least quadruples their numbers.

    It's inconvenient to dislike MS, because they're everywhere. I'd rather be able to embrace them, I really would. But their behavior is just so objectionable in so many ways it's impossible.

    --
    Caveat Utilitor
  13. Re:Here we go again by gstoddart · · Score: 5, Insightful

    Not that I'm saying they should be allowed to push updates like that, but what's the harm in some ridiculous search extension being added?

    Well, the problem is, nobody knows exactly what it is and why it's there. Given Microsoft's lousy record with internet security, what's to say they haven't inadvertently created a security loophole?

    From the looks of it, they're installing toolbars into Firefox. Since they're for Bing and for Search helper, I'm sure they're directing people to their own search engine. Which means they're taking advantage of their control over the OS to meddle with my browser.

    And, most importantly, they didn't ask. Since this isn't Microsoft's software, WTF are they doing jamming in add-ons without notifying the user or making it possible to delete it?? When they installed the last .NET extension to my Firefox, I can't delete it -- only Disable it. It's not up to Microsoft to "enhance" my user experience in software that isn't theirs.

    Seriously, you have to ask why installing additions into other companies' software without asking the user or allowing them to delete it is just plain wrong? What next, deleting any software which competes with their own offerings?

    --
    Lost at C:>. Found at C.
  14. Re:Wow! by jandersen · · Score: 3, Insightful

    When you buy and/or install Windows, you explicitly (although in very small print) give Microsoft permission to do exactly this, as far as I recall; it should be in your EULA. I can't say that it worries me a lot - I use Linux.

  15. Ubuntu isn't much better by SCHecklerX · · Score: 3, Interesting

    Every time ubuntu updates firefox, it slams it's own list of search engines into my browser, and I have to yet again remove them. Why would a system update muck with personal settings like that?

    1. Re:Ubuntu isn't much better by Rhys · · Score: 5, Informative

      Because you installed the 'ubufox' package (probably by default), by chance? The package even says something about "remove this to have a vanilla firefox."

      --
      Slashdot Patriotism: We Support our Dupes!
  16. Re:Here we go again by nschubach · · Score: 4, Informative

    Removing the .NET plugin:

    del /q "%SystemRoot%\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll"
    reg DELETE HKLM\SOFTWARE\Mozilla\Firefox\Extensions /v {20a82645-c095-46ed-80e3-08825760534b} /f > Nul
    del /q %SystemRoot%\System32\dllcache\*.*

    I also remove the Media player DRM plugin:
    del /q "%ProgramFiles%\Windows Media Player\npdrmv2.dll"
    del /q "%ProgramFiles%\Windows Media Player\npwmsdrm.dll"

    --
    Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.
  17. Re:Here we go again by hAckz0r · · Score: 3, Insightful

    But its not benign in any sense of reality. Think of it this way, for every 1000 lines of code there is an average of 1-1.5 defects even in highly scrutinized Government sponsored "secure" programs. If Microsoft wrote 10k lines of code (conservative I think) that is, given Microsoft's current defect track record, about 12 real defects in that hypothetical extension (I don't know the actual size of the code base). If even one of those defects provides a security vulnerability your system gets hacked. How secure are you? You don't even know its vulnerable, and if you did, you may not even be able to remove it entirely because Microsoft doesn't provide that capability on purpose. Even if you find a way to deactivate it there is still code on your system that might be abused without clicking on the GUI taskbar. Removing these Microsoft 'add-ons' generally requires a knowledgeable person to essentially hack you Firefox/OS installation just to remove it. The real twist to the reality is that they even want Firefox to be unstable and cause you problems, so what is their incentive to make it defect free? They are not going to put much effort into ensuring that a competitors product continues to beat them in the open market. Microsoft likes to win. History itself tells the truth about their true motivations. I won't even go there.

  18. This shit has to stop by YA_Python_dev · · Score: 4, Insightful

    Dear Mozilla developers, please disable by default *all* extensions except:

    1. the ones that are manually installed by the user using the standard UI inside Firefox;
    2. the ones that are manually enabled by the user using a menu switch inside Firefox for EACH externally installed extension (do NOT show a confirmation dialog if a new extension appears out of nowhere: users always click "yes").

    The power to choose what to install in their browsers must reside only in the hands of the users.

    If a vendor actively tries to circumvent this new protection mechanism, permanently blacklist ALL its extensions, plugins and whatnot. Report them to antivirus vendors as malware.

    It's not the first time this happens and it actively damages users, with slower browsing experience, less screen space for actual content, huge undisclosed privacy and security breaches (you can BET they exists, even if they are not made public).

    This shit has to stop.

    P.S. to the users of Microsoft products: please any time you can, try to avoid this company, you're not their customer, you're their victim. There are other software vendors that respect you much more than that.

    --
    There's a hidden treasure in Python 3.x: __prepare__()
    1. Re:This shit has to stop by Simetrical · · Score: 3, Insightful

      Dear Mozilla developers, please disable by default *all* extensions except:

      1. the ones that are manually installed by the user using the standard UI inside Firefox;
      2. the ones that are manually enabled by the user using a menu switch inside Firefox for EACH externally installed extension (do NOT show a confirmation dialog if a new extension appears out of nowhere: users always click "yes").

      So it should be impossible for Windows Update, running as administrator, to add extensions to Firefox? How exactly is this miracle to be accomplished? Last I checked, the administrator can modify any program arbitrarily, such as by adding an entry to a database saying that the user manually installed a particular add-on.

      --
      MediaWiki developer, Total War Center sysadmin
  19. Re:Here we go again by gstoddart · · Score: 4, Insightful

    What you can't do is disable it from inside Firefox. And why is that? Because that's how Firefox was designed.

    Really? I've got two add-ons with a nice shiny Uninstall button next to them that is enabled should I decide to push it. (Why I would uninstall noscript, I don't know, but it's there).

    I also have Java Add-ons and .NET add-ons which have the Uninstall button disabled.

    Methinks if Firefox was designed to prevent uninstalling add-ons, there would be no such button.

    And, really, unless you know exactly which files to delete and if you can do it safely, deleting the files from the disk isn't really an option.

    --
    Lost at C:>. Found at C.
  20. Re:Wow! by Amanieu · · Score: 5, Insightful

    I doubt he'll be running MS Update on Linux :P

  21. This is an abuse of monopoly power by erroneus · · Score: 3, Insightful

    As small and simple as this may be this is a monopoly desktop OS vendor using its position to push out things to support its internet and marketing activities. Using one position as monopoly to prop up or support another activity in another market place. That pretty much defines what they have been getting in trouble for over the past 20 years in multiple jurisdictions.

    They show no signs or intention of change. They need to be broken up.

  22. Re:A different kind. by Skarecrow77 · · Score: 4, Informative

    compare adblock in chrome to adblock in FF.

    NOT the same thing. at all. chrome makes the ads not displayed (usually, sometimes it even fails at that), but they're still there in all their cpu abusing, bandwidth hogging, spyware laden goodness. hell sometimes you can still accidently click on them.

    FF keeps them from loading entirely. I know that websites prefer the latter to the former, but I certainly do not.

  23. Of course it's hidden by bobdehnhardt · · Score: 3, Funny

    From the article:

    Both seem to be installed in "C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\." Inside, there is a file called "SEPsearchhelperie.dll" that is responsible for the IE add-on and a "firefoxextension" folder responsible for Firefox.

    See? It's surrounded by a SEP field. Nobody will notice it.

    Still, it is nice to see Slartibartfast is gainfully employed...

  24. Re:Wow! by Blue+Stone · · Score: 4, Insightful

    >When you buy and/or install Windows, you explicitly (although in very small print) give Microsoft permission to do exactly this

    I don't think the word 'explicitly' means what you think it means. Even more so in very small print.

    --
    Corporation, n. An ingenious device for obtaining individual profit without individual responsibility. - Ambrose Bierce
  25. Re:Wow! by Unequivocal · · Score: 4, Informative

    This isn't old news. This happened for me with the most recent Windows 7 update set. I was notified of the updates this week. I saw this "search enhancement" update and it appeared to only affect IE so I accepted it. Now I'm stuck with this search add-on in Firefox. I disabled it but it's not possible to uninstall it from the FF add-on GUI. Probably if I delete some folders somewhere it will disappear but googling didn't turn up much when I searched -- mostly referring to older updates that sound similar -- possibly what you're referring to as well.