Microsoft may be Firefox's worst vulnerability..

[jynxxxedangel]

In a surprise move this year, Microsoft has decided to quietly install what amounts to a massive security vulnerability in Firefox without informing the user. Find out what Microsoft has to say about it, and how you can undo the damage.

TechRepublic article

I HATE M$, and its evil spawn, Windows.

[Rev.Reverence]

Huh...? I don't get it...it's too hard to read, I don't know all the vocab...

If I am to be concerned.....can one of you undoubtedly better nerds than I come over for dinner & fix my 'puter?

[StormKnight (1)]

Microsoft in its desire to keep Explorer on top, decided to make its best competitor (Firefox,) with a backdoor into the program, in the latest update from Microsoft.

Firefox has plugins subroutines and generally is designed to stop rogue programs (i.e. viruses, worms, etc.,) from installing themselves on your computer without permission (usually Firefox will pop up a window saying more or less, "this program is trying to install itself. Do you want it to?") Internet Explorer doesn't, hence it tends to be unsafe (security-wise,) web browsing.

What Microsoft has done with the lastest update to its software (and double check me on this, comp people,) is to render those plugins and that part of Firefox's design that keeps it safe incompatible, meaning people using Firefox will have to remove those plugins, and make themselves vulnerable to worms and viruses.

[Rev.Reverence]

Microsoft in its desire to keep Explorer on top, decided to make its best competitor (Firefox,) with a backdoor into the program, in the latest update from Microsoft.

Firefox has plugins subroutines and generally is designed to stop rogue programs (i.e. viruses, worms, etc.,) from installing themselves on your computer without permission (usually Firefox will pop up a window saying more or less, "this program is trying to install itself. Do you want it to?") Internet Explorer doesn't, hence it tends to be unsafe (security-wise,) web browsing.

What Microsoft has done with the lastest update to its software (and double check me on this, comp people,) is to render those plugins and that part of Firefox's design that keeps it safe incompatible, meaning people using Firefox will have to remove those plugins, and make themselves vulnerable to worms and viruses.

BIG VERY NICE DINNER! I NEEDZ NERDZ!!!!!!

[Invictus]

What Microsoft has done with the lastest update to its software (and double check me on this, comp people,) is to render those plugins and that part of Firefox's design that keeps it safe incompatible, meaning people using Firefox will have to remove those plugins, and make themselves vulnerable to worms and viruses.

Not quite, but close. What it does is install a plugin onto your firefox installation, without permission. This plugin then allows websites to install software onto your machine without permission, which is the same problem that IE has. Also, the plugin that the .net framework update installs is impossible to get rid of without messing with the registry (ie: you can't delete it from firefox like a regular plugin).

The verdict: Don't update your .net framework unless you have to, and if you have no choice but to update, use this sequence to be rid of the plugin. Or get your friendly neighborhood geek to do it for you. One caveat, messing with the registry can be dangerous for the health of your computer, so be careful to follow the steps exactly.

[Rev.Reverence]

Not quite, but close. What it does is install a plugin onto your firefox installation, without permission. This plugin then allows websites to install software onto your machine without permission, which is the same problem that IE has. Also, the plugin that the .net framework update installs is impossible to get rid of without messing with the registry (ie: you can't delete it from firefox like a regular plugin).

The verdict: Don't update your .net framework unless you have to, and if you have no choice but to update, use this sequence to be rid of the plugin. Or get your friendly neighborhood geek to do it for you. One caveat, messing with the registry can be dangerous for the health of your computer, so be careful to follow the steps exactly.

That I knew...I have NO IDEA HOW...but I knew......Oh...that gibberish is instructions is it...

NEED GEEK!

[Msterbeau]

Or get a Mac.

[Scary Guy]

Huh...? I don't get it...it's too hard to read, I don't know all the vocab...

If I am to be concerned.....can one of you undoubtedly better nerds than I come over for dinner & fix my 'puter?

I like pizza and I work cheap. I can probably fix everything else that's wrong with your system as well.

Or get a Mac.

Any Linux/UNIX based OS will do which will run on any hardware platform.

Disabling the extension does not get rid of the extension. The Java extension does this type of behavior as well. However disabling does stop it from acting and as soon as I saw it I disabled it (because I like to keep track of what extensions are running on my system.

Although really this is easy.

Stop-gap Solution To uninstall the ClickOnce support for Firefox from your machine

1) Delete the registry key for the extension

i. From an account with Administrator permissions, go to the Start Menu, and choose 'Run...' or go to the Start Search box on Windows Vista

ii. Type in 'regedit' and hit Enter or click 'OK' to open Registry Editor

iii. For x86 machines, Go to the folder HKEY_LOCAL_MACHINE > SOFTWARE > Mozilla > Firefox > Extensions

For x64 machines, Go to the folder HKEY_LOCAL_MACHINE > SOFTWARE > Wow6432Node > Mozilla > Firefox > Extensions

iv. Delete key name '{20a82645-c095-46ed-80e3-08825760534b}'

OR alternatively

i. Open a command prompt window (must be 'run as Administrator' on Vista and later)

ii. Copy and paste the appropriate command below and hit 'Enter'

For x86 machines:

reg DELETE "HKLM\SOFTWARE\Mozilla\Firefox\Extensions" /v "{20a82645-c095-46ed-80e3-08825760534b}" /f

For x64 machines:

reg DELETE "HKLM\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions" /v "{20a82645-c095-46ed-80e3-08825760534b}" /f

2) Reset the changes made to the Firefox user agent

i. Launch Firefox, go to the Firefox address bar and type in 'about:config'

ii. Scroll down or use 'Filter' to find Preference name 'general.useragent.extra.microsoftdotnet'

iii. Right-click on the item and select 'reset'

iv. Restart Firefox

3) Remove the .NET Framework extension files

i. Go to the Start Menu, and choose 'Run...' or go to the Start Search box on Windows Vista

ii. Type in 'explorer' and hit Enter or click 'OK'

ii. Go to '%SYSTEMDRIVE%\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\'

iii. Delete the 'DotNetAssistantExtension' folder and all its contents

Pretty cut and dry directions.

[Msterbeau]

I like pizza and I work cheap. I can probably fix everything else that's wrong with your system as well.

Any Linux/UNIX based OS will do which will run on any hardware platform.

Disabling the extension does not get rid of the extension. The Java extension does this type of behavior as well. However disabling does stop it from acting and as soon as I saw it I disabled it (because I like to keep track of what extensions are running on my system.

Although really this is easy.

Pretty cut and dry directions.

Possibly for you they're easy. 95% of the computing public wouldn't have a clue and Microsoft is totally taking advantage of that ignorance. Once again... way to treat your costumers Microsoft!!

[Scary Guy]

Possibly for you they're easy. 95% of the computing public wouldn't have a clue and Microsoft is totally taking advantage of that ignorance. Once again... way to treat your costumers Microsoft!!

Look at the notarized list. My grandmother could follow that list easy. The hardest part on that list is choosing which registry key to write to, the x86 one or the x64 one (because you have to know what type of processor your system is running on but at the moment anyone running with a 64bit processor probably knows it).

[Troy Spiral (13)]

If you are logged in as Admin you can just disable the plugin (assuming you don't need it) . If your install isn't updated as of Febuary 2009 this won't affect you, just to throw that out there. It is part of a software update that is somewhat windows-version independent, so it affects most all modern versions of windows. (2K, XP, 7 , Vista)

The above issue isn't nearly as scary as it sounds even if it does seem pretty darn underhanded on MS's part. *shakes fist* The "vulnerability" (more accurately described by civil-tonged critics as a design flaw.) Even though it is easily argued as a feature, rather than a flaw. I Disagree with that, but it has strong proponents. The "vulnerability" has been present in all of the last decade or so of full release versions of IE. Not to say auto-plugin-by-default is a great idea, but it hasn't caused the end of the internet...yet. Most people won't really even care or notice one way or another. (Just as most people don't even bother to install Firefox as they already have IE) Even though I myself use Chrome, Firefox and IE for various different reasons.

Rev you don't fool us. Your a nerd, just not on the computer subject.

I'd get a mac but don't want to cripple my ability to use 98% of all software. For non-software happy people this isn't really an issue as all the "main" software most people might use is widely available for both platforms. Unfortunately versatility has a price. :(

Lately i've been using Chrome more than the others web browsers, only becasue it has less bullshit installed on it on my computer. It has far less features than the other two though, the really crazy part is the google toolbar (Chrome is a google app) isn't available for Chrome, lol. Not sure I'd really recomend it as yet.

If you are really dying to remove it, its honestly not that hard *points up at SG's instructions*. I do know that sort of stuff can be intimidating. This makes it hard for many and if you really want it gone, it can be just easier to have your friendly neighborhood computer nerd do it. If one is available that is.

[Msterbeau]

If you are logged in as Admin you can just disable the plugin (assuming you don't need it) . If your install isn't updated as of Febuary 2009 this won't affect you, just to throw that out there. It is part of a software update that is somewhat windows-version independent, so it affects most all modern versions of windows. (2K, XP, 7 , Vista)

The above issue isn't nearly as scary as it sounds even if it does seem pretty darn underhanded on MS's part. *shakes fist* The "vulnerability" (more accurately described by civil-tonged critics as a design flaw.) Even though it is easily argued as a feature, rather than a flaw. I Disagree with that, but it has strong proponents. The "vulnerability" has been present in all of the last decade or so of full release versions of IE. Not to say auto-plugin-by-default is a great idea, but it hasn't caused the end of the internet...yet. Most people won't really even care or notice one way or another. (Just as most people don't even bother to install Firefox as they already have IE) Even though I myself use Chrome, Firefox and IE for various different reasons.

Rev you don't fool us. Your a nerd, just not on the computer subject.

I'd get a mac but don't want to cripple my ability to use 98% of all software. For non-software happy people this isn't really an issue as all the "main" software most people might use is widely available for both platforms. Unfortunately versatility has a price. :(

Lately i've been using Chrome more than the others web browsers, only becasue it has less bullshit installed on it on my computer. It has far less features than the other two though, the really crazy part is the google toolbar (Chrome is a google app) isn't available for Chrome, lol. Not sure I'd really recomend it as yet.

If you are really dying to remove it, its honestly not that hard *points up at SG's instructions*. I do know that sort of stuff can be intimidating. This makes it hard for many and if you really want it gone, it can be just easier to have your friendly neighborhood computer nerd do it. If one is available that is.

Part of my point is that a large percentage of the public is not at all computer saavy. They don't keep up with what's going on and they are very vulnerable because of this.

As for the Mac... You can run Windows or almost any other OS on the hardware via virtualization or Boot Camp. I do it... it's pretty much indecipherable from the real thing.

[Troy Spiral (13)]

Part of my point is that a large percentage of the public is not at all computer saavy. They don't keep up with what's going on and they are very vulnerable because of this.

As for the Mac... You can run Windows or almost any other OS on the hardware via virtualization or Boot Camp. I do it... it's pretty much indecipherable from the real thing.

Yeah i understand what you have long been saying. Believe me I do. I've had to give lectures on the pros and cons of different platforms and did tech support on both for the better part of 9 years.

The "other OS on mac virtual machines" thing would run into the "not computer savvy" issue, kind of deflating part of the upside of a mac. The real powerhog windows-specific software runs like sheet that way. I have at least 10 programs i use on a regular basis (say at least once a month) that don't really run all that amazing natively, running them through a VM would be an exercise in anger management. Not trying to convince anyone to NOT use a mac, just explaining that I'm not using a PC because I'm a moron that doesn't understand, nor is a mac a cure-all for everyone's computer woes. Also the gap in usability between the two platforms is not nearly what it was say, 15 years ago.

Its just a price to be paid for pushing toward more slap-your-head easy usability. That is a reduction in versatility, features and speed of interaction. True in a broader sense for all ergonomics.

Really, this "problem" to try and keep the topic on subject... has been present for over a decade and hasn't caused the apocalypse. The story here is more the sneakiness of the way MS pushed it into Firefox, rather than any huge danger. IE (long the most widely used browser...not to say "good".) has had this "feature" built into it for ages with no huge outcry. Its the annoying way that MS released this that is more the issue than any real scary problem.

[Rev.Reverence]

I like pizza and I work cheap. I can probably fix everything else that's wrong with your system as well.

Any Linux/UNIX based OS will do which will run on any hardware platform.

Disabling the extension does not get rid of the extension. The Java extension does this type of behavior as well. However disabling does stop it from acting and as soon as I saw it I disabled it (because I like to keep track of what extensions are running on my system.

Although really this is easy.

Pretty cut and dry directions.

Yeah...if I could read them... I'll holla' at you soon if O_M_G can't "tka-tka-fix" this fucker this weekend..I don't even know if it's busted...it still does stuff...

If you are logged in as Admin you can just disable the plugin (assuming you don't need it) . If your install isn't updated as of Febuary 2009 this won't affect you, just to throw that out there. It is part of a software update that is somewhat windows-version independent, so it affects most all modern versions of windows. (2K, XP, 7 , Vista)

The above issue isn't nearly as scary as it sounds even if it does seem pretty darn underhanded on MS's part. *shakes fist* The "vulnerability" (more accurately described by civil-tonged critics as a design flaw.) Even though it is easily argued as a feature, rather than a flaw. I Disagree with that, but it has strong proponents. The "vulnerability" has been present in all of the last decade or so of full release versions of IE. Not to say auto-plugin-by-default is a great idea, but it hasn't caused the end of the internet...yet. Most people won't really even care or notice one way or another. (Just as most people don't even bother to install Firefox as they already have IE) Even though I myself use Chrome, Firefox and IE for various different reasons.

Rev you don't fool us. Your a nerd, just not on the computer subject.

I'd get a mac but don't want to cripple my ability to use 98% of all software. For non-software happy people this isn't really an issue as all the "main" software most people might use is widely available for both platforms. Unfortunately versatility has a price. :(

Lately i've been using Chrome more than the others web browsers, only becasue it has less bullshit installed on it on my computer. It has far less features than the other two though, the really crazy part is the google toolbar (Chrome is a google app) isn't available for Chrome, lol. Not sure I'd really recomend it as yet.

If you are really dying to remove it, its honestly not that hard *points up at SG's instructions*. I do know that sort of stuff can be intimidating. This makes it hard for many and if you really want it gone, it can be just easier to have your friendly neighborhood computer nerd do it. If one is available that is.

No, my good Sir...in the Dork Forest of Geekdom do I dwell...the Nerd Mountains are far to the south from me... Edited June 11, 2009 by Rev.Reverence

[Msterbeau]

Its the annoying way that MS released this that is more the issue than any real scary problem.

Annoying? No... How about completely unethical. Per usual.

[Gaf The Horse With Tears]

Yeah i understand what you have long been saying. Believe me I do. I've had to give lectures on the pros and cons of different platforms and did tech support on both for the better part of 9 years.

The "other OS on mac virtual machines" thing would run into the "not computer savvy" issue, kind of deflating part of the upside of a mac. The real powerhog windows-specific software runs like sheet that way. I have at least 10 programs i use on a regular basis (say at least once a month) that don't really run all that amazing natively, running them through a VM would be an exercise in anger management. Not trying to convince anyone to NOT use a mac, just explaining that I'm not using a PC because I'm a moron that doesn't understand, nor is a mac a cure-all for everyone's computer woes. Also the gap in usability between the two platforms is not nearly what it was say, 15 years ago.

Its just a price to be paid for pushing toward more slap-your-head easy usability. That is a reduction in versatility, features and speed of interaction. True in a broader sense for all ergonomics.

Really, this "problem" to try and keep the topic on subject... has been present for over a decade and hasn't caused the apocalypse. The story here is more the sneakiness of the way MS pushed it into Firefox, rather than any huge danger. IE (long the most widely used browser...not to say "good".) has had this "feature" built into it for ages with no huge outcry. Its the annoying way that MS released this that is more the issue than any real scary problem.

You can't really call them differnt platforms anymore. It's the same hardware just a different OS. Oh, and a larger price tag.