Microsoft Invades Firefox!

Microsoft's sneaky Firefox extension

John is a Salvation Army Corps Officer who likes computers, Radiohead and F1. He lives and works with his wife Marta in Gainsborough UK, and blogs at johnager.co.uk and johnager.org

On Tuesday I installed Windows Vista Service Pack 2 (SP2) on my desktop PC, and felt very pleased that it all went well with no problems – that was until yesterday!

What I found was that Microsoft had sneakily installed an add-on to my Firefox browser! Now there are many reasons why I prefer to use Firefox rather than Internet Explorer (IE), and one of the main ones is that it isn’t Microsoft. This is partly because I prefer Firefox (and dislike IE greatly), partly because I like the add-ons, and partly for the increased security Firefox gives me.

It seems that the Windows update insists on this add-on being in place, and so you are not given the choice, and once it’s in place it’s not advisable to remove – indeed they have disabled the uninstall button! Similarly it’s not advisable to disable, as that is as bad as removing it! It’s possible to remove via the registry, but NOT advised!

Surely this should have been an optional add-on, released through the Firefox add-on page? Is this a case of Microsoft simply being complacent and lazy?

Most serious of all is the question of whether this introduces some of the IE vulnerabilities into Firefox, the very vulnerabilities that the average (if there is such a thing) Firefox user is trying to avoid by using Firefox in the first place!

This is not only irritating and more bad publicity for Microsoft, but it begs the question – what else are Microsoft installing on your computer without your knowledge?

July 2009 Update: I’ve recently updated Firefox to version 3.5 and it’s now possible to remove the add-on in the normal way. I’ve done this and there doesn’t appear to be any problem. Hopefully it’s removed everything that Microsoft have added, because I want to continue to use Firefox – but it’ll be necessary to remain vigilant! I’ll be pleased to hear of your experiences. Should we still be worried?

Related reading (auto-generated):

Join us on Facebook

Facebook icon

Declare your geekdom for the world to see... well, the part of the world that's on Facebook anyway.

Visit our Facebook page to keep up to date with the latest Geek-Speak posts right in your Facebook stream, as well as hearing about discounts and offers before they're posted on the site.

What are you waiting for? Head on over and "like" us.

Facebook icon used under CC license

Comments

  1. Looks like I will havew to switch Browser and remove Firefox, wonder what the Firefox community make of it

  2. Liam Riordan says:

    Wow Microsoft… I bet they’ll protect it saying along these lines:
    “We are attempting to reach a broader group of people, and to make their lives easier with out framework support”.

    Wait… is that stealth install even legal? Oh wait, the Accept button on the TOS page, what a lovely concept…

    Still, is it legal?

  3. It’ll take quite a bit for me to ditch Firefox, but I’m NOT happy about this! Thanks for your comment. John.

  4. I have been playing with both Chrome and Safari recently. The problem for me is there is no way to sync my bookmarks to a remote location, yet

  5. Thanks Liam, they ought to be more upfront with the installation of the add-on at least!

  6. Sean, you can sync bookmarks with Opera!

  7. You run a program on a Windows OS and you expect Microsoft the monopoly to not mess with it if it gets popular? Why aren’t you running your free software browser on a good operating system?

  8. ArpanaINFJ says:

    Heres a link to get rid guys.

    http://annoyances.org/exec/show/article08-600

  9. What gets me is that this smacks a little of the anti-trust case against Microsoft. Remember when they were taken to court for integrating Internet Explorer too tightly with the operating system? Installing a non-removable plugin for a rival browser just seems a little dodgy.

  10. Liam Riordan says:

    I’m slowly in transit of moving over to Ubuntu, its just my mother and sister love Windows since they’re computer idiots >_>

    Also, Wine doesn’t work right with my favorite game Freelancer. :(

    I can understand that its a Microsoft OS and they have rights, but they gave the users the option to customize it. Do they expect users to ONLY use Microsoft products now?

    Here is my analogy.

    I buy a Ford (Microsoft) car, I decide to modify it with engine parts from other companies lets say I want the suspension from a Lotus (Linux), they work better then the stock ones once customized.

    Does anyone yell at the owner of the Ford for installing non-stock suspension? Maybe the warranty malarky, but thats all. Its not illegal and I don’t see Ford engineers getting into a man’s garage and slapping a “Ford suspension safety add-on”. Things like this don’t happen in the real world. Only the virtual world. aka computers.

    Microsoft, stop playing God, stop being Stalinistic. We’re human, we have free will.

  11. Like Ed said above, maybe you should simple switch to Linux so you never have to worry about that.

  12. Mike Annoyed says:

    I removed this foul piece of crap.see link http://www.annoyances.org/exec/show/article08-600 .Firefox now runs properly.This is exactly why American business is so far down the toilet.Lack of respect for their customers. Lack of integrity,trust,ethics to name a few things.I was on the fence about buying a Mac or converting this computer to Linux.As of this morning my mind is made up. I will do both.Thanks for helping make up my mind Mr. Gates.

  13. Thanks for the comments and discussion guys!

  14. Microsoft have instructions for removing the plugin here:

    http://blogs.msdn.com/brada/archive/2009/02/27/uninstalling-the-clickonce-support-for-firefox.aspx

    Haven’t tested it (I’m on a mac) but it looks like there’s an uninstaller.

  15. I actually just got into an argument with someone about this on IRC.

    If Microsoft had made the update and said, “Hey, do you want to install this?”, that would have been fine. I wouldn’t have installed it but at least we’d have the option.

    Even if they said they installed it and gave you a chance to remove it. That would have been fine too.

    Sneaking it in there and not telling you and then making you jump through hoops to remove it is wrong.

    Fortunately, they have an update now that lets you remove it. Also, I spend most of my time in Linux. I caught this post while using Win7 though.

  16. Thanks all! Keep the comments coming, much appreciated! John.

  17. Thanks to all who posted the fix for this. Just burning SuSE again, I want to check the hardware that this Medion has will work, esp the TV card

  18. Seriously, just use Linux. The point of the MS add-on is to enable software installation via the browser, thus introducing, as you pointed out correctly, new security holes into said browser.
    I’ve never touched a MS product in 5 years and have been running Ubuntu on all my systems without problems at all.

  19. John,

    Word on the street is yes, this mysterious add-on introduces a .NET bug that allows for the silent installation of files (without the user’s consent).

    More info and removal instructions here: http://startupearth.com/2009/05/31/microsoft-sabotaging-firefox-with-sneaky-net-updates/

  20. Thanks for great comments and links! John.

  21. An interesting twist (from Boing Boing Gadgets, in the comments – http://gadgets.boingboing.net/2009/05/30/microsoft-update-qui.html) is that the uninstall wasn’t deliberately disabled by Microsoft, but that the plugin was installed in the global directory rather than a profile specific one. This makes Firefox disable the uninstall option, so that one user can’t uninstall the plugin for everyone.

    Anyhow, hopefully the various fixes linked to in the comments above will sort out the problem for you if you do want to uninstall.

  22. It was only a matter of time right?

  23. I suppose so, thanks Arnold!

  24. I agree this is bad, but then I don’t see why of you (correctly) have such little trust in MS you are installing Vista at all! What do you expect? The OS at its core is full of crap which lessens your security and protection, I don’t really understand the surprise.

    Personally I would just move to linux if you value your security, complaining about this whilst using Vista is like crying over a cut finger while your leg is hanging off.

  25. SRWare Iron browser (http://www.srware.net/en/software_srware_iron.php)

    Basically, it’s Google Chrome without the Google spyware embedded.
    It’s the best Windows browser I’ve found yet.

  26. Thanks for the comments received while I’ve been away on holiday! John.

  27. And I Quote “Mike Annoyed”…

    “I removed this foul piece of crap.see link http://www.annoyances.org/exec/show/article08-600 .Firefox now runs properly.This is exactly why American business is so far down the toilet.Lack of respect for their customers. Lack of integrity,trust,ethics to name a few things.I was on the fence about buying a Mac or converting this computer to Linux.As of this morning my mind is made up. I will do both.Thanks for helping make up my mind Mr. Gates.”

    First, please do not generalize, and imply that it is “American Business” that is to blame here. It’s a little insensitive, and blatantly ignorant.

    If you’re not fond of what Microsoft does, get out of that line of product. I see you have done that, and have exercised your right to have a choice. Good for you. I am also a Mac and Linux user, after MANY years in the Windows world. While I am happy for it, I do still feel there is a place for Microsoft product.

    As for Microsoft’s intentions here, let’s not jump to assume that companies do things with evil intentions (yes, even American ones, Mike). The intentions may have been good, the backlash, not so good, and for good reason. I, for one, chalk this one up to Corporate Ignorance, not Corporate Evil.

    One thing is absolutely the truth…Capitalism still does not entirely understand open source as a value. It will be a while before we see the change in behavior that causes us to react in knee-jerk fashion, and in a broad-sweeping way to an entire Nation’s business structure.

  28. Those that distrust Microsoft but use Windows anyway, why not do what I do?

    I have Ubuntu on one partition, that I use for nearly everything. Windows on an entirely separate one, that is use for games and absolutely nothing else – if something gets screwed up, I reinstall without losing anything. (I do a bare install, no updates for anything, so I don’t get stuck for a day or two on it. No worries of vulnerabilities because, hey, I really don’t care – I don’t store anything important on the Windows partition!)

  29. after completing the upgrade to firefox 3.5, the add-on window tells you that the .net add-on is not compatible and disables it.

    let’s see how long it goes before microsoft tries to pull one by firefox users again

  30. gentleman nosh says:

    Simple fix really…don’t run Windows.

    Ubuntu Linux is more stable, has heaps of free support and applications, is free, networks a hundred times better and more transparently, and can run windows in a secure method when needed (Virtual Box) for office, etc.

    Installs and identifies hardware seamlessly, blah blah blah ad infinitum.

    It’s not just rhetoric any more. Linux beats windows hands down on the desktop.

  31. Thanks for the comments. Yes Doug, I noticed it is disabled when upgrading to Firefox 3.5!

  32. Cameron says:

    Although I don’t use Windows anymore (I can’t stand Microsoft), I came across an article talking about this ‘update’ a few weeks ago, apparently it actually installs several of the security holes that were in IE! I would say watch out for other similar tricks, they won’t give up that easily.

  33. not sure what the fuss is about. I was able to uninstall through the add-on window

  34. pyro, this wasn’t possible before, but seems to be possible with FF3.5 by the method you mention. John.

Trackbacks