Welcome to WebmasterWorld Guest from 220.127.116.11
Forum Moderators: incrediBILL
Mozilla developers have blocked a Firefox plugin that was quietly pushed out by Microsoft, saying that it presents a security risk. (...) On Tuesday, Microsoft warned that Firefox users who have not applied a recent Internet Explorer patch were vulnerable to a "browse-and-get-owned attack" because of a bug in the Microsoft .Net Framework Assistant add-on.
To protect users who may not have installed Microsoft's patch, Mozilla is automatically blocking two add-ons: the Microsoft .Net Framework Assistant and a related plugin called the Windows Presentation Foundation. (...) "Microsoft agreed with the plan, and we put the blocklist entry live immediately."
Microsoft has also posted removal instructions [support.microsoft.com] in their Support section.
If you use Microsoft's "automatic" solution, you may need to install further updates after doing so. It would be a good idea to run Microsoft Update after downloading and installing the KB963707 patch. This shouldn't be necessary if you use the manual regedit-and-file delete procedure given in KB963707.
I wonder how much of the "bad" coding was intentional to slow down FF.
I can just see a Microsoft campaign telling you to
1) update your machine
2) open Firefox
3) open IE
4) type this URL into both browsers
5) hit enter on both browsers
6) See! IE loads faster than FF
What they don't tell you is their plugin from the "update your machine" step slows down FF.
I am not saying that this is what happened here, but if they wanted it obviously wouldn't be hard to pull off.
Malware is intentionally malicious. While Microsoft's add-on was defective and therefore exploitable, and while it was installed without giving the user an option, it's not quite fair to call it "malware." It's just buggy code.
Its a matter of definitions i guess.
Malware, short for malicious software, is software designed to infiltrate a computer without the owner's informed consent.
Informed consent is a legal condition whereby a person can be said to have given consent based upon a clear appreciation and understanding of the facts, implications and future consequences of an action.
Why MIGHT we need it? Why is Mozilla killing it (and is not after MS and Moz chatted a bit and said ONE is okay and the other is still blocked?)?
Nothing I use daily requires .NET. I've blocked it on updates on all systems. Biz continues as normal. Am I missing out on something?
I defer to nobody in willingness to attribute bad motives to Microsoft: they are, IMO, lawyers and lawyer-spawn, although serpents are physiologically incapable of stooping, there is no depth to which they would not slither.
But I have no trouble attributing this particular issue to stupidity rather than malice: after all, they have these kind of security, reliability, and performance problems ALL THE TIME on their own software.
>I can just see a Microsoft campaign telling you to
>1) update your machine
>2) open Firefox
>3) open IE
>4) type this URL into both browsers
>5) hit enter on both browsers
>6) See! IE loads faster than FF
>What they don't tell you is their plugin from the "update your machine" step slows down FF.
In THIS matter you're attributing far too much honesty to Microsoft. This is similar to what they do regularly. But only similar. Step 6 is always stated "See! IE RUNS faster than FF!" Even though they're only measuring LOAD time, they advertise it as RUN time.
As I say: there are few depths to which they have not already slithered.
I ask once again... what is the benefit of .NET?
On the other hand, if you're a surfer who likes Java because of its security, and don't want just anyone dropping anything on your machine without your knowledge or consent, then ... ClickOnce is the Satanic IT project of the year.
It's all in your perspective.