Microsoft .Net Framework 3.5 violates FireFox

My latest Windows Update run just downloaded an update to Microsoft‘s .Net Framework 3.5. Here are the details of the update:

Microsoft .NET Framework 3.5 Service Pack 1 is a full cumulative update that contains many new features building incrementally upon .NET Framework 2.0, 3.0, 3.5 and includes cumulative services updates to the .NET Framework 2.0 and .NET Framework 3.0 subcomponents. The .NET Framework 3.5 Family Update provides important application compatibility updates.

Sounds fairly innocuous, right? Wrong! Besides deploying the fixes to the .NET framework mentioned above, the update also installed a stealth Add-in for FireFox, without any warning, permission or request for consent:

microsoftff

To add insult to injury, not only is the plugin useless (Not compatible with Firefox 3.1b2) as you can see above, but the Uninstall button is actually disabled!

Looks like it’s not a new problem, with reports of Microsoft violating Firefox since last August, but this is now bundled as part of a package that is described as an “Important Update”, rather than a component of development software (Visual Studio) that a person may or may not choose to install.

You can hack your way through uninstalling the plugin, but it’s not the sort of thing someone inexperienced should try. Here are the instructions from the site above:

Against what many people think, though, it can be uninstalled – but by nothing less than hacking the actual registry of Windows! Open your Start Menu and choose Run. Type in regedit and press enter/click OK. Within there, you have to look for something called HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions and delete the key there (for Windows Vista 64-bit HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions).

When you have done that, type in about:config in the address bar in Firefox, accept the warning and then remove general.useragent.extra.microsoftdotnet and microsoft.CLR.clickonce.autolaunch.

And, to finish it off, open Windows Explorer and go to \WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ to remove the last remnants of the evil extension.

Instructions thankfully found through Remove the .NET Framework Assistant 1.0 from Firefox

My question to you is this. Granted that Microsoft may “own” the operating system you’re running your software on, but does that give them the right to install additions to non-Microsoft software on your machine? The plugin didn’t work in my case, but let’s say it broke Firefox for me, would Microsoft have acknowledged this was a problem they caused and fixed it? Is it right for them to circumvent any features Mozilla put into Firefox to protect their users and violate their software in this way? Isn’t this the sort of installation route you’d expect malicious software to take?

21 comments

  1. You know I can’t let this go …

    The thing is, Firefox 3.1b2 is a BETA so is not intended for Beta release (under the original meaning of the word) so your decision to install essentially unsupported software is your decision – a decision that inexperienced users should not takem despite the marketing rubbish encouraging them to do so.

    That said, I can see why they are doing it. Maybe Firefox weren’t being as helpful as perhaps they could be in modifying their user agent strings to help web server developers identify the capabilities of the client machine (particularly useful for Silverlight, WPF) but there are privacy issues here. I first spotted companies inserting their own values in the User Agent string without my consent when Creative added their ZEN version.

  2. I had less of a problem with the fact that it didn’t work with my version of FF (that was a good thing in my opinion) and more with the plethora of questions it raised about a software vendor installing unauthorised components into a different software vendor’s application.

    The last vendor that tried to do that to me was a “smiley toolbar which monitored what sites you visited” kinda application

  3. This is quite simply an act of vandalism by Microsoft. It is just as illegal as any spyware that installs itself without your permission, deliberately makes it impossible for you to uninstall it, and collects information from your computer. If this were done by some 12-year-old kid in Germany, he’d be sent to prison. Should Microsoft be treated differently?

    By the way, in answer to Nathan Pledger, this has nothing to do with beta software. Anyone using the beta version of Firefox is lucky in that the Microsoft add-on won’t work. I, unfortunately, have the release version, which means that Microsoft can have its evil way with my machine.

  4. .net 3.5 update crashes my FF 3.06. I did a system restore to the point just prior to installing the “important update” and all is well again. What a pain. Now I’m not very keen on installing any Microsoft updates, and that can’t be good.

  5. Just used Firefox today to have a look at what Firebug would say about some JS issue I was having and after installing I saw the plug-in from MS and thought “Oh, how useful, ClickOnce deployment will work in Firefox, now.”

    Or was that the wrong thing to say?

  6. I want to install SpeedUpMyPC 2009 from Uniblue, why SpeedUpMyPC can’t detect .NET 3.5 SP1 that I has installed. I think the best place for .NET 3.5 SP1 is RECYCLE BIN or TU Shredder.

  7. Ok, uninstalling the Add-on is great for a while.

    What happens when Microsoft pushes an update to .NET Frameworks 3.5 SP1 , like SP2. Won’t that reinstall and register that .NET Add-on?

    Wouldn’t just simply Disabling the add-on in the Firefox Add-ons window do the trick?

  8. @Sean: You’ll notice that the the “Disable” button was greyed out above. You can’t actually uninstall it from there.

  9. When my windows updater installed .Net Framework 3.5 i also noticed the add-on in my firefox and it also broke my firefox and all of the add-ons i had on my firefox. I did a system restore and it fixed the problem. This has happened twice so far and .Net Framework 3.5 breaks alot of other add-ons with firefox like add block, no script, even my fire fox calendar.

  10. so Microsoft installs a plug in , into
    there number one browser competitor,
    doesn’t tell the user, and makes it non removable

    and also , it reduces the browsers security
    BIG surprise

    so i suppose this is not an obvious case of sandbagging?

    BULL SHIT!

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.