CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
June 12th, 2010

Microsoft Secretly Sneaks Firefox Add-on Into Latest Update

Microsoft has silently slipped a Firefox extension onto user machines via an automatic software update. Again.

This week, as part of its regular Patch Tuesday, Redmond released an update for its various browser toolbars, and as Ars Technica noticed, this update also installed an entire add-on for Internet Explorer and an extension for Mozilla Firefox – without asking users. Ars was unable to identify the installs, but Microsoft now says that the update was installing the latest version of its Bing toolbar on machines that were running the older Windows Live Toolbar or MSN Toolbar.

The company says it has now, um, updated the update, and the silent toolbar install no longer occurs. The company calls the silent install “a bug.”

“We discovered a bug in the latest update that was installing the Firefox extension for users with the Windows Live Toolbar and MSN Toolbar (specifically people who have not upgraded to the latest version of the Bing Bar),” the company tells us. “We fixed the update so that going forward folks who still have only the older Windows Live Toolbar or MSN Toolbar will not see this behavior anymore.”

The company apologizes for any inconvenience this may have caused.

Microsoft says that the update was supposed to include only its Search Enhancement Pack, a shared component used by the Windows Live Toolbar, MSN Toolbar, and Bing Bar. The Pack, the company says, enables certain toolbar features, such as the search suggestions drop down. The update was originally tagged with the Search Enhancement Pack label, but it also installed the Bing toolbar on certain machines.

The update was marked “important,” not “optional.” And Firefox users at MozillaZone weren’t too happy about the silent extension install. “I am still annoyed that Microsoft thinks it is ok to arbitrarily tack on something to my FF browser WITHOUT asking, and worst of all, disabling the Uninstall button! Why do they keep doing stupid things like that?!” says one posted.

Users were similarly peeved a year ago, when a service pack for the .NET Framework silently pushed a Firefox add-on. This add-on – Microsoft .NET Framework Assistant – enabled .NET apps to be installed with one click. It also shipped with a disabled uninstall button.

Credit: The Register

Share this item with others:

More on CyberInsecure:
  • Unpatched Memory Corruption Flaw In Latest Firefox 3.5 Can Install Malware
  • Microsoft Discovers Flaw In Google Plug-in For Internet Explorer
  • Malicious Firefox Add-on Spies On Google Search Results
  • Malware-laced Firefox Add-ons Available On Official Website Overlooked By Mozilla
  • Login And Password Stealing Trojan Masquerades As Firefox Plug-in

    • Posted in Microsoft, Privacy, Software, Windows | Print This Post Print This Post

    This entry was posted on Saturday, June 12th, 2010 at 1:51 pm and is filed under Microsoft, Privacy, Software, Windows. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Microsoft Secretly Sneaks Firefox Add-on Into Latest Update

    One Response to “Microsoft Secretly Sneaks Firefox Add-on Into Latest Update”

    1. ron Says:
      June 15th, 2010 at 2:21 pm

      this isn’t the first time they’ve done that. Since it went unnoticed last year I’m guessing they felt they could do no wrong another time around.

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »