[kwlug-disc] Slashdot article: Microsoft Update Slips In a Firefox Extension

Rashkae rashkae at tigershaunt.com
Mon Feb 2 11:17:46 EST 2009

Chris Bruner wrote:

> I believe the update happens when you are updating Visual Studio, and
> probably because MS uses a web browser to access it's help info. If you
> are developing with VS, then you need to expect MS to be "helping" you.

Unfortunately, this update is part of .NET framework, and now gets
installed automagically by the automatic Windows update.

Even worse, the plugin is actually something that enables single click
install of executable objects, (supposedly with restricted privileges,,
yeah, never heard that one before (*cough* activeX *cough*.)

I can see it clearly now, MS new plan to compete with Firefox.. don't
bother fixing the security holes in your products (and lets face it,
user double click install of executable code was by far Windows' worst
'security hole,' if you ever have to work in the trenches.)  Instead,
use your OS update to make the competing web browser equally insecure.

(To be fair, I think Firefox default extension/plugin install mechanism
is itself far too simplified, and is itself leading the wave of new
cross platform malware.  I'm too lazy to cite references)

More information about the kwlug-disc mailing list