What is Digg?Sponsored by Dragon Age: Origins
Follow the Dragon Age: Origins development team on Twitter view!
twitter.com/DragonAge - EA presents BioWare's new dark fantasy epic Dragon Age: Origins. '9/10' from Game Informer.
316 Comments
- stutimandal, on 05/31/2009, -7/+214It isn't just Microsoft doing it. Veoh Webplayer, Skype, AVG antivirus etc. do it too.
I usually disable any add-ons that I cannot remove.
My guess is they need to make Firefox as a compatible browser for various purposes. However, it should make an option -> 1) whether we want to use .NET with firefox (then we need some add-on) OR 2) whether we wish to keep our Firefox clean (and not use .NET). - roloenusa, on 05/31/2009, -8/+195I would like to know what the purpose of this addon is...
- tehhowch, on 05/31/2009, -54/+225Other applications do this too, like Java. No biggie. Just hit "Disable" and you are free from its vulnerabilities.
- P5ycHo, on 05/31/2009, -9/+178That still doesn't make it 'right'.
- Contradictions, on 05/31/2009, -52/+182Sounds like a vulnerability in Firefox to allow such a thing to happen, don't you think?
- gfxluvr, on 05/31/2009, -11/+101Welcome to like, 3 months ago?
- sirbeta, on 05/31/2009, -8/+84Is this news? Really? Microsoft has been doing this forever now, and every time there's an update it's suddenly a "secret firefox extension". You'd think people would have better memory. It's the ClickOnce helper that allows you to run ClickOnce installations from Firefox, and it reports the .NET framework version. For the record, I don't like the disabled uninstall button.
- cloudberries, on 05/31/2009, -11/+83I, for one, don't welcome our clunky, bloated software overlords.
- Myztry, on 05/31/2009, -18/+87Not really. Microsoft could use Windows Update to slip code into military computers just the same...
- inactive, on 05/31/2009, -7/+65http://img188.imageshack.us/my.php?image=55896631. ...
and its uninstallable. - roomaustin, on 05/31/2009, -14/+70"Microsoft tells us that the only way to get rid of this thing is to modify the Windows registry, an exercise that -- if done imprecisely -- can cause Windows systems to fail to boot up."
Does anyone else feel they are being patronized here? - techdribble, on 05/31/2009, -21/+73This has been around for ages its hardly news. Its a case of a journalist making a mountain out of molehill. Just mention Microsoft and secret and dont let the facts get in the way.
- diemunkiesdie, on 05/31/2009, -30/+82Just in case you are wondering why you have one bury. I auto bury anyone who says "M$" or "Micro$oft" because that pisses me off to no end.
- 0tis, on 05/31/2009, -4/+52I have a problem with the words "like Java", too. Not the best example?
- Korayem, on 05/31/2009, -9/+53People, this is used to install "clickonce" applications!! something like adobe air. For more info on "clickonce":
http://msdn.microsoft.com/en-us/library/142dbbz4(V ...
I had this installed on my firefox since version 2.0. I installed it manually by dowonloading and installing an "msi" file. This is not what people are claiming. - WiseGuy1020, on 05/31/2009, -3/+41Thats why for really important, "mission critical" software the military uses custom Linux builds. At least the Navy and the NSA does.
- Myztry, on 05/31/2009, -5/+41Microsoft determines the behavior of Windows Update. Not the Military.
They may test the general operation of the code, but they are not going to decompile each update down to opcode level to check whether the ability to undeniably push code has been introduced.
They have to by necessity of closed source trust Microsoft not to do such things. Microsoft is the highest ranking officer, and indeed the General in this scenario. - inactive, on 05/31/2009, -9/+43No it sounds like Firefox just has a really good add on system.
- mktwo, on 05/31/2009, -12/+44@prophetpimp Please read the ***** article, espectially the 5th and 6th paragraphs;
"this update adds to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer: the ability for Web sites to easily and quietly install software on your PC."
"Microsoft has disabled the "uninstall" button on the extension. What's more, Microsoft tells us that the only way to get rid of this thing is to modify the Windows registry, an exercise that -- if done imprecisely -- can cause Windows systems to fail to boot up.". - PizzaCat, on 05/31/2009, -4/+30i have the Microsoft .NET Framework Assistant 1.1 installed, and it has both the disable and uninstall button.
and they both work. - crackah, on 05/31/2009, -6/+32damn, im sure there are worse things going on in your life and a firefox extension.
- ripter, on 05/31/2009, -3/+26Firefox correctly reports your version of .Net without the plugin, so why do we need the plugin again?
- Memnochxx, on 05/31/2009, -0/+22I just uninstalled by pressing the uninstall button, is there something I'm missing here?
- Animan351, on 05/31/2009, -3/+25 Here's the removal instructions for those of you who want it and the uninstall option is grayed out( .NET 1.0 I believe )
1. Open Registry Editor (type regedit in the Start menu Search box in Vista/Windows 7, or in XP's Run window).
2. Expand the branches to the following key:
* On 32-bit systems: HKEY_LOCAL_MACHINE \ SOFTWARE \ Mozilla \ Firefox \ Extensions
* On x64 systems: HKEY_LOCAL_MACHINE \ SOFTWARE \ Wow6432Node \ Mozilla \ Firefox \ Extensions
3. Delete the value named {20a82645-c095-46ed-80e3-08825760534b} from the right pane.
4. Close the Registry Editor when you're done.
5. Open a new Firefox window, and in the address bar, type about:config and press Enter.
6. Type microsoftdotnet in the Filter field to quickly find the general.useragent.extra.microsoftdotnet setting.
7. Right-click general.useragent.extra.microsoftdotnet and select Reset.
8. Restart Firefox.
9. Open Windows Explorer, and navigate to %SYSTEMDRIVE%\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation.
10. Delete the DotNetAssistantExtension folder entirely.
11. Open the Add-ons window in Firefox to confirm that the Microsoft .NET Framework Assistant extension has been removed.
instructions from Annoyances.org - Yage2006, on 05/31/2009, -8/+29To spy on your porn surfing.
- ZippyV, on 05/31/2009, -5/+26The purpose is to allow .application files to be executed by the .net framework. It also changes your useragent string to include which version of the .net framework you are running.
- dewdrinker19, on 05/31/2009, -3/+24Strange article. My uninstall button worked just fine in the Firefox Add-On window...
- dazparkour, on 05/31/2009, -3/+21AVG ASKS if it wants to be installed as it's Strange behavior.
People agreeing to automatic updates to windows probably don't associate that with firefox. - WoogyDude, on 05/31/2009, -4/+22How does this indicate a vulnerability in Firefox? If you run a dangerous program with enough privileges such that it is able to edit the registry, it making firefox load an extension is the least of your worries
- socokoolaid, on 05/31/2009, -5/+22yes "This is basically telling firefox to behave like IE" is totally inaccurate.
- PsychoBrat, on 05/31/2009, -3/+20After learning of these flaws, I did a little testing of my own and discovered that Firefox doesn't protect my monitor against violent Dremel attacks, either.
How long are we going to stand for this kind of lax approach to security? - greevar, on 05/31/2009, -9/+26No, it's not right. It would appear to me that they are trying to break Firefox for everyone and blame it on Mozilla.
- nyxerebos, on 05/31/2009, -8/+25When one thinks of all the security holes opened up by COM/ActiveX in IE, I'm not sure I'd like them quietly adding another execution mode to my browser, or to my parent's browser for that matter, coz they're not going to know better than to run some .NET malware, and I'll be the one fixing it.
But fortunately I use Ubuntu. - weeFred, on 05/31/2009, -4/+20Your OS vendor choosing to modify other programs on your system without prompting you for consent is fairly bad if you ask me. Especially with their history of browser development and them being in direct competition with FF.
- djdisconess, on 05/31/2009, -6/+22I think you are being a little noobish in that statement tbh. The add-on itself states "Adds ClickOnce support and the ability to report the installed .NET version to the web server." Now I dislike MS yes, but no, I don't think they installed malware on my Firefox to somehow make it behave like IE (and thankfully, it's blacklisted by Mozilla if you are running the 3.5 Beta.)
- renegadeafk, on 05/31/2009, -0/+16hes running 3.5 its obviously a typo... I'm also running 3.5 beta on win7 and I can uninstall it.
- tehhowch, on 05/31/2009, -0/+16I was referring to the inability to uninstall the Java Quick Starter from the Add-ons page. Java isn't nearly as nefarious as Microsoft in cases like this, but they do indeed try to bundle the Yahoo toolbar into your system in a Java update. While most diggers will catch this, I doubt the general public does.
And I suppose if one is being nitpicky about my wording, I should have referred to the company (Sun) and not the product. - Megor, on 05/31/2009, -4/+19I checked and you can uninstall it just like any extension, perhaps things have changed since this article was published.
- DangerCollie, on 05/31/2009, -8/+21Not when you consider the range of user expertise. Maybe the l33t haX4rs here at Digg feel patronized, but for the average user, messing with the registry editor is way beyond their skill level.
I don't get people defending MSFT's dickish behavior. You pick firefox for a reason and usually one of those reasons is it gives you more control of your surfing experience. So then MSFT takes it upon themselves to "fix" firefox without telling you. There is nothing okay about that. - Quicksilver4648, on 05/31/2009, -0/+13I am on Windows 7 RC with Firefox 3.0.10 and I can disable and uninstall it.
- jpate86, on 05/31/2009, -1/+14The purpose is to allow ClickOnce applications to be able to launch from Firefox. ClickOnce allows winforms/Windows Presentation Desktop applications to be published to a web server and installed on clients machines. A necessary part of this is allowing the browser to report to the web server what .NET versions are installed on the client computer to make sure the software is compatible. Once installed via ClickOnce, it then handles auto updating of the application when new versions are released. This in theory is great as it eliminates the need for developers to write their own updating code. I say in theory because I tried to implement ClickOnce a year or two ago and it was so finicky. I ended up abandoning the ease of use aspect and just writing my own update code that actually works. I'm sure it has came a long way since then, but it my experience I was not that impressed.
On a side note, this is not a new revelation. Microsoft has been installing this extension "secretly" for quite a while now. - AdmiralAcbar, on 05/31/2009, -2/+14NERD RAGE!
- scuba7183, on 05/31/2009, -1/+12It asks you whether or not you want to make it the default
- zumpiez, on 05/31/2009, -5/+161) Disable and Uninstall are not the same button
2) It does not allow websites to quietly install software on your pc.
The interface for installing one is similar to the Firefox Add-on installation popup. At no time can a ClickOnce installation happen without user concent.
MORE IMPORTANTLY, ClickOnce apps cannot even make system calls. They can't do anything that requires administrative privileges. They can only install per-user. They are isolated from other applications. These are about the lowest impact applications possible outside of a web browser.
This is knee-jerk reactionary FUD of the worst kind. - ChiaGod, on 05/31/2009, -7/+18I know right?!? Another Firefox vulnerability is it won't protect against fdisk, format or writing zeroes to the drive.
Secure browser my ass... - pedo, on 05/31/2009, -10/+21apparently the purpose is to make firefox as crappy as IE
"this update adds to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer: the ability for Web sites to easily and quietly install software on your PC." - TheMAZZTer, on 05/31/2009, -1/+11Wrong. It's not in the user profile folder. It's installed globally, for all users (hence why you can't use the Uninstall button).
But it's easy enough to remove by going to the HKLM\Software\Mozilla key and finding the extension key somewhere in there, and deleting entries which point to extensions you don't want.
.NET 4 beta installs such an extension. If you try to block extension installs by denying write permission on that key, the whole installer fails and rolls back. Lame. Took me a while of sifting through the installer logs to figure it out. - pivovy, on 05/31/2009, -2/+12*****!
- graemee, on 05/31/2009, -2/+12Frefox 2.5 Beta? Update to FF 3.0.10.0 like the rest of us.
I'm running Windows 7 too. It disables. - PsychoBrat, on 05/31/2009, -2/+12secondwheel2: I hope that was a joke. There was a lot of press recently about massive security holes in military installations precisely because software configuration was NOT taken seriously enough, and there were hundreds of insecure Windows installations letting crap into their networks.
-
Show 51 - 100 of 320 discussions
Browsing Digg on your phone just got easier with our enhancements to the 
© Digg Inc. 2009
— Content created and posted by Digg users is 