« Conficker Sill Active | Main | Conficker: 1 Year Later, 7 Million Infected »
10/18/2009
Firefox Blocking Microsoft .NET Plugin/Add-on
Kevin R. Smith
Co-Editor
Co-Editor
There was a lot of noise starting back in February 2009 when Microsoft began pushing out a secret .NET plugin/add-on to Mozilla Firefox.
Among other problems was that Microsoft was installing the plugin to Firefox anytime you did a Windows update.
The complaints about this plugin were:
The good news about this is that Mozilla Firefox developers are now blocking the .NET plugin.
Given the list of problems cited above with this plugin, it's no wonder Mozilla devs moved to block the add-on.
We're not alone in wishing it had happened sooner, regardless though we're glad they have.
Sure, Microsoft has ever right to make a .NET plugin for Firefox. The problem is/was that they weren't giving users any notice the plugin was being installed.
They just did it.
Oh, and good luck getting it disabled once it's in there.
If Microsoft wants to make the download available as an optional installation AND make it possible to easily disable the plugin, that's fine.
What they did though is unacceptable as it was nigh impossible to disable for most users. If a security issue had arisen with it for which Microsoft, as they do from time-to-time, declines to issue a patch (or are slow to issue a patch), users would be hard pressed to disable the plugin to mitigate the risk.
Whoever at Microsoft was responsible for making this plugin work the way it did could have made it work the way they did for a few reasons:
How would users feel if suddenly, without notifying users they were doing it, without giving users a chance to opt-out, and without users having a way easily undo what Microsoft had done, Microsoft started changing setting or adding "features" to something like Internet security software?
While not exactly Internet security software, per se, Firefox is installed by users because in many ways it does provide greater security than Internet Explorer.
No matter how you look at it, the way Microsoft chose to install the plugin, essentially injecting its own code into another company's product, without users' knowledge or consent, was unwise at best and while not exactly malicious, almost certainly not on the up-and-up.
I'm just glad Mozilla finally disabled the .NET add-on.
If you haven't updated your Firefox (or haven't yet tried it), you can download Firefox--the latest version, of course--and get the .NET plug-in disabled.
Among other problems was that Microsoft was installing the plugin to Firefox anytime you did a Windows update.
The complaints about this plugin were:
- There was no notification of the update.
- There was no practical way to prevent the update.
- Disabling the plugin was a supreme headache.
- Firefox isn't even a Microsoft product!
Given the list of problems cited above with this plugin, it's no wonder Mozilla devs moved to block the add-on.
We're not alone in wishing it had happened sooner, regardless though we're glad they have.
Sure, Microsoft has ever right to make a .NET plugin for Firefox. The problem is/was that they weren't giving users any notice the plugin was being installed.
They just did it.
Oh, and good luck getting it disabled once it's in there.
If Microsoft wants to make the download available as an optional installation AND make it possible to easily disable the plugin, that's fine.
What they did though is unacceptable as it was nigh impossible to disable for most users. If a security issue had arisen with it for which Microsoft, as they do from time-to-time, declines to issue a patch (or are slow to issue a patch), users would be hard pressed to disable the plugin to mitigate the risk.
Whoever at Microsoft was responsible for making this plugin work the way it did could have made it work the way they did for a few reasons:
| Microsoft's Possible Reasoning | Why Their Reasoning Was Unsound | |
|---|---|---|
| 1. | Give everyone a similar experience in Firefox they would have with Internet Explorer. | Fine. Just give users the choice to opt out easily.
Give users the chance to disable easily the add-on at any time after installation if they don't like/want it. |
| 2. | Making it optional confuses too many people. | If you're confused about what it is or how it works, how do you expect anyone to know what they're missing by not having the .NET add-on? |
| 3. | Making it difficult to remove makes it hard for people to miss out on the experience. |
What if there's a security issue? What if there's a stability issue? What if I just don't want it?
How can anyone minimize the security risk or test for stability issues if it's so difficult to remove? |
| 4. | Making it difficult to remove lets Microsoft extend its reach into Firefox. | Why create more browser-related problems for Microsoft, which already has plenty of issues to contend with in the antitrust arena? |
How would users feel if suddenly, without notifying users they were doing it, without giving users a chance to opt-out, and without users having a way easily undo what Microsoft had done, Microsoft started changing setting or adding "features" to something like Internet security software?
While not exactly Internet security software, per se, Firefox is installed by users because in many ways it does provide greater security than Internet Explorer.
No matter how you look at it, the way Microsoft chose to install the plugin, essentially injecting its own code into another company's product, without users' knowledge or consent, was unwise at best and while not exactly malicious, almost certainly not on the up-and-up.
I'm just glad Mozilla finally disabled the .NET add-on.
If you haven't updated your Firefox (or haven't yet tried it), you can download Firefox--the latest version, of course--and get the .NET plug-in disabled.