Silent add-on Install for Firefox from Microsoft

Discussion in 'other security issues & news' started by bigkatt74, Oct 17, 2009.

Thread Status:
Not open for further replies.
  1. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,635
    Location:
    European Union
    It also happened to me, but the weird thing is that I didn't upgraded .NET lately, and I don't have automatic windows updates activated.
    The plugin dll is installed at C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll on my computer. I just renamed the dll to NPWPF.dl_ and the plugin was gone from firefox (so far nothing else seem to be broken by this).
     
  2. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    So you're using an OS made by malware writes? Uhu that makes sense.

    Both MS and Mozilla are at fault here.

    First it's stupid to let anyone install addons to your software without some kind of popup.
    Second, Microsoft were stupid to auto install the plugin in the first place, from what I heard, they regret this, but now it's biting them in the ass EVEN MORE, because they *HAVE* to force the addon into firefox again to fix the potential exploit they added to firefox earlier in the year.
     
  3. Dr payne

    Dr payne Guest

    That is why I never used IE (except for broken windows
    updates, unfortunately) Now FF is in my exclusion list.
    Sheeple will always defend FF.
     
    Last edited by a moderator: Oct 18, 2009
  4. rice4lunch

    rice4lunch Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    70
    This shouldn't be a problem for firefox protable right?
     
  5. Basic

    Basic Registered Member

    Joined:
    Jul 19, 2004
    Posts:
    102
    I am using firefox portable and the plug-ins were installed so it is a problem.
     
  6. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,213
    Guys, what's the big panic?

    MS did what they did before ... only this time Mozilla blocklisted the dangerous add-ons, so this is something to be happy about. Furthermore, this is not a Firefox problem, as some like to put it, because, for example, on Linux, these plugins are nyet. It's a .NET issue and alike, besides why would you want to use that. And what site could possibly need that?

    Disable, test ... see that most multimedia content online is delivered using Flash, and that's about it.

    Mrk
     
  7. Dr payne

    Dr payne Guest


    No panic, no FF.
     
  8. chrisretusn

    chrisretusn Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    1,668
    Location:
    Philippines
    Dr. payne,

    Opera is also effected by this. Guess Opera is also malware.

    I don't use .NET in my Windows virtual machine, don't use Firefix either.

    I do use Firefox in Linux, this is not a problem.
     
  9. chrisretusn

    chrisretusn Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    1,668
    Location:
    Philippines
  10. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    835
    Location:
    UK
    Dr Payne.........

    Thanks for the tip.

    However, I did get rid of the plugin in Opera by sending the .dll to a zipped file and deleting the original, the plugin is gone now. One interesting thing though before I deleted it, I 'right clicked' the .dll and it said 'creation date' 2002 !, so it's been around a long time. I have only been using Opera for 2 years.

    Gordon
     
  11. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,238
    Location:
    Sydney, Australia
    LOL:
    Another ~ Snipped as per TOS ~ fiasco of course:
    MS plugin disabled by Mozilla after security loopholes discovered :rolleyes:

    http://blogs.zdnet.com/security/?p=4614&tag=nl.e589
    http://www.computerworld.com/s/article/9139459/Sneaky_Microsoft_plug_in_puts_Firefox_users_at_risk

    Also see if these types of random files ( attached images ) are present in root of HD with the most space, some may be leftovers from latest or earlier updates : wtf? :rolleyes:
    MS outdoing itself, really.

    Giorgio Maone: nice summaries:
    http://hackademix.net/2009/10/17/firefoxs-immune-system/
    http://hackademix.net/2009/10/16/microsoft-windows-exploitation-foundation-for-firefox/

    Kudos to Mozilla sort of, but points the need for a tool to pick and choose or at least notify re new plugins
    ( and a tool to blacklist all MS plugins ?? heh heh )

    Couple of nice fixes here and there..but ...once again...:gack:

    EDIT: Mozilla is going to correct it's own blocking
    Will unblock both .net assistant and WPF
    Hhmm.
    Mike Shaver, Mozilla's vice president of engineering:
    http://shaver.off.net/diary/2009/10/18/update-net-framework-assistant-clickonce-support-unblocked/
     

    Attached Files:

    Last edited by a moderator: Oct 19, 2009
  12. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,213
    My 32 cents on the subject ...

    It goes likes this:

    Following yet another storm of confusion and panic revolving around the silent installation of the Microsoft. NET Assistant plugin into Firefox and the rumors of critical security vulnerabilities in this plugin, I've decided to write an article on the topic and clear away some of the fear and doubt. Today, we will talk about the proactive security approach by the Mozilla Corporation toward their main product, Firefox, with Plugin Check and Add-on Blocklist services helping users stay safe and up-to-date by updating/disabling vulnerable plugins. Follow me.

    http://www.dedoimedo.com/computers/mozilla-security.html


    Enjoy,
    Mrk
     
  13. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Mozilla removed the block on the plugin as it's been concluded the are no exploits associated with it according to the report on bugzilla.
     
  14. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,238
    Location:
    Sydney, Australia
    More -ahem- clarifications..enduser confusion has reigned..

    Mozilla unblocks one sneaky Microsoft plug-in
    http://www.computerworld.com/s/article/9139557
    /Mozilla_unblocks_one_sneaky_Microsoft_plug_in?taxonomyId=125

    Microsoft and Mozilla leave Web users tangled over 'variant' vulnerability
    http://www.betanews.com/article/Mic...tangled-over-variant-vulnerability/1255967784

    It's sort of working itself out now..damage to both MS and Mozilla reputation precipitated by MS.
    Mozilla running hard to recover and review procedures. :thumb:
    Ms still happy with the sledge hammer approach.:thumbd:
     
  15. Basic

    Basic Registered Member

    Joined:
    Jul 19, 2004
    Posts:
    102
    Thank you Mrkvonic for the well written article.

    Thank you also to Longboard, Pinga, and chrisretusn for the informative links.

    I am pleased that Mozilla is addressing the issue and I suppose I am going to have to adjust to their approach of Blocklisting some plug-ins/add-ons. Would rather be alerted before anything installs though.

    Not to happy with the 'Hey it is already installed but the Blocklist will disable it for you' approach. All that means to me is that I will have to uninstall it myself.

    This my opinion and will not affect my use of Firefox but with less trust.
     
  16. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,044
    Location:
    Texas
    .NET Framework Assistant & Windows Presentation Foundation Plugin Blocking Update

    Mike Shaver
     
  17. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,238
    Location:
    Sydney, Australia
    From Ronjors Link above:
    http://shaver.off.net/diary/2009/10...foundation-plugin-blocking-from-this-weekend/
    ;)
    Ahhh: It's a love fest. All friends there. :D
    (I think I can hear some teeth grinding in the background. ? ? ?)

    So: all a big friendly misunderstanding that left most endusers gasping for info and insights.

    Hope there really has been a learning curve here.
    I still perceive Mozilla and FF users as the "injured" party here even if injury not serious.

    LOL, every FF user now taking a Looonnnggg Look at their Add-ons and will be watching after every MS update.
    Always good to know that MS feels they can pull the trigger on any install that suits them to any component they want.
    Be nice if anyone can give a link to where all the MS add-ons descriptions and functions are to be found.

    I guess that's that for this episode.
     
    Last edited: Oct 20, 2009
  18. Pinga

    Pinga Registered Member

    Joined:
    Aug 31, 2006
    Posts:
    1,420
    Location:
    Europe
    Teeth grinding? Vomiting would be nearer the mark.
     
  19. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Firefox isn't at fault here. Those files weren't installed by FireFox and didn't come in through FireFox. They were installed via Windows Update. Yes, a browser should be able to prevent unwanted drive-by installs from the web. It can't be expected to prevent the OS updater from installing files. The browser doesn't control the operating system. It's ridiculous that a browser vendor has to include provisions to defend against the operating system.

    The blame here is primarily on MS for adding to someone elses software without asking the user. Beyond that, the rest of the blame is on the user for either allowing Windows update to freely install whatever MS wants (automatic updating) or for not investigating what they're installing (unnecessary updates).

    No, I'm not a FireFox fan. I use K-Meleon and SeaMonkey.
     
  20. Windchild

    Windchild Registered Member

    Joined:
    Jun 16, 2009
    Posts:
    571
    Exactly. :thumb: And I'm not a Firefox fan either. I don't even use it.

    MS screwed up here, and installed stuff that should not have been installed. Not Mozilla's fault.
     
  21. alternety

    alternety Registered Member

    Joined:
    Nov 18, 2008
    Posts:
    37
    From a FF user that is not into the techy details (I suspect a rather large segment of the user population). I install a browser to browse; not as a hobby. I have installed a number of add-ons to add functions that should have been included. I did this from a list of available items from the Mozilla site. They had descriptions of what the add-ons did. This is good.

    I actually did not realize that the non-useful icon on the menu actually pointed to something important - e.g., plug-ins. It is not user friendly to use images with no text for icons that have no reasonable expectation of being understood by the casual user.

    That said. There should be absolutely no way that FF should allow the installation of external software without the permission of the user. Never. Ever. Ignoring the fact that MS is a high handed arrogant SOB, it should never have been allowed to do silent installs. To those saying that we simply let MS install what they damn well pleased; wrong. I have auto update disabled just for this sort of thing. When MS says it is a .net update - why would I not allow it? If it cannot be stopped because it happens when FF is not active; check at each startup and at intervals to see it it happened. Tell the user. Not rocket science.

    When an update is attempted by any source it must explain what it does. I have no idea what the two DRM plug-ins do (I mean in terms of why I care), or the presentation thing, or anything else. This is at least a major part of the problem.

    Mozilla should not allow installation of anything unless it is from their site. To get on their site, Mozilla should at least determine the purpose and function of the software. And require the explanation to be published in the installation description before installation is allowed. Mozilla must also require any such software to include an effective uninstall to be permitted.

    I do not care if this inconveniences someone that wants to develop software for FF. It is the user that counts. MS and others need to stop this crap.
     
  22. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    The browser didn't allow it and can't prevent it. Applications that can control the actions of Windows Update and the operating system itself are generally referred to as HIPS, not browsers.

    Regarding letting MS do as they please, that's its own can of worms. Technically, we don't own the operating system even though we purchased it. Microsoft has retained the right to modify it as they choose, whether we like it or not. When you're a giant monopoly with no substantial competition, you can get away this kind of arrogance. The only way around this is to use something else like Linux. That's one of the reasons I won't update to a newer version of Windows. I don't want to have to fight with them to keep control of the operating system.
     
  23. Eice

    Eice Registered Member

    Joined:
    Jan 22, 2009
    Posts:
    1,413
    Firefox has to defend against the operating system? :rolleyes:

    You make it sound as though Microsoft was exploiting some undocumented secret backdoor to install a plugin. This is either ignorance or deliberate maliciousness, considering how Firefox's ability to automatically scan for and install plugins is openly documented as a feature.
     
  24. Eice

    Eice Registered Member

    Joined:
    Jan 22, 2009
    Posts:
    1,413
    Wrong on the very first count. The browser not only allowed it, but performed it automatically as a design feature.

    If you ask me, the Firefox fanboys owe Microsoft thanks for this. At least, when they're done expressing their irrational hatred for Microsoft, some might hopefully still be smart enough to see the problems with Firefox's plugins-handling mechanism before they're exploited by real malware writers out to cause harm.
     
  25. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Same here. I deleted the exact same file.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.