Circuit Writer Version 6.11 by Jim Scheef Firefox and Windows .NET Framework 3.5 A very alert new member tipped me off about a story regarding how Microsoft, using Windows Update, had installed a Firefox extension without telling anyone. And to add intrigue, the add-on cannot be removed! My initial reaction was that this rumor might not be true and could he point me to the source of this dastardly rumor. So where was his source? What it SlashDot? What about Geek.com? Maybe eWeek Rumor Central with Spenser F. Katt? No! It turned out that his source was an article in that bastion of technological news and rumor, The Washington Post! As he was describing this little piece of software, I opened the Add-ons dialog in Firefox on my laptop to see if this “Trojan” existed on my computer, and there it was, grayed out Uninstall button and all! Naturally this applies only to Windows XP, Vista and Server 2003 and 2008. Don’t bother looking if you run Firefox on Linux or a Mac. The Washington Post article turns out to be a blog by Brian Krebs called Security Fix; the May 29 post is entitled “Microsoft Update Quietly Installs Firefox Extension.” In it, Krebs just as quietly describes the “component” called the Microsoft .NET Framework Assistant 1.0. The controversy comes from the fact that Microsoft slipped this into a non-Microsoft product as part of a “critical update” with no fanfare and using typical Microsoft logic, set it up so that the Uninstall button is inactive. So what, exactly, is this mysterious bit of code? For that we turn to the Microsoft Knowledgebase and article KB963707 which describes an update to the original component. The add-on makes Firefox compatible with websites that use the .NET Framework 3.5 and a “ClickOnce” feature in that version of the Framework. If the add-on is not found in your Firefox, it is because you have not installed the service pack for version 3.5 of the .NET Framework. “ClickOnce” is one of those insidious Internet Explorer vulnerabilities that can be used by a website to install software on your computer. If you do find the add-on on your computer and your reaction is “how dare they!” let me assure you that you invited Microsoft to install the component when you installed the .NET 3.5 Framework. In the end user license agreements for the Framework, Windows Update, and truly diabolical Microsoft Genuine Advantage, you authorized Microsoft, in its infinite wisdom, to install updates without your permission. Since all versions of the .NET Framework are optional, Microsoft’s case is pretty strong. Also the descriptions for an individual patch in Windows Update are very brief. Even the most critical updates point to a Knowledge base article that has more information. I even looked in the SP1 readme and still found no mention of Firefox. If your blood is still near the boiling point, look at Brad Abrams’ MSDN blog for an explanation, such as it is, for why the uninstall button is grayed out. Since many of us originally adopted Firefox as a way to avoid Microsoft-related vulnerabilities, how do we remove this affront to our sensibilities? The Washington Post blog references an article on the Annoyances.org website with instructions on how to remove the add-on by modifying the registry. If you would rather not go mucking in the registry, you will be surprised and pleased to learn that Microsoft has issued a fix for the fix that caused all this controversy. That’s what the Knowledgebase article mentioned above is all about. Read the KB article as the add-on must be enabled when this new patch is installed. There are versions for both 32- and 64-bit Windows; so download the appropriate “bitness” and run the install. You will note there is never a mention of Firefox even though that is the purpose of the fix. When you restart Firefox, the uninstall button will be enabled. For now, the mere fact that I can, if I want, click that uninstall button is enough for me. I have the add-on enabled and have checked an option to ‘Prompt before running ClickOnce applications’. This way I’ll know if I ever come across such an application even if it means that I must click twice. Whew! Potential disaster averted! Plus, my add-on is now version 1.1, so how cool is that? Did They Lie to Us? Are They Still? Since I am so late in completing my column for this month, I’ll jump on an article on page 1 of today’s New York Times about “E-Mail Surveillance Renews Concerns in Congress”. This, plus an article from Wired Magazine, “FBI Use of Patriot Act Authority Increased Dramatically in 2008”, should be enough to remind us that a slow economy will not slow down the FBI or the NSA as they stomp on our civil liberties. The article on email surveillance is about NSA programs that apparently are still secret while the Wired article is about the FBI’s increasing use of “national security letters” that bypass the FISA court. When you see this, it is not surprising that the FBI’s use of FISA warrants was down last year. Please read these articles and then remind your Congress people that you want the truth about domestic surveillance. Before moving on I’ll point out a related, but more political story about Judge Sotomayor and her possible leanings on this issue. Another note on page 1 of today’s NYT touches another aspect of government control of the Internet. Iran places more limits on what its citizens can find on the Internet than any other country – even more than China. Of course there’s North Korea where no one has a telephone, let alone a computer so Internet control is less of an issue. Over the last few days, the U.S. State Department asked Twitter to delay scheduled maintenance of their world network. The downtime would have come at a critical time following the Iranian elections and text messaging is a major means of political communication in Iran. The State Department request shows the level of tech savvy in the current administration and how something as modern as social networking can affect a country so deeply mired in the ancient and so resistant to change. China Wants All PCs to Have an Internet Filter Now we’re talking real control here. China announced last week that it would require all PCs sold in that country after July 1 to have a program similar to the filters used in some schools and public libraries. The official line is that the filter is to stop “unhealthy and vulgar” content such as pornography. Called Green Dam-Youth Escort, the software could allow the government to record and log every Internet search and every website visited and because it is installed on the local machine, it could report if the user tried to bypass government Internet limitations by using a proxy site. Such proxies have been used by people all over the world to achieve anonymity on the Internet – for good and bad. (See the Wikipedia article en.wikipedia.org/wiki/Proxy_server for more information.) Criticism of China’s edict both in and out f the country may have had some effect as there are now reports that China has said that use of the software would be optional and need not be pre-installed. We’ll see… Less Doom and Gloom If this column has you in new depths of depression, we will end this month with Microsoft Bing. Will Bing be the Microsoft Bob of search engines? Bing is billed as a “decision engine.” What does that mean? How is Bing different from the old Microsoft search engine, Live Search? All I can see so far is that Bing is very economical with colors. When using Bing in Firefox, the initial screen is multi-tone gray with small orange hilites. Microsoft must have spent thousands on focus groups to come up with that. Using IE6 the initial screen shows a picture with little hot spots that display hints about the picture when you roll the mouse over. I don’t have the energy at the moment to try Bing in Google Chrome. If you try it, let me know what you get. So far, a few sample searches seem to return the same results as Yahoo. Bing has a Wikipedia page, although I cannot fathom how it passes the relevance test.
|
 Click Here |
 |
 |
DacsGear!
|