Thread Tools Display Modes
05-30-09, 09:23 AM   #21
Yhor
A Pyroguard Emberseer
 
Yhor's Avatar
Join Date: May 2007
Posts: 1,077
Is there a way to remove it from system tray in XP? I know how to turn it off, I do not know how to make it stop nagging me.
  Reply With Quote
05-30-09, 09:28 AM   #22
stormkeep
Drunken Dorf
 
stormkeep's Avatar
Premium Member
Join Date: Dec 2008
Posts: 66
Originally Posted by Yhor View Post
Is there a way to remove it from system tray in XP? I know how to turn it off, I do not know how to make it stop nagging me.
If it's set to never check for updates it should never make a peep. Does it keep complaining that it isn't checking or something?

I know in Vista you have to do a registry edit to keep the system security advisor from complaining if auto-updates are off...but I don't recall it being such a headache in XP. Of course, that could be something they "improved" with a update since I stopped using XP.
  Reply With Quote
05-30-09, 09:45 AM   #23
Jesamyn
<This Space for Rent>
 
Jesamyn's Avatar
Join Date: Feb 2007
Posts: 141
In XP, go into the Control Panel, Security Center, and click 'Change the way Security Center alerts me'. You can untick the "ZOMG, you're gonna get HACKED!" warnings there.
__________________
I'm not an idiot. I'm just harmlessly psychotic.
  Reply With Quote
05-30-09, 09:49 AM   #24
Yhor
A Pyroguard Emberseer
 
Yhor's Avatar
Join Date: May 2007
Posts: 1,077
Originally Posted by stormkeep View Post
If it's set to never check for updates it should never make a peep. Does it keep complaining that it isn't checking or something?

I know in Vista you have to do a registry edit to keep the system security advisor from complaining if auto-updates are off...but I don't recall it being such a headache in XP. Of course, that could be something they "improved" with a update since I stopped using XP.
There's a nag message "Your computer is not protected, click here to protect your computer". *Chat Bubble*

I use Comodo PRO and AVG, so yes, I'm fairly protected (better than MS standards anyway).
  Reply With Quote
05-30-09, 09:50 AM   #25
Jesamyn
<This Space for Rent>
 
Jesamyn's Avatar
Join Date: Feb 2007
Posts: 141
That's what my post will address. I hate those messages.
__________________
I'm not an idiot. I'm just harmlessly psychotic.
  Reply With Quote
05-30-09, 09:54 AM   #26
Yhor
A Pyroguard Emberseer
 
Yhor's Avatar
Join Date: May 2007
Posts: 1,077
Originally Posted by Jesamyn View Post
In XP, go into the Control Panel, Security Center, and click 'Change the way Security Center alerts me'. You can untick the "ZOMG, you're gonna get HACKED!" warnings there.

Oh jeesh, I really do feel stupid now. It's crazy how we (and yes, I mean "me") forget the details. I've used this before, but it has been a long time.


Thank you all.
  Reply With Quote
05-30-09, 09:57 AM   #27
Farm Fresh
A Fallenroot Satyr
 
Farm Fresh's Avatar
Join Date: Oct 2008
Posts: 27
What part of injecting a program into your browser without a confirmation (not even on Vista's dreaded UAC) that slows it down is not a problem? Sneaking is just that. Sure, they clearly mention it in the download log, but if they didn't, can you imagine what people would be doing? All people are asking for is a confirmation screen or yes/no option. You don't hijack other programs for your own benefit. Let Mozilla make the add-on. I'm sure they'd be happy to.
__________________
The statement below is true.
The statement above is false.
  Reply With Quote
05-30-09, 10:20 AM   #28
Falter
A Deviate Faerie Dragon
Join Date: Dec 2008
Posts: 19
Thanks for posting this.
I reposted on my guild's forums.
  Reply With Quote
05-30-09, 10:20 AM   #29
Cralor
Mmm... cookies!!!
 
Cralor's Avatar
AddOn Author - Click to view addons
Join Date: Jun 2007
Posts: 772
Originally Posted by Yhor View Post
Edit: Also, Evolution85, did you read the 3rd and 4th posts in this thread, or even the link that this thread is about? The uninstall button is disabled for this "addon".
Evolution85 is talking about the "Disable" button. You can disable the plugin instead of uninstalling it.
__________________
Never be satisfied with satisfactory.
  Reply With Quote
05-30-09, 10:36 AM   #30
Yhor
A Pyroguard Emberseer
 
Yhor's Avatar
Join Date: May 2007
Posts: 1,077
Originally Posted by Cralor View Post
Evolution85 is talking about the "Disable" button. You can disable the plugin instead of uninstalling it.
Crap, I really should not post when I first wake up. My apologies.
  Reply With Quote
05-30-09, 10:37 AM   #31
Cralor
Mmm... cookies!!!
 
Cralor's Avatar
AddOn Author - Click to view addons
Join Date: Jun 2007
Posts: 772
No, no. No apologies needed. Just wanted to clarify that.
__________________
Never be satisfied with satisfactory.
  Reply With Quote
05-30-09, 12:00 PM   #32
Petrah
A Pyroguard Emberseer
 
Petrah's Avatar
AddOn Author - Click to view addons
Join Date: Jan 2008
Posts: 2,988
Originally Posted by stormkeep View Post
subject line of OP is misleading. "Sneaks" implies the user has no way of seeing it coming. In this case, it is mentioned quite clearly on the download page as well as how to remove it. http://www.microsoft.com/downloads/d...1-6383ba034eab.

The only way that is sneaky is if the person installing it is blind and not using any kind of text to speech. Or if the user is too mentally challenged to make sure they find out what they are installing when they do an update. I would expect a wowmatrix user to consider it as "sneaking" but not someone here on Wowinterface.
Subject line of the op? Excuse me, I chose to use the news articles subject line. Which by the way is from Kaspersky Labs. If you have an issue with their findings, go be insulting with them and not me. I brought it here for discussion, not so you could be rude.
__________________
♪~ ( ) I My Sonos!
AddOn Authors: If your addon spams the chat box with "Addon v8.3.4.5.3 now loaded!", please add an option to disable it!
  Reply With Quote
05-30-09, 01:17 PM   #33
Gemini_II
A Molten Giant
 
Gemini_II's Avatar
AddOn Author - Click to view addons
Join Date: May 2006
Posts: 762
Thanks for this post Silenia. Normally I would agree with stormkeep, that the typical user is ignorant and would be at fault for installing this, but even I fell victim to it. Nothing other than AV software auto-updates on my rig. Everything else it set to notify, with manual download and installs.

When I install an update to .NET, I do not expect it to interface with another companies addon and inject extensions without my knowledge. No, I didn't read the patch notes for the .NET update, but really, I shouldn't have to read MS's notes to see what Mozilla software they are fiddling with. You'd like to think that after countless class-action lawsuits that MS would get a clue.
__________________
Retired prior to 3.2, before all challenge was removed.

  Reply With Quote
05-30-09, 01:41 PM   #34
Republic
Paladin
 
Republic's Avatar
Join Date: Jun 2007
Posts: 277
Originally Posted by stormkeep View Post
subject line of OP is misleading. "Sneaks" implies the user has no way of seeing it coming. In this case, it is mentioned quite clearly on the download page as well as how to remove it. http://www.microsoft.com/downloads/d...1-6383ba034eab.

The only way that is sneaky is if the person installing it is blind and not using any kind of text to speech. Or if the user is too mentally challenged to make sure they find out what they are installing when they do an update. I would expect a wowmatrix user to consider it as "sneaking" but not someone here on Wowinterface.
I don't really post here anymore but I couldn't keep quiet on this one. It caught my eye as I was checking for Wow updates...

You "almost" sound like you know what you're talking about. However, you are wrong. Here is the text from the relevant Microsoft Update as it appeared on the Microsoft Update website (or Windows update)...

"Microsoft .NET Framework 3.5 Service Pack 1 is a full cumulative update that contains many new features building incrementally upon .NET Framework 2.0, 3.0, 3.5, and includes cumulative servicing updates to the .NET Framework 2.0 and .NET Framework 3.0 subcomponents. The .NET Framework 3.5 Family Update provides important application compatibility updates. This combined Service Pack and update is applicable to systems running a version of .NET prior to version 2.0, or to systems that have no prior version of .NET framework installed."

Now, let's assume we're all as bright as you claim to be. For the sake of argument, let's say we all chose to read the description of this update. Do you see anywhere in the description any mention of anything being installed into Firefox? I sure don't. Thus, it's safe to say that even a computer expert (such as yourself) that takes the time to read each and every update description might have been surprised to see something installed into their Firefox web browser. I mean, clearly there is no mention of such. Right? Are you seeing something the rest of us can't? I didn't think so.

In summary, the OP title is 100% accurate. This was a sneaky update. Period. Is it a malicious one? I don't think so. It's sloppy at best. While the update description mentions "application compatibility updates" rather than listing specifics, I think a reasonable person can rightly suggest this is sneaky. Sneaky doesn't always mean malicious.

So, in my opinion, after taking all the facts into consideration, I seriously don't see anything viable in your posts in this thread. In this particular case, you're essentially calling people ignorant because they blindly install updates. Again, with regard to this specific case, your comments are largely irrelevant because they aren't accurte. Even people that read about updates wouldn't have known about this one. Thus, sneaky is the word.

Silenia has been very helpful in my view to bring this situation to light here. I think many people reading this site use Firefox and do so to avoid the very situations this Microsoft update created. The irony of Microsoft sneaking something into Firefox is rather remarkable. On the one hand, you kind of expect things like this from Microsoft but on the other, you don't expect Firefox to just accept 3rd party addons without some sort of notice. I can personally confirm that Firefox does NOT give the user a notification that an addon was installed after this .Net update did its work. This is unique in that a majority of other Firefox addons will give the user a notice that new addons were/have been installed the next time you launch the browser.

Thus, in my view, this is sneaky on both counts (Microsoft and Mozilla). To me it reveals it's quite easy to install something into Firefox without user knowledge. That's something that sort of shatters their "secure browser" reputation. Know what I mean?

At the very least, don't be critical of people for installing this update. The only way you could have found out everything about this update was to visit the actual knowledge base or MSDN site(s) and read specific information using KB article #'s, etc. Don't even tell me you do that on every update that goes into your system. No one does. Your criticisms are way off base on this issue. Sorry.

For the record, I've been digging around a bit and still haven't seen specific mention that Firefox would be affected from this .Net service pack and I have access to OEM partner resources.

Things that make you go hmmm...

Thank you Silenia for helping to keep this community informed. Keep up the good work.
  Reply With Quote
05-30-09, 09:03 PM   #35
stormkeep
Drunken Dorf
 
stormkeep's Avatar
Premium Member
Join Date: Dec 2008
Posts: 66
Originally Posted by Silenia View Post
Subject line of the op? Excuse me, I chose to use the news articles subject line. Which by the way is from Kaspersky Labs. If you have an issue with their findings, go be insulting with them and not me. I brought it here for discussion, not so you could be rude.
Sorry, I did say in a later post that it wasn't you, but the media. Kaspersky is being sensationalistic in both their headline and their choice of verbiage. Of course, they make their living by making people paranoid and scared of the internet, so that's no surprise.

As a user posted in their comments:
"The extension is for .NET apps, not "silently installed" apps. You still have to install them and go through the administrative UAC prompt. This isn't ActiveX.

It's easily disabled on a per-user basis: http://www.microsoft.com/downloads/details.aspx..."
The update was neither "snuck" onto computers without users choosing to install it nor is it as scary as the stories and net gossip are making it out to be.

I lambaste the media articles on this, not you for sharing, and I am sorry if you took it differently than that. Ultimately it got the thread alot of bumps though, which is a good thing.
  Reply With Quote
05-30-09, 09:11 PM   #36
stormkeep
Drunken Dorf
 
stormkeep's Avatar
Premium Member
Join Date: Dec 2008
Posts: 66
Originally Posted by Republic View Post
For the record, I've been digging around a bit and still haven't seen specific mention that Firefox would be affected from this .Net service pack and I have access to OEM partner resources.
I posted a link above which gave that very information, why'd you go digging and, beyond that.. how did you not find it when you did? It's the text in the "overview" of the download page for the questionable component being discussed.

http://www.microsoft.com/downloads/d...1-6383ba034eab

BTW, yes I do go to the MS site and read details before installing service packs from MS. Service packs, by their very nature, usually have a long laundry list of what is in them. This means they can impact alot of different things if there are any issues. MS has, in the past, released bad service packs that screw things up for a lot of users. Most of the time, however, I do not NEED the service packs, as I have installed all of the individual updates that were bundled into the service pack.

I certainly do make sure I know what any SP is supposedly going to do, in detail, before installing it. But no, I wouldn't expect most users to be that anal, you are right on that account. They probably should be though...

I agree in terms of Silenia being helpful though. It's how most users get information like this in the absence of doing the research/reading themself. And in that, it is effective. Despite the fact you probably think I'm being argumentative, part of the reason for my participation in this thread is to get it noticed. Just plain old "bumps" are boring.

Last edited by stormkeep : 05-30-09 at 09:22 PM.
  Reply With Quote
05-30-09, 09:26 PM   #37
Republic
Paladin
 
Republic's Avatar
Join Date: Jun 2007
Posts: 277
Originally Posted by stormkeep View Post
I posted a link above which gave that very information, why'd you go digging and, beyond that.. how did you not find it when you did? It's the text in the "overview" of the download page for the questionable component being discussed.

http://www.microsoft.com/downloads/d...1-6383ba034eab

BTW, yes I do go to the MS site and read details before installing service packs from MS. Service packs, by their very nature, usually have a long laundry list of what is in them. This means they can impact alot of different things if there are any issues. MS has, in the past, released bad service packs that screw things up for a lot of users.

I certainly do make sure I know what any SP is supposedly going to do, in detail, before installing it. But no, I wouldn't expect most users to be that anal, you are right on that account. They probably should be though...

I agree in terms of Silenia being helpful though. It's how most users get information like this in the absence of doing the research/reading themself. And in that, it is effective. Despite the fact you probably think I'm being argumentative, part of the reason for my participation in this thread is to get it noticed.
The points you missed...

1) The specific Firefox information did NOT appear in the Microsoft Update page or the Windows Update page. The only way you could find it was by digging into the regular MS Downloads page(s) which you posted. My point, which escapes you apparently, was that you need to dig a few pages deeper to find the specific update information. How many users do this? I'd be willing to bet 99.99% don't. Furthermore, I'd bet a similar percentage of people don't even know you can find these updates listed individually among the "regular" MS download sections. The point wasn't that I (or anyone else) couldn't find it, the point was I had to. Do you not see how this is rather sneaky? If you don't, I have nothing else to tell you that will make sense.

2) I simply don't believe you or anyone else goes digging for information about Windows updates. It simply isn't practical. While I already stated I don't think Microsoft is maliciously trying to do these things, they are definitely sneaky with some of their practices. It's very reasonable to expect the average user to read a blurb or two on an update site, but not quite as reasonable to expect them to leave the site and go digging for knowledge base articles, tech net articles, support articles before making update choices. I don't care what you say you do, I simply will never believe you do this for everything you install. Period. At the very least, I don't consider people ignorant who run updates from the update site. One shouldn't have to become an IT professional to keep a simple OS updated. Give me a break.

3) I don't think you're being argumentative. However, I am. I took offense at the fact you're essentially implying people are ignorant fools if they chose to run something based upon all the PRACTICAL information at hand with this specific update. I see wannabe techs trying to elevate themselves while making average users look stupid all the time. I employ technicians, programmers, etc. I know the culture and can identify the type. Your purpose wasn't only to inform. If it was, you wouldn't have started in with the OP's title being misleading, etc.

If you want to impart some of your vast wisdom to the ignorant masses, do so without calling them ignorant. That's the failure of 95% of the technical types I have dealt with over my (almost 15 years) of being in business for myself. I often remind these nerd types that their client may not know a damned thing about reinstalling a driver, updating a pc, or even starting a fame of Freecell, however, that person may know how to perform brain surgery or save a life. You know, something significant.

Help people without making them feel stupid. The person who has done the best job of that in this (and may other) thread(s) is Silenia.

Last edited by Republic : 05-30-09 at 09:29 PM.
  Reply With Quote
05-30-09, 09:34 PM   #38
Republic
Paladin
 
Republic's Avatar
Join Date: Jun 2007
Posts: 277
Originally Posted by stormkeep View Post
I certainly do make sure I know what any SP is supposedly going to do, in detail, before installing it. But no, I wouldn't expect most users to be that anal,
Hogwash. There are many SP's available with virtually no description other than generic statements such as "your computer may need to be restarted" or "...blah blah blah...addresses a problem which may allow a hacker to take control of your computer".

Tell me, are you honestly going to suggest you knew every aspect of SP2? SP3? prior to installation?

Eh...right buddy.
  Reply With Quote
05-30-09, 09:43 PM   #39
Sepioth
A Molten Giant
AddOn Author - Click to view addons
Join Date: Apr 2005
Posts: 894
Originally Posted by Torhal View Post
No, it isn't. You have to do some registry hacking, start FireFox, enter its config, change things, close it, then look for files and get rid of them, then open FireFox and make sure it's really gone.
Actually they fixed that. So yeah it is easily uninstalled by simply going to Tools>Addons>Uninstall in Firefox.

Update to allow the Uninstall button to work is HERE
  Reply With Quote
05-30-09, 09:52 PM   #40
stormkeep
Drunken Dorf
 
stormkeep's Avatar
Premium Member
Join Date: Dec 2008
Posts: 66
Originally Posted by Republic View Post
Hogwash. There are many SP's available with virtually no description other than generic statements such as "your computer may need to be restarted" or "...blah blah blah...addresses a problem which may allow a hacker to take control of your computer".

Tell me, are you honestly going to suggest you knew every aspect of SP2? SP3? prior to installation?

Eh...right buddy.
...MS makes full details of every service pack available, and it doesn't usually even take that long to at least read through them.

Vista SP2, for example, comes with an excel spreadsheet with an item by item list of what's in it and links to the relevant online detail of what each entails.

I think you have a slightly exaggerated view of how difficult it is to get the information in question. It's relatively simple and painless. The only downside is that it does take time, and alot of people don't like doing what they consider "a waste of time".
  Reply With Quote

WoWInterface » General Discussion » Chit-Chat » Microsoft sneaks Firefox add-on without user knowledge

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off