Is Microsoft really clumsy and stupid, or a malcious beast?

There have been reports of Microsoft forcing Firefox extensions on users without their permission. If you're too lazy to click on that link, it all boils down to this. Windows Update, the automatic update tool will install an extension in Firefox without asking, one that will enable running .Net applications in Firefox. The problem is the uninstall button is disabled. Never mind the afront to the user, to install plugins for other programs they may never want, but the real chutzpah is to take away the user's choice to remove it.

(Supposedly there are removal instructions that involve editing the registry, which may or may not protect them legally, but from all practical points of view, it's not removable by the user.)

What's also really troubling is that this opens up the browser to all sorts of new vulnerabilities there used to not be. Up until now, if malware managed to get itself installed in Firefox, it was the fault of Mozilla, for not securing Firefox enough. Now, any bug in Microsoft's crapware is yet another vector to get junk into the browser and honestly, Microsoft's track record is far from stellar. Now, the only way to get a secure Firefox experience is to use any OS but Windows. This includes OS X, Linux, *BSD, Haiku, and many others.

Microsoft did this sort of thing once before, but to their own browser. They had this piece of technology, which even got them lawsuits, called ActiveX. If the very name doesn't have you shaking and crying for mommy, then congratulations, you must have been using Linux since 1991. For everyone else, we all know what kind of a failure that was, and Microsoft had no one to blame but themselves. This time around, if something goes wrong, they can just blame Mozilla. You might almost think that Microsoft is doing this on purpose.

3 flames:

Mace zei

I've actually come full circle in my thinking with regards to Microsoft.

They deal, almost exclusively these days, with the least capable computer users. The folks that it actually makes sense when they report a problem to ask "is the computer plugged in?" They are the users that no OS really wants to support, the group that consumes 98% of support resources. They've become the new AOL.

For this user population, doing things automatically, without notifying them or asking permission makes sense. Why? Because if you ask them, they will invariably make the wrong decision.

They can't tell the difference between being online or offline. The web browser is "the Internet". All dialog request are denied, no matter what they say. They are afraid to read email and will never click on links in web articles, because they've heard that's how you get viruses. The spines on documentation are never cracked.

If it weren't for Microsoft, these folks would be using Linux. The stuff of nightmares.

Yankee zei

The problem is that Microsoft did it the wrong way around. There are ways to include plugins and extensions in the browser by telling the user 'you need this to view this bit' and letting the user click through. Unless your machine comes configured with Adobe Flash installed, you have to do the very same.

The bigger problem though, is that no matter how stupid the user is, it's no excuse to expose them to new vulnerabilities. In some ways, even though they are trained to click no to everything, they are being forced into being insecure, thanks to Microsoft.

George Larson zei

What's to say? MS is, indeed, between scylla and charybdis. I don't like them and I don't like much of what they do. This is no exception.

I keep a Windows box around to sync my Apple iPhone (only 3G choice in my market) and to run Adobe Photoshop. It's almost comical.