Sabotaging the enemy


Microsoft recently put out .NET Framework 3.5, and silently included a plug-in for Mozilla Firefox. In so doing, they have apparently exposed Firefox to a crapload of attack vectors that exploit Microsoft’s buggy code, bringing Firefox down to the same level of insecurity as Internet Explorer.

To make matters worse, that framework is not an optional install for most users of Windows — it will install automatically as a recommended installation, silently, without prompts, under the default Vista security settings, and the default under Windows XP once you’ve explicitly enabled automatic updates (which is strongly recommended in the installation process). If you can’t beat the competition at security, just bring them down to your level. That’s the way Microsoft innovates, I guess!

Comments

  1. says

    Microsoft has no honor, nor any shame. If they were collaborating on open-source software, the other people working with them would be laughing at them and refusing to allow their code to go into the projects. I guess this is what you get when people who know about and are passionate about money are running the show instead of people who know about and are passionate about the technology.

  2. Matthew says

    Except Mozilla has now issued a patch (via a pop-up, grrr) that kills the stupid .NET Framework Assistant and Windows Presentation Foundation add-on.

  3. says

    And that, frankly, is a good thing. If they just killed it silently, Microsoft would cry foul. But where they have evidence that this trojan horse was installed on-the-sly and without any user intervention, might as well grab the user’s attention to tell ‘em so before remedying the situation.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>