M S Adds Spyware To Firefox

[+Gary7 Subscriber²]

Source

May I call this thing spyware? I think I can. Because spyware fits two clear definitions:

* Installs without explicit user consent.

* Cannot be uninstalled using its own uninstaller or via Add/Remove.

So, the story begins with a Microsoft .NET Framework 3.5 SP1 update (KB951847) recently launched. In case you decide to download this update, either automatically or manually, you will end up with a new Firefox extension (if you're using this popular browser), which you have not asked for. OK, no problem, uninstall it. Ah ...

I decided to test this quite worrying story and verify the results for myself. And then, write an article / tutorial that explains how the problem occurs and how you can solve it.

Statement of problem

Claims are as follows: Microsoft / Windows .NET Framework 3.5 SP1 update (KB951847) will install a new extension, specifically .NET Framework Assistant 1.0, to your Firefox browser, if you have it installed, without user consent. Furthermore, to make things worse, this extension cannot be uninstalled.

Is this true?

Let's see ...

Test case - install .NET 3.5 framework

I went to the Microsoft website and downloaded the package. Double-clicked to install.

The installation begins. I used System Safety Monitor (SSM) to monitor all system and registry changes that .NET 3.5 installation makes to see whether I'll see anything suspicious, especially related to Firefox.

The installation seems to proceed well, except the constant alerts from SSM, informing of numerous registry changes. So far, there's nothing major happening.

A thousand SSM alerts later, the installation is complete. I fired up Firefox to see whether new extensions have been added. Nope.

Windows Update

Indeed, there's a high-priority update (first on the list) for .NET Framework, our beloved KB951847. It has been automatically selected and would have been automatically offered had I been using automatic updates.

Nothing mentions Firefox in any way. Furthermore, if you check the KB951847 page, it lists the changes introduced in the Service Pack, but nowhere does it mention Firefox, either.

The download is a whooping 250MB, which raises a question whether you should be using this in the first pace. But let's proceed.

After an age of prompts, the installation is complete. I did not notice any prompt from SSM telling me of any change about to happen with Mozilla Firefox, but I could have easily missed it in the torrent of changes. Well, following a restart, I check my Firefox browser and:

Microsoft .NET Framework Assistant 1.0 has been installed

Notice that the Uninstall button is grayed out. I was not asked to approve or even confirm this installation. There is no mention that this thing was going to be installed, neither on the Microsoft pages or during the installation itself. And now, it seems, it cannot be removed.

Spyware, anyone?

How to remove Microsoft .NET Framework Assistant 1.0 spyware

Luckily, this thing can be removed, rather easily.

Solution 1: Simply delete a few files

This is relatively easy and takes only about 2 minutes. There's no need to be specially savvy about computers. Anyone can do this.

First, close Firefox.

Now, navigate to the following folder:

How to remove Microsoft .NET Framework Assistant 1.0 spyware

Luckily, this thing can be removed, rather easily.

Solution 1: Simply delete a few files

This is relatively easy and takes only about 2 minutes. There's no need to be specially savvy about computers. Anyone can do this.

First, close Firefox.

Now, navigate to the following folder:

Move, rename or delete the files inside this folder. If you want to retain some sort of a backup, then zip or rar the files away. You can also delete them or rename them. But make sure once your job is done to leave this folder empty.

Start Firefox. The spyware should be gone.

Optional:

The next step is to clear away the user agent the .NET Assistant leaves behind. If you don't know what a user agent is or how to use the Firefox configuration tab called about:config, you can skip this step.

In Firefox, in the address tab, type about:config and hit Enter. This will take you to a Firefox configuration page, where you can control different aspects of behavior of your browser. The use of this page should only be done by skilled users.

Search for the following string: general.useragent. One of the results that will come up will be general.useragent.extra.microsoftdotnet. We want to reset this string.

Job done.

I would like to thank chrisretusn for this solution. It's simple, fast and elegant.

Solution 2: Registry hack

If you are skilled enough to edit the registry, then you can try this method, too. Again, first close Firefox. Then, open the registry editor (regedit):

Start > Run > regedit.exe

Now, navigate to:

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions

Here, you will find an entry named {20a82645-...}. Under the Data column in the right pane, you can see and verify that it belongs to Microsoft .NET 3.5. Now, simply right-click this entry and delete it. If you want, export the key first as a sort of backup.

Job done.

Conclusion

I like Microsoft products overall, but I cannot and will never condone blatant misuse of corporate power to distribute useless, unasked-for software to masses who do not have the skills to tell part good from bad or how to handle issues like the above.

The Assistant, if at all, should be an optional package, with clear user consent granted before any installation. Furthermore, the installation should be fully 100% revocable, so that anyone using the computer can do it, via the standard Add/Remove panel.

This is a very serious breach of user trust. Not only is this package delivered without explicit approval, it's also made difficult to remove. Moreover, its use is not clear. Lastly, the change affects third-party software, not one of Microsoft products, so the question is, what the hell did Microsoft want to achieve with this nebulous, spyware-like update? Animosity from a few trusted users? Force people not to install updates or use older versions of their products?

Anyhow, I leave big questions to big people. If you want this thing off your computer, then you have two rather fast and simple methods. Enjoy. And tell your Firefox friends.

Cheers.

As a footnote I had to go back to:

And delete the dll that returned after a reboot. Now Firefox is faster, and MS should not be doing this.

Edited February 8, 2009 by Gary7

[9UnknownMen]

FOSS Bolsheviks....so much wasted time.

[Kyang]

EDIT: Nevermind.

[zhangm Supervisor]

It looks like a mechanism that reports your version of .NET to a webserver. Nice in some senses, in that if you're on a download page for a program that requires the latest .NET, the server can warn you if you don't have a compatible version.

[hdood]

I think calling it spyware is an exaggeration, but you do have a point that Microsoft should be more clear about the .NET-related Firefox plugins/extensions (they've been around for years).

As to what they wanted to accomplish?

Give people the same ability to run .NET software in Firefox as in Internet Explorer so as to not be anti-competitive. You may remember that Microsoft has been in rather a lot of legal trouble.

No more, no less.

[+Gary7 Subscriber²]

I think calling it spyware is an exaggeration, but you do have a point that Microsoft should be more clear about the .NET-related Firefox plugins/extensions (they've been around for years).

As to what they wanted to accomplish?

Give people the same ability to run .NET software in Firefox as in Internet Explorer so as to not be anti-competitive.

No more, no less.

What else does one call a program that installs a plugin in another program without the users permission? Oh yea, Malware.

[hdood]

What else does one call a program that installs a plugin in another program without the users permission? Oh yea, Malware.

"User friendly."

It should be more clear, but not everything is an intentional act of evil, and Ballmer is not on his way over to eat your children.

[+Gary7 Subscriber²]

"User friendly."

It should be more clear, but not everything is an intentional act of evil, and Ballmer is not on his way over to eat your children.

So if Firefox installed a plugin to IE, then MS would not complain? I posted this for users that want to remove this crap from Firefox, to those that don't forget about it. If you want a slower Firefox leave it there.

[hdood]

So if Firefox installed a plugin to IE, then MS would not complain?

More like they wouldn't complain if installing Quicktime also installed plugins for IE.

Like I said, it's a fair thing to point out, but a lot of what you write is a bit over the top and distracts from the actual issue.

[McSmiggins]

Just a small point?

May I call this thing spyware? I think I can. Because spyware fits two clear definitions:

* Installs without explicit user consent.

* Cannot be uninstalled using its own uninstaller or via Add/Remove.

That's malware, where's the part it spies?

Fair enough, I agree with you in principle, but you could argue it's part of .NET (I'd somewhat agree with this, but not completely)

[Eric Veteran]

It's not spyware, sheesh. It's just a plugin that lets you run .NET applications from Firefox. It's not like it serves ads or looks through your e-mail. And what browser extension would Firefox install in IE? They don't have a programming framework that runs in multiple environments.

BTW, Firefox did install spyware in their own browser for a while: TalkBack.

(If I'm not mistaken WMP installs a Firefox plugin as well, doesn't it?)

[Mike]

Just a small point?

That's malware, where's the part it spies?

Fair enough, I agree with you in principle, but you could argue it's part of .NET (I'd somewhat agree with this, but not completely)

where does it do something malicious?

[+Gary7 Subscriber²]

It's not spyware, sheesh. It's just a plugin that lets you run .NET applications from Firefox. It's not like it serves ads or looks through your e-mail. And what browser extension would Firefox install in IE? They don't have a programming framework that runs in multiple environments.

BTW, Firefox did install spyware in their own browser for a while: TalkBack.

(If I'm not mistaken WMP installs a Firefox plugin as well, doesn't it?)

Yes but it advised you that it was doing so. This plugin in not necessary in Firefox.

@Mike

Spyware

One entry found.

Main Entry:

spy?ware Listen to the pronunciation of spyware

Pronunciation:

\ˈspī-ˌwer\

Function:

noun

Date:

1994

: software that is installed in a computerwithout the user's knowledge >and transmits information about the user's computer activities over the Internet

I have no idea of what this plugin does. If MS wants to install something in another program, they should at least notify the user that they are doing so. Like I said if a Firefox install added anything to IE,MS would have a fit.

[Argote]

This is nothing more than good ol' FUD

[hdood]

(If I'm not mistaken WMP installs a Firefox plugin as well, doesn't it?)

.NET, Office, WMP, Silverlight, Windows Live, etc. Pretty much everything with web-based components that comes out of Microsoft now has Firefox add-ons that implement equivalent functionality to what is available in IE.

In this case, the web integration is a basic feature of the .NET framework which itself is a basic OS service.

Supporting Firefox means more people will adopt the Microsoft technologies since they cover all major browsers, and it helps appease the courts.

[+Gary7 Subscriber²]

This is nothing more than good ol' FUD

Spam Much?

[neufuse Veteran]

oh good freaking greif... this is not spyware and this is not malware.... if you do even the slightest bit of research into this you find out that this browser extension adds ClickOnce installation support using Firefox browsers... its a big part of .NET and .NET even says it will install this support into web browsers on the system... all it does is lets you install .NET applications from IIS servers through a browser...

[bbfc_uk]

I installed Firefox on Windows 7 and the .Net add-on appeared automatically. Am I bothered? No, and why should I be. I also have an Office, Windows Live and WMP add-on listed. Bothered? No.

[+Gary7 Subscriber²]

.NET, Office, WMP, Silverlight, Windows Live, etc. Pretty much everything with web-based components that comes out of Microsoft now has Firefox add-ons that implement equivalent functionality to what is available in IE.

In this case, the web integration is a basic feature of the .NET framework which itself is a basic OS service.

Supporting Firefox means more people will adopt the Microsoft technologies since they cover all major browsers, and it helps appease the courts.

This was not done with Dot Net 1.1, Dot Net 2.0 . Why does it have to be done with Dot Net 3.5SP1? It slows down the browser.

[neufuse Veteran]

This was not done with Dot Net 1.1, Dot Net 2.0 . Why does it have to be done with Dot Net 3.5SP1? It slows down the browser.

it does nothing with the browser until the click once protocol is called... I'd love to see where you are getting this it slows down the browser from

if you really want rid of the thing, which is part of windows now to start with.....

Open Regedit (Start > Run > “regedit”)

Goto “HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions”

(or “HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Firefox\extensions” for 64-bit versions of Windows

You’ll see “{20a82645-c095-46ed-80e3-08825760534b}”. Right click it and click Delete.

Restart Firefox.

[hdood]

This was not done with Dot Net 1.1, Dot Net 2.0 . Why does it have to be done with Dot Net 3.5SP1? It slows down the browser.

Because Microsoft has to support competing browsers. It isn't optional.

When you say it slows down the browser, is this something you yourself have experienced or measured, or is it just speculation? In any case, it can be disabled without having to completely erase every trace of it from the hard drive.

[bryonhowley]

So if Firefox installed a plugin to IE, then MS would not complain?

Since the plugin was not installed by IE that would make no ****ing since.

I posted this for users that want to remove this crap from Firefox

Fine so instead of disabling the extension witch you could have done you hack remove it

and possible break .Net when MS releases an update.

If you want a slower Firefox leave it there.

What a load of ****ing **** the extension does not slow Firefox down one little bit.

So now you use lies and false statements to support hacking .Net to remove an extension

that was not a problem in the first ****ing place way to go!

[+Gary7 Subscriber²]

Since the plugin was not installed by IE that would make no ****ing since.

Fine so instead of disabling the extension witch you could have done you hack remove it

and possible break .Net when MS releases an update.

What a load of ****ing **** the extension does not slow Firefox down one little bit.

So now you use lies and false statements to support hacking .Net to remove an extension

that was not a problem in the first ****ing place way to go!

I did not realize all of the MS Fanboys here. It does slow down Firefox. Like I said a few posts back if you are not interested move on Do not do this, as I don't care. If you look at the source, I did not write it. Facts are that MS should not install anything in someone else's program without the end users knowledge or permission.

I do not believe that it is in MS's EULA that they control all of the software in the world yet!

[neufuse Veteran]

I did not realize all of the MS Fanboys here. It does slow down Firefox. Like I said a few posts back if you are not interested move on Do not do this, as I don't care. If you look at the source, I did not write it. Facts are that MS should not install anything in someone else's program without the end users knowledge or permission.

I do not believe that it is in MS's EULA that they control all of the software in the world yet!

Prove it slows it down, becuase the thing doesn't even run until you run a clickonce application... your source doesn't even say it slows down firefox.. and not to sound stupid, but um when I go into firefox its asking me if I WANT to install it... its giving it to me as a choice... it's not even installed for me and I have the latest .NET 3.5 SP1 and its patches also... that's what I am getting at least,but i installed firefox after the .net patches

[Verdelite]

not to deviate off track here, but Gary, what xp theme is that? I love the blue.