A trojan attacks Firefox masquerading as Adobe Flash Player update

[ichi]

Why not just make your stand clear. Do you intend to say that programs like Java and Flash are malware because they install irremovable plugins into Firefox that allows Firefox to run code from websites?

First, plugins and extensions are different things (as you surely know, but you keep mixing both).

Second, if what you are installing is not clearly labeled as a plugin/extension (I don't care if it's .NET, Java or whatever), it should at the very least let the user know it will install one, and preferably show an option to let the user decide. It's not about controlling everything an installer will do, just getting enough information about how it will affect third party software.

Third, I clearly stated in my first post in this thread (at least the first post about this matter) that I didn't consider the .NET plugin as malware, as that would imply and intention to do harm.

You just jacked up the fanboyism to a whole new level. Just because Microsoft changes the default behavior, automatically means they are in the wrong? Because Mozilla adamantly insists up till now that users shouldn't be allowed to uninstall extensions, means Mozilla is right?

They developed an extension for firefox. Didn't they bother to actually test it? Weren't they aware of how ff extensions work?

So yes, it's MS's fault to release an extension for a third party product with not enough testing. No matter if the behavior was intended or not, it's their fault.

Exactly. Firefox's flawed handling of its extensions system is a risk for its users. This time it was only a benign plugin for Microsoft, but as this thread has demonstrated, malware extensions are well on their way.

Ahm, ok, so now it's Firefox' role to put limits to what a system administrator can install on his own without the browser's intervention :rofl:

So you are saying you actually have no idea whether the claims you were pulling out of your rear end were even correct at all?

I'm saying exactly what I said in the line you (oh surprise) left out of the quote: test it yourself. No chance of complains about biased sources there.

[Eice]

First, plugins and extensions are different things (as you surely know, but you keep mixing both).

As fas as this discussion is concerned, they are the same for all practical purposes. They modify Firefox's behavior and allow it to run embedded applets in websites.

Second, if what you are installing is not clearly labeled as a plugin/extension (I don't care if it's .NET, Java or whatever), it should at the very least let the user know it will install one, and preferably show an option to let the user decide. It's not about controlling everything an installer will do, just getting enough information about how it will affect third party software.

Stop waffling around and clarify your stand. Is it wrong for Sun and Adobe to do the same thing that Microsoft has done? How is it any different? Should Mozilla complain to Sun and Adobe as well for the same reason they should complain to Microsoft? Are you willing to condemn Sun and Adobe using the same terms you have used to condemn Microsoft?

They developed an extension for firefox. Didn't they bother to actually test it? Weren't they aware of how ff extensions work?

So yes, it's MS's fault to release an extension for a third party product with not enough testing. No matter if the behavior was intended or not, it's their fault.

What do you mean by not enough testing? How did the ClickOnce extension malfunction? If there's any malfunction at all, it's on Firefox's part on blocking the user from removing it.

You're basically saying that Microsoft should be responsible for Firefox's flaws. Yes, it would be nice if they did, no doubt about that. But grow up please, and stop thinking that it's an obligation for Microsoft to cover for Mozilla's sloppy program design. Learn to put the blame where it belongs like an adult, and not just blindly blame Microsoft because Firefox is your favorite browser. The world doesn't revolve around Mozilla, and its faults are nobody's but its own. Simple as that.

Ahm, ok, so now it's Firefox' role to put limits to what a system administrator can install on his own without the browser's intervention :rofl:

No, it's Firefox's role to not load extensions automatically without asking the user, or at least allow the user to uninstall such automatically-loaded extensions.

I'm saying exactly what I said in the line you (oh surprise) left out of the quote: test it yourself. No chance of complains about biased sources there.

I think it's pretty obvious by now you had no clue what you were talking about when you were ranting on and on about ClickOnce being a security vulnerability. Not only were you unable to find any evidence, you're not even willing to test it out yourself. I guess talk really is cheap for some people.

[Growled Member]

so if it does affect linux distro as well (i think it will) then its more worrisome as now you would need anti-spyware for linux too thanks to firefox.

Probably not at all. Almost every virus and trojan requires Windows to work properly, so to speak. Linux is just as vulnerable but not many bother to attack it.

[Eice]

Probably not at all. Almost every virus and trojan requires Windows to work properly, so to speak. Linux is just as vulnerable but not many bother to attack it.

Is there any reason for you to believe that this malware extension won't work just as well on Firefox for Linux as on Firefox for Windows?

[Eric Veteran]

So web sites can effectively run software on your computer thanks to that.

The issue about uninstallation is not the plugin, it's the extension.

No, they can't. You either have no understanding of what ClickOnce applications are or you are intentionally misrepresenting them. You still have to download them and install them. They go in your Docs folder under "My Applications" and they can't even choose where their shortcuts go let alone affect the registry or anything important. I understand you don't like anything with Microsoft's name on it but please stop acting as if the .NET assistant is related to this AddOn trojan.

[Growled Member]

Apparently it's for IE as well.

http://blog.misec.net/2009/08/25/fake-adob...oogle-searches/

To answer Eice:

So what does this extension do? It, in conjunction with a trojan executable named smc.exe.

That leaves Linux out.

[Eice]

That leaves Linux out.

Not really. The blog post is scarce on technical details, but it's perfectly possible for an extension to log user data and send it to a website. The executable might possibly be used only as a dropper, or some such.

[wellofsouls]

Seeing as you have to accept it, wait for 5 seconds and then accept to install it AGAIN..

I'll be right back. I'll create a trojan that erases your entire hard drive after you you press "Yes I'm an idiot, I actually pressed run twice on this application, first to download it and then to execute it and now I'm screwed."

just like 99% of the trojans and malwares out there, including malicious ActiveX controls targetting IE.

It seems when there's an ActiveX malware that targets IE, it's IE's fault, but when there's an add-on malware that targets Firefox, it's the user's fault, despite by default both need explicit user interaction to install and function.

Actually, 99% of the malware out there depends on the user being an idiot, not whether they are using IE or Firefox, Windows or Linux.

[powerade01]

This is the kind of stuff I'd love to see on the front page....

Yet we will never see it on the front page.

This happens to IE (which I am sure it has in the past), front page material.

[ichi]

Stop waffling around and clarify your stand. Is it wrong for Sun and Adobe to do the same thing that Microsoft has done? How is it any different? Should Mozilla complain to Sun and Adobe as well for the same reason they should complain to Microsoft? Are you willing to condemn Sun and Adobe using the same terms you have used to condemn Microsoft?

Are you thick?

Do those apps do what I said above? If the don't, they should, no matter what the vendor is.

What terms did I use to "condemn" Microsoft? :rolleyes:

What do you mean by not enough testing? How did the ClickOnce extension malfunction? If there's any malfunction at all, it's on Firefox's part on blocking the user from removing it.

You're basically saying that Microsoft should be responsible for Firefox's flaws. Yes, it would be nice if they did, no doubt about that. But grow up please, and stop thinking that it's an obligation for Microsoft to cover for Mozilla's sloppy program design. Learn to put the blame where it belongs like an adult, and not just blindly blame Microsoft because Firefox is your favorite browser. The world doesn't revolve around Mozilla, and its faults are nobody's but its own. Simple as that.

If they didn't notice it could not be uninstalled, they clearly didn't even try.

And I don't even use firefox, so there ;)

No, it's Firefox's role to not load extensions automatically without asking the user, or at least allow the user to uninstall such automatically-loaded extensions.

So, if I create an installer that extracts my program to some random folder and adds a run key to the registry, it's windows role to not run automatically my program?

And would you complain to MS because there's no easy way to uninstall it?

I think it's pretty obvious by now you had no clue what you were talking about when you were ranting on and on about ClickOnce being a security vulnerability. Not only were you unable to find any evidence, you're not even willing to test it out yourself. I guess talk really is cheap for some people.

Ah whatever, don't try it then :rolleyes:

It's kinda hard doing that without a windows box, you know.

I already explained why I consider that to be a vulnerability, but I guess you were so busy jumping the gun that didn't even bother paying attention.

"Ranting on an on"? Geez :laugh:

No, they can't. You either have no understanding of what ClickOnce applications are or you are intentionally misrepresenting them. You still have to download them and install them. They go in your Docs folder under "My Applications" and they can't even choose where their shortcuts go let alone affect the registry or anything important. .

You can both install and run an application clicking a linked .application, or run it online, can't you? (rhetorical question).

Yes, they are not installed in Program Files nor modify the registry or the desktop... so?

I understand you don't like anything with Microsoft's name on it but please stop acting as if the .NET assistant is related to this AddOn trojan

What the hell are you talking about? It's not related, and I haven't ever said such thing, so cut the crap.

And just for the record, I own a xbox360 and I like it a lot. So much for all the "MS-hate" theories, both yours and Eice's ;)

[Shaun N.]

I had MSN Messenger asking me to click here to update my flash player this morning. Closed it, I'll do it from the site later

[Eric Veteran]

You can both install and run an application clicking a linked .application, or run it online, can't you? (rhetorical question).

Yes, they are not installed in Program Files nor modify the registry or the desktop... so?

What the hell are you talking about? It's not related, and I haven't ever said such thing, so cut the crap.

And just for the record, I own a xbox360 and I like it a lot. So much for all the "MS-hate" theories, both yours and Eice's ;)

That was me, not Growled that said that. No, you cannot run a ClickOnce application online. So... they are sandboxed.

And I know they're not related. That's why I'm asking. Why are you bringing up the .NET Assistant in this thread about a fake Flash Player trojan?

[Eice]

Are you thick?

Do those apps do what I said above? If the don't, they should, no matter what the vendor is.

It's amusing how you cry that people accuse you of adopting double standards, when you continually refuse to condemn Sun and Adobe for doing the exact same thing. You can either clarify your stand and explain that you're against the actions taken by Sun and Adobe's programs as well, or you can be exposed that you really do adopt double standards after all. It's your choice.

If they didn't notice it could not be uninstalled, they clearly didn't even try.

That's your opinion. The fact remains that it is Firefox that denies the user the ability to uninstall the extension. It's surprising that you're not only willing to cut Mozilla so much slack by excusing such a serious security problem, you're even going the extra mile and holding Microsoft responsible for Firefox's shortcomings. Amazing.

So, if I create an installer that extracts my program to some random folder and adds a run key to the registry, it's windows role to not run automatically my program?

A completely flawed comparison. There is a clear need for operating systems to be able to automatically run programs on startup, and this need is common to Windows, Mac, AND Linux. There is, however, a clear need for Firefox to NOT automatically load extensions without prompting the user.

I seriously hope you're just trying to pull off what you think is a clever bluff here. It'd be sad if I wasted all this time debating this issue with someone who is ignorant enough to believe that operating systems automatically loading programs and browsers automatically loading extensions are the same thing.

And would you complain to MS because there's no easy way to uninstall it?

Microsoft publishes guidelines for how legitimate installers should behave. If an installer adheres to those documented guidelines yet cannot be easily removed, you bet I'd complain to Microsoft about it.

I already explained why I consider that to be a vulnerability, but I guess you were so busy jumping the gun that didn't even bother paying attention.

Because all you made were unverified claims. Just because you think ClickOnce is a vulnerability doesn't automagically make it so. And so, I'll (yet again for the umpteenth time) have to ask you to provide proof to back up your claims, please.

[Eric Veteran]

I don't understand the "can't uninstall" argument anyway. I can quite clearly see an enabled "Uninstall" button on my Extensions manager:

[ichi]

That was me, not Growled that said that.

True, sorry.

No, you cannot run a ClickOnce application online. So... they are sandboxed.

You can download, install and run the app locally, or run it without actually installing anything (aka online).

I don't understand the "can't uninstall" argument anyway. I can quite clearly see an enabled "Uninstall" button on my Extensions manager:

Microsoft fixed it latter when people complained about it, as mentioned before in this thread.

And I know they're not related. That's why I'm asking. Why are you bringing up the .NET Assistant in this thread about a fake Flash Player trojan?

I didn't bring it up. Have you actually read the thread?

I just commented on an already going conversation, and Eice jumped all rabid on it (and he's getting tiresome, to be honest).

Speaking of which...

It's amusing how you cry that people accuse you of adopting double standards, when you continually refuse to condemn Sun and Adobe for doing the exact same thing. You can either clarify your stand and explain that you're against the actions taken by Sun and Adobe's programs as well, or you can be exposed that you really do adopt double standards after all. It's your choice.

Refuse? I said two times already that they are all exactly in the same boat.

You are definitely thick, sir. Thick or extremely decided to make this personal no matter what.

That's your opinion. The fact remains that it is Firefox that denies the user the ability to uninstall the extension. It's surprising that you're not only willing to cut Mozilla so much slack by excusing such a serious security problem, you're even going the extra mile and holding Microsoft responsible for Firefox's shortcomings. Amazing.

So not allowing users to modify system wide settings is now a security problem? :rofl:

A completely flawed comparison. There is a clear need for operating systems to be able to automatically run programs on startup, and this need is common to Windows, Mac, AND Linux. There is, however, a clear need for Firefox to NOT automatically load extensions without prompting the user.

Talking about double standards? :rolleyes:

Installing the extension system wide with admin rights implies an order to load the extension, the user has no saying on that. Exactly the same as he has no saying on what goes on "run".

Microsoft publishes guidelines for how legitimate installers should behave. If an installer adheres to those documented guidelines yet cannot be easily removed, you bet I'd complain to Microsoft about it.

Yet MS installs an extension system wide, which by definition cannot be uninstalled by users, and you complain to Mozilla about users not being able to uninstall it.

Awesome :whistle:

Because all you made were unverified claims. Just because you think ClickOnce is a vulnerability doesn't automagically make it so. And so, I'll (yet again for the umpteenth time) have to ask you to provide proof to back up your claims, please.

*double sigh*

I hate repeating myself. Read the previous posts as many times as you need in order to get it.

[Eric Veteran]

It doesn't matter how you run a ClickOnce-deployed application. It still has close to zero permission. It's still downloaded from the site and installed. It's merely a convenience that it launches from the browser as well as the start menu. Can we please stay on the topic of the browser trojan that is not related to other extensions?

[Eice]

Refuse? I said two times already that they are all exactly in the same boat.

You are definitely thick, sir. Thick or extremely decided to make this personal no matter what.

In which case you are saying that two extremely popular browser plugins - Flash, with 95% market penetration, and Java with 80% - that people have been using for years, display malware characteristics and should be complained to by Mozilla.

Yes, Mozilla should complain to Sun and Adobe about unethical software practices. I think it's clear that you've just put yourself squarely in the crackpot category.

So not allowing users to modify system wide settings is now a security problem? :rofl:

Missing the point as always. Not allowing users to modify system wide settings is not a security problem. Not allowing even users with administrator privileges to modify those settings, on the other hand, is a very serious security problem.

Talking about double standards? :rolleyes:

Installing the extension system wide with admin rights implies an order to load the extension, the user has no saying on that. Exactly the same as he has no saying on what goes on "run".

Just because an operating system does it, means a browser is justified in doing the same? Are you fecking kidding me!

I think it's clear by now I'm dealing with someone too ignorant to tell the difference between an entire operating system, which was designed to run code, and a browser, which is designed to load and display websites, NOT automatically run code. It's like saying since a firewall has permissions to load kernel-mode drivers, other programs like text editors and media players should be allowed to do so as well. The problem is exacerbated when Firefox has trained its users into believing that extensions are uninstallable. This is not double standards, this is a case of your own utter ignorance being unable to distinguish between two completely different situations, because I'm sure the average Neowin poster should be intelligent enough to tell the difference between an OS and a browser.

The matter of your ignorance aside, it's amazing how you're defending Firefox's silent and automatic code-running tendencies when I'm sure you'd attack IE viciously for the very same. If anyone's living and breathing double standards, I'm afraid it's you.

Yet MS installs an extension system wide, which by definition cannot be uninstalled by users, and you complain to Mozilla about users not being able to uninstall it.

Awesome :whistle:

"By definition"? Whose definition? It's a security flaw, not a definition. Microsoft certainly didn't define it. Neither did I. And if Mozilla thinks this is a definition instead of a flaw, just like how they treated the memory leak issue ("It's not a bug, it's a feature!"), then I must say I can't help but feel sorry for Firefox users...

*double sigh*

I hate repeating myself. Read the previous posts as many times as you need in order to get it.

You don't have to repeat yourself. In fact, I'm asking you to NOT repeat yourself by simply reciting unverified claims. I'm asking you to provide evidence to back up those claims. So yet again, for the umpteenth time - proof, please.

[dead.cell]

It doesn't matter how you run a ClickOnce-deployed application. It still has close to zero permission. It's still downloaded from the site and installed. It's merely a convenience that it launches from the browser as well as the start menu. Can we please stay on the topic of the browser trojan that is not related to other extensions?

It doesn't seem possible. They're too caught up in their own argument. Wouldn't mind seeing this get closed honestly. Thread's already dead for the most part.

[ichi]

blah blah

There we go again :sleep:

Seriously, learn to read. It might come as a surprise to you, but that implies understanding what you are reading :whistle:

[caerma]

junky browser

[Growled Member]

Wouldn't mind seeing this get closed honestly. Thread's already dead for the most part.

You may be right. It's descending into nitpicking now.

[Colin-uk Veteran]

I think this thread has run its course.

Thread Closed