Intrusion Alert!

Lightbulb Image
Lightbulb Image

I’ve spent a good amount of time this morning tracking down what I thought was a rumor about Microsoft forcing a .net add-on to Firefox.  Turns out the rumor was true.  And it’s not a pretty thing to contemplate.

Any Firefox user receiving a Microsoft update to either XP or Vista (and possibly Windows 7 but I cannot confirm this) in the last two weeks will have gotten this forced push, right into Firefox, and wouldn’t even have known it.  If you go to Tools > Add ons, you should see an entry for Microsoft .net Framework Assistant 1.0.  You will notice that you can disable it, but that the “uninstall” option is grayed out, meaning it is stuck there unless you do some fancy footwork to remove it.

This particular add-on is not something you want to have installed, in my opinion.  Upon installation, it provides a ClickOnce capability that pretty much lets Microsoft do what it wants when it comes to your browser, as well as opening you up to all kinds of other nasties out there, since we all know the .net Framework is riddled with bugs that are not always fixed as quickly as they should be.  The biggest security flaw with the ClickOnce install is that it allows easy installation of malicious software from websites, without your permission and knowledge.

Microsoft claims they were “helping” by providing a plug-in that “people were asking for.”  This is not something I would have asked for, and to be honest, I don’t trust Microsoft all that much to begin with so find this explanation a bit questionable.  One of the reasons I use Firefox instead of IE is the level of security Firefox offers, as well as an understanding that Firefox will continue to keep their product a safe alternative to less secure browsers.  For Microsoft to provide a “fix” I didn’t ask for is intrusive, at the least.

As of this morning, Microsoft will be sending out a patch to the patch which will make the add-on easy to uninstall, but if you just can’t wait to have this thing gone from your system, I located these instructions (the aforementioned fancy footwork).  I tested the removal steps and they do work.

  1. Open Registry Editor (type regedit in the Start menu Search box in Vista or in XP’s Run window).
  2. Expand the branches to the following key:
    • On 32-bit systems: HKEY_LOCAL_MACHINE \ SOFTWARE \ Mozilla \ Firefox \ Extensions
    • On x64 systems: HKEY_LOCAL_MACHINE \ SOFTWARE \ Wow6432Node \ Mozilla \ Firefox \ Extensions
  3. Delete the value named {20a82645-c095-46ed-80e3-08825760534b} from the right pane.
  4. Close the Registry Editor when you’re done.
  5. Open a new Firefox window, and in the address bar, type about:config and press Enter.
  6. Type microsoftdotnet in the Filter field to quickly find the general.useragent.extra.microsoftdotnet setting.
  7. Right-click general.useragent.extra.microsoftdotnet and select Reset.
  8. Restart Firefox.
  9. Open Windows Explorer, and navigate to %SYSTEMDRIVE%\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation.
  10. Delete the DotNetAssistantExtension folder entirely.
  11. Open the Add-ons window in Firefox to confirm that the Microsoft .NET Framework Assistant extension has been removed.

4 thoughts on “Intrusion Alert!

  1. I am using Windows 7 RC1 with Firefox 3.5 beta 4 and it IS installed (version 1.1). However, the Uninstall button IS available and I was successful removing it.

  2. Because the extension is tied in to the .NET framework, Firefox would have to have system privileges to uninstall .NET, thus the “Uninstall” option is grayed out. This is not so much Microsoft disabling uninstall ability, as much as it is Firefox basic security features.
    Disabling the extension should work as well as uninstalling. If the “Disable” option is selected, Firefox will ignore the plug-in as though it were not there.
    Awfully nice of MS to help out the Firefox crew though ;-)

  3. Hey Mark. “Disabling the extension should work as well as uninstalling.”

    Actually, I don’t trust Microsoft not to mess with this function at some point, making it impossible to disable OR to uninstall the add-on. They’ve done worse before. It’s sort of along the lines of “we’re the government, we’re here to help you.” I’m sure it’s well-intentioned, but still, it should be my choice to have it or not, and I chose not.

  4. It is a free country. MS has the right to do what they want. Don’t like it? Don’t click on their eula, and try linux or Mac instead. Anyway, I’ve heard this happens for Crome as well. This script may be of use to those married to Windows and use ffox and have something against dotnet:

    REG DELETE “HKLM\SOFTWARE\Mozilla\Firefox\Extensions” /v “{20a82645-c095-46ed-80e3-08825760534b}”

    CD “%APPDATA%\Mozilla\Firefox\Profiles”
    FOR /D %%i IN (*) DO (
    CD %%i
    FINDSTR /V “microsoftdotnet useragentswitcher.1.appname microsoft.CLR.clickonce.autolaunch”
    prefs.js >
    MOVE prefs.js
    CD ..

    RMDIR /S /Q “%WINDIR%\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension”

    Best regards,

Comments are closed.