Intrusion Alert!

Lightbulb Image

Lightbulb Image

I’ve spent a good amount of time this morning tracking down what I thought was a rumor about Microsoft forcing a .net add-on to Firefox.  Turns out the rumor was true.  And it’s not a pretty thing to contemplate.

Any Firefox user receiving a Microsoft update to either XP or Vista (and possibly Windows 7 but I cannot confirm this) in the last two weeks will have gotten this forced push, right into Firefox, and wouldn’t even have known it.  If you go to Tools > Add ons, you should see an entry for Microsoft .net Framework Assistant 1.0.  You will notice that you can disable it, but that the “uninstall” option is grayed out, meaning it is stuck there unless you do some fancy footwork to remove it.

This particular add-on is not something you want to have installed, in my opinion.  Upon installation, it provides a ClickOnce capability that pretty much lets Microsoft do what it wants when it comes to your browser, as well as opening you up to all kinds of other nasties out there, since we all know the .net Framework is riddled with bugs that are not always fixed as quickly as they should be.  The biggest security flaw with the ClickOnce install is that it allows easy installation of malicious software from websites, without your permission and knowledge.

Microsoft claims they were “helping” by providing a plug-in that “people were asking for.”  This is not something I would have asked for, and to be honest, I don’t trust Microsoft all that much to begin with so find this explanation a bit questionable.  One of the reasons I use Firefox instead of IE is the level of security Firefox offers, as well as an understanding that Firefox will continue to keep their product a safe alternative to less secure browsers.  For Microsoft to provide a “fix” I didn’t ask for is intrusive, at the least.

As of this morning, Microsoft will be sending out a patch to the patch which will make the add-on easy to uninstall, but if you just can’t wait to have this thing gone from your system, I located these instructions (the aforementioned fancy footwork).  I tested the removal steps and they do work.

  1. Open Registry Editor (type regedit in the Start menu Search box in Vista or in XP’s Run window).
  2. Expand the branches to the following key:
    • On 32-bit systems: HKEY_LOCAL_MACHINE \ SOFTWARE \ Mozilla \ Firefox \ Extensions
    • On x64 systems: HKEY_LOCAL_MACHINE \ SOFTWARE \ Wow6432Node \ Mozilla \ Firefox \ Extensions
  3. Delete the value named {20a82645-c095-46ed-80e3-08825760534b} from the right pane.
  4. Close the Registry Editor when you’re done.
  5. Open a new Firefox window, and in the address bar, type about:config and press Enter.
  6. Type microsoftdotnet in the Filter field to quickly find the general.useragent.extra.microsoftdotnet setting.
  7. Right-click general.useragent.extra.microsoftdotnet and select Reset.
  8. Restart Firefox.
  9. Open Windows Explorer, and navigate to %SYSTEMDRIVE%\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation.
  10. Delete the DotNetAssistantExtension folder entirely.
  11. Open the Add-ons window in Firefox to confirm that the Microsoft .NET Framework Assistant extension has been removed.