Sabotaging the enemy

Microsoft recently put out .NET Framework 3.5, and silently included a plug-in for Mozilla Firefox. In so doing, they have apparently exposed Firefox to a crapload of attack vectors that exploit Microsoft’s buggy code, bringing Firefox down to the same level of insecurity as Internet Explorer.

To make matters worse, that framework is not an optional install for most users of Windows — it will install automatically as a recommended installation, silently, without prompts, under the default Vista security settings, and the default under Windows XP once you’ve explicitly enabled automatic updates (which is strongly recommended in the installation process). If you can’t beat the competition at security, just bring them down to your level. That’s the way Microsoft innovates, I guess!

{advertisement}
Sabotaging the enemy
{advertisement}

3 thoughts on “Sabotaging the enemy

  1. 1

    Microsoft has no honor, nor any shame. If they were collaborating on open-source software, the other people working with them would be laughing at them and refusing to allow their code to go into the projects. I guess this is what you get when people who know about and are passionate about money are running the show instead of people who know about and are passionate about the technology.

  2. 2

    Except Mozilla has now issued a patch (via a pop-up, grrr) that kills the stupid .NET Framework Assistant and Windows Presentation Foundation add-on.

  3. 3

    And that, frankly, is a good thing. If they just killed it silently, Microsoft would cry foul. But where they have evidence that this trojan horse was installed on-the-sly and without any user intervention, might as well grab the user’s attention to tell ’em so before remedying the situation.

Comments are closed.