I am somebody who tries to be serious about computer security. Also, I frequently find myself answering questions from friends and family like ``my computer is slow and it seems to be doing a lot of strange things -- can you tell me what is wrong with it?'' This line of questioning nearly always causes my head to throb. The whole state of security on Windoze machines is something that depresses me.
After performing various magic incantations to try to ``fix'' my friends and family's Windoze machines, I always tell my friends and family to stop using Microsoft's Internet Explorer. I look them right in the eye and tell them that I am deadly serious about this -- in my opinion this browser cannot be made to be secure. In fact, I tell them that in my opinion Internet Explorer would be a much better application if, when it first started running, it displayed a splash screen that stated:
Friendly reminder: by running this browser, you are authorizing one or (probably many) more people who most likely reside in eastern Europe or the Far East to be able to run arbitrary code on your machine. These people will be in complete control of your computer. They will be able to steal anything from your computer, and be able to use your computer to mount attacks against other computers. Have fun on the Internet, and thank you for choosing a Microsoft product!
| OK! |
Instead of running Internet Explorer, I tell my friends and family to run Firefox. This is a no-brainer. I mean, let's be clear: Firefox isn't totally secure either but it is The Right Choice for my friends and neighbors. One gentleman that I know thanked me a few months ago for recommending Firefox to him several years ago. He is a total computer neophyte, and from what I have been told, his computer has been acting fine for years, with no viruses or malware installed on it.
Anyways, getting back to my frustration: Microsoft, in their infinite wisdom, has decided to include a Firefox plugin in their Microsoft .NET Framework 3.5 Service Pack 1 update pushed to end-user's computers via Windows Update.
Some representative from Microsoft has explained the ``rationale'' for this decision:
A couple of years ago we heard clear feedback from folks that they wanted to enable a very clean experience with launching a ClickOnce app from FireFox.
Microsoft's actions here are totally crazy.
First of all, I seriously doubt that Microsoft got clear feedback like this.
Second of all, if Microsoft had wanted to publish an addon for Firefox, The Right Place for Microsoft to publish this addon would have been http://addons.mozilla.org/ . Instead of publishing this addon in the proper manner, letting end-users decide for themselves whether they wanted to install this addon or not, Microsoft has shoved this addon down the throats of end-users.
Third, it seems to me that this addon is yet more poorly designed insecure Microsoft crap. In fact, many people (such as myself) who run Firefox run this browser entirely for the reason that totally crazy insecure plugin crap like this hasn't been available for Firefox -- until now.
Fourth, continuing on with the grand nightmare that Microsoft has created here, Microsoft has installed this plugin at the machine level, and has provided no easy way for end-users to uninstall this enormous security problem from their machines. If an end-user wants to uninstall this plugin, they must resort to using the registry editor, which is far from easy.
Basically, here is what I imagine happened recently in Redmond: somebody at Microsoft observed that Firefox is steadily increasing its market share -- it might have even captured 10% of the market by now. This must have worried this in-duh-vidual from Microsoft, which is arguably one of the world's best monopolies. So, what to do about this? Easy! Produce a plugin that gives people all of the same sucky ``user-experience'' and ``security'' as Internet Explorer, and shove it down the throats of all of the people who use Firefox.
Way to go, Microsoft! I, for one, seriously doubt that this company has my best interests in mind with actions like this one.