Microsoft.Net Framework add on in Firefox

I just updated my laptop and this Microsoft .Net Framework assistant got installed. I only know about it because when I started Firefox it came up and told me it was installed. I looked it up and there seems to be a debate about keeping it installed and uninstalling it. Some say it gives Firefox the same vulnerabilities as IE some say it has no effect at all. I really have no idea. I'm debating if I want to uninstall or not.

I was just wondering if any of you have heard of this or know what it is and what it does? Also have any of you left it installed? If so, what effect did it have, if any? For those who uninstalled it, what effect, if any, did that have?

 

The Wikipedia page has all the info you could ever want... I remove it from my systems since I have no interest whatsoever in installing annoying self-updating apps by "clicking an icon [...] on a Web page" (or my users being able to do the same).

 

I don't think it matters much, but it's easier to just disable it in Firefox rather than remove it... I don't think it has any effect when disabled.

Still, I don't think MS should've installed it automatically without offering an option.

 

for everyone who wants to remove it, in some ways it (the framework) cripples firefox and makes it vulnerable like IE8. Here's how to remove it:

http://technologyexpert.blogspot.com/2009/05/how-to-rid-yourself-of-microsofts.html

try it, It worked wonders on my firefox app... and now I don't have to worry (for now) about microsoft trying to infilitrate my firefox setup! (apparently the .net framework add-on is EXTREMELY dangerous to firefox's mentality).

 

I just uninstalled the add-in from within Firefox.

 

I was also wondering about just disabling it. That should have the same effect as uninstalling right? I have it disabled now which I think should be the same as if it weren't there. I think I'm gonna uninstall anyway though.

 

It is a good feature and does NOT make firefox vulnerable at all. it supports clickonce which is a save and actually quite great technology.

Microsoft implemented it, because people complained firefox can't support clickonce. as the mozdev people never bothered to implement it, microsoft did it itself.

clickonce allows one to develop rich applications (real applications) that live in a sort-of-sandbox (it's all in the .net environment), and can be installed and auto-updated over the web.

this allows essentially to create applications that have both the features of a webapp (easy deployment by just giving a link to the user + always-up-to-date apps) and real apps (offline startable, great real guis, with possibly of direct x and everything).

clickonce could allow stuff like this: http://startwow.com/run.application to start the up to date world of warcraft client, which could use an offline cache even, etc.

this a simple example (i hate mmos by myself).

i do use it for most of the apps i develop.

it could be a little compared to AIR from adobe. but adobe's thing is actually more a copy of the one of microsoft, as clickonce is quite old. and it has no html-fancy-flash-app-crap but real ones instead.

 

Lots of pages with info like this.

 

terrible inaccurate information.


stupid drama-news pages. they don't know the why and what they talk about..

and people then believe it.

there are reasons why it's not easily uninstallable => because it gets installed for "all users". it has to, as you get it trough windows update, and windows update can't do user-specific stuff as it has to patch the whole system.



and it does not mean any security vulnerability at all. it has nothing to do with the biggest issue that we have in ie: active x.

it's actually support for one of the savest and best developed components of microsoft: .NET. if all programmers that could would use .NET only, our world would be quite save nowadays. most typical attack vectors would've been gone.

but well, pages don't care, they just want to make hype-drama-posts that get tons of hits. they are like tv-news

 

Yea yea yea, not even going to bother reading that dave sorry. If you want to argue with someone Google it, theres TONES of emails with people that posted this info to argue with. Dont argue with the readers argue with the writers.

Heres an official link from MSDN (Microsoft Developer Network) http://blogs.msdn.com/brada/archive/2009/02/27/uninstalling-the-clickonce-support-for-firefox.aspx with the "fix" they made for people to be "allowed" to uninstall this addon/plugin as a solution to the steps i posted above which are including in that site. With some nice user comments as well bellow

 

why don't you bother? i actually work with that technology, so I know quite well what it is and why.

don't be so anti microsoft, as long as you use it at least.

 

I dont bother because it will probably end in an argument (again) and i dont want to fill 5 pages (again) with arguments, sounds reasonable i hope. Im not anti microsoft, but as most people i hate when companies install things on my computer without asking my permission. Especially something that is no use for me.

Im sure if someone actually uses that technology microsoft can pretty much make a plugin available for download instead of "auto" installing it in all windows users...

Not to mention that most people out there click a lot of links without knowing what they are ( www.notebookreview.com), with this technology its really easy to install spyware/malware in your computer hence where the words of "most dangerous vulnerabilities" people post come from.

 

I don't want to argue with you. I just want to clear up what it's really about, and make sure people don't believe the internet-hype that is definitely untrue, and stated without finding the facts for what it really is.

they asked you for permission. it's part of the .net framework 3.5 and was actually user requested: finally support for clickonce in firefox. you would just have to read what you agree to when you install optional windows updates... yes, i know, who does that? but they DID asked you to agree on it

and no, you can't install a virus with clickonce, it's simply not possible. as i stated, it's a sandboxed safe environment. you can't get anything into autorun etc trough it.
at least not without huge warnings before that the users WOULD notice. apps that need more access (no app can get to autorun by itself really) have to request it from the user (similar to UAC), and the user would notice it. the only apps that really CAN do "clickonce", means just a click on the link and then starting are signed apps with a user-trusted certificate, that go to the LOWEST rights possible. that means, all the app can do, is communicate back to the web. so it's more or less like a webapp. just a rich one, not some html-thingy. it's a full app that can be installed locally, but never hurts the system.


problem is, since .net 1.1 or so, clickonce existed. and since then, people who wrote apps got the problem that it never worked over firefox. other browsers fixed this, so only firefox was really left behind. and so those app developers got tons of support calls. and they wanted a fix. with .net 3.5, they get the fix. clickonce, browserindependent.

 

And now its the part that i have to say "go check the MSDN link and Google search about this plugin in general to see what people are saying. That they never got a notification for that plugin (as me)", "people say otherwise about the security" and bla bla bla...

And quoting...

 

and AGAIN you should inform yourself about the technology instead of reposting your stuff. you don't want to bother? then how about thinking if my stuff might be true? because i actually use that stuff since years and make money with it (not much, but a bit).

it is documented, and the user agreed when installing. it was NOT OBVIOUS and it should have been. that is true.

and it is NO security risk. it just isn't. don't believe me? fine. but it's still true.

 

Dont get why you like to annoy me dave seriously...

YOU use it I DONT, doesnt mean it has to be installed on every pc because YOU use it. I NEVER used it and probably i never will. Take the average user for example, meaning auto install windows updates. The notification you will get about that plugin is minimal (if you get one since i dont even recall getting one).

As for the security risks, for people to actually saying that something is unsecured and i mean a lot of people, with a simple Google search you will be amazed how many sites talk about this plug in, it means its partially true, except if you live in a magical world where everything is secure and there are no holes in software for people to exploit.

And again, this will GET US NO WHERE! You believe in what you say, i believe in what i say, same as UAC same as a lot of other things, no reason to spam every single thread when we dont have the same opinion.

 

people say always to microsoft it's insecure. but .NET is actually the most secure platform they ever created, completely from the ground up designed with security in mind.

you should just believe me instead of googling up panic.

you always find negative crap on the web, and you know that.


i do have backings other than google searching for fancy blogs that cry around. i work with that stuff and look behind what it's really about instead of sticking my fingers into my ears singing lalalalala.

and all i did was saying your statement is wrong, and based on bad, because untrue information.

you started the war.

you can uninstall it, no problem. but instead of crying why it has to be uninstalled in that convoluted way, just think on how it got on the system, and that it can't be uninstalled that easily. it's technically impossible, and this is not a bad thing (this is part of the security of nowadays systems. the system can't mess with the individual user directly, the user can't directly with the system. welcome to uac, partly

and you can not need it, no problem with that.

but stating that facts aren't true, when someone which actually uses it states his knowledge is just .. sad.


we all try to help in here. but some know stuff from personal experience, and some don't. why don't you in this case believe me who uses and develops with it? i try to be there for you, i try to help. it's annoying to get bashed down for this, really..

 

My personal observation:

. This is what the MS add-on is all about!

Extracted quote:

" The .NET Framework Assistant for Firefox enables ClickOnce stand-alone applications to run from the Firefox browser. The .NET Framework Assistant functions identically when installed before and after the Firefox browser. When the Firefox browser is launched and the .NET Framework Assistant is present, Firefox finds and installs the add-on. Users can configure the assistant to do the following:

* Prompt before running the application.
* Report all installed versions of the .NET Framework or just the latest version."

So it is quite debatable if MS did it behind FF users or FF forgets to inform users that a new add-on is about to be installed.

. Regardless of the positive effect of the add-on to a browser it is understandable why users jump on MS about this (love hate relationship of Windows users ). By the way Opera and Safari do rely on the presence of Microsoft.net framework in order to work correctly in many cases under Windows platform as well.

. But if one compares what MS does and what Google does as far as "installing" something "behind" users' back I would just shrug it off and take it as part of the business and that is, if you use the product and can stand its under-handed feature once in a while and when it is not "hurting" you.

So: peace, everyone?

My 2 cents

cheers ...

 

Dave, i pasted links, its not my statement. You cant uninstall it by default. You are not god hence you dont know everything, 100 people have more knowledge than you, because you say something it doesnt mean its correct.

And again, i pasted links, i didnt write the info... (and then say that all people out there are wrong, yey).

 

Guess - no (not yet) peace (oh well)

cheers ...

 

So from what I can gather from here and other sites I've looked at, it is not harmful and it does not expose your computer to vulnerabilities like IE. The biggest beef that most people seem to have is that it was installed "without their knowledge or consent".

I already uninstalled it, but from the sound of it when MS updates again, or some time in the future, it will be re-installed. No big deal I guess if it doesn't harm anything. I still have no idea what the hell it does. FF looks and runs the same with/without it. Maybe I'll chalk it up to one of (my) life's great mysteries lol.

 

No debate at all: MS did behind both FF's and the user's backs. Further, it did not have the ability to uninstall.

I brought all this up way back in late Winter ( Link) when it was initally released and was more or less told that I was overreacting. Seems that once the press figured it out it was no longer an overreaction.

Regardless, there is a patch to .net 3.5 SP1 coming out fairly soon now from MS that modifies this to add the ability to uninstall it.

 

Yeap, just got the update this morning through windows updates. Sadly it had to reinstall the addon (since i had it removed) in order for me to uninstall it again

 

I do not believe that MS did behind FF or users' back, just like many others add-ons of FF that install extra plug-in and add-on without warning (or in good hiding in disclaimer) to the users.

MS should have taken better consideration when having their utilities tagging on other browsers that are not IE.

I chalked this as a lousy add-on that is going to be fixed ...

cheers ...

 

I said there are technical reasons why it isn't uninstallable. glad it got fixed btw.

I said you're wrong that you didn't get informed. but you didn't care to read the info (like about 100% of the users, including me. but actually, i still new months ago that they plan on this as it was all publically documented).

And i said that the security concerns you raised are based on wrong assumptions, mainly the thought of terrible activex from internet explorer. I stated that it has techincally NOTHING to do with it, and is a very safe component.

all you stated was "i have no clue what it's for but google sais it's bad so it has to be bad". how about INFORM YOURSELF WHAT IT REALLY IS FOR?.

and stop attacking me, it's useless


glad to see the update btw, so the last issue with it got fixed.

 

If you want to call someone uninformed email the thousand of people posting this info. So if you want to keep bubbling about FFClickOnce been flawless go ahead, just spare me cause i seriously cba with you

Assumptions are correct, its a plugin that microsoft added without telling people (verified today when it reinstalled with the sp1) and its possible to harm a newbies computer that dont really notice/care whats under they mouse button. Click yes on every popup and so on.

Im not attacking you, i clearly stated i didnt even want to discuss this with you in the first place. OP asked for a way to uninstall the plugin and some info about it, ive pasted a site (one of the thousand similar ones) which he could easily find with a single google search, with steps how to remove it and a ms link to an official one with the same steps. And then mr knight came along as always to justify why a plugin got stealth installed into a non ms product should be there for the average user.

 

no, he didn't "just asked about uninstallation", he asked this:

so he asked about knowing what it's about, leaving it or removing it, about security concerns spread over the web, etc. and i replied to my best knowledge.

and why do you reply to my post which tries to help the op while you don't even want to contribute? bad idea as you've seen

 

What do u mean i dont want to contribute ? Last time i checked im the person that actually checked to find the info on how to remove it and what people thought about it. Now you are just being silly... What you posted is merely what you believe without backing it up with any proof.

Shall we move this conversation in PM's only before we get beaten by a mod ?

 

you contributed, yes. but you stated you don't want to care about what i state. that's rather personal and non-useful.

and most of your statements contradict your other statements.

but yes, you posted links. those links don't explain what it is they just "omg, it must be evil". i explained what it is. as the OP requested. you stated by yourself you don't know what it is and you don't care. so you don't help the OP by it.

 

Probably missed a few lines of what i wrote there

1) The reason i said i didnt care is to avoid THIS
2) As i said i dont know exactly what it is, but thats why people post information on the web. And most people if they dont know something they search and learn. So, before i posted a link (i didnt just posted the first link i found), i made sure that a hundreds others agreed with it.

The only thing you did is, jumped in and stated that all those web sites (and repeating, hundreds of them) are false and they dont know what they are talking about...

And again, since we are actually talking to each other, cant we just move this to PM's ? Theres really no reason to book a thread just for us.. Its not like we have anything more to say in this matter, you said what you believed i did the same, now its up to the OP to decide, which apparently already did...