Linked by Thom Holwerda on Fri 11th Jun 2010 21:27 UTC
Microsoft "Microsoft has fixed the distribution scope of a toolbar update that, without the user's knowledge, installed an add-on in Internet Explorer and an extension in Firefox called Search Helper Extension. Microsoft told us that the new update is actually the same as the old one; the only difference is the distribution settings. In other words, the update will no longer be distributed to toolbars that it shouldn't be added to. End users won't see the tweak, Microsoft told Ars, and also offered an explanation on what the mystery add-on actually does."
Thread beginning with comment 429972
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: Gotta love it
by lemur2 on Mon 14th Jun 2010 11:31 UTC in reply to "RE[2]: Gotta love it"
lemur2
Member since:
2007-02-17

MollyC:

Um, this was a bug. A harmless one at that.


Maybe so, but it is not the point.

phreck:
a bug that installs some unasked for extensions to a non-microsoft-owned nor -supported software


Exactly.

Now that is the point. What is more is that it silently installs, without user permission to do so. Even though in this case the software that was installed was harmless, it still illustrates the existence of a mechanism.

Who owns any given Windows machine, after all? With my own personal machines, all running Kubuntu, there is no doubt about it ... I own the machines. They are in my control.

If I were running Windows instead, that clearly would not be the case.

Edited 2010-06-14 11:32 UTC

Reply Parent Score: 3

RE[4]: Gotta love it
by vaette on Mon 14th Jun 2010 12:54 in reply to "RE[3]: Gotta love it"
vaette Member since:
2008-08-09

You install software updates on Ubuntu just like you do on Windows, and the .deb packages run arbitrary scripts, just like installers on Windows. And, of course, nothing forces these scripts to be bug-free or the package description from not mentioning some key information.

Reply Parent Score: 1

RE[5]: Gotta love it
by phreck on Mon 14th Jun 2010 13:18 in reply to "RE[4]: Gotta love it"
phreck Member since:
2009-08-13

Differences being, that .deb/.rpm/.tar.gz-packages are open. If I am in serious doubt, I can dissect the packages, see what's in /usr/share, /usr/bin, postrm and whatnot.

I can also explicitly cherry pick which parts of my operating system shall be updated, which should receive security updates, and which shall be strictly pinned.

Three more key-differences:

* Microsoft has a hypocritical past, most Linux/Bsd/etc.-Distros have not, so ppl just have a smaller treshold for Microsoft-Misdoings

* To my knowledge, never did any Distro install any package that is not uninstallable through package management anymore, whereas Microsoft keeps distributing things that are not trivially removable (read: via Firefox's add-on manager) and which promote their proprietary wannabe standards. I don't want a f+cking web-install for whatever bogo technology or whatever, and I don't want a f+cking unasked-for extension without the possiblity to trivially remove it again.

* To my knowledge, distro-provided packages never extended the installations of other packages, except when those are add-on-packages


edit:
And seriously, how low is the possibility of a bug which installs this piece of dung into a remote application, following the rules of that application, and following the usual pattern of not being uninstallable? As this never happened in the Open Source World that I know, it is probably so small that not even a million chimps will reproduce this bug within the lifespan of our sun (http://www.ohloh.net/languages).

So: Stop believing in Microsofts philantropist interests and that this was a bug. It was not. It was intent. We can discuss whether this was wise or stupid, but not about whether it's a bug.

Edited 2010-06-14 13:35 UTC

Reply Parent Score: 1

RE[4]: Gotta love it
by bornagainenguin on Mon 14th Jun 2010 15:15 in reply to "RE[3]: Gotta love it"
bornagainenguin Member since:
2005-08-07

lemur2 exclaimed...

Who owns any given Windows machine, after all? With my own personal machines, all running Kubuntu, there is no doubt about it ...


Yes, there is certainly no doubt that Canonical owns those machines! ;)

--bornagainpenguin

Reply Parent Score: 2

RE[5]: Gotta love it
by lemur2 on Tue 15th Jun 2010 00:32 in reply to "RE[4]: Gotta love it"
lemur2 Member since:
2007-02-17

lemur2 exclaimed... " Who owns any given Windows machine, after all? With my own personal machines, all running Kubuntu, there is no doubt about it ...
Yes, there is certainly no doubt that Canonical owns those machines! ;) --bornagainpenguin "

Unlike the mechanism whereby, without the ownser's permission, Microsoft can install software on a Windows machine, which has been admirably illustrated by this toolbar incident, there is no mechanism at all whereby Canonical can install software on my machines. Canaonical have no permissions at all on my machines.

Reply Parent Score: 2