Linked by Thom Holwerda on Fri 11th Jun 2010 21:27 UTC
Microsoft "Microsoft has fixed the distribution scope of a toolbar update that, without the user's knowledge, installed an add-on in Internet Explorer and an extension in Firefox called Search Helper Extension. Microsoft told us that the new update is actually the same as the old one; the only difference is the distribution settings. In other words, the update will no longer be distributed to toolbars that it shouldn't be added to. End users won't see the tweak, Microsoft told Ars, and also offered an explanation on what the mystery add-on actually does."
Thread beginning with comment 429974
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[4]: Gotta love it
by vaette on Mon 14th Jun 2010 12:54 UTC in reply to "RE[3]: Gotta love it"
vaette
Member since:
2008-08-09

You install software updates on Ubuntu just like you do on Windows, and the .deb packages run arbitrary scripts, just like installers on Windows. And, of course, nothing forces these scripts to be bug-free or the package description from not mentioning some key information.

Reply Parent Score: 1

RE[5]: Gotta love it
by phreck on Mon 14th Jun 2010 13:18 in reply to "RE[4]: Gotta love it"
phreck Member since:
2009-08-13

Differences being, that .deb/.rpm/.tar.gz-packages are open. If I am in serious doubt, I can dissect the packages, see what's in /usr/share, /usr/bin, postrm and whatnot.

I can also explicitly cherry pick which parts of my operating system shall be updated, which should receive security updates, and which shall be strictly pinned.

Three more key-differences:

* Microsoft has a hypocritical past, most Linux/Bsd/etc.-Distros have not, so ppl just have a smaller treshold for Microsoft-Misdoings

* To my knowledge, never did any Distro install any package that is not uninstallable through package management anymore, whereas Microsoft keeps distributing things that are not trivially removable (read: via Firefox's add-on manager) and which promote their proprietary wannabe standards. I don't want a f+cking web-install for whatever bogo technology or whatever, and I don't want a f+cking unasked-for extension without the possiblity to trivially remove it again.

* To my knowledge, distro-provided packages never extended the installations of other packages, except when those are add-on-packages


edit:
And seriously, how low is the possibility of a bug which installs this piece of dung into a remote application, following the rules of that application, and following the usual pattern of not being uninstallable? As this never happened in the Open Source World that I know, it is probably so small that not even a million chimps will reproduce this bug within the lifespan of our sun (http://www.ohloh.net/languages).

So: Stop believing in Microsofts philantropist interests and that this was a bug. It was not. It was intent. We can discuss whether this was wise or stupid, but not about whether it's a bug.

Edited 2010-06-14 13:35 UTC

Reply Parent Score: 1

RE[6]: Gotta love it
by vaette on Mon 14th Jun 2010 14:02 in reply to "RE[5]: Gotta love it"
vaette Member since:
2008-08-09

This is just an endless cycle isn't it?

Differences being, that .deb/.rpm/.tar.gz-packages are open. If I am in serious doubt, I can dissect the packages, see what's in /usr/share, /usr/bin, postrm and whatnot.

But you don't. Which makes the point rather moot.

Note also that the community at large indeed noted what Microsofts install package did and followed up on it, exactly what I assume is what you want to point out to be the great advantage of the OSS community.

To my knowledge, never did any Distro install any package that is not uninstallable through package management anymore, whereas Microsoft keeps distributing things that are not trivially removable (read: via Firefox's add-on manager) and which promote their proprietary wannabe standards. I don't want a f+cking web-install for whatever bogo technology or whatever, and I don't want a f+cking unasked-for extension without the possiblity to trivially remove it again.

It is removable by uninstalling the update in question though, which works just as well as uninstalling the "package" would under a Linux distro.

To my knowledge, distro-provided packages never extended the installations of other packages, except when those are add-on-packages

On the other hand this update applied to the Bing bar, which is an add-on to both IE and Firefox, so updating extensions in Firefox makes sense. The behaviour of updating the extension in Firefox even when the Bing bar is not installed in Firefox is, as already noted, a bug.

And seriously, how low is the possibility of a bug which installs this piece of dung into a remote application, following the rules of that application, and following the usual pattern of not being uninstallable? As this never happened in the Open Source World that I know, it is probably so small that not even a million chimps will reproduce this bug within the lifespan of our sun (http://www.ohloh.net/languages).

The update package was supposed to install the extension in Firefox, and the extension was designed to behave in that way, since it was supposed to be removed when the Bing bar extension was uninstalled from Firefox, rather than being uninstallable by itself. The bug was that it was added when any Bing bar was on the system, even if it wasn't in Firefox.

So: Stop believing in Microsofts philantropist interests and that this was a bug. It was not. It was intent. We can discuss whether this was wise or stupid, but not about whether it's a bug.

This is such bullshit that it gets tiring to go over it again; why would it be intentional?? It does nothing, nothing to help Microsoft, nothing to harm Microsoft, nothing in any direction. These claims about malicious intent are just paranoid fantasy unless you can come up with some kind of motive.

Reply Parent Score: 1