Summary: Microsoft has once again pushed its own code into Firefox, without any consent from the users

Putting Free software only on Windows is not a smart decision. On Windows, Microsoft is in total control and Microsoft does abuse this control all the time.

When it comes to Mozilla Firefox, Microsoft is routinely tinkering with it without permission (assuming one runs it on Windows). The word “sabotaging” first came up here, with additional coverage in:

• “Microsoft Cannot be Trusted!”
• Does Microsoft Moonlight Do to Firefox What Microsoft Does to Firefox?
• Mozilla Sort of Bans Microsoft
• Does Microsoft Tinker With the Search Bar in Firefox?
• Microsoft/Novell Faking “Open Source” and Pushing .NET Into Web Browsers

Microsoft is doing it yet again. Microsoft boosters are among the first report on it: (and yes, Ars Technica has at least two Microsoft boosters as well)

i. Microsoft hides mystery Firefox extension in toolbar update

As part of its regular Patch Tuesday, Microsoft released an update for its various toolbars, and this update came with more than just documented fixes. The update also installs an add-on for Internet Explorer and an extension for Mozilla Firefox, both without the user's permission. As you can see in the Windows Update screenshot above, Microsoft does not indicate that the update will install anything for either browser. It's also not really clear what the installed extension actually does.

ii. Is Microsoft pushing stealth updates to users again? This time, it's toolbars ...

I’m getting numerous reports from readers claiming that Microsoft is back to pushing stealth updates to Windows users via Windows Update. This time, the update seems related to its browser toolbars.

Readers started reporting this issue to me yesterday, when Firefox users started noticing that Extensions window was opening up when launching the browser and showing something new - Search Helper Extension.

When it comes to Microsoft's security patches, there is a lot of secret behaviour such as the above. Microsoft claims to be handling 34 flaws this week, but there are actually more because of secret patches.

Ars Technica writes about Richard A. Clarke's new book, which blames Microsoft for national and international security problems (Windows has a huge number and proportion of zombie PCs).

Who wrote those lines? Steve Jobs? Linux inventor Linus Torvalds? Ralph Nader? No, the author is former White House adviser Richard A. Clarke in his new book, Cyber War: The Next Threat to National Security and What to Do About It.

[...]

Money talks

Why has the national response to this problem been so slow? Lack of consensus on what to do and fear of the "R-word"—government regulation, Clarke contends. Then there's Reason Number Five on his list, which basically boils down to "Microsoft."

"Some people like things the way they are," Clarke obliquely observes. "Some of those people have bought access." Microsoft, he notes, is a prominent member of OpenSecrets.org's "Heavy Hitters" political donor list. Most of the list's stars are trade associations. "Microsoft is one of only seven companies that make the cut."

The software giant's largesse has shifted from Republicans back in the Clinton antitrust days to Obama, he continues, but the agenda is always clear: "Don't regulate security in the software industry, don't let the Pentagon stop using our software no matter how many security flaws it has, and don't say anything about software production overseas or deals with China."

Clarke tries to be fair. He notes that Microsoft didn't originally intend its software for critical networks. But even his efforts at fairness are unflattering. Microsoft's original goal "was to get the product out the door and at a low cost of production," he explains. "It did not originally see any point to investing in the kind of rigorous quality assurance and quality control process that NASA insisted on for the software used in human space-flight systems."

But people brought in Microsoft programs for critical systems anyway. "They were, after all, much cheaper than custom-built applications." And when the government launched its Commercial Off-the-Shelf program (COTS) to cut expenses, Microsoft software migrated to military networks. These kind of cost cutting reforms "brought to the Pentagon all the same bugs and vulnerabilities that exist on your own computer," Clarke writes. Floating i-brick

The former White House advisor cites the 1997 USS Yorktown incident as a consequence. The Ticonderoga-class ship's whole operational network was retrofitted with Windows NT. "When the Windows system crashed, as Windows often does, the cruiser became a floating i-brick, dead in the water."

In response to this "and a legion of other failures," the government began looking into the Linux operating system. The Pentagon could "slice and dice" this open source software, pick and choose the components it needed, and more easily eliminate bugs.

"Never mention Windows and security in the same breath," writes Sam Varghese in the headline of another new article. It refers to the dishonest "damage control" from Microsoft after Google's mass-desertion, as seen last week.

If I had a dollar for every time Microsoft was forced to defend the abysmal security of its Windows operating system, I would probably be lying on a beach in the Bahamas and sipping a cocktail right now, with my financial future secured.

The latest defence, from Windows communications manager Brandon LeBlanc, has as many holes as Windows does in its security armoury.

As my colleague Jake Widman reported earlier today, LeBlanc took issue with a story stating that Google was moving its internal workstations away from Windows to OSX and GNU/Linux due to Windows' poor security.

In his response, LeBlanc talks of security issues with the Mac and Google too. That isn't the point - no system or company is perfect.

We are talking here about the relative security of various operating systems - and Windows is, without any doubt, the worst. Put it up against OpenBSD, Solaris, NetBSD, FreeBSD, GNU/Linux, OpenSolaris, or any other, Windows comes out last when it comes to security.

"Being virus and malware-free" is another new article about escaping Windows (like Google did, for security reasons). The haven from security problem really is seen as a reason to embrace software freedom, not just an afterthought or excuse. ⬆