Once again, Microsoft has decided that when you install a “critical” security patch via their Update service, they can add unrequested software silently and it’s not only OK, but no one will notice.
This time around it’s the release of the .NET v3.5 Service Pack 1, which will also silently add a Firefox extension (even if you don’t have Firefox installed, and yes that’s possible). You will never be prompted if this is OK, and what’s more, you can’t easily uninstall it.
Yeah. Real cute.
So what has Microsoft done wrong with this? Simply:
- Modified a user’s third-party application without permission, from either the user or the third-party vendor (Mozilla)
- Created yet another potential channel for unsolicited software installs (ClickOnce)
- Prevented the average end-user from being able to uninstall the unsolicited extension
- Deceived users by implying this was a critical security patch when in reality it is much more
Anyone who has any version of .NET installed will be offered v3.5 as a critical security patch when they use Windows Update. If you have Windows Update set to automatically update then you’ve just been given a new Firefox extension.
It does not appear that this is the case with Vista users, though that is not fully confirmed yet.