subject:"\[CGUYS\] Forced to Bing Against Their Will"

 So Apple is guilty of some of the crimes that the Redmond Menace is
 guilty
 of.  Both are sinners and deserve a time out for it.  

Agreed, but that was in answer to Tom's assertion that Apple would NEVER do
such a thing, when, in fact, it already has.

 The problem is that M$ did something that opened a security hole in
 non-M$
 software that people use to avoid their own shoddy product because of
 similar security holes intrinsic to IE.  

So you say, but yet, no one has actually been able to show what this
supposed security hole actually was.  So far, it's just been a lot of talk.


*
**  List info, subscription management, list rules, archives, privacy  **
**  policy, calmness, a member map, and more at http://www.cguys.org/  **
*

Re: [CGUYS] Forced to Bing Against Their Will

2009-06-09 Thread mike

Since we have pirate day, can we have l33t speak day...Jeff already has a
good start.

On Tue, Jun 9, 2009 at 7:53 AM, Jeff Wright jswri...@gmail.com wrote:

   The web has
 been largely a OMG!!! M$ hAx0red FF!!!1!


*
**  List info, subscription management, list rules, archives, privacy  **
**  policy, calmness, a member map, and more at http://www.cguys.org/  **
*

Re: [CGUYS] Forced to Bing Against Their Will

 Note how blasé WFBs are about product defects.

 But there is a big difference here. If M$ wants to have gross defects in its
 own products that is their business, but when they go insert defects into
 competitor's products that is something completely different. That's a
 drive-by shooting.

I'm sorry, but you're going to have to establish first that this *is*
a product defect before blathering on about it.  The prodcut is
working fine and the only question was whether or not this should have
been a machine level install or a user level install.

So far, all we've gotten are prank calls to the fire department.  I'm
sure you can do better.


*
**  List info, subscription management, list rules, archives, privacy  **
**  policy, calmness, a member map, and more at http://www.cguys.org/  **
*

Re: [CGUYS] Forced to Bing Against Their Will

 A real example please. Bonjour is not what you claim it to be.

Actually, it is.  I know, I know, your programming won't allow you to
admit that.  I don't blame you personally.

Here, chew on these:

http://cyberinsecure.com/apples-safari-downloads-websites-resources-without-asking-for-permission/
http://blogs.zdnet.com/open-source/?p=2157
http://www.itworld.com/security/53730/apple-pushes-mobileme-surprise-xp-vista


*
**  List info, subscription management, list rules, archives, privacy  **
**  policy, calmness, a member map, and more at http://www.cguys.org/  **
*

Re: [CGUYS] Forced to Bing Against Their Will

2009-06-09 Thread t.piwowar


On Jun 9, 2009, at 2:34 AM, mike wrote:
Did that security hole ever get compromised?  That's the argument  
from the
mac side, macs have big security holes that are never compromised  
so that
equals good security, I hadn't seen that this extension caused one  
security

problem.  Perhaps it did and it didn't come up in my searches?


You keep trying to change the subject. The issue is that this  
vulnerability was inserted into a competitor's product by M$. By  
doing so it removed a major advantage of using the competitor's  
product. This is particularly important because this is the very same  
competing product that was at the center of M$'s anti-trust  
conviction. Looks to me like M$ has unilaterally declared the consent  
agreement void. Sort of like North Korea declaring the Korean  
Armistice Agreement void. (Now I suppose you will spring to the  
defense of Kim Jong-il.)



*
**  List info, subscription management, list rules, archives, privacy  **
**  policy, calmness, a member map, and more at http://www.cguys.org/  **
*

Re: [CGUYS] Forced to Bing Against Their Will

 You keep trying to change the subject. The issue is that this vulnerability
 was inserted into a competitor's product by M$.

Sorry, but you haven't established yet that there actually is a
vulnerability.  Repeating it does not make it so.

 By doing so it removed a
 major advantage of using the competitor's product. This is particularly
 important because this is the very same competing product that was at the
 center of M$'s anti-trust conviction. Looks to me like M$ has unilaterally
 declared the consent agreement void.

Nope, not the same product.  It may be based on the same rendering
engine and I know how easily confused you can get, but it's a
completely separate product from Netscape.  Netscape was owned by the
evil AOL (weren't they supposed to own the Internet by now?), Firefox
is owned by Mozilla, a non-profit.

Just in case you're *really* confused, Safari and Chrome are
differrent products too, even though they share code as well.

 (Now I suppose you will spring to the
 defense of Kim Jong-il.)

Nah, he seems like much more of a Mac guy.  Feelings of inadequacy,
vain, crushing central authority, conformity at all costs and so on.


*
**  List info, subscription management, list rules, archives, privacy  **
**  policy, calmness, a member map, and more at http://www.cguys.org/  **
*

Re: [CGUYS] Forced to Bing Against Their Will

2009-06-08 Thread John Duncan Yoyo

On Sun, Jun 7, 2009 at 11:33 PM, Jeff Wright jswri...@gmail.com wrote:

  I do wonder if this is going to wake the forces of Anti-trust again.  I
  expect the EU to go after them for and who knows about the current US
  administration.

 Seriously?  This is pretty meaningless stuff in the end, especially since
 they corrected the issue.


It's the EU they take this portion of law enforcement seriously.  They
already told MS not to do similar things.  Yeah it should get some attention
at least a phone call.



 I never asked Apple to install Bonjour on my system when I installed
 iTunes.
 Should we sue them too or just let me get on with the uninstalling?


Bonjour is a component of iTunes.  ,Net isn't a component of Firefox.


-- 
John Duncan Yoyo
---o)


*
**  List info, subscription management, list rules, archives, privacy  **
**  policy, calmness, a member map, and more at http://www.cguys.org/  **
*

Re: [CGUYS] Forced to Bing Against Their Will


On Jun 8, 2009, at 8:53 AM, John Duncan Yoyo wrote:

Bonjour is a component of iTunes.  ,Net isn't a component of Firefox.


Good point. This is the discovery mechanism that iTunes uses to share  
music on the subnet.


If the iTunes installer starting dropping patches into other  
applications without warning, this would be another thing, but they  
do not do that.


This M$ intrusion and Sony's root-kit exploit are the only cases I  
know of where a major software company had the balls to try something  
like this.



*
**  List info, subscription management, list rules, archives, privacy  **
**  policy, calmness, a member map, and more at http://www.cguys.org/  **
*

Re: [CGUYS] Forced to Bing Against Their Will


On Jun 8, 2009, at 8:53 AM, John Duncan Yoyo wrote:

It's the EU they take this portion of law enforcement seriously.  They
already told MS not to do similar things.  Yeah it should get some  
attention

at least a phone call.


I think the new administration will bring a return to law and order.  
They are already making strong moves against botnets and spammers.  
http://www.crn.com/security/217702111



*
**  List info, subscription management, list rules, archives, privacy  **
**  policy, calmness, a member map, and more at http://www.cguys.org/  **
*

Re: [CGUYS] Forced to Bing Against Their Will

 Bonjour is a component of iTunes.  ,Net isn't a component of Firefox.

That's some mighty fine hair splitting.

Bonjour is not a component of Windows.  .Net is.


*
**  List info, subscription management, list rules, archives, privacy  **
**  policy, calmness, a member map, and more at http://www.cguys.org/  **
*

Re: [CGUYS] Forced to Bing Against Their Will

Bonjour is not a component of iTunes, it is used by iTunes and by many other
programs.

On Mon, Jun 8, 2009 at 5:53 AM, John Duncan Yoyo
johnduncany...@gmail.comwrote:




 Bonjour is a component of iTunes.  ,Net isn't a component of Firefox.


 --
 John Duncan Yoyo
 ---o)


 *
 **  List info, subscription management, list rules, archives, privacy  **
 **  policy, calmness, a member map, and more at http://www.cguys.org/  **
 *



*
**  List info, subscription management, list rules, archives, privacy  **
**  policy, calmness, a member map, and more at http://www.cguys.org/  **
*

Re: [CGUYS] Forced to Bing Against Their Will

 Good point. This is the discovery mechanism that iTunes uses to share music
 on the subnet.

Except that I have no need for this and Apple thinks it below them to
even deign to ask the lowly user if they don't want to install
Bonjour.

 If the iTunes installer starting dropping patches into other applications
 without warning, this would be another thing, but they do not do that.

It already does this with Bonjour.  It installs a networking component
directly into Windows without any prior warning.  That's taking pages
from the Real Player handbook.

 This M$ intrusion and Sony's root-kit exploit are the only cases I know of
 where a major software company had the balls to try something like this.

**cough** SAFARI  **cough**  The Annoyances page that John links to
has a comment from the author about MobileMe doing the same thing.


*
**  List info, subscription management, list rules, archives, privacy  **
**  policy, calmness, a member map, and more at http://www.cguys.org/  **
*

Re: [CGUYS] Forced to Bing Against Their Will

 It's the EU they take this portion of law enforcement seriously.  They
 already told MS not to do similar things.  Yeah it should get some attention
 at least a phone call.

Ring!

MS: Hello?
DOJ: We hear that you installed a .Net component into Firefox and made
it impossible for the user to uninstall it.
MS:  Yeah, we screwed up on that.  The user could always have disabled
the add-on.
DOJ:  NOT GOOD ENOUGH!  We hear that there might be some vague and
undefined security issue!
MS: Yeah, OK, we did that in February.  We posted a correction for it
in May so that the user could uninstall it without being an admin.
DOJ:  But...but...
MS:  Are we good now?
DOJ:  But...but
MS: Ok, gotta run.  Windows 7 and all.

Click.


*
**  List info, subscription management, list rules, archives, privacy  **
**  policy, calmness, a member map, and more at http://www.cguys.org/  **
*

Re: [CGUYS] Forced to Bing Against Their Will

They will bring in their own version of law and order would be a better way
to say it.  To keep it in tech, Obama is (again) about to break another
campaign promise and bring in an ex lobbyist and google exec into the admin,
to be the new deputy CTO.  Some reports say he is leaving google for the
position, others say he was already leaving google.   New boss, same as the
old boss..

On Mon, Jun 8, 2009 at 7:49 AM, t.piwowar t...@tjpa.com wrote:

 On Jun 8, 2009, at 8:53 AM, John Duncan Yoyo wrote:

 It's the EU they take this portion of law enforcement seriously.  They
 already told MS not to do similar things.  Yeah it should get some
 attention
 at least a phone call.


 I think the new administration will bring a return to law and order. They
 are already making strong moves against botnets and spammers.
 http://www.crn.com/security/217702111



 *
 **  List info, subscription management, list rules, archives, privacy  **
 **  policy, calmness, a member map, and more at http://www.cguys.org/  **
 *



*
**  List info, subscription management, list rules, archives, privacy  **
**  policy, calmness, a member map, and more at http://www.cguys.org/  **
*

Re: [CGUYS] Forced to Bing Against Their Will


On Jun 8, 2009, at 11:54 AM, Jeff Wright wrote:

Except that I have no need for this and Apple thinks it below them to
even deign to ask the lowly user if they don't want to install
Bonjour.


You are not installing Bonjour. You are installing iTunes. To do that  
you had to download iTunes and run the installer. In the process you  
read and assented to lots of conditions. Nobody is forcing you to use  
iTunes. There are lots of alternatives.


By your rules, every application would have to display a list of  
every component to let you decide one by one which ones you want.  
That would be silly and would make writing the software very  
expensive because it would have to work under so many different  
configurations. There is nothing wrong with iTunes being of a single  
piece, take it or leave it.


This is very different than the operating system vendor pushing down  
updates that modify third-party software. Worse yet, the  
modifications bypass security features of that third-party software  
that are a major competitive feature of that software. What I think  
makes it criminal is that M$ is a convicted monopolist and Mozilla is  
a direct competitor in this market. M$'s prior conviction was largely  
due to their previous assault on Mozilla. Now they want to knife the  
baby a second time!


Let me put it another way. What makes this wrong is the same  
reasoning that bans convicted child molesters from areas around  
schools and playgrounds. They can't be trusted.



*
**  List info, subscription management, list rules, archives, privacy  **
**  policy, calmness, a member map, and more at http://www.cguys.org/  **
*

Re: [CGUYS] Forced to Bing Against Their Will

How about just notifying us of seperate components that have nothing to do
with itunes being installed?  I realize to you Apple doing this is A-ok
double plus whatever you say, but some of us don't like it apple or MS.


On Mon, Jun 8, 2009 at 9:56 AM, t.piwowar t...@tjpa.com wrote:

 On Jun 8, 2009, at 11:54 AM, Jeff Wright wrote:

 Except that I have no need for this and Apple thinks it below them to
 even deign to ask the lowly user if they don't want to install
 Bonjour.


 You are not installing Bonjour. You are installing iTunes. To do that you
 had to download iTunes and run the installer. In the process you read and
 assented to lots of conditions. Nobody is forcing you to use iTunes. There
 are lots of alternatives.

 By your rules, every application would have to display a list of every
 component to let you decide one by one which ones you want. That would be
 silly and would make writing the software very expensive because it would
 have to work under so many different configurations. There is nothing wrong
 with iTunes being of a single piece, take it or leave it.

 This is very different than the operating system vendor pushing down
 updates that modify third-party software. Worse yet, the modifications
 bypass security features of that third-party software that are a major
 competitive feature of that software. What I think makes it criminal is that
 M$ is a convicted monopolist and Mozilla is a direct competitor in this
 market. M$'s prior conviction was largely due to their previous assault on
 Mozilla. Now they want to knife the baby a second time!

 Let me put it another way. What makes this wrong is the same reasoning that
 bans convicted child molesters from areas around schools and playgrounds.
 They can't be trusted.



 *
 **  List info, subscription management, list rules, archives, privacy  **
 **  policy, calmness, a member map, and more at http://www.cguys.org/  **
 *



*
**  List info, subscription management, list rules, archives, privacy  **
**  policy, calmness, a member map, and more at http://www.cguys.org/  **
*

Re: [CGUYS] Forced to Bing Against Their Will

 You are not installing Bonjour. You are installing iTunes. To do that you
 had to download iTunes and run the installer. In the process you read and
 assented to lots of conditions. Nobody is forcing you to use iTunes. There
 are lots of alternatives.

Ah, how very lawyerly of you Thomas.  Didn't you read the very long,
dry and fine print before you installd this program?  Tsk, tsk.

If this were a mortgage, they would call it predatory lending.

 By your rules, every application would have to display a list of every
 component to let you decide one by one which ones you want. That would be
 silly and would make writing the software very expensive because it would
 have to work under so many different configurations. There is nothing wrong
 with iTunes being of a single piece, take it or leave it.

OK, I'll leave it.  Songbird is looking promising.

 Let me put it another way. What makes this wrong is the same reasoning that
 bans convicted child molesters from areas around schools and playgrounds.
 They can't be trusted.

Here, let me put it in a way that is connected to reality:  people who
get their panties all wadded up over something so trivial, as well as
moot, shoudn't be taken seriously at all.


*
**  List info, subscription management, list rules, archives, privacy  **
**  policy, calmness, a member map, and more at http://www.cguys.org/  **
*

Re: [CGUYS] Forced to Bing Against Their Will

 I get it. I is sort of like robbing a bank because you are short on cash and
 then giving the money back after you have a job. Happens all the time.
 Rght.

Or, like a major OS update from Apple that (twice!) deletes entire
hard drives, which requires a later update so it doesn't and in the
menatime, force their customers to resort to using a non-white
computer and have all the glitterati mock them for it.


*
**  List info, subscription management, list rules, archives, privacy  **
**  policy, calmness, a member map, and more at http://www.cguys.org/  **
*

Re: [CGUYS] Forced to Bing Against Their Will

And people wonder why you aren't on the radio anymore.  Only you could link
a software glitch to being in favor of child molesting.  You need serious
help...get some.

On Mon, Jun 8, 2009 at 2:03 PM, t.piwowar t...@tjpa.com wrote:

 On Jun 8, 2009, at 1:26 PM, Jeff Wright wrote:

 Here, let me put it in a way that is connected to reality:  people who
 get their panties all wadded up over something so trivial, as well as
 moot, shoudn't be taken seriously at all.


 I had expected you would rise to the defense of child molesters. I was
 right.



 *
 **  List info, subscription management, list rules, archives, privacy  **
 **  policy, calmness, a member map, and more at http://www.cguys.org/  **
 *



*
**  List info, subscription management, list rules, archives, privacy  **
**  policy, calmness, a member map, and more at http://www.cguys.org/  **
*

Re: [CGUYS] Forced to Bing Against Their Will

 Let me put it another way. What makes this wrong is the same reasoning that
 bans convicted child molesters from areas around schools and playgrounds.
 They can't be trusted.

But yet, you'll continue to trust another company which has such
shitty QA *on their own OS on their own hardware*, that you have to
skip iterative releases and major upgrades for fear of major snafus.

Talk about trust issues.  You're the guy who doesn't catch the other
person falling backwards in the team-building games.


*
**  List info, subscription management, list rules, archives, privacy  **
**  policy, calmness, a member map, and more at http://www.cguys.org/  **
*

Re: [CGUYS] Forced to Bing Against Their Will


On Jun 8, 2009, at 5:50 PM, Jeff Wright wrote:

But yet, you'll continue to trust another company which has such
shitty QA *on their own OS on their own hardware*, that you have to
skip iterative releases and major upgrades for fear of major snafus.


I see things as they are. WFBs can't get their brains around the fact  
that I'm not a MFB. When Apple screws up I am not afraid to say so. I  
don't automatically swallow whatever Apple (or M$) dishes out.



*
**  List info, subscription management, list rules, archives, privacy  **
**  policy, calmness, a member map, and more at http://www.cguys.org/  **
*

Re: [CGUYS] Forced to Bing Against Their Will

2009-06-08 Thread John Duncan Yoyo

On Mon, Jun 8, 2009 at 11:54 AM, Jeff Wright jswri...@gmail.com wrote:

  Good point. This is the discovery mechanism that iTunes uses to share
 music
  on the subnet.

 Except that I have no need for this and Apple thinks it below them to
 even deign to ask the lowly user if they don't want to install
 Bonjour.

  If the iTunes installer starting dropping patches into other applications
  without warning, this would be another thing, but they do not do that.

 It already does this with Bonjour.  It installs a networking component
 directly into Windows without any prior warning.  That's taking pages
 from the Real Player handbook.

  This M$ intrusion and Sony's root-kit exploit are the only cases I know
 of
  where a major software company had the balls to try something like this.

 **cough** SAFARI  **cough**  The Annoyances page that John links to
 has a comment from the author about MobileMe doing the same thing.


So Apple is guilty of some of the crimes that the Redmond Menace is guilty
of.  Both are sinners and deserve a time out for it.  Hey mom Steve did it
first no Steve did.

The problem is that M$ did something that opened a security hole in non-M$
software that people use to avoid their own shoddy product because of
similar security holes intrinsic to IE.  I don't trust IE due to it's
history and only use it for updates and when It can't be avoided.


-- 
John Duncan Yoyo
---o)


*
**  List info, subscription management, list rules, archives, privacy  **
**  policy, calmness, a member map, and more at http://www.cguys.org/  **
*

Re: [CGUYS] Forced to Bing Against Their Will

2009-06-07 Thread Art Clemons

 Why am I not surprised? 



An even better forced upgrade for IE6 users would be a mandatory
upgrade to IE7 or IE8.  Neither is great, but IE6 is so full of security
problems that it's not even clear it's really supported anymore.

Besides, consider all of the folks out there with XP who are suddenly
going to feel orphaned when windows7 gets released in October, and all
too many software providers move on to 7, if you think Binging against
your will is bad, imagine paying money to upgrade to be compatible.


*
**  List info, subscription management, list rules, archives, privacy  **
**  policy, calmness, a member map, and more at http://www.cguys.org/  **
*

Re: [CGUYS] Forced to Bing Against Their Will

On Sat, Jun 6, 2009 at 6:26 PM, t.piwowar t...@tjpa.com wrote:

 Why am I not surprised?

 http://www.pcworld.com/article/166024/
 microsoft_tries_to_force_you_to_use_bing.html?loomia_ow=t0:s0:a41:g26:r10:c0.023904:b24935762


This isn't nearly so bad as M$'s stealth Firefox plugin for *Microsoft .NET
Framework Assistant
1.0*http://msdn.microsoft.com/en-us/library/cc716877.aspxthat
enabled one click in Firefox.  It was installed in January as part of
a
M$ tuesday patch. I just heard about it this week.  The basic problem is
that it gave Firefox the same kinds of security hole that Explorer has.
Users weren't told that it was being installed and thought that they were
safely running Firefox and were exposed to risks that they were using
Firefox to avoid.

http://ffextensionguru.wordpress.com/2009/02/08/how-to-remove-microsoft-net-spyware-extension/


-- 
John Duncan Yoyo
---o)


*
**  List info, subscription management, list rules, archives, privacy  **
**  policy, calmness, a member map, and more at http://www.cguys.org/  **
*

Re: [CGUYS] Forced to Bing Against Their Will

 An even better forced upgrade for IE6 users would be a mandatory
 upgrade to IE7 or IE8.  Neither is great, but IE6 is so full of
 security
 problems that it's not even clear it's really supported anymore.

Windows 2000 tops out at IE6.  It's a solid and stable OS and is what the
7-year old Dell PCs I give to staff and other non-profits are licensed for,
so yes, people still use it.  It's fine for the low-end stuff they'll be
using it for:  office apps, email and web-surfing.  They're free to replace
it with their own version of XP, but the cert on the PC is for 2000.  

FWIW, in addition to OpenOffice 3.1, I install and Firefox on these
computers and also set the user up as a limited-rights user, not the admin,
so they're not exposed by IE6's security issues and running an OS as an
admin, the single biggest security issue for Windows users prior to Vista.

 Besides, consider all of the folks out there with XP who are suddenly
 going to feel orphaned when windows7 gets released in October, and all
 too many software providers move on to 7, if you think Binging against
 your will is bad, imagine paying money to upgrade to be compatible.

You can get IE8 for XP.  Considering how widely XP is in use (and how XP SP3
will be supported by MS until 2014), it will be more than several years
before any XP user will *need* to upgrade their system to Win7.  They may
want to, I will, or they could buy a new system that comes with Win7, which
will be out on October 22. 


*
**  List info, subscription management, list rules, archives, privacy  **
**  policy, calmness, a member map, and more at http://www.cguys.org/  **
*

Re: [CGUYS] Forced to Bing Against Their Will

 -Original Message-
 The basic problem
 is
 that it gave Firefox the same kinds of security hole that Explorer has.

[citation needed]

**My note:  Logging on as the admin would have enabled the uninstall, which
makes me wonder what all the sturm and drang was about, since LUA users
(Least-privileged User Account) typically aren't permitted to install or
uninstall software.**

http://blogs.msdn.com/brada/archive/2009/02/27/uninstalling-the-clickonce-su
pport-for-firefox.aspx
http://tinyurl.com/aqm4l9

We added this support at the machine level in order to enable the feature
for all users on the machine.  Seems reasonable right?  Well, turns out that
enabling this functionality at the machine level, rather than at the user
level means that the Uninstall button is grayed out in the Firefox Add-ons
menu because standard users are not permitted to uninstall machine-level
components   

Update (5/2009):  We just release an update to .NET Framework 3.5 SP1 that
makes the Firefox plug in a per-user component.  This makes uninstall a LOT
cleaner.. none of the steps below are required once this update is
installed.  

http://www.microsoft.com/downloads/details.aspx?displaylang=enFamilyID=cecc
62dc-96a7-4657-af91-6383ba034eab
http://tinyurl.com/cbx4me

In .NET Framework 3.5 SP1, the .NET Framework Assistant enables Firefox to
use the ClickOnce technology that is included in the .NET Framework. The
.NET Framework Assistant is added at the machine-level to enable its
functionality for all users on the machine. As a result, the Uninstall
button is shown as unavailable in the Firefox Add-ons list because standard
users are not permitted to uninstall machine-level components. In this
update for .NET Framework 3.5 SP1 and in Windows 7, the .NET Framework
Assistant will be installed on a per-user basis. As a result, the Uninstall
button will be functional in the Firefox Add-ons list.


*
**  List info, subscription management, list rules, archives, privacy  **
**  policy, calmness, a member map, and more at http://www.cguys.org/  **
*

Re: [CGUYS] Forced to Bing Against Their Will


On Jun 7, 2009, at 8:45 AM, John Duncan Yoyo wrote:
This isn't nearly so bad as M$'s stealth Firefox plugin for  
*Microsoft .NET

Framework Assistant
1.0*http://msdn.microsoft.com/en-us/library/cc716877.aspxthat
enabled one click in Firefox.  It was installed in January as part  
of a
M$ tuesday patch. I just heard about it this week.  The basic  
problem is
that it gave Firefox the same kinds of security hole that Explorer  
has.
Users weren't told that it was being installed and thought that  
they were

safely running Firefox and were exposed to risks that they were using
Firefox to avoid.


Oh my, I missed that one. And I imagine it came wrapped in some kind  
of click-through license that absolves M$ of all responsibility for  
anything they do to your computer. It is also interesting that M$ has  
disabled the ability to uninstall this invader. One has to go to  
great lengths to get it out of FireFox.


Yet one more reason why only fools run Windows.

Are the IT fools who agreed to absolve M$ for its sins also protected  
by the click-through license or can we fire the bunch of them?



*
**  List info, subscription management, list rules, archives, privacy  **
**  policy, calmness, a member map, and more at http://www.cguys.org/  **
*

Re: [CGUYS] Forced to Bing Against Their Will

 Yet one more reason why only fools overreact to non-issues resolved last
month.

FTFY.


*
**  List info, subscription management, list rules, archives, privacy  **
**  policy, calmness, a member map, and more at http://www.cguys.org/  **
*

Re: [CGUYS] Forced to Bing Against Their Will

2009-06-07 Thread mike

Orphaned?  Apple won't even let you run new versions of safari on 'old'
versions of OSX.  By the time 7 comes out, XP will be 8 years old...just how
long should MS continue to babysit customers who still want software they
used a crowbar to go from 98 to get working on XP and now want to work
flawlessly on 7?

Which version of linux are you running?

On Sun, Jun 7, 2009 at 12:49 AM, Art Clemons artclem...@aol.com wrote:

  Why am I not surprised?



 An even better forced upgrade for IE6 users would be a mandatory
 upgrade to IE7 or IE8.  Neither is great, but IE6 is so full of security
 problems that it's not even clear it's really supported anymore.

 Besides, consider all of the folks out there with XP who are suddenly
 going to feel orphaned when windows7 gets released in October, and all
 too many software providers move on to 7, if you think Binging against
 your will is bad, imagine paying money to upgrade to be compatible.


 *
 **  List info, subscription management, list rules, archives, privacy  **
 **  policy, calmness, a member map, and more at http://www.cguys.org/  **
 *



*
**  List info, subscription management, list rules, archives, privacy  **
**  policy, calmness, a member map, and more at http://www.cguys.org/  **
*

Re: [CGUYS] Forced to Bing Against Their Will

2009-06-07 Thread Art Clemons

 Which version of linux are you running?


Slackware-current with the 2.6.29.4 kernel


*
**  List info, subscription management, list rules, archives, privacy  **
**  policy, calmness, a member map, and more at http://www.cguys.org/  **
*

Re: [CGUYS] Forced to Bing Against Their Will

On Sun, Jun 7, 2009 at 10:19 AM, Jeff Wright jswri...@gmail.com wrote:

  -Original Message-
  The basic problem
  is
  that it gave Firefox the same kinds of security hole that Explorer has.

 [citation needed]


There is this quote from annoyances.org 
http://annoyances.org/exec/show/article08-600:

“This update adds to Firefox one of the most dangerous vulnerabilities
present in all versions of Internet Explorer: the ability for websites to
easily and quietly install software on your PC. Since this design flaw is
one of the reasons you may’ve originally choosen to abandon IE in favor of a
safer browser like Firefox, you may wish to remove this extension with all
due haste.”

There was a discussion of this on Security Now! this week- 
http://twit.tv/sn199.  The most upsetting part is the failure of M$ to
either ask permission for or notify that it added to a third party program.

Some other links.
http://startupearth.com/2009/05/31/microsoft-sabotaging-firefox-with-sneaky-net-updates/

-- 
John Duncan Yoyo
---o)


*
**  List info, subscription management, list rules, archives, privacy  **
**  policy, calmness, a member map, and more at http://www.cguys.org/  **
*

Re: [CGUYS] Forced to Bing Against Their Will

On Sun, Jun 7, 2009 at 10:19 AM, Jeff Wright jswri...@gmail.com wrote:

Update (5/2009): We just release an update to .NET Framework 3.5 SP1 that
makes the Firefox plug in a per-user component. This makes uninstall a LOT
cleaner.. none of the steps below are required once this update is
installed.

http://www.microsoft.com/downloads/details.aspx?displaylang=enFamilyID=cecc
62dc-96a7-4657-af91-6383ba034eabhttp://www.microsoft.com/downloads/details.aspx?displaylang=enFamilyID=cecc%0A62dc-96a7-4657-af91-6383ba034eab
http://tinyurl.com/cbx4me

In .NET Framework 3.5 SP1, the .NET Framework Assistant enables Firefox to
use the ClickOnce technology that is included in the .NET Framework. The
.NET Framework Assistant is added at the machine-level to enable its
functionality for all users on the machine. As a result, the Uninstall
button is shown as unavailable in the Firefox Add-ons list because standard
users are not permitted to uninstall machine-level components. In this
update for .NET Framework 3.5 SP1 and in Windows 7, the .NET Framework
Assistant will be installed on a per-user basis. As a result, the Uninstall
button will be functional in the Firefox Add-ons list.

So we should forgive them for monkeying with Firefox because it took them a
quarter to respond to their own screw up?? I think not.

I have no problem with the availability of the component it is that they
decided that they would install it on my machine in the first place, in a
program that they didn't write.

--
John Duncan Yoyo
---o)

*
** List info, subscription management, list rules, archives, privacy **
** policy, calmness, a member map, and more at http://www.cguys.org/ **
*

Re: [CGUYS] Forced to Bing Against Their Will

2009-06-07 Thread mike

I was thinking...great lengths seems to be hitting the 'uninstall' button in
the extensions of firefox for that extension.  Whew...I'm tuckered out after
that ordeal.  I had to *restart* firefox too.

On Sun, Jun 7, 2009 at 8:36 AM, t.piwowar t...@tjpa.com wrote:

 On Jun 7, 2009, at 8:45 AM, John Duncan Yoyo wrote:

 This isn't nearly so bad as M$'s stealth Firefox plugin for *Microsoft
 .NET
 Framework Assistant
 1.0*http://msdn.microsoft.com/en-us/library/cc716877.aspxthat
 enabled one click in Firefox.  It was installed in January as part of a
 M$ tuesday patch. I just heard about it this week.  The basic problem is
 that it gave Firefox the same kinds of security hole that Explorer has.
 Users weren't told that it was being installed and thought that they were
 safely running Firefox and were exposed to risks that they were using
 Firefox to avoid.


 Oh my, I missed that one. And I imagine it came wrapped in some kind of
 click-through license that absolves M$ of all responsibility for anything
 they do to your computer. It is also interesting that M$ has disabled the
 ability to uninstall this invader. One has to go to great lengths to get it
 out of FireFox.

 Yet one more reason why only fools run Windows.

 Are the IT fools who agreed to absolve M$ for its sins also protected by
 the click-through license or can we fire the bunch of them?



 *
 **  List info, subscription management, list rules, archives, privacy  **
 **  policy, calmness, a member map, and more at http://www.cguys.org/  **
 *



*
**  List info, subscription management, list rules, archives, privacy  **
**  policy, calmness, a member map, and more at http://www.cguys.org/  **
*

Re: [CGUYS] Forced to Bing Against Their Will

 There is this quote from annoyances.org 
 http://annoyances.org/exec/show/article08-600:

Yes, I saw that. That's where I found the MSDN blog that describes the why
and that an update is out.  Unfortunately, the Annoyances page, which all
other pages seem to quote verbatim, doesn't offer any details, just that
it's bad.  If it's that bad, they should be able to provide some proof, a
link to a published exploit or a MS page with the security alert or any site
with *any* details, to back up their claim.  As of right now, it's FUD.

 There was a discussion of this on Security Now! this week- 
 http://twit.tv/sn199.  The most upsetting part is the failure of M$ to
 either ask permission for or notify that it added to a third party
 program.

Looks like the malice or incompetence rule can be invoked here.  They
corrected the behavior which allowed the user-level install, so I won't
assign malice.


*
**  List info, subscription management, list rules, archives, privacy  **
**  policy, calmness, a member map, and more at http://www.cguys.org/  **
*

Re: [CGUYS] Forced to Bing Against Their Will


On Jun 7, 2009, at 4:23 PM, mike wrote:
I was thinking...great lengths seems to be hitting the 'uninstall'  
button in
the extensions of firefox for that extension.  Whew...I'm tuckered  
out after

that ordeal.  I had to *restart* firefox too.


If you had bothered to check before posting you would know that M$  
disabled that uninstall button. The URL cited even included a screen  
shot to illustrate this.


Of course we all know that WFBs don't have to check anything, they  
already know everything.



*
**  List info, subscription management, list rules, archives, privacy  **
**  policy, calmness, a member map, and more at http://www.cguys.org/  **
*

Re: [CGUYS] Forced to Bing Against Their Will


On Jun 7, 2009, at 2:25 PM, John Duncan Yoyo wrote:

“This update adds to Firefox one of the most dangerous vulnerabilities
present in all versions of Internet Explorer: the ability for  
websites to
easily and quietly install software on your PC. Since this design  
flaw is
one of the reasons you may’ve originally choosen to abandon IE in  
favor of a
safer browser like Firefox, you may wish to remove this extension  
with all

due haste.”



This is really, really clever. When a competitor has a feature that  
provides a significant advantage, you write a patch or plugin for  
their software that removes the advantage. Wow! This lifts  
competition to an entirely new level. I guess one could call this  
tactic a drive-by shooting. So should Mozilla now retaliate by  
issuing patches that introduce horrible bugs into IE or W7?



*
**  List info, subscription management, list rules, archives, privacy  **
**  policy, calmness, a member map, and more at http://www.cguys.org/  **
*

Re: [CGUYS] Forced to Bing Against Their Will

2009-06-07 Thread mike

Not for Tom, this may be too much of a clear thinking post for him to
handle.

There seems to be a lot of mis-information and hype being spread around
about this. See:
http://voices.washingtonpost.com/securityfix/2009/05/microsoft_update_quietly_insta.html

Is this truly a vulnerability? Can software run from a single click on a
website without the user's knowledge? Is this a bad MS design? The MS
developer at:
http://blogs.msdn.com/brada/archive/2009/02/27/uninstalling-the-clickonce-support-for-firefox.aspxtalks
about the problem of not being able to uninstall it which now MS has
fixed with a download which can be manually installed. So there is a fix to
the uninstall, but if it is NOT uninstalled does this make Firefox
vulnerable?

I further found a previous version of this extension written as a legitimate
FF extension at: https://addons.mozilla.org/en-US/firefox/addon/1608 The
developer provided a way to test his extension at:
http://www.softwarepunk.com/ffclickonce/testing.html

I tested the MS version of this extension which is installed by default
automatically (not the updated one from MS which was referred to in the blog
site above, nor the FF developers version) by clicking on the link at:
http://www.softwarepunk.com/clickonce/tester/deploy/publish.htm and you
still get a dialogue that you are about to run an application with the
ability to choose to cancel the operation. With that I can't see how this is
a vulnerability unless there is a way to bypass this dialogue.

I also did a search in Secuia's database and found this software but there
are no vulnerability reports. I have sent a request to Secunia to ask if
this is a vulnerability or at least has serious potential.
I'm not saying that there isn't at least the potential for a vulnerability
here but until someone can create a proof of concept of this vulnerability
I'm not convinced. Also my test above does not confirm this vulnerability.
Let's not create more hype about this without getting additional facts.
There are plenty of real threats out there that we should focus on as well.

On Sun, Jun 7, 2009 at 3:15 PM, t.piwowar t...@tjpa.com wrote:

On Jun 7, 2009, at 4:23 PM, mike wrote:

I was thinking...great lengths seems to be hitting the 'uninstall' button
in
the extensions of firefox for that extension. Whew...I'm tuckered out
after
that ordeal. I had to *restart* firefox too.

If you had bothered to check before posting you would know that M$ disabled
that uninstall button. The URL cited even included a screen shot to
illustrate this.

Of course we all know that WFBs don't have to check anything, they already
know everything.

*
** List info, subscription management, list rules, archives, privacy **
** policy, calmness, a member map, and more at http://www.cguys.org/ **
*

Re: [CGUYS] Forced to Bing Against Their Will

On Sun, Jun 7, 2009 at 6:15 PM, t.piwowar t...@tjpa.com wrote:

 On Jun 7, 2009, at 4:23 PM, mike wrote:

 I was thinking...great lengths seems to be hitting the 'uninstall' button
 in
 the extensions of firefox for that extension.  Whew...I'm tuckered out
 after
 that ordeal.  I had to *restart* firefox too.


 If you had bothered to check before posting you would know that M$ disabled
 that uninstall button. The URL cited even included a screen shot to
 illustrate this.

 Of course we all know that WFBs don't have to check anything, they already
 know everything.


They fixed that recently.   It uninstalls and turns off now.  I think that
fix is how it floated up in the public consciousness again.


-- 
John Duncan Yoyo
---o)


*
**  List info, subscription management, list rules, archives, privacy  **
**  policy, calmness, a member map, and more at http://www.cguys.org/  **
*

Re: [CGUYS] Forced to Bing Against Their Will

On Sun, Jun 7, 2009 at 4:49 PM, Jeff Wright jswri...@gmail.com wrote:

 Looks like the malice or incompetence rule can be invoked here.  They
 corrected the behavior which allowed the user-level install, so I won't
 assign malice.


So I should trust them because they are only incompetent and not malicious?

I do wonder if this is going to wake the forces of Anti-trust again.  I
expect the EU to go after them for and who knows about the current US
administration.

-- 
John Duncan Yoyo
---o)


*
**  List info, subscription management, list rules, archives, privacy  **
**  policy, calmness, a member map, and more at http://www.cguys.org/  **
*

Re: [CGUYS] Forced to Bing Against Their Will

 I do wonder if this is going to wake the forces of Anti-trust again.  I
 expect the EU to go after them for and who knows about the current US
 administration.

Seriously?  This is pretty meaningless stuff in the end, especially since
they corrected the issue.

I never asked Apple to install Bonjour on my system when I installed iTunes.
Should we sue them too or just let me get on with the uninstalling?


*
**  List info, subscription management, list rules, archives, privacy  **
**  policy, calmness, a member map, and more at http://www.cguys.org/  **
*

Re: [CGUYS] Forced to Bing Against Their Will