Wyatt's Twitter feedWyatt Says...
How to uninstall Microsoft .NET Framework Assistant from Firefox
August 12th, 2008This little extension automatically installed itself into Firefox when I updated Visual Studio 2008 with SP1. The extension, Microsoft .NET Framework Assistant, describes itself as “Adds ClickOnce support and the ability to report installed .NET versions to the web server.”:
As you can see the Uninstall button is disabled. I could waste several mouse-scrolls of space bitching about the slimy practice of installing bloat, but I’ll just get to the point.
How to uninstall
- Open Regedit (Start > Run > “regedit”)
- Goto “HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions”
- You’ll see “{20a82645-c095-46ed-80e3-08825760534b}”. Right click it and click Delete.
- Restart Firefox.
- Write an angsty live journal entry about why “Micro$oft“ sucks.
Or
- Get back to work.
Comments
Sweet, thanks!
This thing freaked me out, it’s not listed in the FF extensions anywhere and just installs itself, WTF! Thanks.
Hey great job!
I found your solution while getting some info to file a bug.
This issue really pissed me off.
Thanks for the help.
P.S. I found your blog through Google (of course).
That makes .NET developers like me just that little tick harder to deploy any applications for EASY install.
Everyone sees Microsoft and just tries to uninstall. That addon just helps. There are not many ClickOnce apps yet, but it’s a nice technology to deploy applications. You won’t have to build your own update program (although I did already) and setup. If you don’t have Visual Studio Professional it’s the only built in possibility.
Stop the MS hate. It makes the life easier mostly. If it weren’t for any virus programmer a$$holes, we would have a happy life with our maybe Opera or Mozilla browser, because it’s true that IE sometimes doesn’t go into standards that much. You can easily lock IE users out by deploying your markup file with the application/xml+xhtml (or was it?) content type. But who would do that? Two negatives by now:
1st: Well, IE still has some good market space
2nd: Every error stops the browser from really interpreting.
I’m going way off. Back to virus programmers. We would still use Active X for active content because it’s still the fastest and most flexible technology for internet plugins. Security sucks, which is important today, yeah. But it’s the only one where you theoretically could open a DLL file with a full, directly processor run application in it, and it would run fullspeed, not the way slower java stuff, that takes ages to load in a browser, if its something bigger.
Also, clickonce isn’t that bad for you. It has some serious security limitations. Like you can ONLY access the IP of the site you DOWNLOADED it from directly with TCP or so clients. That means you cant install some hacking program. It’s secure right now. And the little installer doesn’t bloat up your Firefox. One addon out of 20 others? Well, thats much on a modern pc, YEAH, it doesnt use up all your memory, maybe 3-4 KB more in Firefox.
I’m a C# developer too. Well, mostly. See wyUpdate, or one of my many open source projects.
Releasing apps is hard, that’s just a fact. That goes for any of the .NET languages, C++, Delphi, or any of the LISP cults.
I don’t hate Microsoft. Why would I? I think you took my joke as a serious statement: “5. Write an angsty live journal entry about why ‘Micro$oft’ sucks.”
Apparently I’m not funny.
I’m not going to comment on this diatribe. Mostly because I don’t understand the context.
That’s not the point. They installed it without giving me an option. Had they given a way to opt-out then I probably would have just let it install.
I’m fickle like that.
“That makes .NET developers like me just that little tick harder to deploy any applications for EASY install.”
Not my problem. Talk to Microsoft about finding a proper solution to this.
My problem is that I have carefully selected the add-ons and permissions of things in my browser for maximum security, specifically so that random people from the Internet can’d just do drive-by installs of stuff I neither want nor need.
And then MS, in an unrelated install (MS Office 2007, thanks for asking), puts in what looks like a honking great security hole right through the middle of this without asking. I’ve been trying to form a search query on Google for the last 10 minutes, just to find out what this thing is supposed to do, and all I can find is “how to remove it” instructions. That’s instructive for me.
One thing I have discovered that it will do is to tell any dodgy website advertisement exactly what variant of .NET framework I am running, so that they can target the precise security exploits exposed in that version.
Aha, do a search with “ClickOnce”…
“Hence when a user clicks on a .application in IE our mime handler is invoked which downlods the .application file and fires up the ClickOnce install.” Sounds like a way to download and execute arbitrary code to me. Great.
Smashing. It’s straight coming off as soon as this installer finishes.
It seems there’s a lot of anger here. And a lot of misunderstanding.
I don’t like ClickOnce or this extension, but neither are arbitrary code execution. Sure, this extension adds extra junk like the .NET version string to user agent, but extra bloat does not equal a security hole.
I think the problem we’re having is lack of permission. They didn’t get our permission to install the extension, thus the failed humor in my case and the slightly angry rant in yours.
Maybe it was an intentional breach of trust on Microsoft’s part. More likely it was just an oversight - a forgotten option in an installer.
Either way, lets keep this conversation civil.