This morning I had one of those rare occasions when I needed to boot into Windows XP. Two and a half hours and three re-boots later, Windows had finally finished updating and was ready to let me do some work. I flashed up Firefox only to get the following warning:
I was a wee bit perplexed until discovered that one of the Microsoft updates, the “.NET Framework Assistant plugin” pokes a a “critical” hole in the browser’s security (effectively bringing Firefox down to IE’s level). Fortunately my copy of Firefox is suitably up to date and blocks this unwanted plugin.
Apparently thanks to Microsoft this vulnerability, which exists in all versions of Internet Explorer, lays Firefox open to infection by the Trojan.PWS.ChromeInject.A. According to BitDefender researchers, “the Trojan filters data sent by the victim to a large number of designated banking websites which are used everyday in the UK for online shopping and financial transactions. Harvested login credentials will be sent to a web address similar to [removed]eex.ru. Both the domain and the hosting server are located in Russia, which points to the origins of this latest e-threat.”
Just to add to the fun, last May, Microsoft released an update that made it almost possible to uninstall the .NET framework. Given that one of the reasons I originally choose to abandon IE in favour for Firefox was safer browsing, I have now had to editing the windows register (details given here).
This sort of thing really makes me feel like abandoning Microsoft completely and just sticking with Ubuntu, which I use 90% of the time anyway.