I’ve long been an advocate of the FireFox browser. I’ve used it since it was first announced, and rarely use IE for anything but testing web designs and browsing Microsoft’s own non-W3C compliant web pages.
One of my reasons is that Internet Explorer has major vulnerabilities via its ability to directly run ActiveX code on the machine of users without asking permission. That is, it is a hacker’s pipeline into your operating system.
Well, a few weeks ago, a Microsoft Update quietly installed the .Net Framework assistant into any FireFox browser it found. Shoved that narrow shiv of vulnerability right into the heart of the generally more secure FireFox core. When it was noticed, the savvy segment of FireFox users were outraged. Not just because it was done, but because it was done in such a way that it couldn’t be easily removed! Sure, it would let FireFox users see those rare sites dependent on ActiveX, but it would also let hackers run ActiveX on your machine!
When I found out, I first Googled to find a way to remove it using regedit and about:config (two dangerous powerful tools). But a week later, updates by Microsoft and FireFox made it easier to remove. If you have it, remove it.
Here’s one of the articles about it from ZDNet, a generally Microsoft friendly environment. This article also contains removal instructions that assume you have recent updates.
btw: If you didn’t know. FireFox spell checks all blog entry fields as you type. And you can add nifty customizable Make Link tools for easy creation of links in comments to blogs and such. Just highlight text on a page, rt-click and Make Link to copy complete link code, ready to paste.