Microsoft sneaks Firefox extension into Windows update

This week’s installment of the regular Windows Update pack seems to have included more than Microsoft has disclosed to consumers. On Tuesday, Firefox users began reporting on the mozillaZine forums that a “Search Helper Extension” had been mysteriously added to their browser upon restarting the application after the Windows Update installation.

The extension is reported to have come from a Windows Update for Microsoft Search Enhancement Pack and was offered to computers with the Windows Live Toolbar, MSN Toolbar, or Bing Bar installed. The update was automatically flagged for installation during the update process as it was labeled Important rather than Optional.

The issue lies in the fact that there is no information currently documented by Microsoft as to what the extension actually does. The knowledgebase article associate with the update, KB982217, only states that the toolbars involved don’t categorize home pages correctly and, therefore, are not properly reporting information to Microsoft, but it says nothing regarding a Firefox extension.

The update also installs an add-on to Internet Explorer, but users haven’t reported the issue nearly as much since IE doesn’t notify of the installation on startup.

Mozilla has reportedly been in contact with Microsoft regarding possibly security risks associated with the update.  A Mozilla spokesperson stated, “As far as we know at this time, there are no security implications to this add-on’s background installation.”

This is the second time that Microsoft has had an issue with mysterious automatic update installations. Just over a year ago the company came under fire for the Microsoft .NET Framework Assistant 1.0 which included a Firefox extension allowing websites to install software on users computers without their consent. Consumers were even angrier after finding out that removal of the update would require risky changes to the Windows Registry.

Luckily, this latest extension can be removed simply by deleting the SEPsearchhelperie.dll folder from the C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\ directory. This will remove both the Firefox extension and the IE add-on.

It’s difficult to say whether Microsoft was trying to sneak the update past users or if there was an internal miscommunication that caused the error. Mistakes, if this is one, are easily made, however consumers who are wisely concerned about internet security aren’t likely to forgive or forget easily.