Microsoft dont get it do they? (part 2)

[TumbleDryer]

I originally posted about a month ago about how Microsoft forced my brother to download new MSN Messenger (when he launched Messenger) without asking if he thought it was ok and whether he even wanted to. It then unpackaged itself and lodged its crap stained ass on my hard drive and there wsnt a thing i could do about it.

This got me thinking that maybe Microsoft are trying to create holes in the security of OSX by not allowing users to block their downloads or is it that they just dont get security altogether?

Anyway today I got a phonecall from my brother saying he had just received a word document from a friend of his and when he clicked on it to open in tyext edit. Microsoft automatically downloaded the Word application (trial version) and installed it without asking or allowing him to stop the download.

This leaves me thinking even more so they are trying to compromise OSX to their advantage. Any one else seen this in action and what are your views? Maybe I should make Apple aware?

If it wasnt for my bro MS would not even get a whiff of my macs.

 

[mad jew]

Let me get this straight. Your brother opened a Word file in TextEdit because he didn't have Word, but somehow a copy of the trial was then downloaded automatically and used to open the file? Was it downloaded through a browser? This is weird behaviour that I've never seen. 🙂

 

[TumbleDryer]

Let me get this straight. Your brother opened a Word file in TextEdit because he didn't have Word, but somehow a copy of the trial was then downloaded automatically and used to open the file? Was it downloaded through a browser? This is weird behaviour that I've never seen. 🙂

He double clicked the file which instead of opening TextEdit it downloaded Word. Same thing happened with MSN when he launched it, it automatically downloaded the newer version and installed itself without offering a cancel button or a 'this may contain an application' warning.

I saw the MSN one for myself.

No browser either just a microsoft window and loading bar.

 

[mad jew]

Yeah, but did it open up the default browser download window to do this? If so, what is your default browser? 🙂

 

[TumbleDryer]

Yeah, but did it open up the default browser download window to do this? If so, what is your default browser? 🙂

No browser either just a microsoft window and loading bar.

 

[mpw]

You sure it wasn't just the pre-loaded trial version of MS Office that got opened rather than anything being downloaded? and are you SURE you brother didn't click to OK it without realizing what he did?

My brother hasn't a clue what he's doing half the time and has a desktop full, and I mean FULL, of files named 'Doc1.doc' Doc2.doc' etc.

 

[mad jew]

No browser either just a microsoft window and loading bar.

Yeah sorry, I missed that the first time. 😱

This is truly bizarre. I don't know how an app that's not even installed, managed to use Finder to install itself when a different app (TextEdit) was probably already assigned the permissions. I wonder if the trial is removed, whether it will re-download/install itself.

 

[California]

MS is afraid. Very Very afraid. You guys read the story about how Ballmer couldn't get the viruses off of a friends computer when he was at his home for a wedding? took him two days. Even his techs couldn't do it. Microsoft is afraid.

http://australianit.news.com.au/articles/0,7204,19345228^15865^^nbv^,00.html

 

[TumbleDryer]

You sure it wasn't just the pre-loaded trial version of MS Office that got opened rather than anything being downloaded? and are you SURE you brother didn't click to OK it without realizing what he did?

My brother hasn't a clue what he's doing half the time and has a desktop full, and I mean FULL, of files named 'Doc1.doc' Doc2.doc' etc.

Actually that could be it. He is probably using my new MacBook which unfortunately comes with all the crap to initiate an install of office. Usually he uses the G5, shows how cool the MacBook is 😎 However why doesnt it allow you to check the file first or allow you to stop the download or even ask for your password? This to me is a big ecurity issue.

The MSN problem was on the G5 and I saw it for myself. Technically it could be downloading anything and you cant do anything about it. Again security is compromised. 😡 Whats the point of having a secure OS if Microsoft are just going to do this to it? No wonder windows is ****!

 

[mkrishnan]

I'm not exactly what happened on your brother's computer... but this has to be a function of some previously installed software from MS -- either Messenger and Office Trial were already on there and being initialized, or something else. There is no OS X code embedded in .doc files that causes a Mac to go and download Word. That's absurd.

 

[TumbleDryer]

I'm not exactly what happened on your brother's computer... but this has to be a function of some previously installed software from MS -- either Messenger and Office Trial were already on there and being initialized, or something else. There is no OS X code embedded in .doc files that causes a Mac to go and download Word. That's absurd.

Agreed it is absurd but it did say 'downloading' not 'initializing'. My post above probably explains the Word problem however MSN is a different story.

You have no control over what is downloaded!

 

[TumbleDryer]

To confirm he was using the macbook with the office trial on the system so that explains the word issue.

However it didnt ask for a password when installing!

 

[mpw]

To confirm he was using the macbook with the office trial on the system so that explains the word issue.

However it didnt ask for a password when installing!

I think it comes pre-installed so just initialises the first time it opens.

 

[Benjamin]

I think the trail version was originally on the computer and when the word file was sent to the computer it was tagged as word to open the file rather then textedit cause it came from a computer with word. Word opened the document but before it could used the first time run application and mb the auto updater and installed whatever updates. Anyway that's what it sounds like to me. Namely since the actual word trail installer doesn't operate like that.

 

[Veldek]

Agreed it is absurd but it did say 'downloading' not 'initializing'. My post above probably explains the Word problem however MSN is a different story.

You have no control over what is downloaded!

My guess is, the trial version of Word was opened and a patch was then downloaded automatically.

 

[TumbleDryer]

I think the trail version was originally on the computer and when the word file was sent to the computer it was tagged as word to open the file rather then textedit cause it came from a computer with word. Word opened the document but before it could used the first time run application and mb the auto updater and installed whatever updates. Anyway that's what it sounds like to me. Namely since the actual word trail installer doesn't operate like that.

Agreed on the above but what about MSN on a totally different Mac without preinstalled office. He went to open MSN as usual and it just downloaded the newer version without asking and installed itself without asking password. Is this not a security issue?

 

[mkrishnan]

Agreed on the above but what about MSN on a totally different Mac without preinstalled office. He went to open MSN as usual and it just downloaded the newer version without asking and installed itself without asking password. Is this not a security issue?

Hmmm, yeah... That part is still strange. Does his account have admin privileges? Most software that just lives in the /applications directory doesn't need authentication to install when you have admin privs.

However... I have MSN on my Mac, but rarely use it (I use Mercury if I want video and Adium otherwise). When I opened MSN just now, I got this:

There was a prompt, but I was not allowed to actually sign into MSN until I agreed to download the new version.

When I clicked yes, I got this:

And then the new Messenger downloaded in a .dmg file to the dektop, and I had to manually install it. I don't have an admin account, FWIW...so I had to authenticate to manually place it in the /apps directory. Also, as usual, I had to approve the inheritance of keychain resources from one version of MSN to the next....

So what accounts for the differences between my computer and his? Admin privileges alone? This is an iBook G4, 10.4.6, with Office 04 installed.

 

[TumbleDryer]

Hmmm, yeah... That part is still strange. Does his account have admin privileges? Most software that just lives in the /applications directory doesn't need authentication to install when you have admin privs.

However... I have MSN on my Mac, but rarely use it (I use Mercury if I want video and Adium otherwise). When I opened MSN just now, I got this:

There was a prompt, but I was not allowed to actually sign into MSN until I agreed to download the new version.

When I clicked yes, I got this:

And then the new Messenger downloaded in a .dmg file to the dektop, and I had to manually install it. I don't have an admin account, FWIW...so I had to authenticate to manually place it in the /apps directory. Also, as usual, I had to approve the inheritance of keychain resources from one version of MSN to the next....

So what accounts for the differences between my computer and his? Admin privileges alone? This is an iBook G4, 10.4.6, with Office 04 installed.

Only got the second image i.e. downloading! He has no admin priveliges , it asked for no password and installed itself. G5 10.4.6.

EDIT: there was no cancel button either!😕

 

[mkrishnan]

Only got the second image i.e. downloading! He has no admin priveliges , it asked for no password and installed itself. G5 10.4.6.

EDIT: there was no cancel button either!😕

Mmmm, wait. By *default*, OS X makes the first user an admin (because the system should always have an admin user in the Unix philosophy). So he would have admin privileges unless he intentionally took them away from himself.

Office definitely should not be able to write from your account to the /applications directory from a standard account without authentication.

 

[TumbleDryer]

Mmmm, wait. By *default*, OS X makes the first user an admin (because the system should always have an admin user in the Unix philosophy). So he would have admin privileges unless he intentionally took them away from himself.

Office definitely should not be able to write from your account to the /applications directory from a standard account without authentication.

Its my computer. My account is admin. He was using his 'second user' no admin priveliges account. Technically it should ask for MY admin password to install anything in any account.

 

[mkrishnan]

Its my computer. My account is admin. He was using his 'second user' no admin priveliges account. Technically it should ask for MY admin password to install anything in any account.

Oh, wow...that is so strange... something is très not right. 🙁

 

[XNine]

You want security? Go buy a copy of LITTLE SNITCH. you can find it via google or www.macupdate.com.

Little Snitch is the best app for this kind of sleezebag tactic developers throw in to their even crappier software. Best of all it only really uses any resources at all when an outbound connection from an app or process is made that hasn't been allowed to.

The RULES system Little Snitch has is great, allowing you to allow or not allow connection to certain servers from certain applications, etc. And very easy to use. Little Snitch is a MUST HAVE.