Mozilla silently bypassed Microsoft's default apps protections in Windows

nanoguy

Posts: 1,355   +27
Staff member
Why it matters: By now it's no secret that Microsoft has been pushing users on Windows 10 to switch to Microsoft Edge through various prompts and tricks. Other browser makers have been vocal about the practice for years, but now Mozilla has taken the next step and bypassed the anti-hijacking features in Windows 10 to allow users who aren't fond of Edge to easily make Firefox their default browser.

Last month, news broke that Microsoft was making a set of changes in Windows 11 that would make it harder for most users to switch from Microsoft Edge to an alternative browser.

The same problem has existed in Windows 10, but to a different extent -- you could easily make Edge the default with a prompt from inside the browser, but for other browsers you still have to go to Settings where you'll be nagged once again about Edge's supposedly superior security and performance as you attempt to switch defaults.

That has made other browser makers understandably upset about the situation. In the case of Mozilla, the company silently developed a way for Firefox users to make it the default from within the browser. Starting with version 91, which was released last month, Mozilla has effectively reverse-engineered the functionality through which Edge is set as default in Windows 10.

Also read: 5 Google Chrome Alternatives That Do Things Better 

The new prompt you'll get when opening Firefox while not being set as default will no longer send you to the Setting apps. Instead, it's now a one-click affair that goes around the security protections set in place by Microsoft to prevent malware from hijacking default app settings.

It's a bold move and one that may soon get replicated in Chrome, Opera, Brave, Vivaldi, and other browsers. There are 1.3 billion Windows 10 users and many might not rush to upgrade to Windows 11 right away. Still, when they do decide to upgrade, Edge will almost always get set as the default and switching to an alternative browser will become cumbersome again.

Permalink to story.

 
jurassic-park-3.png


Clever girl!
 
"...goes around the security protections set in place by Microsoft to prevent malware from hijacking default app settings."

"It's a bold move and one that may soon get replicated in Chrome, Opera, Brave, Vivaldi, and other browsers."

What?
 
Good. MS deserves it. Screw edge, and screw winblows. Hopefully the other browsers find a way to auto change the default just to piss off MS more.
"...goes around the security protections set in place by Microsoft to prevent malware from hijacking default app settings."

"It's a bold move and one that may soon get replicated in Chrome, Opera, Brave, Vivaldi, and other browsers."

What?
What's hard to understand about this?
 
jurassic-park-3.png


Clever girl!
Clever would be doing it and MS saying they won't stop it. So far they just hacked pre-release software with MS sure to patch it before official release.

Expect a lawsuit or something else to make permanent change, and not just someone showing it's possible.
 
Good. MS deserves it. Screw edge, and screw winblows. Hopefully the other browsers find a way to auto change the default just to piss off MS more.

What's hard to understand about this?
Mozilla bypassed MS security (as quoted) and you don't think they'll patch it before others dare to try?

The cheers are premature at best.
 
This workaround needs to be used by every application on Earth. Also, where are the rest of the common default program options in Windows 10? You know, like default PDF viewer, default word processor, etc?
 
This workaround needs to be used by every application on Earth. Also, where are the rest of the common default program options in Windows 10? You know, like default PDF viewer, default word processor, etc?
Right click on PDF file, select Properties/Change and select whatever app you want. Same for most apps. Works eversince Windows had a GUI.

I know browsers are a different, as they have hooks in many apps based on the API calls that access them. Most other file types though don't, and are fine.
 
Clever would be doing it and MS saying they won't stop it. So far they just hacked pre-release software with MS sure to patch it before official release.

Expect a lawsuit or something else to make permanent change, and not just someone showing it's possible.

It's an arms race and with the OS being owned by MS, they will certainly close this hole. No reason to think Firefox or any of the other browser makers won't find and exploit another one.

Then also to be closed. And on and on.
 
Mozilla bypassed MS security (as quoted) and you don't think they'll patch it before others dare to try?

The cheers are premature at best.
I did not read it the way you did. Mozilla just changed Win10 security whitelist (that included Edge) to make sure that Win10 security would view Edge as another app and not let it make itself the default app for any process. They did not change the Win10 security system they just used it to treat Edge as a potentially unfriendly app. (which it is in my opinion). Sure MS could patch this back but Firefox will just change the whitelist again when you loaded it (without you even being aware of it), remembering your choice from the previous time you used it.
 
You can just uninstall edge. A windows update will just reinstall it though.
Yea. Much better to get it off the whitelist of apps; put it in the blacklist where is belongs. Just treat it as another of the bloatware apps like you get on your phone. Disable it. You cannot get rid of it.
 
I did not read it the way you did. Mozilla just changed Win10 security whitelist (that included Edge) to make sure that Win10 security would view Edge as another app and not let it make itself the default app for any process. They did not change the Win10 security system they just used it to treat Edge as a potentially unfriendly app. (which it is in my opinion). Sure MS could patch this back but Firefox will just change the whitelist again when you loaded it (without you even being aware of it), remembering your choice from the previous time you used it.
It's called reverse engineering, and Mozilla will not keep doing it.

No one is going to keep changing the defaults after every update that changes them. Only techies will do that. If Firefox was such a great privacy browser, it wouldn't have dropped all the way to 3.4% marketshare after decades. It's the Linux of browsers now.
 
Last edited:
Firefox lost a lot of users due to virtue signalling and destroying plugin support and then there's performance, Chromium based browsers being much better...
 
DoJ should do their job. The anti-trust agreement specifically barred Microsoft from this exact type of behavior (using the OS to push their browser.) Since I doubt DoJ will do their job, hopefully at least EU takes MS to the cleaners.
 
If Firefox was such a great privacy browser, it wouldn't have dropped all the way to 3.4% marketshare after decades. It's the Linux of browsers now.
I don't follow. Linux IS the best option for privacy minded individuals. So putting Firefox in the same boat as Linux is saying that Firefox IS "a great privacy browser."

Of course their market share is low. Just like Windows has come pre-installed with computers for decades giving Microsoft a massive advantage over Linux. Google spent the better part of a decade bundling Chrome with EVERYTHING as well as advertising it on the most visited website in the world.

In the end, most people choose simplicity and familiarity over privacy and security.
 
I don't follow. Linux IS the best option for privacy minded individuals. So putting Firefox in the same boat as Linux is saying that Firefox IS "a great privacy browser."

Of course their market share is low. Just like Windows has come pre-installed with computers for decades giving Microsoft a massive advantage over Linux. Google spent the better part of a decade bundling Chrome with EVERYTHING as well as advertising it on the most visited website in the world.

In the end, most people choose simplicity and familiarity over privacy and security.
Ah. Microsoft isn't playing fair. I get it. They are big meanies.

Maybe one day OEMs will hate money and adopt Linux. Just not today.
 
Back