Mozilla reverse engineers Microsoft Edge's default browser setting behavior
Making a web browser the default browser was not a particular big problem until Windows 10 came along and with its Microsoft's Edge web browser. Microsoft made it harder on Windows 10 to change default programs, including the default browser.
Users who want to make other browsers, any other browser but Microsoft Edge, the default system browser on Windows 10, need to do so manually. Microsoft claims it is for security, but it is certainly giving its Edge browser a significant boost as well.
A Chrome user who wants to make the browser the default on Windows 10 has to find the option in the Settings. A click opens the Default apps section of the Settings app. There it is necessary to find the Web Browser entry, click on it and select Chrome as the new default. All browsers, with the exception of Microsoft's Edge browser, can be made the default, but only by following the steps described above.
With Edge, all it takes is to click on the "make default" button in the Settings to make it the default system browser immediately.
Microsoft's upcoming Windows 11 operating system makes things even harder, as Microsoft removed common application types from the settings. While all browsers, with the notable exception of Edge, may still load the default apps Settings page on the Windows 11 system, users can no longer click on Web browser to set the new browser with just two clicks. The option is gone.
Now, users have to select the browser, e.g. Brave, and make it the default for every supported file type and link type manually. More work for the user, unless Edge is the desired default browser, as it takes just a click in the browser's settings to make it the default.
Microsoft claims that it wanted to give uses more granular control, but it did not reveal why it had to remove the option to make a program the default for all supported file types and link types, for that.
Mozilla has found a solution
It is clear that browser makers, with the exception of Microsoft, are not too happy about the changes that Microsoft implemented in Windows 10 and Windows 11. Microsoft is giving its own Edge browser at an advantage over the competition.
Firefox users who install Firefox 91 on Windows 11 and set it as the default system browser may have noticed that they did not have to go through the entire ordeal. Instead, Firefox becomes the system browser just like Edge in that version.
Mozilla reverse engineered the functionality that Microsoft reserved for its Edge browser, so that Firefox users may make the browser the default just as quickly as Edge users can theirs.
Other browser makers may do the same to provide their users with the same level of comfort when it comes to setting the default browser.
It is probably only a matter of time before Microsoft will intervene again and make changes to the operating system to make things complicated again?
Now You: what is your take on all this?
“A Chrome user who wants to make the browser the default on Windows 10 has to find the option in the Settings. A click opens the Default apps section of the Settings app. There it is necessary to find the Web Browser entry, click on it and select Chrome as the new default.”
In Chrome 106 Google has eliminated all those extra steps, starting with that version you will be able to set Chrome as your default browser with a single click:
https://redd.it/wirkms
I wonder if Microsoft will do anything to block this workaround that Google has implemented…
Anybody remember what Microsoft did to Netscape? We’re back in the bad old days.
My take on this?
I blocked the upgrade to the latest windows incarnation… is what i did !
“managing” the file types and default behaviour was and is a criminal act from my point of view… i am so absolutely sick of windows stealing my file type handling settings after every monthly update. It was OK in earlier OS incarnations were on could set an application to all file types it could manage, internally from within the application or via the OS and it usually stayed that way. This i want for the applications i payed for or which i simply use as MY standard… i am sick of any OS which does manage my way of working instead of the other way round. Default application setting is such a case !
All publications about this subject that I have seen, including this one, are based on the recent The Verge article referred to by Martin. There are no technical details in that article, presumably because Mozilla kept quiet about them.
The article never mentions just what was “reverse engineered”. It has
been known for a long time that some apps get a hash value assigned to
them to be the default. That was to force use of the Default Apps
wizard which generates the hash. Not just any value can be used.
As for selecting which filetypes and protocols are defaulted to an app,
that was never hidden before, either. You clicked on the app you wanted
to be the default, and clicked Advanced to see what filetypes or
protocols the app had registered itself for supporting, and choose which
you wanted in addition to the default ones. Or you went into the
default filetypes list to select which app was the handler. Same for
protocols.
Not all apps have this added layer of security. It was added to prevent
malware, or even rude programs, from changing defaults. Some have been
so rude that every time you load them they would change the defaults
from some other app to that app, and without ever prompting the user.
RealPlayer was like that long ago. Malware would usurp the filetypes or
protocols, so the malware becomes the handler for them.
Other than figuring out how to create the hash value for a critical
default program, I don’t know just what got reverse engineered, and the
article is uninformative.
Any app can edit the registry to add itself a candidate for a handler of
a filetype or protocol by adding or editing the OpenWithProgIDs registry
key to add data item entries to add the app. It’s adding the hash value
under the UserChoice registry key that’s the tricky part. This scheme
isn’t used for all filetypes and protocols, just those considered
critical or abused. This started back in Windows 8.
It wasn’t Mozilla that t reverse engineered the hash scheme. Been known for a few years now.
The hack tool that I remember was SetUserFTA first released in Oct 2017.
https://kolbi.cz/blog/2017/10/25/setuserfta-userchoice-hash-defeated-set-file-type-associations-per-user/
For example, to create the hash for UserChoice for the handler specified
for .txt files:
extension = “.txt”; the file extension
sid = “S-1-5-21-463486358-3398762107-1964875780-1001” ; the SID of the current user
progid = “txtfile”; the ProgId of the desired association
regdate = “01d3442a29887400”; timestamp of the UserChoice registry key
experience = “a microsoft secret string”; a static string (this is a dummy example, not the real string
hash = Base64(MicrosoftHash(MD5(toLower(extension, sid, progid, regdate, experience))))
The above is just an example. SID and regdate are specific to the
Windows account under which the user logs in, because defaults can be
different across different Windows accounts. It’s getting the secret
string, or key, that’s the trick.
Mozilla didn’t come up with the hacking scheme. They duplicated or borrowed someone else’s prior work.
It sounds like Microsoft have reverted the way default file type associations are handled back to the way it was in Windows 7; and so Firefox have restored the old method of setting itself as the default web browser.
I hope that’s true, and I’m not making too many assumptions. If I’m right, it would mean that Windows will stop highjacking file type associations.
I’ve been defending Windows 11 in general, but this is one aspect of it that I am really irritated with. There’s no reason changing the default web browser should involve jumping through so many hoops. I can sort of see an argument in favour of how Windows 10 makes you go through the settings app as it’s better from a security standpoint (i.e. giving too much control to any random/unknown programs to change your default file associations) but for Windows 11 there is no excuse. Props to Firefox.
Antitrust court case waiting to happen. These big data bullies need to held accountable. Scum that they are. EFF, MoFo, EU … get your lawyers cranking on this disgraceful behaviour ASAP.
Hard enough being a Fx and web user these days. What with Mozilla butchering the interface every major update (whilst thankfully making some simple functionality improvements here and there … not all change is bad, not everything MoFo does is terrible) and the web being nothing more than an infestation of privacy invasion, MS failing to learn from their past is not so much the issue. The entire lack of regulation in the software industry is the issue. Allow dickhead corporations to behave … like dickheads … and they will.
“Microsoft claims it is for security”
Judging by how easy it was to circumvent, it probably was for security all along…
Time for another antitrust lawsuit by the government against Microsoft!
Well Martin, my take is that Firefox has once again done something right, which is a pleasant surprise but since Windows 10, Microsoft has been a contemptuous and adversarial company to a degree I had not though possible. I no longer care what they do to make the lives of their users miserable when they won’t do as they’re told. I don’t want an OS as dominatrix punishing me for wanting software that Microsoft didn’t supply or a configuration they wish me not to use. It really is surreal but they can lock it down if they want to since it’s their product and their users are clearly pests to be tolerated as a necessary evil.
I don’t have problem setting default browsers, all browsers always show pop up to make their browser as default. Just press yes?
Its time Microsoft gets a heavy fine for these tactics.
If I wasn’t familiar with the default browser issue, this would be really hard to follow. The article’s fine but The Mass of Users Below would be baffled, as MS likely intends. Security? Sure. If it mattered, another browser wouldn’t ever be allowed.
I haven’t installed a browser from scratch in a while but don’t they all ask if you want to make them default during setup? Did Win 11 somehow block that?
Meanwhile, in the first screenshot IE is STILL there! It was supposed to be easily uninstallable 20 years ago, now it can only be turned off in Programs and Features. Default is opt out (of sight.) Hmmm.
All these Win 11 blunders make me think MS has created a monster OS that no one there understands. I mean it’s not job one anymore, the A Teams are elsewhere. Windows gets the D- Teams!
Maybe they should put their phones down long enough to go online and find out how their OS works? Silly.
not blocked, just not fully “default”
Should be just as easy to switch to any browser you want as a default. OK, so maybe there is some benefits to the native OS browser but shouldn’t the end user decide this? I still run Windows 8.1 on one notebook for the sanity of choice. Windows 10 started down a unwanted path and I think Windows 11 just continues that journey. Sad that we have Chrome, it’s clones and Firefox for browser choices. Sure, all the clones are unique to some degree but also depend a lot of Chromium which ironically is mostly developed through Google and Microsoft now that Edge is a Chromium browser.
This wouldn’t be a problem if Edge was a good browser. It’s not. It’s obtrusive bloatware, spyware baked into the OS. They COULD have gone the good-guy route and just make a nice clean and snappy browser that browses the web, but nope. Full-on retard mode is what they chose. Windows, and every microsoft developed adware they call programs, is just a user-hostile nightmare. Greed is ugly. Even uglier when sold as beneficial for the user. Redmond, I fart in your general direction.
Dark patterns from Microsoft, as usual. They should have learned from their first browser-related lawsuit.
Brilliant idea. Should make MS think twice.
Changing file associations isn’t that difficult or time consuming, but I would much rather have the choice in Apps.
Batch file?
https://www.winhelponline.com/blog/set-default-browser-file-associations-command-line-windows-10/
This was done ages ago, it’s not something Mozilla just thought of when Windows 11 was announced.
good job firefox team
The idea is to bring all users into the Microsoft universe, regardless of their preferences or setup.
I think that this situation will only get worse with Windows 11 and Office, therefore I am staying clear of Windows 11, (and 10 as well). I use LibreOffice.
Another Chrome rip-off. Yawn. All Chrome rip-off browsers have less market share than Firefox (lol). Time for Google to make Chromium closed source. There is no need for sub-quality browsers to exist.
Hopefully Google does the same for Chrome, and keeps the solution closed source.
This person is a troll. Ignore them from now on.
In one million words or less, how is a Chrome-variant browser “sub-quality?” You like telemetry? Compare and contrast. Thanks (a million).
Relax, Dude.
Has absolutely nothing to do with the article. Bot needs reprogramming.
IronHeart’s 3rd nick change? Haha, stop it!
@DudeRelax
Nope, I don’t think so. I don’t change my nick.
However, seems like I am living in your head rent-free after all. LOL.
I rest my case, you really are here 24/7. You can turn your VPN off now and post under your 4th nick.
@ChromeFan
What you wrote is *again* funny, and you should try your luck in stand-up comedy, you will do good, trust me.
Not surprising Firefox has a solution first as *someone* has to do it. This time its my favourite browser Firefox. Other browsers will join soon as well. Microsoft will try to make things difficult expectedly but they are incapable and will only humiliate themselves further.
Keep dreaming, Google will never close the source because it’s revenue for them. Imagine if Google was a legit company where people didn’t need to make forks… forks exist for a reason ;)
The problem with that thought “ChromeFan”, is that like Android, Google used open source code to make their AOSP and Chrome browser.
They can’t go full-on closed source unless they get rid of all open source licensed code in their products.
What Google does as a work-around is to add binary blobs that their services require and force licensees of their closed code to include it in their offerings.
And why there are no major phone makers selling AOSP phones. They can’t by (all or nothing) agreement.
@AOSP for the masses
AOSP and linux will be abonded by Google.
They will switch to Fuchsia , it’s just a matter of time.
They have decided to keep Fuchsia open source, they didn’t have to, everything on Fuchsia is code by Google.
So.. why they don’t close source Fuchsia? Do you have an answer to that?