Slashdot Mirror
Microsoft Installs New Software Without Permission
Futurepower(R) writes "Even though I have Automatic Updates turned off, on August 28, 2007, between 3:49 and 3:51 AM PDT, Microsoft installed new files on my Windows XP computer." Nine files are updated on Vista and on XP SP1, a different set of on each, relating to Windows Update itself. Microsoft-watch.com's Joe Wilcox and ZDnet's Adrian Kingsley-Hughes confirm the stealth update.
Is it me or does this just seem down right nasty?
If a person who uses vista or xp did not want any updates to their OS, they turn off Automatic updates. It's their choice. Where does Microsoft get off thinking that something like this is acceptable?
If I ran either of those operating systems, I would probably file a lawsuit, as to me that is a huge invasion of privacy. If they can force you to update those few files, they can absolutely view any and every file on your computer.
Although, this should come as no surprise...
You chose to use proprietary software from a company that uses its control to illegally maintain a monopoly. You really think they are going to be bothered to care wether you give permission to update that software any damn time they want, for whatever reason they want? (And/or, a company that produces shoddy unstable 'oh look its shiny' software for nincompoops and that they are competent enough to actually be able to keep track properly)
There is no halfway. Eiher you give control of your system to Microsoft, or you dont (by not running *ANY* Microsoft software). If you have a problem with the agreement that you choose to let MS impose on you, take it up with MS (or their local sychophants, or your attorney). Why annoy people who dont care?
I'd give it six months and this will be used to enforce install of WGA on every windows machine.
Why should you have to?
It could be worse, it could be Monday.
Can they pull? Interesting question to ask I think.
license? Do you own your copy of windows? No. You are only licensed to use it under their terms. Do you own M$ Office? No. You are only licensed to use it. If Microsoft wants to change their files on your computer they can. Also read carefully because some licenses of Microsoft actually claim that were you to so much as add any hardware you no longer are licensed and your windows copy will be in validated. I use linux, I don't have these problems. It has never been that Linux was a superior operating system. I mean for the longest time I had to deal with so much shit to to listen to an mp3. BUT the one thing about Linux is Your copy is Your copy to share and to see everythijg it does. Using linux was the first time I could take my Foil Hat off in years.
Does this mean that somewhere hidden deep in the API is the ability to automatically download and install files without user consent? Does this mean that somebody else could use that exact API to do something a bit less friendly? Does anybody else feel a whole new batch of windows security alerts?
http://blog.heavensdomain.net
*sigh* nice troll. 4/10
Hmm, care to prove me wrong? How many open source projects enforce monitoring or hidden updates about which there is no choice on users?
I'm really surprised that they think so little of us that they didn't at least bother to write up a canned statement about the update. Didn't they expect anyone to notice the patching? Many people take others messing with their PCs very seriously, be it micro$oft or some script kiddie out there, and track this kind of thing constantly.
Any word on what the purpose of the patching is?
In my experience, if you turn BITS off you can't run Windows Update even if you wanted to. Even if you re-enable it, it doesn't work until you restart the computer once.
Google's Super Secret Search Algorithm: SELECT @search_results FROM internet WHERE @search_results = 'good'
What is really sad is that everybody here blindly trust this "article" without really checking and re-checking other sources. That's the scary thing these days.
It's time to realise that Abble's products are the biggest abomination these days. Just say NO to the dumb iAbble way!!
If you certified that PC for use in the current configuration it will have to be recertified now that it has changed, the cost of re-certification should count as damage.
:)
I can't remember - Diebold voting machines don't run on a version of windows do they?
Those are exactly the kinds of things you agree to with EULA's, and it's not just Microsoft. Software licenses get more bizarre and dickish by the day.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
No, whats really scary is just how common it is for blind-MS hate and Linux fanboi-ism to cause people who should know better to do things like run with Windows Update turned off.
I happen to like the fact that all three OS's I use (Ubuntu, OSX and Windows) patch themselves automatically for critical updates. I don't get butthurt about any of the three keeping themselves updated. (Actually the fact that I can't figure out how to make Ubuntu do it truly automatically is a lingering sticking point I have with using Ubuntu because I have a few systems I just don't log into all that often.)
95% of Windows users won't care.
Nor should they , because it doesn't matter, and here's why:
Windows is an insecure system that is often easily attacked due to a vast pool of ignorant users who are more than willing to attack their own machine so they can run a "neat" screensaver, a large number of poorly developed applications, and the occasional operating system exploit. If you're using Windows for anything truly sensitive, you're not using it right, and switching to anything else won't help you. There's no reason you can't write Linux/BSD/UNIX/Mac viruses and send them to people dumb enough to follow the instructions to install them, just like people do with Windows viruses that are zipped and password protected.
For most Windows users, without the presence of a competent system administrator, a Linux machine will either be unusable, or just as ridiculously insecure as Windows. You cannot code a patch for the interface between the keyboard and the chair.
And, if you're not using it for anything important - I only play computer games on my Windows machine - who gives a crap?
Oh no! Microsoft might steal my Baldur's Gate save file! Aaaaaaaaah!
Perspective: get some.
That's a fine setting for a home system. It's asking for trouble in a corporate environment, particularly one where you run custom applications or services. If this happens on your home computer, it's largely an issue of annoyance and inconvenience. If it happens to large numbers of computers in an enterprise, it may mean losses of millions of dollars. Most enterprises test patches on lab machines to identify issues before they deploy them. MS (or Ubuntu or Apple or whomever) has no business patching anyone's machine without permission. Period.
"The legitimate powers of government extend only to such acts as are injurious to others." Thomas Jefferson.
No, whats really scary is just how common it is for blind-MS hate and Linux fanboi-ism to cause people who should know better to do things like run with Windows Update turned off.
Many companies will not install patches - even the automatic Windows Update ones - until they have a chance to test it themselves and make sire that the patch doesn't inadvertently break mission critical applications.
Sometimes, even with known issues, the devil you know is better than the devil you don't...
I happen to like the fact that all three OS's I use (Ubuntu, OSX and Windows) patch themselves automatically for critical updates. I don't get butthurt about any of the three keeping themselves updated.
Wait until you get a call at 4:30 AM from an irate boss complaining that [Killer App A] is no longer working because a patch overwrote a DLL and it's now *your* problem.
If Automatic Update works for you - that's great for you. But for a lot of companies, automatic updates is like playing Russian roulette with a Glock 9mm...
I patch the boxes myself. I do it regularly. I CAN NOT have Microsoft patch them automatically because I run long duration tests that CAN NOT be interrupted by an update or a reboot.
As far as i am concerned, you need to have administrative privileges to alter those files. That means - MS does have them. So they have access to all data on affected (or should I say infected) PC. Now that's something authorities have to be VERY worried about. If they can use this loophole - someone else can act the same way. So much for privacy...
Ahh, what a pleasure it is to run emerge -uDN world. Updates only when YOU decide to do them. Ultimate freedom if you wish.
This freedom clearly overcomes all artificial difficulties with Linux. By "artificial" i mean hardware providers who don't provide drivers/specs and stupid patent regulations that require you to manually install additional codecs in order to play mp3/dvd. Linux IS a superior system because both problems have nothing to do with the system itself.
On a more personal level, I dislike most Microsoft products (with certain notable exceptions), because I think they have a corporate culture that promotes mediocrity and "good enough"-ness. As someone who has always labored to pursue quality and technical correctness as an end in itself, I find the inherent laziness in their products offensive. I understand this is a personal decision; looking at other product arenas, the mass market is usually filled with garbage. This is fine, and consumers should have a choice as to what they want to buy. However, I detest Microsoft for virtually eliminating the consumer's ability to buy better.
Also, they have an apparent contempt for both their competitors, which is understandable if unwarranted, and their customers, which is unacceptable.
I don't hate Microsoft for being on top. I hate them for being on top, while pushing an inferior product than the market would produce in their absence, on all of us.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
They should just design it right in the first place. This is not rocket science. Many of the security holes are exactly the same. We keep on seeing buffer overflows. You should be getting new kinds of hole each time if you properly audit your code for the kinds of hole you know about, ex. OpenBSD. And you should think about the security architecture and make sure a good implementation of it will not have holes due to design.
Inventions have long since reached their limit, and I see no hope for further development.-- Frontinus, 1st cent. AD
Exactly what I was going to say. Any larger organization worth its salt is using a standard image on their PCs. Changes to that image have to be properly vetted through a change control process. For Microsoft to make changes with AutoUpdate turned off is, quite simply, wrong.
It sounds from TFA that Automatic Updates wasn't completely disabled, but probably set to 'notify me when new updates are available but don't download or install them'. In that case the service is still running and periodically phoning home to get the list of updates.
Presumably there's some sort of flag that can be set on an update which overrides the user's settings and installs it anyway. Reading the other comment from the article's author it sounds like there WERE entries in the event log about its installation, which would seem to indicate that it's a relatively "normal" update with a special flag set (or possibly a bug in WUAU), rather than some super-secret backdoor.
It's still inexcusable for them to have even put in that ability in the first place, much less be using it.
MS:O.k, we'll patch the system involuntarily.
"...But not anything that might actually affect security, only those features relating to disabling machines we consider invalidly licensed. Because we never make mistakes regarding licensing issues."
Yeah, I most certainly do take issue with them patching a system against the owner's wishes. After the owner has explicitly disabled autoupdating, I would go so far as to call that "criminal trespass". And doing so in a way that neither fixes nor improves the security of a machine... Not justifiable in any context.
Blind MS hate? Bitter experience, more likely.
"I've got more toys than Teruhisa Kitahara."
M$ sucks for all of the things you mention but they are all non free software facts of life. Windoze is insecure because they don't have enough developers to do things right. M$ is evil because they force what's wrong onto the entire industry. Non free auto updates are evil because they have nothing to do with security and everything to do maintaining a monopoly. This is what you have to do if you want to keep users divided and helpless, and that's what non free software is all about.
Uncontrolled updating is crazy. Home users will be angry when things break, as they always do in the clannish non free software world. For IT, this is an unacceptable threat. Business can not tolerate external meddling like that, because it shortcuts testing and will cost real money when hundreds of people come to work and are unable to do their jobs. It's insanely arrogant for them to expect get away with this and that they would try is a sign of their increasing desperation in the face industry revolt. Vista is a failure because non free software works for owners not users. This has always been the case, but auto updates make it obvious. With auto updates, you can never be sure what works today will work tomorrow.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
I can recall their updater running without my say so a few times now. So I figure my still running Windows is implicit consent. And frankly as someone "technical" yes it seems offensive, but if you consider Microsofts position when faced with a potential security melt-down all over the news vs. a little whining on /. it seems like an easy thing for them to do. And it wouldn't surprise me if their updater was remotely exploitable. Actually it would surprise me if it wasn't.
-- http://thegirlorthecar.com funny dating game for guys
This isn't directed entirely at you, but I do find these "I don't trust Windows Update" type comments quite ridiculous. So you trust Microsoft to write your computer's entire operating system, but you're afraid that a patch might contain something nefarious? Granted, software updates may accidentally break things from time to time (this is true on OS X and even Linux as well as on Windows), but if your concern is that Microsoft may try to install something "evil" on your computer - too late, you're already running their closed-source operating system; the damage, if any, is done.
If you're that concerned about it, install BSD or Linux instead. In any event, do everyone a favor and keep up with the latest security updates on whichever operating system you run.
I had a roommate once who refused to install Microsoft's Windows 2000 patches on his laptop, right up until my NIDS discovered his computer attempting to propagate the Zotob worm. Oops. He installs software updates now.
Because I want to & it's my box.
Deal with it, you're pissed at MS for being the top dog.
You arrogant ass! Who the hell are you to presume knowledge of someone elses motivations?
Maybe YOU are prone to hatred from envy, but that doesn't mean that everyone is. I dislike Microsoft for many reasons:
1) The economic harm that their anticompetitive monopolistic practices have caused.
2) The way they aspire to take control of my computer away from me (through license agreements that give them way too much power over my machine, mandatory DRM, and also stealth updates like these).
3) Their continual practice of breaking standards and deliberately preventing interoperability. It makes life really damn hard on the rest of the world, and the only reason they can get away with it is because of their illegal (convicted!) monopoly.
If they remained "top dog" and also:
1) Stopped punishing vendors for selling computers with other OS's, or with older versions of their OS's, or for doing anything at all for that matter. Let the vendors sell what the vendors want (same goes for hardware manufacturers as well).
2) Stopped writing EULA's that require me to register my software online, require me to allow microsoft to remotely monitor my usage of the software, require me to allow microsoft to remotely make changes to my software whether I want them to or not, and require me to have and allow updates to unwanted DRM on my computer.
3) used open standards (NOT opened their source code, they can keep it as proprietary as they want for all I care) to promote interoperability, and stop putting barriers in front of people who want to write software that is compatible with their software.
If they did these three things, and remained the toppest top-dog on the planet, I would smile from ear to ear.
Keep your misguided judgements to yourself.
It's not about making everyone happy or not, there *ARE* laws that prevent unauthorised acces to your computer and microsoft this time broke them. Someone has to be held accountable and end up throwing chairs in his jail cell. Some hackers get 5 years for breaking into one computer, this is far worse.
Unfortunatly, I do not own a windows license so I can't sue them for all they are worth, but I sure hope someone does it, you know teach them a 50 bilion lesson.
This is an asinine statement. OSs and the various supporting systems are complicated, often involving many 10,000 of lines of code. Even Linux requires patches, is it because Torvalds and his leigons of OSS bots didn't "design it right in the first place"? It's *not* rocket science, it's *computer science*, and it's not exactly as easy as assembling your little red wagon.
If you want news from today, you have to come back tomorrow.
Funny, but pure bull crit. M$ churned out garbage software with no regard for security. When that became apparent, they did little to address the situation, except to stop me from e-mailing documents created with their software.
On the other hand, the current update system, apart from its "evil" features, works fairly well. The *owner* of the PC should have the right to turn off updates. For M$ to force updates when the update feature is turned off is reprehensible, and it should be criminal. No other company in the world could get away with this sort of behavior. Hopefully, the EU will slam them. In the future, M$ will be used as an example regarding the need for anti-trust laws.
But of course, in order to use software it needs to be copied into RAM. This is the historical legal justification for software EULAs. You can't put a EULA on a lawnmower to tell people what lawns they can mow with it; the doctrine of First Sale prevents that. You can't put a license on a DVD or CD telling people how they may use it, either; only how they may copy it. It's only that particular quirk of software that to use it you must copy it which supposedly makes EULAs valid, and AFAIK (though IANAL) that theory has been invalidated on the grounds that copying from disk to RAM inside your own computer for the purposes of software is fair use and necessary for the product to be merchantable as advertised.
So fuck EULAs. Your computer is your property and if Microsoft does anything to it against your wishes they should be held criminally liable.
-Forrest Cameranesi, Geek of all Trades
"I am Sam. Sam I am. I do not like trolls, flames, or spam."