Slashdot Mirror
Microsoft Installs New Software Without Permission
Futurepower(R) writes "Even though I have Automatic Updates turned off, on August 28, 2007, between 3:49 and 3:51 AM PDT, Microsoft installed new files on my Windows XP computer." Nine files are updated on Vista and on XP SP1, a different set of on each, relating to Windows Update itself. Microsoft-watch.com's Joe Wilcox and ZDnet's Adrian Kingsley-Hughes confirm the stealth update.
...I cant see how anyone on /. would ever object.
Anyone want popcorn?
Under cygwin, you can type:
/cygdrive/c/windows/system32/wuapi.dll | grep 7\.0\.6
strings
If you get back something like:
7.0.6000.381
7.0.6000.381 (winmain(wmbla).070730-1740)
7.0.6000.381
then Microsoft has secretly updated you.
My blog
Is it me or does this just seem down right nasty?
If a person who uses vista or xp did not want any updates to their OS, they turn off Automatic updates. It's their choice. Where does Microsoft get off thinking that something like this is acceptable?
If I ran either of those operating systems, I would probably file a lawsuit, as to me that is a huge invasion of privacy. If they can force you to update those few files, they can absolutely view any and every file on your computer.
Although, this should come as no surprise...
I wonder if this still happens even if you have set the Automatic Updates service to 'Disabled' in services, rather than using the control panel applet which tells it not to update but still leaves the service running.
Probably a good idea to disable the BITS service too.
Does wmbla stand for Windows Man Boy Love Association???
Boy I need to spend time away from the interweb
Does this mean that somewhere hidden deep in the API is the ability to automatically download and install files without user consent? Does this mean that somebody else could use that exact API to do something a bit less friendly? Does anybody else feel a whole new batch of windows security alerts?
http://blog.heavensdomain.net
TFAs only mention XP and Vista, but I have Windows 2000 (it will be the last Windows I ever own, and I'm just keeping it running until my end-of-year trip to the USA, when I'll buy a Macbook) and was surprised when I woke up one day this week (either the 11th or 12th of September) and found my computer showing the "got restarted and waiting for somebody to log in" screen. Before I had a UPS, that happened now and then, but since getting a UPS, that shouldn't happen unless we get a major power failure that lasts longer than the several minutes my UPS's battery gives me. That hasn't happened since I got my UPS, and I noticed that other things around the house showed no signs of power loss, despite my computer having been restarted. /., I thought I might have discovered what happens, but TFAs only talk about XP and Vista.
When I logged in, Windows Update informed me that it had installed updates. That's hard to understand, since I've had Windows Update configured for a long time now to ask me before installing anything. When I saw the item on
So was what happened to my computer (running Win2K) the same thing? Did others with old versions of Windows have the same experience?
"It is nice to know that the computer understands the problem. But I would like to understand it too." --Eugene Wigner
*sigh* nice troll. 4/10
Hmm, care to prove me wrong? How many open source projects enforce monitoring or hidden updates about which there is no choice on users?
I'm really surprised that they think so little of us that they didn't at least bother to write up a canned statement about the update. Didn't they expect anyone to notice the patching? Many people take others messing with their PCs very seriously, be it micro$oft or some script kiddie out there, and track this kind of thing constantly.
Any word on what the purpose of the patching is?
Why hasn't someone diff'd the files that were updated and dived into the disassembly and checked to see what was actually changed?
Would be more informative than bitching about it...
Peace sells, but who's buying?
Doesn't this violate every corporate network policy on the planet? What about the defense department?
What if the one of the computers was monitoring a critical system and the stealth upgrade crashed the system?
Isn't this a violation of Sarbanes-Oxley computer auditing requirements?
Food for thought.
Enjoy,
It's just the normal noises in here.
/.er:Windows is insecure, Microsoft is evil.
/.er:Where are my patches?
/.er:You're evil because you patched my system.
MS:O.k., we'll make a system the user can run and patch them system that way.
/.er:You're evil because most lusers won't set it up properly and the net will be taken over by these luser's machines.
MS:O.k, we'll patch the system involuntarily.
/.er:You're evil for patching my system that way.
MS: You've made a career at being happy with whatever prevails, right?
Politics is the art of looking for trouble, finding it everywhere, diagnosing it incorrectly and applying the wrong fix.
That's a fine setting for a home system. It's asking for trouble in a corporate environment, particularly one where you run custom applications or services. If this happens on your home computer, it's largely an issue of annoyance and inconvenience. If it happens to large numbers of computers in an enterprise, it may mean losses of millions of dollars. Most enterprises test patches on lab machines to identify issues before they deploy them. MS (or Ubuntu or Apple or whomever) has no business patching anyone's machine without permission. Period.
"The legitimate powers of government extend only to such acts as are injurious to others." Thomas Jefferson.
No, whats really scary is just how common it is for blind-MS hate and Linux fanboi-ism to cause people who should know better to do things like run with Windows Update turned off.
Many companies will not install patches - even the automatic Windows Update ones - until they have a chance to test it themselves and make sire that the patch doesn't inadvertently break mission critical applications.
Sometimes, even with known issues, the devil you know is better than the devil you don't...
I happen to like the fact that all three OS's I use (Ubuntu, OSX and Windows) patch themselves automatically for critical updates. I don't get butthurt about any of the three keeping themselves updated.
Wait until you get a call at 4:30 AM from an irate boss complaining that [Killer App A] is no longer working because a patch overwrote a DLL and it's now *your* problem.
If Automatic Update works for you - that's great for you. But for a lot of companies, automatic updates is like playing Russian roulette with a Glock 9mm...
This was definitely without my permission, and raises the question about who has control over my computer, me or Microsoft. If Microsoft can put files on my computer without my knowledge, then it is really Microsoft's computer, which is control that I find extremely objectionable.
On a more personal level, I dislike most Microsoft products (with certain notable exceptions), because I think they have a corporate culture that promotes mediocrity and "good enough"-ness. As someone who has always labored to pursue quality and technical correctness as an end in itself, I find the inherent laziness in their products offensive. I understand this is a personal decision; looking at other product arenas, the mass market is usually filled with garbage. This is fine, and consumers should have a choice as to what they want to buy. However, I detest Microsoft for virtually eliminating the consumer's ability to buy better.
Also, they have an apparent contempt for both their competitors, which is understandable if unwarranted, and their customers, which is unacceptable.
I don't hate Microsoft for being on top. I hate them for being on top, while pushing an inferior product than the market would produce in their absence, on all of us.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
I say we take off and nuke the website from orbit. It's the only way to be sure.
Read your EULAs. It's your box, but it's their property running it.
This isn't directed entirely at you, but I do find these "I don't trust Windows Update" type comments quite ridiculous. So you trust Microsoft to write your computer's entire operating system, but you're afraid that a patch might contain something nefarious? Granted, software updates may accidentally break things from time to time (this is true on OS X and even Linux as well as on Windows), but if your concern is that Microsoft may try to install something "evil" on your computer - too late, you're already running their closed-source operating system; the damage, if any, is done.
If you're that concerned about it, install BSD or Linux instead. In any event, do everyone a favor and keep up with the latest security updates on whichever operating system you run.
I had a roommate once who refused to install Microsoft's Windows 2000 patches on his laptop, right up until my NIDS discovered his computer attempting to propagate the Zotob worm. Oops. He installs software updates now.
Because it's pirated and MS hasn't found the key yet.
If Microsoft can run code on your box, I'd expect some other people can too. l33t crackers, the government. What would stop them?
The law? Oh wait...
-Alberto Gonzalez
"If Microsoft has the ability to forcefully modify code running on your property without your consent, I'd call that a threat."
Did you read you EULA? The copy of Windows Vista you have is NOT your property. It belongs to Microsoft and they are just granting you a license to use it. Are you sure you did not give oncent? Maybe read it again.
What I can beleive is who many people agree with these license terms. If just 1% refused and returnd the product for a re-fund the terms would change. Consummers are stupid.
I believe there is a clause in the EULA that prohibits nuking Redmond from orbit.
-USR1