Microsoft has begun patching files on Windows XP and Vista without users' knowledge, even when the users have turned off auto-updates.Many companies require testing of patches before they are widely installed, and businesses in this situation are objecting to the stealth patching. In recent days, Windows Update (WU) started altering files on users' systems without displaying any dialog box to request permission. The only files that have been reportedly altered to date are nine small executables on XP and nine on Vista that are used by WU itself. Microsoft is patching these files silently, even if auto-updates have been disabled on a particular PC.
It's surprising that these files can be changed without the user's knowledge. The Automatic Updates dialog box in the Control Panel can be set to prevent updates from being installed automatically. However, with Microsoft's latest stealth move, updates to the WU executables seem to be installed regardless of the settings — without notifying users. When users launch Windows Update, Microsoft's online service can check the version of its executables on the PC and update them if necessary. What's unusual is that people are reporting changes in these files although WU wasn't authorized to install anything.
View: The full story
News source: Windows Secrets
It's surprising that these files can be changed without the user's knowledge. The Automatic Updates dialog box in the Control Panel can be set to prevent updates from being installed automatically. However, with Microsoft's latest stealth move, updates to the WU executables seem to be installed regardless of the settings — without notifying users. When users launch Windows Update, Microsoft's online service can check the version of its executables on the PC and update them if necessary. What's unusual is that people are reporting changes in these files although WU wasn't authorized to install anything.
View: The full story News source: Windows Secrets
I think people are more worried about Microsoft updating ANY file on their system without permission.
Sure, it's only windows update now, but where's the line? What if they start throwing down full updates? Then what? Start putting advertisements on your desktop? Rewriting that anti-Microsoft paper you wrote?
I know it sounds tin-foil-hatty to an extent, but it is a potential slippery slope people want to avoid and I can understand that.
I think people are more worried about Microsoft updating ANY file on their system without permission.
Sure, it's only windows update now, but where's the line? What if they start throwing down full updates? Then what? Start putting advertisements on your desktop? Rewriting that anti-Microsoft paper you wrote?
I know it sounds tin-foil-hatty to an extent, but it is a potential slippery slope people want to avoid and I can understand that.
Or what if a non-Microsoft entity work out how to take advantage of this?
Privacy is one of the most important factors in the digital world, and if MS can update files on your system silently regardless of user preferences then that raises concerns for privacy.
You'd need control of the Windows Update servers. All of this is done by your computer actively asking for updates. Microsoft doesn't send out signals to your PC.
Also, the WU IP is hard coded into Windows, isn't it? At least, I think it is. So DNS poisoning isn't possible.
You'd need control of the Windows Update servers. All of this is done by your computer actively asking for updates. Microsoft doesn't send out signals to your PC.
Also, the WU IP is hard coded into Windows, isn't it? At least, I think it is. So DNS poisoning isn't possible.
All MS files are signed, so even if you could send arbitrary data to a user's computer via WU, it wouldn't be signed, and therefore rejected.
because if MS can do it then it means it can be done by anyone (technically speaking), which therefor means it's only a matter of time befroe a hacker figures it out, then the s&*t will really hit the proverbial fan
there aint no tin foil about it.personlally i don't really care about them doing the updates but if MS can get in so can the hackers.
No. No it doesn't.
It means that Microsoft can post updates to the Windows Update Server that your computer can periodically check for.
It doesn't mean that your computer accepts any mysterious outside signals and decides to patch itself. It means that it can actively check for updates by itself.
i think WU is less than an year old (but is this only through WUS ?)
i think WU is less than an year old (but is this only through WUS ?)
Windows Update is less than a year old? What? It's been around since Windows 98.
as long as it JUST updates the OS and doesn't so something stupid like read/delete my Word documents then I'm fine with it. if Microsoft crosses that line, I'm all for a class-action lawsuit (not that that's ever solved anything)
I am really glad that MS does install updates silently. Infact that what it should have been from the start. If an OS needs updates, don't involve the user, just update it "yourself" I have other things to worry about.
I will personally start that class action lawsuit if I ever find out MS did some BS like this to my stuff.
Just because it's been 6 years since XP was released has ABSOLUTELY nothing to do with this. Aren't they still patching security holes in it?
http://technet2.microsoft.com/WindowsServe...4713c51033.mspx
Well,
Freudi
http://blogs.technet.com/mu/archive/2007/0...up-to-date.aspx
Bye,
Freudi
http://blogs.technet.com/mu/archive/2007/0...up-to-date.aspx
Bye,
Freudi
Thanks for the link. MS admits it didn't make the behavior clear enough:
Critical ones don't need your consent to install.
As far as im concerned, anything installing its self without my permission is a virus or something similar.
It's always free.
I think they are getting ready to shut down all the users who don't have legal windows. Maybe worldwide, all at once, total shutdown.
No, I'm fairly sure you have to manually install it on XP and Vista. I've never known Microsoft Update to auto install, I've always had to do it manually.
And please, save the beaten-to-death "monopoly" argument for another day.
its the same as in WSUS... the auto update components are responsible for always keeping themselves up to date... this is not controled by the user at all... and it will always check to see "hey am i the newest update ssytem out there?" thats the way it always has been... no one should have to "test" the patches for the update system... no one but MS integrates with it... 3rd party providers would not be hurt at all by this system auto updateing.. heck if you have WSUS servers then you know when that updates all the systems under it also update their update system to match it... MS didn't just start doing this... it happens every single time your computer talks to microsof'ts update system... even if you have it disabled it still checks on a regular basis to make sure its the latest update system..
the guy who wrote this along with anyone else here that thinks MS is forcing stuff on your or is doing something bad needs to read the WSUS admin guide and understand how self update works... and why it works how it does...
all you are turning off is updating windows, not updating the updater itself
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.