Microsoft stealth updates confirmed by many

[Jim Higgins]

Microsoft stealth updates confirmed by many
http://pcworld.co.nz/pcworld/pcw.nsf...257355007C1ABE

By Tom Spring | Friday, 14 September, 2007

Stealth tinkering by Microsoft of millions of Windows XP and Vista PCs
sounds like a cheesy B-movie plot. That's why I had to read the Windows
Secrets story "Microsoft updates Windows without users' consent" story
twice.

Scott Dunn, an editor at the "Windows Secrets" newsletter, reports nine
files in XP and Vista have been changed by Windows Update without
displaying the usual notification or permission dialog box. The files
are related to the XP and Vista versions of Windows Update itself.

Reported unauthorised tampering by Microsoft of user machines with no
permission or consent has been confirmed by other sources as well. EWEEK
Labs has independently confirmed the report and so has ZDNet.

So far Microsoft has not issued any statement. Dunn says Microsoft has
only hinted at what its intentions are. In a Microsoft forum titled
"Critical Update slipped in through the back door" there are some clues
as to Microsoft's intent.

Dunn reports:

The only explanation found at Microsoft's site comes from a user
identified as Dean-Dean on a Microsoft Communities forum. In reply to a
question, he states:

* "Windows Update Software 7.0.6000.381 is an update to Windows Update
itself. It is an update for both Windows XP and Windows Vista. Unless
the update is installed, Windows Update won't work, at least in terms of
searching for further updates. Normal use of Windows Update, in other
words, is blocked until this update is installed."

Windows Secrets contributing editor Susan Bradley contacted Microsoft
Partner Support about the update and received this short reply:

* "7.0.6000.381 is a consumer only release that addresses some specific
issues found after .374 was released. It will not be available via WSUS
[Windows Server Update Services]. A standalone installer and the redist
will be available soon, I will keep an eye on it and notify you when it
is available."

Unfortunately, this reply does not explain why the stealth patching
began with so little information provided to customers. Nor does it
provide any details on the "specific issues" that the update supposedly
addresses.

Dunn and others are careful to point out that Microsoft is not doing any
harm to the files it is modifying. We can only assume that those files
are being changed to deliver a better Windows experience. However, what
is very serious and disturbing is the stealth mechanism Microsoft is
using to perform its OS updates.

The implications are huge. The tactics used by Microsoft are most
commonly associated with those used by hackers, adware, and spyware
companies.

This isn't the first time Windows Updates have taken centre stage among
the privacy minded.

Privacy concerns were raised in October when it was discovered that
Windows Updates included the anti-piracy program Windows Genuine
Advantage. Users were never asked for their consent to download and
install the program.

[Leythos]

In article <13ektu7ilbje313@corp.supernews.com>, gordian238@hotmail.com
says...
> Privacy concerns were raised in October when it was discovered that
> Windows Updates included the anti-piracy program Windows Genuine
> Advantage. Users were never asked for their consent to download and
> install the program.

And yet, according to the EULA and other things you've agreed to, you've
already agree to allow MS to do anything they want to your machine.

If you don't agree with MS's policy then stop using MS products.

--
Leythos - spam999free@rrohio.com (remove 999 to email me)

Fight exposing kids to porn, complain about sites like PCBUTTS1.COM that
create filth and put it on the web for any kid to see: Just take a look
at some of the FILTH he's created and put on his website:
http://forums.speedguide.net/archive.../t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.

[David Arnstein]

I read about this too. I immediately changed the "Automatic Update"
service on my peecee from "Automatic" to "Manual." I am hoping that
this will keep Microsoft out of my hair. Of course, I now have to
manually start this service before I do any sort of Microsoft update.
--
David Arnstein (00)
arnstein+usenet@pobox.com {{ }}
^^

[Luke]

On Sat, 15 Sep 2007 00:02:40 +0000 (UTC), arnstein@panix.com (David
Arnstein) wrote:

>I read about this too. I immediately changed the "Automatic Update"
>service on my peecee from "Automatic" to "Manual." I am hoping that
>this will keep Microsoft out of my hair. Of course, I now have to
>manually start this service before I do any sort of Microsoft update.

Manual updates will not help:
http://www.windowssecrets.com/2007/0...-users-consent

"Microsoft is patching these files silently, even if auto-updates have
been disabled on a particular PC ... The Automatic Updates dialog box
in the Control Panel can be set to prevent updates from being
installed automatically. However, with Microsoft's latest stealth
move, updates to the WU executables seem to be installed regardless of
the settings — without notifying users."

--
Luke
__________________________________________________ ____________________
"Our enemies are innovative and resourceful, and so are we. They never
stop thinking about new ways to harm our country and our people, and
neither do we."
-- George W. Bush, August 5, 2004

[jen]

"David Arnstein" <arnstein@panix.com> wrote in message
news:fcf7f0$8ls$1@reader1.panix.com...
>I read about this too. I immediately changed the "Automatic Update"
> service on my peecee from "Automatic" to "Manual." I am hoping that
> this will keep Microsoft out of my hair. Of course, I now have to
> manually start this service before I do any sort of Microsoft update.

No need for that. All you have to do is set it to *off* in the Security
Center Control Panel applet...

-jen

[David Arnstein]

In article <s7koe3hkiaqimvn10vrv30s9lgjttc09e0@4ax.com>,
Luke <luke@nowhere.invalid> wrote:
>On Sat, 15 Sep 2007 00:02:40 +0000 (UTC), arnstein@panix.com (David
>Arnstein) wrote:
>
>>I read about this too. I immediately changed the "Automatic Update"
>>service on my peecee from "Automatic" to "Manual." I am hoping that
>>this will keep Microsoft out of my hair. Of course, I now have to
>>manually start this service before I do any sort of Microsoft update.
>
>Manual updates will not help:
>http://www.windowssecrets.com/2007/0...-users-consent
>
>"Microsoft is patching these files silently, even if auto-updates have
>been disabled on a particular PC ... The Automatic Updates dialog box
>in the Control Panel can be set to prevent updates from being
>installed automatically. However, with Microsoft's latest stealth
>move, updates to the WU executables seem to be installed regardless of
>the settings — without notifying users."

I hope that I am not belaboring my point, but I want comments on my
idea (like Luke's!) so I would like to clarify my original post.

I have turned off automatic updates on my peecee for years. After I
read the news stories about the "stealth updates," I went one step
further. I see that even though I have automatic updates turned off,
the Windows "Automatic Updates" service is still running 24/7. I
changed this service from "Automatic" (meaning, begin execution when
peecee boots up) to "Manual" (meaning, don't begin execution until
started by user). My hope is that this extra step will prevent further
"stealth updates."

Comments?
--
David Arnstein (00)
arnstein+usenet@pobox.com {{ }}
^^

[JD]

David Arnstein wrote:
> In article <s7koe3hkiaqimvn10vrv30s9lgjttc09e0@4ax.com>,
> Luke <luke@nowhere.invalid> wrote:
>> On Sat, 15 Sep 2007 00:02:40 +0000 (UTC), arnstein@panix.com (David
>> Arnstein) wrote:
>>
>>> I read about this too. I immediately changed the "Automatic Update"
>>> service on my peecee from "Automatic" to "Manual." I am hoping that
>>> this will keep Microsoft out of my hair. Of course, I now have to
>>> manually start this service before I do any sort of Microsoft update.
>> Manual updates will not help:
>> http://www.windowssecrets.com/2007/0...-users-consent
>>
>> "Microsoft is patching these files silently, even if auto-updates have
>> been disabled on a particular PC ... The Automatic Updates dialog box
>> in the Control Panel can be set to prevent updates from being
>> installed automatically. However, with Microsoft's latest stealth
>> move, updates to the WU executables seem to be installed regardless of
>> the settings — without notifying users."
>
> I hope that I am not belaboring my point, but I want comments on my
> idea (like Luke's!) so I would like to clarify my original post.
>
> I have turned off automatic updates on my peecee for years. After I
> read the news stories about the "stealth updates," I went one step
> further. I see that even though I have automatic updates turned off,
> the Windows "Automatic Updates" service is still running 24/7. I
> changed this service from "Automatic" (meaning, begin execution when
> peecee boots up) to "Manual" (meaning, don't begin execution until
> started by user). My hope is that this extra step will prevent further
> "stealth updates."
>
> Comments?

I have Automatic Updates services set to disabled. I also have the
Background Intelligent Transfer Service set to disabled. When I do
updates I go into Control Panel and set Automatic Updates to Notify me,
start the two disabled services and use Start, Windows Update to look at
the updates MS is offering.

--
JD..

[Kerry Brown]

"jen" <jen@example.com> wrote in message
news:yI8Hi.60984$t9.52429@bignews7.bellsouth.net.. .
> "David Arnstein" <arnstein@panix.com> wrote in message
> news:fcf7f0$8ls$1@reader1.panix.com...
>>I read about this too. I immediately changed the "Automatic Update"
>> service on my peecee from "Automatic" to "Manual." I am hoping that
>> this will keep Microsoft out of my hair. Of course, I now have to
>> manually start this service before I do any sort of Microsoft update.
>
> No need for that. All you have to do is set it to *off* in the Security
> Center Control Panel applet...
>


If the Windows Update service is on and you touch the update servers, i.e.
check to see what updates are available, you will get the stealth updates.
Turning off the service makes sure this doesn't accidently happen.

--
Kerry Brown

[jen]

"Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
newsoRHi.198680$rX4.156267@pd7urf2no...
> "jen" <jen@example.com> wrote in message
> news:yI8Hi.60984$t9.52429@bignews7.bellsouth.net.. .
>> "David Arnstein" <arnstein@panix.com> wrote in message
>> news:fcf7f0$8ls$1@reader1.panix.com...
>>>I read about this too. I immediately changed the "Automatic Update"
>>> service on my peecee from "Automatic" to "Manual." I am hoping that
>>> this will keep Microsoft out of my hair. Of course, I now have to
>>> manually start this service before I do any sort of Microsoft
>>> update.
>> No need for that. All you have to do is set it to *off* in the
>> Security Center Control Panel applet...
> If the Windows Update service is on and you touch the update servers,
> i.e. check to see what updates are available, you will get the stealth
> updates. Turning off the service makes sure this doesn't accidently
> happen.

Hi, Kerry
I "see" what you're saying Disabling the service is a good idea for
anyone who might accidently go to WU/MU... I never do

-jen