Microsoft Installs New Software Without Permission 760
Futurepower(R) writes "Even though I have Automatic Updates turned off, on August 28, 2007, between 3:49 and 3:51 AM PDT, Microsoft installed new files on my Windows XP computer." Nine files are updated on Vista and on XP SP1, a different set of on each, relating to Windows Update itself. Microsoft-watch.com's Joe Wilcox and ZDnet's Adrian Kingsley-Hughes confirm the stealth update.
Dear god. (Score:5, Insightful)
If a person who uses vista or xp did not want any updates to their OS, they turn off Automatic updates. It's their choice. Where does Microsoft get off thinking that something like this is acceptable?
If I ran either of those operating systems, I would probably file a lawsuit, as to me that is a huge invasion of privacy. If they can force you to update those few files, they can absolutely view any and every file on your computer.
Although, this should come as no surprise...
Why are you whining? (Score:2, Insightful)
There is no halfway. Eiher you give control of your system to Microsoft, or you dont (by not running *ANY* Microsoft software). If you have a problem with the agreement that you choose to let MS impose on you, take it up with MS (or their local sychophants, or your attorney). Why annoy people who dont care?
WGA is coming to get you (Score:3, Insightful)
Why? Re:Block it (Score:5, Insightful)
If they can push... (Score:4, Insightful)
Why does no one every read the license (Score:4, Insightful)
Which begs the question... (Score:5, Insightful)
Re:and the surprise is? (Score:5, Insightful)
Hmm, care to prove me wrong? How many open source projects enforce monitoring or hidden updates about which there is no choice on users?
Re:Why does no one every read the license (Score:3, Insightful)
No statement from M$? (Score:5, Insightful)
Any word on what the purpose of the patching is?
Re:What level of 'disabled' (Score:1, Insightful)
Re:Dear god. (Score:4, Insightful)
The only choice is to either use Microsoft products, or not to. One leaves someone else in control of your system, another retains control for you.
Anyone who is shocked or surprised by this just hasnt been paying attention for the last ten years or so.
Re:I expect this from M$ (Score:4, Insightful)
Re:Damages (Score:1, Insightful)
I can't remember - Diebold voting machines don't run on a version of windows do they?
Why is this a troll? (Score:5, Insightful)
Those are exactly the kinds of things you agree to with EULA's, and it's not just Microsoft. Software licenses get more bizarre and dickish by the day.
Re:I expect this from M$ (Score:1, Insightful)
I happen to like the fact that all three OS's I use (Ubuntu, OSX and Windows) patch themselves automatically for critical updates. I don't get butthurt about any of the three keeping themselves updated. (Actually the fact that I can't figure out how to make Ubuntu do it truly automatically is a lingering sticking point I have with using Ubuntu because I have a few systems I just don't log into all that often.)
Re:and the surprise is? (Score:2, Insightful)
Nor should they , because it doesn't matter, and here's why:
Windows is an insecure system that is often easily attacked due to a vast pool of ignorant users who are more than willing to attack their own machine so they can run a "neat" screensaver, a large number of poorly developed applications, and the occasional operating system exploit. If you're using Windows for anything truly sensitive, you're not using it right, and switching to anything else won't help you. There's no reason you can't write Linux/BSD/UNIX/Mac viruses and send them to people dumb enough to follow the instructions to install them, just like people do with Windows viruses that are zipped and password protected.
For most Windows users, without the presence of a competent system administrator, a Linux machine will either be unusable, or just as ridiculously insecure as Windows. You cannot code a patch for the interface between the keyboard and the chair.
And, if you're not using it for anything important - I only play computer games on my Windows machine - who gives a crap?
Oh no! Microsoft might steal my Baldur's Gate save file! Aaaaaaaaah!
Perspective: get some.
Re:Why? Re:Block it (Score:5, Insightful)
We have a right (and I'd say responsibility) to protect ourselves from threats.
Re:I expect this from M$ (Score:5, Insightful)
Re:I expect this from M$ (Score:5, Insightful)
Many companies will not install patches - even the automatic Windows Update ones - until they have a chance to test it themselves and make sire that the patch doesn't inadvertently break mission critical applications.
Sometimes, even with known issues, the devil you know is better than the devil you don't...
I happen to like the fact that all three OS's I use (Ubuntu, OSX and Windows) patch themselves automatically for critical updates. I don't get butthurt about any of the three keeping themselves updated.
Wait until you get a call at 4:30 AM from an irate boss complaining that [Killer App A] is no longer working because a patch overwrote a DLL and it's now *your* problem.
If Automatic Update works for you - that's great for you. But for a lot of companies, automatic updates is like playing Russian roulette with a Glock 9mm...
Re:I expect this from M$ (Score:5, Insightful)
Re:Which begs the question... (Score:3, Insightful)
Quite usual - code something X times, and forget where they all instances are. That is why you have to hunt through thousands of places to figure out where you turn off the annoying popup messages from the system tray, and this is why microsoft has to fix every bug fifty times. Actually, some pieces of code probably replicate themselves faster in microsoft's code then they are fixed. That would be a cool model...
Anyway. I'm also sure that somewhere deep in windows, microsoft has the ability to force an update down your throat. But this isn't it.
Do they have administrative privileges? (Score:4, Insightful)
Ahh, what a pleasure it is to run emerge -uDN world. Updates only when YOU decide to do them. Ultimate freedom if you wish.
This freedom clearly overcomes all artificial difficulties with Linux. By "artificial" i mean hardware providers who don't provide drivers/specs and stupid patent regulations that require you to manually install additional codecs in order to play mp3/dvd. Linux IS a superior system because both problems have nothing to do with the system itself.
Re:Which begs the question... (Score:3, Insightful)
Re:Why? Re:Block it (Score:4, Insightful)
If Microsoft can run code on your box, I'd expect some other people can too.
l33t crackers, the government. What would stop them?
You couldn't be more wrong. (Score:5, Insightful)
On a more personal level, I dislike most Microsoft products (with certain notable exceptions), because I think they have a corporate culture that promotes mediocrity and "good enough"-ness. As someone who has always labored to pursue quality and technical correctness as an end in itself, I find the inherent laziness in their products offensive. I understand this is a personal decision; looking at other product arenas, the mass market is usually filled with garbage. This is fine, and consumers should have a choice as to what they want to buy. However, I detest Microsoft for virtually eliminating the consumer's ability to buy better.
Also, they have an apparent contempt for both their competitors, which is understandable if unwarranted, and their customers, which is unacceptable.
I don't hate Microsoft for being on top. I hate them for being on top, while pushing an inferior product than the market would produce in their absence, on all of us.
Re:Which begs the question... (Score:3, Insightful)
Does anybody else feel a whole new batch of windows security alerts?
Microsoft would only fix it if they saw it as a problem. If they saw it as a problem, they wouldn't be using it as a back door for updates. From their standpoint, there's no problem. Microsoft either knew all along user update preferences could be ignored or they built it that way deliberately. No way to put a smiley face sticker on that.
There's no reasonable way Microsoft could use stealth update and not expect to get caught some day. Someone thought this PR nightmare was an acceptable risk. I want to know what was so valuable to Microsoft they'd risk public humiliation and undoubtedly some associative loss of revenue. And I'm really interested to hear their lame explanation. Cue the PR machine! For some reason Microsoft PR always reminded me of the Muppet Show.
And what makes you think it's just Microsoft using it? I could the NSA, FBI, CIA using a handy back door to install "updates" that make all kinds of interesting things possible. Once you undermine trust any bad thing users can imagine is possible, forever. Oh, yeah, this is going to be good.
And people wonder why I don't use Microsoft products at home. ROFL!
Re:Can't Win for... (Score:3, Insightful)
Re:I expect this from M$ (Score:4, Insightful)
Re:I sense BS (Score:3, Insightful)
Presumably there's some sort of flag that can be set on an update which overrides the user's settings and installs it anyway. Reading the other comment from the article's author it sounds like there WERE entries in the event log about its installation, which would seem to indicate that it's a relatively "normal" update with a special flag set (or possibly a bug in WUAU), rather than some super-secret backdoor.
It's still inexcusable for them to have even put in that ability in the first place, much less be using it.
Re:You couldn't be more wrong. (Score:2, Insightful)
You have no way of knowing this. In fact, I'd disagree completely. If not for MS, somebody else would be making cheap, consumer-grade software that worked "well enough" for most people. While none of these things are perfect, or the best on the market, I buy software, cars, major appliances, clothes, and many other things that are "good enough" without being the best on the market. I do this because they're... welll... "good enough".
However, I detest Microsoft for virtually eliminating the consumer's ability to buy better.
The consumer has done this. This is like blaming Wal-Mart for being Wal-Mart. They wouldn't exist if the overwhelming of all consumers didn't want them to. People are aware of alternatives, but they continue to actively choose MS products, by and large. MS hasn't virtually eliminated the consumer's ability to buy anything. Heck, people are giving away free software. There are plenty of alternatives out there, but people choose MS.
Re:Can't Win for... (Score:5, Insightful)
"...But not anything that might actually affect security, only those features relating to disabling machines we consider invalidly licensed. Because we never make mistakes regarding licensing issues."
Yeah, I most certainly do take issue with them patching a system against the owner's wishes. After the owner has explicitly disabled autoupdating, I would go so far as to call that "criminal trespass". And doing so in a way that neither fixes nor improves the security of a machine... Not justifiable in any context.
Re:I expect this from M$ (Score:2, Insightful)
Blind MS hate? Bitter experience, more likely.
Re:Why? Re:Block it (Score:4, Insightful)
Re:Why? Re:Block it (Score:5, Insightful)
M$ is a Loser. (Score:2, Insightful)
M$ sucks for all of the things you mention but they are all non free software facts of life. Windoze is insecure because they don't have enough developers to do things right. M$ is evil because they force what's wrong onto the entire industry. Non free auto updates are evil because they have nothing to do with security and everything to do maintaining a monopoly. This is what you have to do if you want to keep users divided and helpless, and that's what non free software is all about.
Uncontrolled updating is crazy. Home users will be angry when things break, as they always do in the clannish non free software world. For IT, this is an unacceptable threat. Business can not tolerate external meddling like that, because it shortcuts testing and will cost real money when hundreds of people come to work and are unable to do their jobs. It's insanely arrogant for them to expect get away with this and that they would try is a sign of their increasing desperation in the face industry revolt. Vista is a failure [slashdot.org] because non free software works for owners not users. This has always been the case, but auto updates make it obvious. With auto updates, you can never be sure what works today will work tomorrow.
Re:You couldn't be more wrong. (Score:5, Insightful)
There is a LOT of vendor lock-in for MS Windows, and it's in large part because of their unfair practices, and the free pass they got from the government for disseminating American software on all the world's computers.
and this isn't the first time (Score:3, Insightful)
Re:What's the IP address? (Score:5, Insightful)
This isn't directed entirely at you, but I do find these "I don't trust Windows Update" type comments quite ridiculous. So you trust Microsoft to write your computer's entire operating system, but you're afraid that a patch might contain something nefarious? Granted, software updates may accidentally break things from time to time (this is true on OS X and even Linux as well as on Windows), but if your concern is that Microsoft may try to install something "evil" on your computer - too late, you're already running their closed-source operating system; the damage, if any, is done.
If you're that concerned about it, install BSD or Linux instead. In any event, do everyone a favor and keep up with the latest security updates on whichever operating system you run.
I had a roommate once who refused to install Microsoft's Windows 2000 patches on his laptop, right up until my NIDS discovered his computer attempting to propagate the Zotob worm. Oops. He installs software updates now.
Re:That's the last thing you want! (Score:1, Insightful)
Re:Can't Win for... (Score:1, Insightful)
You arrogant ass! Who the hell are you to presume knowledge of someone elses motivations?
Maybe YOU are prone to hatred from envy, but that doesn't mean that everyone is. I dislike Microsoft for many reasons:
1) The economic harm that their anticompetitive monopolistic practices have caused.
2) The way they aspire to take control of my computer away from me (through license agreements that give them way too much power over my machine, mandatory DRM, and also stealth updates like these).
3) Their continual practice of breaking standards and deliberately preventing interoperability. It makes life really damn hard on the rest of the world, and the only reason they can get away with it is because of their illegal (convicted!) monopoly.
If they remained "top dog" and also:
1) Stopped punishing vendors for selling computers with other OS's, or with older versions of their OS's, or for doing anything at all for that matter. Let the vendors sell what the vendors want (same goes for hardware manufacturers as well).
2) Stopped writing EULA's that require me to register my software online, require me to allow microsoft to remotely monitor my usage of the software, require me to allow microsoft to remotely make changes to my software whether I want them to or not, and require me to have and allow updates to unwanted DRM on my computer.
3) used open standards (NOT opened their source code, they can keep it as proprietary as they want for all I care) to promote interoperability, and stop putting barriers in front of people who want to write software that is compatible with their software.
If they did these three things, and remained the toppest top-dog on the planet, I would smile from ear to ear.
Keep your misguided judgements to yourself.
Re:Why? Re:Block it (Score:2, Insightful)
Re:Can't Win for... (Score:0, Insightful)
Unfortunatly, I do not own a windows license so I can't sue them for all they are worth, but I sure hope someone does it, you know teach them a 50 bilion lesson.
Re:Why? Re:Block it (Score:5, Insightful)
Did you read you EULA? The copy of Windows Vista you have is NOT your property. It belongs to Microsoft and they are just granting you a license to use it. Are you sure you did not give oncent? Maybe read it again.
What I can beleive is who many people agree with these license terms. If just 1% refused and returnd the product for a re-fund the terms would change. Consummers are stupid.
Re:Can't Win for... (Score:4, Insightful)
This is an asinine statement. OSs and the various supporting systems are complicated, often involving many 10,000 of lines of code. Even Linux requires patches, is it because Torvalds and his leigons of OSS bots didn't "design it right in the first place"? It's *not* rocket science, it's *computer science*, and it's not exactly as easy as assembling your little red wagon.
Re:Why? Re:Block it (Score:2, Insightful)
Re:Why? Re:Block it (Score:2, Insightful)
Re:Why? Re:Block it (Score:3, Insightful)
$ uname -a
Linux eschaton 2.6.22.1-41.fc7 #1 SMP Fri Jul 27 18:10:34 EDT 2007 i686 i686 i386 GNU/Linux
Re:Can't Win for... (Score:2, Insightful)
On the other hand, the current update system, apart from its "evil" features, works fairly well. The *owner* of the PC should have the right to turn off updates. For M$ to force updates when the update feature is turned off is reprehensible, and it should be criminal. No other company in the world could get away with this sort of behavior. Hopefully, the EU will slam them. In the future, M$ will be used as an example regarding the need for anti-trust laws.
Re:Why? Re:Block it (Score:3, Insightful)
I'd say that running code on your machine without your permission and knowledge consitutes the digital equivalent of trespassing and vandalism, and should be punished as such.
Re:No statement from M$? (Score:3, Insightful)
Re:Why? Re:Block it (Score:1, Insightful)
They are different.
Microsoft does not own your copy of Windows (Score:3, Insightful)
But of course, in order to use software it needs to be copied into RAM. This is the historical legal justification for software EULAs. You can't put a EULA on a lawnmower to tell people what lawns they can mow with it; the doctrine of First Sale prevents that. You can't put a license on a DVD or CD telling people how they may use it, either; only how they may copy it. It's only that particular quirk of software that to use it you must copy it which supposedly makes EULAs valid, and AFAIK (though IANAL) that theory has been invalidated on the grounds that copying from disk to RAM inside your own computer for the purposes of software is fair use and necessary for the product to be merchantable as advertised.
So fuck EULAs. Your computer is your property and if Microsoft does anything to it against your wishes they should be held criminally liable.
Re:Why? Re:Block it (Score:3, Insightful)
In other words; saying No to Microsoft forces you to say No to a few thousands companies. Saying No to Ford does not forces you out of any road trip destination.
So it is not the same as buying a car. Microsoft is a monopoly and it has no reason to be one except for the selfish interest of Microsoft...
Re:Why? Re:Block it (Score:2, Insightful)
Doesn't that disprove your point? You can buy books by clicking on pictures on Amazon. The pictures say "add to cart" and "buy now" -- but they are pictures none the less. You don't have to sign anything by hand, you don't need to show up physically, and you don't even need to ever talk to a human.
Of course it wouldn't be a valid contract if they charged you just for clicking on the book without any warning. You never showed that you agreed to buy the book -- no reasonable person would expect that clicking on a book would result in buying the book. But Amazon makes it pretty clear that clicking "buy it now" does commit you to buy it. Even in just one click.
Same for the Microsoft EULA. If you click "I AGREE" -- which is typed in big bold letters -- there's little doubt that you knew what you were getting yourself into. Maybe you chose not to read the whole agreement, but it didn't come as some surprise that you just agreed to something. It's not like you looked at the package the wrong way and Microsoft showed up with a bill. You clicked a big old button that says "I AGREE". There are lots of other reasons why it might not be enforceable (and other people in the thread have mentioned some good ones), but failure to clearly agree is not one of them.
By Microsoft making the requirements so ridiculously easy, the company seems to imply that they don't care if people break the agreement. Otherwise, there would be more strict requirements.
What would a better solution be? You call Microsoft, have them fax you a contract, you sign the contract, have it notarized, mail it back, and then wait for Microsoft to ship you a Windows CD? If you want to download software then you have to sign? If you want to buy off Amazon you have to mail them a consent form?
There are a lot of reasons why it's a very good thing to be able to agree to contracts online. Maybe Microsoft mis-used its power here, but let's not throw out the baby with the bathwater.
Re:Why? Re:Block it (Score:3, Insightful)