Microsoft Installs New Software Without Permission

Futurepower(R) writes "Even though I have Automatic Updates turned off, on August 28, 2007, between 3:49 and 3:51 AM PDT, Microsoft installed new files on my Windows XP computer." Nine files are updated on Vista and on XP SP1, a different set of on each, relating to Windows Update itself. Microsoft-watch.com's Joe Wilcox and ZDnet's Adrian Kingsley-Hughes confirm the stealth update.

And?

[FoolsGold]

I'm pretty sure the EULA states somewhere MS can do this. You agree to it when clicking that little checkbox for accepting the license when installing the damn OS.

What's the IP address?

[frovingslosh]

It would be nice to know the IP address that is being contacted here. With that, automatic update could be turned off at the router/firewall. If you trust Microsoft you always get punished.

That's the last thing you want!

[BadAnalogyGuy]

Why would you want to run an unpatched XP box?

What level of 'disabled'

[quantum bit]

I wonder if this still happens even if you have set the Automatic Updates service to 'Disabled' in services, rather than using the control panel applet which tells it not to update but still leaves the service running.

Probably a good idea to disable the BITS service too.

Re:That's the last thing you want!

[Pojut]

OK, so have a "test box". I myself have one. Guess what cable never get's plugged into it? That's right, the ethernet cable. If I'm doing something that requires the use of my in-house LAN, guess what gets unplugged....that's right, my connection to the outside world.

It's not that difficult really...I find that having an isolated not-connected (not even to my internal network) windows 98 box is FANTASTIC for my older games...fuck DosBox, I'll just build a 200 dollar killer Win98 box.

Re:Why are you whining?

[Gilatrout]

I've always asserted that an OS is by its very nature an natural monopoly. This is not to excuse the behavior of entities which use a natural monopoly to nefarious ends. For what it's worth, I prefer the Windows monopoly to say Apple's (not that I dont covet a Mac mind you) monopolistic actions with regard to thier OS, in particular the iPhone.

omg hackers

[deftcoder]

Why hasn't someone diff'd the files that were updated and dived into the disassembly and checked to see what was actually changed?

Would be more informative than bitching about it...

Re:That's the last thing you want!

[Hachima]

Does this mean you should also install every toolbar/spyware known to man as part of your development process? To ensure it works on all systems? Patched or unpatched, you are missing out on huge target audiences in either case.

They've *always* had the ability to pull....

[Anonymous Coward]

...since Windows 95 even. It's part of the remote registry background process that facilitates the ability to read data from any file in the filesystem, not just only the registry files.

Re:What level of 'disabled'

[dc29A]

I tried something like that with WMI when MOM agent (or was it SMS agent, can't recall) was eating up way too much CPU. I disabled WMI service. Reboot the machine, to my shock, WMI service was started despite being disabled. If MOM or SMS can do that, I am sure Windows Update could force start BITS even if it's disabled.

A no Win Situation (no Pun intended)

[Zephida]

Scenario (A) Lazy Windows users, don't update there Windows to the latest Patches, said computers become infected with spyware/bots/trojans, everybody blames Micro$oft for having shoddy insecure software Scenario (B) Windows ensures than users always have the latest update & security measures by forcing updates on users, and everybodys blames Micro$oft for invading thier privacy Simple I know - but I can't really see what else is expected of Micro$oft? They lose either way.

Re:Reduced functionality?

[berashith]

I would guess the WGA is updated, and an ability to stop pirated copies of old OS is in the works. Good way to sell more copies of Vista when the problem is that people are holding on to their old OS. Turn off the old one, they gota buy something.

Policy violation

[NullProg]

Doesn't this violate every corporate network policy on the planet? What about the defense department?
What if the one of the computers was monitoring a critical system and the stealth upgrade crashed the system?

Isn't this a violation of Sarbanes-Oxley computer auditing requirements?

Food for thought.
Enjoy,

Re:No statement from M$?

[canipeal]

I'm not a Microsoft fanboy by any means, but has anyone considered the possibility that the forced update could be due to a unknown critical exploit in WU?

Purpose?

[Tom]

I'd really like to know the purpose.

If it were anyone but MS, I'd assume it was a countermove to Storm or some other large botnet (you don't think Storm's the only one, do you?) which disables or subverts the usual automatic update process.

Knowing this is from MS, I wouldn't be surprised if it's WGA or some DRM crap.

Re:What's the IP address?

[frovingslosh]

Personally, I have the updates turned of on my legal copies of XP because I'm trying to stop stuff like the only time that I did accept the "security ipdate" and suddenly my hardware would no longer run Linux, although it worked fine before the update, and the Linux was on a CD (Knoppix). Before you say that software can't do that, understand that NICs have a small eeprom on them, so that the manufacturers can store unique MAC addresses in them. And in my case the eeprom could also hold some default settings for the NIC. Very strange that after a security update that Linux, which trusted the NIC default settings, no longer worked, and that XP apparently ignored the settings. And I can't think of any reason for a "security update" to modify my NIC eeprom. No more updates from those bastards again, not if I can block them.

Re:My Windows XP SP2 computer was updated...

[Anonymous Coward]

Does your desire to control the machine outweigh your love of windows?

People don't run Windows because they love it. They run it because it's what came with their computer, or because Windows is required to run the applications that they need for work.

Re:Policy violation

[pointbeing]

...What about the defense department?

Present!

I work for an agency under DoD and my machine was *not* updated. Perhaps corporate versions of XP are unaffected?

I feel left out... my computers didn't update.

[NotQuiteReal]

I have (3) Win XP (pro) SP2 computers on all the time, and one Win2K SP4.

None of them have the indicated "stealth" updates.

The only computer that has the "7.0.6000.381" versions is a laptop that I explicitly updated last night (before reading about this issue.) Both the Win XP Home and Win XP Pro partitions have the newer wu* files... the ubuntu partition does not ;-)

Do you have that ugly Windows Security Alerts shield in your system tray? Mine is turned off. Maybe the wscntfy.exe program gets some updates for the update program... and I don't have that running.

At the end of the day, I suspect there is a way to prevent "stealth updates", and it won't be anything sinister, just average programming at work.

Re:My Windows XP SP2 computer was updated...

[grondak]

If Microsoft can put files on my computer without my knowledge, then it is really Microsoft's computer, which is control that I find extremely objectionable.

You've hit the nail on the head here, OP. Computers running Windows (and probably every commercial OS) belong to Corporate America. Our "experience" on those computers is tuned to project Corporate America's image-- their thoughts, their desires, their decisions about how we should exist and consume-- right at us... and it's hardly subliminal. If our experience is full of bugs, viruses, trojans, etc., we won't use our computers to hear or view licensed media, and the relationship between MSFT and the media companies/consortiums will evaporate-- so they must get it right. If they fail, we won't use our computers to play their partnership-driven advertising-filled games, we won't use our computers to experience the corporately pristine Internet in its AdSense-driven ways, and most of all, we just won't use their product. Corporate America is at a cusp, where getting it right or losing everything are their choices. Linux makes that possible.

Corporate America has found that the power of Linux isn't just to compel them to write better software. Nope, these companies have found that Linux removes their ability to control what we see, hear, play, and where we do it; Linux removes their ability to color our experiences and allows us to actually own our computers-- and maybe our lives.

They have to figure out what to do next, and so do we.

Re:That's the last thing you want!

[Just Some Guy]

OK, so have a "test box". I myself have one. Guess what cable never get's plugged into it? That's right, the ethernet cable. If I'm doing something that requires the use of my in-house LAN, guess what gets unplugged....that's right, my connection to the outside world.

That's infallible. Until, of course, Windows gets peer-to-peer updating.

Test box: Hi everyone!
Main box: Hey! Got WGA 543.64 yet?
Test box: No. Good?
Main box: Sure! Here you go.

Paranoid - moi?

[Anonymous Coward]

If I was an amoral monopoly desperate to stimulate sales of my new operating system, and said operating system was so benefit-free that the only way of shifting it was pre-loaded on new hardware, I would perhaps consider updates that impacted the performance of my earlier one. If I could get Joe User to think 'Hey, this old machine is getting slow, perhaps it's time for a new one' then I win. Is this too fanciful? Anybody done any performance benchmarks of vanilla XP versus a fully-patched one on the same box?

Re:Why? Re:Block it

[smittyoneeach]

I like "The difference between theory and practice is greater in practice than in theory."
Something about ending the sentence on a prepositional phrase, instead of breaking it into two, adds an extra hint of dissonance.

Re:Why? Re:Block it

[ScytheBlade1]

Sure, the CDs are sold. The documentation is sold. That box? You own it.

But to install the software located on the CD, you've gotta accept the EULA - End User License Agreement.
You own the physical medium, but you do not own the software it contains.

Re:Why? Re:Block it

[mulvane]

If automatic updates is turned off, and the service is disabled, just how did MS know to send an update to the machine in the first place?

Re:Why? Re:Block it

[CastrTroy]

Nobody has to have Windows. Nobody even has to have a computer. There's lots of people without computers. Having a computer and having windows installed are both choices you make. You may even need Windows to operate your business. But then again, that's how you've chosen to do business. Or you clients require that you have Windows, to create MS Word compatible documents. But that's who you've decided to do business with. Nobody forces you to use Windows.

In all honesty, I'm not completely for or against Microsoft. I'm running Linux on my laptop, because I just use it to browse the web, do a little personal web development, and Linux runs faster. I'm also a software developer, and am currently working in an MS based shop. I use what suits me best for what I'm trying to do. If you don't like windows that much that you think they are completely evil, then just stop using it. If enough people do it, then maybe they will change their ways, or, if they don't and people continue not use it, they could even go out of business, or at least the OS market.

Wrong wrong wrong

[recoiledsnake]

The whole article is a piece of FUD. There are no auto updates of any files happening if you turn Automatic Updates off. See here [technet.com].

Re:Why? Re:Block it

[Crayon Kid]

I think that what the GP is trying to say is that with Vista (and possibly XP too) Microsoft transformed Windows from a software sale into a service offer. So you're not buying an item (ie. Windows OS copy), you're paying for a service (Windows update), and so you cross from copyright or property law into contract law. Also makes EULA legit, because it's not imposing terms after you bought an item (which would be arguably illegal), it's doing it before you start using a service. Pretty cunning of Microsoft, if it's true.

Re:Why? Re:Block it

[Bloater]

No, I *AM* buying software. That's what you do when the sales guy in a high street shop hands you a box with software in and you hand him money. It *is* a sale. It is virtually the very legal definition of a what a sale is. I suggest you read up on British consumer law.

Re:Policy violation

[pointbeing]

We do use SMS but SMS in itself wouldn't prevent the install. Local Windows Update is disabled by domain policy.

My guess is as another poster mentioned - the update was blocked by a firewall rule. That's interesting, though - because I'd figure a heck of a lot of Windows machines - especially those owned by /.ers would be on nonroutable networks and there'd be no way for MS to push to them. Wonder if the installation is initiated by the client?

Curiouser and curiouser.