Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Microsoft Installs New Software Without Permission

Posted by kdawson on Thu Sep 13, 2007 09:20 AM
from the slipperiest-of-slopes dept.
Microsoft
Futurepower(R) writes "Even though I have Automatic Updates turned off, on August 28, 2007, between 3:49 and 3:51 AM PDT, Microsoft installed new files on my Windows XP computer." Nine files are updated on Vista and on XP SP1, a different set of on each, relating to Windows Update itself. Microsoft-watch.com's Joe Wilcox and ZDnet's Adrian Kingsley-Hughes confirm the stealth update.
+ -
story

Related Stories

Firehose:Microsoft installs new software without permission by Futurepower(R) (558542)
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Microsoft Installs New Software Without Permission 25 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Hmm.... (Score:5, Funny)

    by TechnoBunny (991156) on Thursday September 13 2007, @09:24AM (#20586613)
    ...I cant see how anyone on /. would ever object.

    Anyone want popcorn?

    • Can't Win for... (Score:5, Funny)

      by WED Fan (911325) <akahige@nOspAm.trashmail.net> on Thursday September 13 2007, @09:53AM (#20587079) Homepage Journal

      /.er:Windows is insecure, Microsoft is evil.

      /.er:Where are my patches?

      /.er:You're evil because you patched my system.

      MS:O.k., we'll make a system the user can run and patch them system that way.

      /.er:You're evil because most lusers won't set it up properly and the net will be taken over by these luser's machines.

      MS:O.k, we'll patch the system involuntarily.

      /.er:You're evil for patching my system that way.

      MS: You've made a career at being happy with whatever prevails, right?

        • Deal with it, you're pissed at MS for being the top dog. Then you've looked around for the low hanging fruit, that exists for all projects, for your justifications.
          No, I dislike Microsoft for two major reasons: one is that they promote and maintain a monoculture, and actively try to make that monoculture incompatible with anything else. Windows would be a lot more acceptable, if it played nice and interoperated with other systems based on established standards. I'm more than happy to let everyone choose whatever OS they want, based on their needs and what fits them best, but "the Microsoft way" works directly against that: their use of proprietary, incompatible, or just plain broken 'standards' forces many people who would be best suited with a different OS to use Windows, and that's a net loss for everyone.

          On a more personal level, I dislike most Microsoft products (with certain notable exceptions), because I think they have a corporate culture that promotes mediocrity and "good enough"-ness. As someone who has always labored to pursue quality and technical correctness as an end in itself, I find the inherent laziness in their products offensive. I understand this is a personal decision; looking at other product arenas, the mass market is usually filled with garbage. This is fine, and consumers should have a choice as to what they want to buy. However, I detest Microsoft for virtually eliminating the consumer's ability to buy better.

          Also, they have an apparent contempt for both their competitors, which is understandable if unwarranted, and their customers, which is unacceptable.

          I don't hate Microsoft for being on top. I hate them for being on top, while pushing an inferior product than the market would produce in their absence, on all of us.
  • Under cygwin, you can type:

    strings /cygdrive/c/windows/system32/wuapi.dll | grep 7\.0\.6

    If you get back something like:


    7.0.6000.381
    7.0.6000.381 (winmain(wmbla).070730-1740)
    7.0.6000.381


    then Microsoft has secretly updated you.

  • Dear god. (Score:5, Insightful)

    by Brian Lewis (1011579) on Thursday September 13 2007, @09:27AM (#20586651) Homepage
    Is it me or does this just seem down right nasty?

    If a person who uses vista or xp did not want any updates to their OS, they turn off Automatic updates. It's their choice. Where does Microsoft get off thinking that something like this is acceptable?

    If I ran either of those operating systems, I would probably file a lawsuit, as to me that is a huge invasion of privacy. If they can force you to update those few files, they can absolutely view any and every file on your computer.

    Although, this should come as no surprise...

  • What level of 'disabled' (Score:5, Interesting)

    by quantum bit (225091) on Thursday September 13 2007, @09:29AM (#20586679) Journal
    I wonder if this still happens even if you have set the Automatic Updates service to 'Disabled' in services, rather than using the control panel applet which tells it not to update but still leaves the service running.

    Probably a good idea to disable the BITS service too.

  • Which begs the question... (Score:5, Insightful)

    by pieaholicx (1148705) on Thursday September 13 2007, @09:33AM (#20586721) Homepage
    Does this mean that somewhere hidden deep in the API is the ability to automatically download and install files without user consent? Does this mean that somebody else could use that exact API to do something a bit less friendly? Does anybody else feel a whole new batch of windows security alerts?

  • Is it only happening to XP and Vista? (Score:5, Informative)

    by Mark_in_Brazil (537925) on Thursday September 13 2007, @09:34AM (#20586735)
    TFAs only mention XP and Vista, but I have Windows 2000 (it will be the last Windows I ever own, and I'm just keeping it running until my end-of-year trip to the USA, when I'll buy a Macbook) and was surprised when I woke up one day this week (either the 11th or 12th of September) and found my computer showing the "got restarted and waiting for somebody to log in" screen. Before I had a UPS, that happened now and then, but since getting a UPS, that shouldn't happen unless we get a major power failure that lasts longer than the several minutes my UPS's battery gives me. That hasn't happened since I got my UPS, and I noticed that other things around the house showed no signs of power loss, despite my computer having been restarted.
    When I logged in, Windows Update informed me that it had installed updates. That's hard to understand, since I've had Windows Update configured for a long time now to ask me before installing anything. When I saw the item on /., I thought I might have discovered what happens, but TFAs only talk about XP and Vista.

    So was what happened to my computer (running Win2K) the same thing? Did others with old versions of Windows have the same experience?

  • No statement from M$? (Score:5, Insightful)

    by Sqweegee (968985) on Thursday September 13 2007, @09:36AM (#20586771)
    I'm really surprised that they think so little of us that they didn't at least bother to write up a canned statement about the update. Didn't they expect anyone to notice the patching? Many people take others messing with their PCs very seriously, be it micro$oft or some script kiddie out there, and track this kind of thing constantly.

    Any word on what the purpose of the patching is?

  • omg hackers (Score:5, Interesting)

    by deftcoder (1090261) on Thursday September 13 2007, @09:38AM (#20586819)
    Why hasn't someone diff'd the files that were updated and dived into the disassembly and checked to see what was actually changed?

    Would be more informative than bitching about it...

  • Policy violation (Score:5, Interesting)

    by NullProg (70833) on Thursday September 13 2007, @09:53AM (#20587077) Homepage Journal
    Doesn't this violate every corporate network policy on the planet? What about the defense department?
    What if the one of the computers was monitoring a critical system and the stealth upgrade crashed the system?

    Isn't this a violation of Sarbanes-Oxley computer auditing requirements?

    Food for thought.
    Enjoy,

    • Why is this a troll? (Score:5, Insightful)

      by HangingChad (677530) on Thursday September 13 2007, @09:45AM (#20586945) Homepage

      Those are exactly the kinds of things you agree to with EULA's, and it's not just Microsoft. Software licenses get more bizarre and dickish by the day.

      • Re:and the surprise is? (Score:5, Insightful)

        by rucs_hack (784150) on Thursday September 13 2007, @09:34AM (#20586747)
        *sigh* nice troll. 4/10

        Hmm, care to prove me wrong? How many open source projects enforce monitoring or hidden updates about which there is no choice on users?

          • Re: Ubuntu monitoring (Score:5, Informative)

            by Dolda2000 (759023) <fredrik AT dolda2000 DOT com> on Thursday September 13 2007, @09:45AM (#20586955) Homepage

            Ubuntu installs the package "popularity-contest" by default, which reports every package you're using and how often. That's large scale stealth spying, but it's not proprietary so it should be ok...
            Yeah, it is installed by default, but during the installation procedure you do get the question of whether you actually want to enable it. It is worth noting that it defaults to "no" if you just click past it.

        • Re:I expect this from M$ (Score:5, Insightful)

          by B'Trey (111263) on Thursday September 13 2007, @09:59AM (#20587185)
          That's a fine setting for a home system. It's asking for trouble in a corporate environment, particularly one where you run custom applications or services. If this [com.com] happens on your home computer, it's largely an issue of annoyance and inconvenience. If it happens to large numbers of computers in an enterprise, it may mean losses of millions of dollars. Most enterprises test patches on lab machines to identify issues before they deploy them. MS (or Ubuntu or Apple or whomever) has no business patching anyone's machine without permission. Period.

        • Re:I expect this from M$ (Score:5, Insightful)

          by Red_Foreman (877991) * on Thursday September 13 2007, @10:00AM (#20587197)
          No, whats really scary is just how common it is for blind-MS hate and Linux fanboi-ism to cause people who should know better to do things like run with Windows Update turned off.

          Many companies will not install patches - even the automatic Windows Update ones - until they have a chance to test it themselves and make sire that the patch doesn't inadvertently break mission critical applications.

          Sometimes, even with known issues, the devil you know is better than the devil you don't...

          I happen to like the fact that all three OS's I use (Ubuntu, OSX and Windows) patch themselves automatically for critical updates. I don't get butthurt about any of the three keeping themselves updated.

          Wait until you get a call at 4:30 AM from an irate boss complaining that [Killer App A] is no longer working because a patch overwrote a DLL and it's now *your* problem.

          If Automatic Update works for you - that's great for you. But for a lot of companies, automatic updates is like playing Russian roulette with a Glock 9mm...

        • Re:I expect this from M$ (Score:5, Insightful)

          by confused one (671304) on Thursday September 13 2007, @10:03AM (#20587255)
          I patch the boxes myself. I do it regularly. I CAN NOT have Microsoft patch them automatically because I run long duration tests that CAN NOT be interrupted by an update or a reboot.
        • My hardware and software firewalled Windows XP SP2 computer was updated, and Automatic Updates is turned off. This is the list copied from the Event Viewer:

          Information 8/27/2007 3:54:58 PM Windows Update Agent Installation 19 N/A MT
          Information 8/27/2007 3:54:23 PM Windows Update Agent Installation 19 N/A MT
          Information 8/27/2007 3:54:17 PM NtServicePack None 4377 MichaelJ MT
          Information 8/27/2007 3:54:10 PM Windows Update Agent Installation 19 N/A MT
          Information 8/27/2007 3:54:05 PM NtServicePack None 4377 MichaelJ MT
          Information 8/27/2007 3:53:57 PM Windows Update Agent Installation 19 N/A MT
          Information 8/27/2007 3:53:49 PM Windows Update Agent Installation 19 N/A MT
          Information 8/27/2007 3:53:47 PM Service Control Manager None 7036 N/A MT
          Information 8/27/2007 3:53:47 PM Service Control Manager None 7035 SYSTEM MT
          Information 8/27/2007 3:53:44 PM WindowsMedia None 4377 MichaelJ MT
          Information 8/27/2007 3:51:50 PM Windows Update Agent Installation 19 N/A MT
          Information 8/27/2007 3:51:45 PM NtServicePack None 4377 MichaelJ MT
          Information 8/27/2007 3:51:26 PM Windows Update Agent Installation 19 N/A MT
          Information 8/27/2007 3:51:21 PM NtServicePack None 4377 MichaelJ MT
          Information 8/27/2007 3:51:15 PM Windows Update Agent Installation 19 N/A MT
          Information 8/27/2007 3:51:10 PM NtServicePack None 4377 MichaelJ MT
          Information 8/27/2007 3:51:02 PM Windows Update Agent Installation 19 N/A MT
          Information 8/27/2007 3:49:19 PM Windows Update Agent Installation 19 N/A MT
          (I submitted the Slashdot story, and mistakenly said the time was AM.)

          This was definitely without my permission, and raises the question about who has control over my computer, me or Microsoft. If Microsoft can put files on my computer without my knowledge, then it is really Microsoft's computer, which is control that I find extremely objectionable.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2010 Geeknet, Inc.