Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Microsoft Your Rights Online

Microsoft Installs New Software Without Permission 760

Futurepower(R) writes "Even though I have Automatic Updates turned off, on August 28, 2007, between 3:49 and 3:51 AM PDT, Microsoft installed new files on my Windows XP computer." Nine files are updated on Vista and on XP SP1, a different set of on each, relating to Windows Update itself. Microsoft-watch.com's Joe Wilcox and ZDnet's Adrian Kingsley-Hughes confirm the stealth update.
This discussion has been archived. No new comments can be posted.

Microsoft Installs New Software Without Permission

Comments Filter:
  • Block it (Score:4, Informative)

    by Ragein ( 901507 ) on Thursday September 13, 2007 @08:23AM (#20586603)
    Block M$ from having an interwebs connection and update from windiz, works even if they decided to ignore your settings.
    • Why? Re:Block it (Score:5, Insightful)

      by lecithin ( 745575 ) on Thursday September 13, 2007 @08:29AM (#20586677)
      Why should you have to?
      • by Applekid ( 993327 ) on Thursday September 13, 2007 @08:55AM (#20587115)

        Why should you have to?
        If Microsoft has the ability to forcefully modify code running on your property without your consent, I'd call that a threat.

        We have a right (and I'd say responsibility) to protect ourselves from threats.
        • by monk.e.boy ( 1077985 ) on Thursday September 13, 2007 @09:20AM (#20587603) Homepage

          If Microsoft can run code on your box, I'd expect some other people can too.

          l33t crackers, the government. What would stop them?

          • by Anonymous Coward on Thursday September 13, 2007 @10:16AM (#20588455)
            If Microsoft can run code on your box, I'd expect some other people can too. l33t crackers, the government. What would stop them?

            The law? Oh wait...

            -Alberto Gonzalez
        • by Anonymous Coward on Thursday September 13, 2007 @09:46AM (#20588031)
          Reread the license. You have given consent to this sort of shit. If you consider it a threat, why did you agree to it in the first place instead of returning your copy of Windows?
          • by Anonymous Coward on Thursday September 13, 2007 @10:11AM (#20588385)
            Because it's pirated and MS hasn't found the key yet.
          • Re: (Score:3, Insightful)

            by StarvingSE ( 875139 )
            LIcenses, contracts, or whatever you sign or agree to go out the window if the contents of the agreement is illegal.

            I'd say that running code on your machine without your permission and knowledge consitutes the digital equivalent of trespassing and vandalism, and should be punished as such.
          • Re:Why? Re:Block it (Score:4, Informative)

            by orclevegam ( 940336 ) on Thursday September 13, 2007 @11:49AM (#20590217) Journal

            Reread the license. You have given consent to this sort of shit.

            In one of TFA the author mentions looking through at least the Vista license and failed to find anything in the license giving MS permission to perform updates without user consent. So, no, it's not in the license, and they did not have permission.

            • Re: (Score:3, Insightful)

              by Crayon Kid ( 700279 )
              Ah, but see how many moderators automatically assumed that the Windows EULA actually allowed all kinds of shit? I find that interesting.
        • by The Rizz ( 1319 ) on Thursday September 13, 2007 @09:48AM (#20588065)
          I say we take off and nuke the website from orbit. It's the only way to be sure.
        • by pabrown85 ( 1128059 ) on Thursday September 13, 2007 @09:59AM (#20588177)
          Read your EULAs. It's your box, but it's their property running it.
        • by ChrisA90278 ( 905188 ) on Thursday September 13, 2007 @10:30AM (#20588721)
          "If Microsoft has the ability to forcefully modify code running on your property without your consent, I'd call that a threat."

          Did you read you EULA? The copy of Windows Vista you have is NOT your property. It belongs to Microsoft and they are just granting you a license to use it. Are you sure you did not give oncent? Maybe read it again.

          What I can beleive is who many people agree with these license terms. If just 1% refused and returnd the product for a re-fund the terms would change. Consummers are stupid.
          • Did you read you EULA? The copy of Windows Vista you have is NOT your property. It belongs to Microsoft and they are just granting you a license to use it. Are you sure you did not give oncent? Maybe read it again.

            The COPYRIGHT of Windows Vista is Microsoft's "property" (as are various patents it implements and trademarks it displays, but those aren't really relevant here). That is, MS "owns" certain legal protections on duplicating and redistributing that pattern of information. The COPY, the actual instantiation of that software on your disk, is YOUR property, as are the disks themselves and all the rest of the hardware. There is no license required to use that copy you have however you see fit; the only restricti

  • Hmm.... (Score:5, Funny)

    by TechnoBunny ( 991156 ) on Thursday September 13, 2007 @08:24AM (#20586613)
    ...I cant see how anyone on /. would ever object.

    Anyone want popcorn?
    • by WED Fan ( 911325 ) <akahige@trashmaCOUGARil.net minus cat> on Thursday September 13, 2007 @08:53AM (#20587079) Homepage Journal

      /.er:Windows is insecure, Microsoft is evil.

      /.er:Where are my patches?

      /.er:You're evil because you patched my system.

      MS:O.k., we'll make a system the user can run and patch them system that way.

      /.er:You're evil because most lusers won't set it up properly and the net will be taken over by these luser's machines.

      MS:O.k, we'll patch the system involuntarily.

      /.er:You're evil for patching my system that way.

      MS: You've made a career at being happy with whatever prevails, right?

      • Re: (Score:3, Insightful)

        by Watson Ladd ( 955755 )
        They should just design it right in the first place. This is not rocket science. Many of the security holes are exactly the same. We keep on seeing buffer overflows. You should be getting new kinds of hole each time if you properly audit your code for the kinds of hole you know about, ex. OpenBSD. And you should think about the security architecture and make sure a good implementation of it will not have holes due to design.
        • by Frosty Piss ( 770223 ) on Thursday September 13, 2007 @10:39AM (#20588881)

          They should just design it right in the first place. This is not rocket science.

          This is an asinine statement. OSs and the various supporting systems are complicated, often involving many 10,000 of lines of code. Even Linux requires patches, is it because Torvalds and his leigons of OSS bots didn't "design it right in the first place"? It's *not* rocket science, it's *computer science*, and it's not exactly as easy as assembling your little red wagon.

      • by pla ( 258480 ) on Thursday September 13, 2007 @09:44AM (#20587997) Journal
        MS:O.k, we'll patch the system involuntarily.

        "...But not anything that might actually affect security, only those features relating to disabling machines we consider invalidly licensed. Because we never make mistakes regarding licensing issues."

        Yeah, I most certainly do take issue with them patching a system against the owner's wishes. After the owner has explicitly disabled autoupdating, I would go so far as to call that "criminal trespass". And doing so in a way that neither fixes nor improves the security of a machine... Not justifiable in any context.
  • and the surprise is? (Score:3, Informative)

    by rucs_hack ( 784150 ) on Thursday September 13, 2007 @08:25AM (#20586623)
    That's the proprietary software world for you.

    The solution is simple, install Ubuntu.
  • by morgan_greywolf ( 835522 ) on Thursday September 13, 2007 @08:25AM (#20586629) Homepage Journal
    Under cygwin, you can type:

    strings /cygdrive/c/windows/system32/wuapi.dll | grep 7\.0\.6

    If you get back something like:


    7.0.6000.381
    7.0.6000.381 (winmain(wmbla).070730-1740)
    7.0.6000.381


    then Microsoft has secretly updated you.
  • And? (Score:4, Interesting)

    by FoolsGold ( 1139759 ) on Thursday September 13, 2007 @08:27AM (#20586643)
    I'm pretty sure the EULA states somewhere MS can do this. You agree to it when clicking that little checkbox for accepting the license when installing the damn OS.
    • I can recall their updater running without my say so a few times now. So I figure my still running Windows is implicit consent. And frankly as someone "technical" yes it seems offensive, but if you consider Microsofts position when faced with a potential security melt-down all over the news vs. a little whining on /. it seems like an easy thing for them to do. And it wouldn't surprise me if their updater was remotely exploitable. Actually it would surprise me if it wasn't.
  • by frovingslosh ( 582462 ) on Thursday September 13, 2007 @08:27AM (#20586645)
    It would be nice to know the IP address that is being contacted here. With that, automatic update could be turned off at the router/firewall. If you trust Microsoft you always get punished.
  • Dear god. (Score:5, Insightful)

    by Brian Lewis ( 1011579 ) on Thursday September 13, 2007 @08:27AM (#20586651) Homepage
    Is it me or does this just seem down right nasty?

    If a person who uses vista or xp did not want any updates to their OS, they turn off Automatic updates. It's their choice. Where does Microsoft get off thinking that something like this is acceptable?

    If I ran either of those operating systems, I would probably file a lawsuit, as to me that is a huge invasion of privacy. If they can force you to update those few files, they can absolutely view any and every file on your computer.

    Although, this should come as no surprise...
    • Re:Dear god. (Score:4, Insightful)

      by The Cisco Kid ( 31490 ) on Thursday September 13, 2007 @08:36AM (#20586787)
      No, its not their choice. Once you choose Microsoft, their terms allow them to choose anything and everything else that Bill Gates & company want to chose for you.

      The only choice is to either use Microsoft products, or not to. One leaves someone else in control of your system, another retains control for you.

      Anyone who is shocked or surprised by this just hasnt been paying attention for the last ten years or so.
  • You chose to use proprietary software from a company that uses its control to illegally maintain a monopoly. You really think they are going to be bothered to care wether you give permission to update that software any damn time they want, for whatever reason they want? (And/or, a company that produces shoddy unstable 'oh look its shiny' software for nincompoops and that they are competent enough to actually be able to keep track properly)

    There is no halfway. Eiher you give control of your system to Microso
  • by rucs_hack ( 784150 ) on Thursday September 13, 2007 @08:28AM (#20586665)
    I'd give it six months and this will be used to enforce install of WGA on every windows machine.
  • Why would you want to run an unpatched XP box?
    • by musikit ( 716987 ) on Thursday September 13, 2007 @08:31AM (#20586705)
      because a large majority of people dont patch windows and i need to test my software with the least common demoninator to ensure it works on all systems
      • by Pojut ( 1027544 ) on Thursday September 13, 2007 @08:37AM (#20586799) Homepage
        OK, so have a "test box". I myself have one. Guess what cable never get's plugged into it? That's right, the ethernet cable. If I'm doing something that requires the use of my in-house LAN, guess what gets unplugged....that's right, my connection to the outside world.

        It's not that difficult really...I find that having an isolated not-connected (not even to my internal network) windows 98 box is FANTASTIC for my older games...fuck DosBox, I'll just build a 200 dollar killer Win98 box.
        • Re: (Score:3, Interesting)

          by Just Some Guy ( 3352 )

          OK, so have a "test box". I myself have one. Guess what cable never get's plugged into it? That's right, the ethernet cable. If I'm doing something that requires the use of my in-house LAN, guess what gets unplugged....that's right, my connection to the outside world.

          That's infallible. Until, of course, Windows gets peer-to-peer updating.

          Test box: Hi everyone!
          Main box: Hey! Got WGA 543.64 yet?
          Test box: No. Good?
          Main box: Sure! Here you go.

        • Re: (Score:3, Funny)

          by scribblej ( 195445 )
          Wow, when you learn how to handle all that in your router/firewall then you will /really/ be cool, and won't have to crawl around unplugging and plugging cables.

          When I need a computer to stay off the internet, guess what I don't have to fuck with? That's right, ethernet cables.

  • by quantum bit ( 225091 ) on Thursday September 13, 2007 @08:29AM (#20586679) Journal
    I wonder if this still happens even if you have set the Automatic Updates service to 'Disabled' in services, rather than using the control panel applet which tells it not to update but still leaves the service running.

    Probably a good idea to disable the BITS service too.
  • by loki.jf ( 1156263 ) on Thursday September 13, 2007 @08:30AM (#20586695)
    Can they pull? Interesting question to ask I think.
    • by Anonymous Coward
      ...since Windows 95 even. It's part of the remote registry background process that facilitates the ability to read data from any file in the filesystem, not just only the registry files.
  • by skyggen ( 888902 ) on Thursday September 13, 2007 @08:30AM (#20586701)
    license? Do you own your copy of windows? No. You are only licensed to use it under their terms. Do you own M$ Office? No. You are only licensed to use it. If Microsoft wants to change their files on your computer they can. Also read carefully because some licenses of Microsoft actually claim that were you to so much as add any hardware you no longer are licensed and your windows copy will be in validated. I use linux, I don't have these problems. It has never been that Linux was a superior operating system. I mean for the longest time I had to deal with so much shit to to listen to an mp3. BUT the one thing about Linux is Your copy is Your copy to share and to see everythijg it does. Using linux was the first time I could take my Foil Hat off in years.
    • Re: (Score:3, Insightful)

      by tgd ( 2822 )
      Wrong, your copy of Linux is no more yours than your copy of Windows. Both are copyrighted works owned by others which you have a limited license to use. In the case of Linux that license grants a few more (limited) rights than Windows does, but its entirely inaccurate to claim that you own your Linux copy.
      • by caseih ( 160668 ) on Thursday September 13, 2007 @09:03AM (#20587249)
        Not quite. Almost all distros of linux have *no* EULA. The license" you refer to (licenses, actually) govern redistribution. Because of said redistribution rights, the moment you receive Linux from someone exercising those rights you can now do whatever you want with linux. The moment you choose to distribute it to someone else, the license comes into effect.

        This is generally very different from the "licensing" you talk about with Windows. In fact, even though it is all based on the same copyright law, these are, for the user, very different things.

        I do in fact own Linux as much as copyright law allows. Something that the Windows EULA never allows.
      • by Karellen ( 104380 ) on Thursday September 13, 2007 @09:27AM (#20587733) Homepage
        Rubbish.

        It's just as accurate to say you own a copy of Linux as it is to say you own a copy of a book.

        In neither case do you own the copyright for the item in question, but you do own the copy you have.

        You own books, don't you?
      • You are completely wrong. You don't have to agree to any license to use linux at all. You can do whatever you want with it within the bounds of copyright law without agreeing to anything at all. The only time the license applies is when you want to do something copyright law prohibits. That's COMPLETELY unlike the windows licensing situation.

        It is completely accurate to say that your copy of linux is completely yours. So is your copy of windows for that matter, it is just a question of wether or not the cre
  • by pieaholicx ( 1148705 ) on Thursday September 13, 2007 @08:33AM (#20586721) Homepage
    Does this mean that somewhere hidden deep in the API is the ability to automatically download and install files without user consent? Does this mean that somebody else could use that exact API to do something a bit less friendly? Does anybody else feel a whole new batch of windows security alerts?
    • Re: (Score:3, Insightful)

      by leehwtsohg ( 618675 )
      No, I think it simply means that when microsoft wrote microsoft update, they coded the update process twice: once for update itself, and once for everything else. Then, when they thought about allowing the user to not update the system automatically, they didn't think of applying it also to updating system update.
      Quite usual - code something X times, and forget where they all instances are. That is why you have to hunt through thousands of places to figure out where you turn off the annoying popup messages
    • Re: (Score:3, Insightful)

      by HangingChad ( 677530 )

      Does anybody else feel a whole new batch of windows security alerts?

      Microsoft would only fix it if they saw it as a problem. If they saw it as a problem, they wouldn't be using it as a back door for updates. From their standpoint, there's no problem. Microsoft either knew all along user update preferences could be ignored or they built it that way deliberately. No way to put a smiley face sticker on that.

      There's no reasonable way Microsoft could use stealth update and not expect to get caught some

  • by Mark_in_Brazil ( 537925 ) on Thursday September 13, 2007 @08:34AM (#20586735)
    TFAs only mention XP and Vista, but I have Windows 2000 (it will be the last Windows I ever own, and I'm just keeping it running until my end-of-year trip to the USA, when I'll buy a Macbook) and was surprised when I woke up one day this week (either the 11th or 12th of September) and found my computer showing the "got restarted and waiting for somebody to log in" screen. Before I had a UPS, that happened now and then, but since getting a UPS, that shouldn't happen unless we get a major power failure that lasts longer than the several minutes my UPS's battery gives me. That hasn't happened since I got my UPS, and I noticed that other things around the house showed no signs of power loss, despite my computer having been restarted.
    When I logged in, Windows Update informed me that it had installed updates. That's hard to understand, since I've had Windows Update configured for a long time now to ask me before installing anything. When I saw the item on /., I thought I might have discovered what happens, but TFAs only talk about XP and Vista.

    So was what happened to my computer (running Win2K) the same thing? Did others with old versions of Windows have the same experience?
  • by Sqweegee ( 968985 ) on Thursday September 13, 2007 @08:36AM (#20586771)
    I'm really surprised that they think so little of us that they didn't at least bother to write up a canned statement about the update. Didn't they expect anyone to notice the patching? Many people take others messing with their PCs very seriously, be it micro$oft or some script kiddie out there, and track this kind of thing constantly.

    Any word on what the purpose of the patching is?
  • omg hackers (Score:5, Interesting)

    by deftcoder ( 1090261 ) on Thursday September 13, 2007 @08:38AM (#20586819)
    Why hasn't someone diff'd the files that were updated and dived into the disassembly and checked to see what was actually changed?

    Would be more informative than bitching about it...
  • Policy violation (Score:5, Interesting)

    by NullProg ( 70833 ) on Thursday September 13, 2007 @08:53AM (#20587077) Homepage Journal
    Doesn't this violate every corporate network policy on the planet? What about the defense department?
    What if the one of the computers was monitoring a critical system and the stealth upgrade crashed the system?

    Isn't this a violation of Sarbanes-Oxley computer auditing requirements?

    Food for thought.
    Enjoy,
    • Re:Policy violation (Score:4, Interesting)

      by pointbeing ( 701902 ) on Thursday September 13, 2007 @09:59AM (#20588175)

      ...What about the defense department?

      Present!

      I work for an agency under DoD and my machine was *not* updated. Perhaps corporate versions of XP are unaffected?

  • FUD brakes please! (Score:3, Informative)

    by Toreo asesino ( 951231 ) on Thursday September 13, 2007 @09:13AM (#20587451) Journal
    The only thing that Automatic Updates, updates is itself, the AU service can be disabled, and this doesn't apply to computers running under WSUS (read: every corporate network machine, so only applies to home computers).

    So it's not brilliant of MS to do this, but not the end of the world either.

    Ok ok! There's no excuse, you're right.

  • Purpose? (Score:3, Interesting)

    by Tom ( 822 ) on Thursday September 13, 2007 @09:14AM (#20587457) Homepage Journal
    I'd really like to know the purpose.

    If it were anyone but MS, I'd assume it was a countermove to Storm or some other large botnet (you don't think Storm's the only one, do you?) which disables or subverts the usual automatic update process.

    Knowing this is from MS, I wouldn't be surprised if it's WGA or some DRM crap.
  • by Erikderzweite ( 1146485 ) on Thursday September 13, 2007 @09:16AM (#20587507)
    As far as i am concerned, you need to have administrative privileges to alter those files. That means - MS does have them. So they have access to all data on affected (or should I say infected) PC. Now that's something authorities have to be VERY worried about. If they can use this loophole - someone else can act the same way. So much for privacy...
    Ahh, what a pleasure it is to run emerge -uDN world. Updates only when YOU decide to do them. Ultimate freedom if you wish.

    This freedom clearly overcomes all artificial difficulties with Linux. By "artificial" i mean hardware providers who don't provide drivers/specs and stupid patent regulations that require you to manually install additional codecs in order to play mp3/dvd. Linux IS a superior system because both problems have nothing to do with the system itself.
  • by theolein ( 316044 ) on Thursday September 13, 2007 @01:18PM (#20591823) Journal
    While reading TFA, something in TFA caught my attention, here a list of changed components:

    1. cdm.dll
    2. wuapi.dll
    3. wuauclt.exe
    4. wuaucpl.cpl
    5. wuaueng.dll
    6. wucltui.dll
    7. wups.dll
    8. wups2.dll
    9. wuweb.dll

    1.Iwonder.dll
    2.whenmsft.exe
    3.willsee.dll
    4.youcan.dll
    5.usemore.exe
    6.than8_3.dll
    7.notation.dll
    8.innames.exe
    9.1984want.scr
    10.itsdos.dll
    11.back.txt

Solutions are obvious if one only has the optical power to observe them over the horizon. -- K.A. Arsdall

Working...