Stealth tinkering by Microsoft of millions of Windows XP and Vista PCs sounds like cheesy B-movie plot. That's why I had to read the Windows Secrets story "Microsoft updates Windows without users' consent" story twice.
Scott Dunn, an editor at the "Windows Secrets" newsletter, reports nine files in XP and Vista have been changed by Windows Update without displaying the usual notification or permission dialog box. The files are related to the XP and Vista versions of Windows Update itself. PC World's Business Center has posted a story here on the subject.
Reported unauthorized tampering by Microsoft of user machines with no permission or consent has been confirmed by other sources as well. EWEEK Labs has independently confirmed the report and so has ZDNet.
So far Microsoft has not issued any statement. Dunn says Microsoft has only hinted at what its intentions are. In a Microsoft forum titled "Critical Update slipped in through the back door" there are some clues as to Microsoft's intent.
Dunn reports:
The only explanation found at Microsoft's site comes from a user identified as Dean-Dean on a Microsoft Communities forum. In reply to a question, he states:
* "Windows Update Software 7.0.6000.381 is an update to Windows Update itself. It is an update for both Windows XP and Windows Vista. Unless the update is installed, Windows Update won't work, at least in terms of searching for further updates. Normal use of Windows Update, in other words, is blocked until this update is installed."
Windows Secrets contributing editor Susan Bradley contacted Microsoft Partner Support about the update and received this short reply:
* "7.0.6000.381 is a consumer only release that addresses some specific issues found after .374 was released. It will not be available via WSUS [Windows Server Update Services]. A standalone installer and the redist will be available soon, I will keep an eye on it and notify you when it is available."
Unfortunately, this reply does not explain why the stealth patching began with so little information provided to customers. Nor does it provide any details on the "specific issues" that the update supposedly addresses.
Dunn and others are careful to point out that that Microsoft is not doing any harm to the files it is modifying. We can only assume that those files are being changed to deliver a better Windows experience. However, what is very serious and disturbing is the stealth mechanism Microsoft is using to perform its OS updates.
The implications are huge. The tactics used by Microsoft are most commonly associated with those used by hackers, adware, and spyware companies.
This isn't the first time Windows Updates have taken center stage among the privacy minded.
Privacy concerns were raised in October when it was discovered that Windows Updates included the anti-piracy program Windows Genuine Advantage. Users were never asked for their consent to download and install the program.
We can now provide a FREE interrogation tool that you can use to examine in very fine detail each patch installed on Windows XP and Vista PCs.
Registration is required by sending an email direct with the following mail format; mailto:pcprofile@internode.on.net?subject=List_Microsoft_Updates&body=send_Free_file_to_list_MS_Patches
Ok, here is a thought. So, you have the malicious act on the part of Microsoft. Watch, see if the EU's lawyers take note. If they don't take serious action, then that should frighten Microsoft.
It means that the EU has left the gate. They are letting a "dead dog die", and are well on their way to adopting Linux everywhere in that part of the world.
Pretty sure that's what will be the fallout now. This act on the part of Microsoft simply confirms, in the decision makers minds, that they have made the "correct" decision.
I, for one, would have to agree with them.
TheWitness
People should be worrying because when such a hidden mechanism exists, there is likely a way to exploit it. Wasn't this sort of thing the original way the big email worms worked? I know the user was unaware their system had sent out infected emails.
The first comment contains trojan files.please delete the comment!
The last comment was a load of rubbish and ill informed. The file is small exectubale inside a zipped file for email shipment. Registration is required. By all means verify with your antivirus trojan detector that the file is clean but is a free tool offered to help you check what patches and fixes are being loaded to your systems by Microsoft!
This free interrogation tool can be used to examine in very fine detail each patch installed on Windows XP and Vista PCs.
Registration is required by sending an email direct with the following mail format; mailto:pcprofile@internode.on.net?subject=List_Microsoft_Updates&body=send_Free_file_to_list_MS_Patches