Microsoft updates Windows without users' consent

Status
Not open for further replies.

mediator

Technomancer
[FONT=Arial,Sans-serif]Microsoft has begun patching files on Windows XP and Vista without users' knowledge, [/FONT]even when the users have turned off auto-updates.
[FONT=Arial,Sans-serif]
Many companies require testing of patches before they are widely installed, and businesses in this situation are objecting to the stealth patching.
[/FONT] [FONT=Arial,Sans-serif]
Files changed with no notice to users

In recent days, Windows Update (WU) started altering files on users' systems without displaying any dialog box to request permission. The only files that have been reportedly altered to date are nine small executables on XP and nine on Vista that are used by WU itself. Microsoft is patching these files silently, even if auto-updates have been disabled on a particular PC.

It's surprising that these files can be changed without the user's knowledge. The Automatic Updates dialog box in the Control Panel can be set to prevent updates from being installed automatically. However, with Microsoft's latest stealth move, updates to the WU executables seem to be installed regardless of the settings — without notifying users.

When users launch Windows Update, Microsoft's online service can check the version of its executables on the PC and update them if necessary. What's unusual is that people are reporting changes in these files although WU wasn't authorized to install anything.

This isn't the first time Microsoft has pushed updates out to users who prefer to test and install their updates manually. Not long ago, another Windows component, svchost.exe, was causing problems with Windows Update, as last reported on June 21 in the Windows Secrets Newsletter. In that case, however, the Windows Update site notified users that updated software had to be installed before the patching process could proceed. This time, such a notice never appears.

For users who elect not to have updates installed automatically, the issue of consent is crucial. Microsoft has apparently decided, however, that it doesn't need permission to patch Windows Updates files, even if you've set your preferences to require it.

Microsoft provides no tech information — yet

To make matters even stranger, a search on Microsoft's Web site reveals no information at all on the stealth updates. Let's say you wished to voluntarily download and install the new WU executable files when you were, for example, reinstalling a system. You'd be hard-pressed to find the updated files in order to download them. At this writing, you either get a stealth install or nothing.

A few Web forums have already started to discuss the updated files, which bear the version number 7.0.6000.381. The only explanation found at Microsoft's site comes from a user identified as Dean-Dean on a Microsoft Communities forum. In reply to a question, he states:
[/FONT]
  • [FONT=Arial,Sans-serif] "Windows Update Software 7.0.6000.381 is an update to Windows Update itself. It is an update for both Windows XP and Windows Vista. Unless the update is installed, Windows Update won't work, at least in terms of searching for further updates. Normal use of Windows Update, in other words, is blocked until this update is installed."
    [/FONT]
[FONT=Arial,Sans-serif] Windows Secrets contributing editor Susan Bradley contacted Microsoft Partner Support about the update and received this short reply:

[/FONT]
  • [FONT=Arial,Sans-serif] "7.0.6000.381 is a consumer only release that addresses some specific issues found after .374 was released. It will not be available via WSUS [Windows Server Update Services]. A standalone installer and the redist will be available soon, I will keep an eye on it and notify you when it is available."
    [/FONT]
[FONT=Arial,Sans-serif] Unfortunately, this reply does not explain why the stealth patching began with so little information provided to customers. Nor does it provide any details on the "specific issues" that the update supposedly addresses.

System logs confirm stealth installs

In his forum post, Dean-Dean names several files that are changed on XP and Vista. The patching process updates several Windows\System32 executables (with the extensions .exe, .dll, and .cpl) to version 7.0.6000.381, according to the post.

In Vista, the following files are updated:

1. wuapi.dll
2. wuapp.exe
3. wuauclt.exe
4. wuaueng.dll
5. wucltux.dll
6. wudriver.dll
7. wups.dll
8. wups2.dll
9. wuwebv.dll


In XP, the following files are updated:

1. cdm.dll
2. wuapi.dll
3. wuauclt.exe
4. wuaucpl.cpl
5. wuaueng.dll
6. wucltui.dll
7. wups.dll
8. wups2.dll
9. wuweb.dll


These files are by no means viruses, and Microsoft appears to have no malicious intent in patching them. However, writing files to a user's PC without notice (when auto-updating has been turned off) is behavior that's usually associated with hacker Web sites. The question being raised in discussion forums is, "Why is Microsoft operating in this way?"

How to check which version your PC has

If a system has been patched in the past few months, the nine executables in Windows\System32 will either show an earlier version number, 7.0.6000.374, or the stealth patch: 7.0.6000.381. (The version numbers can be seen by right-clicking a file and choosing Properties. In XP, click the Version tab and then select File Version. In Vista, click the Details tab.)

In addition, PCs that received the update will have new executables in subfolders named 7.0.6000.381 under the following folders:
[/FONT] [FONT=Verdana,Arial,Sans-serif]
c:\Windows\System32\SoftwareDistribution\Setup\ServiceStartup\wups.dll
c:\Windows\System32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll
[/FONT] [FONT=Arial,Sans-serif]
Users can also verify whether patching occurred by checking Windows' Event Log:

Step 1. In XP, click Start, Run.

Step 2. Type eventvwr.msc and press Enter.

Step 3. In the tree pane on the left, select System.

Step 4. The right pane displays events and several details about them. Event types such as "Installation" are labeled in the Category column. "Windows Update Agent" is the event typically listed in the Source column for system patches.

On systems that were checked recently by Windows Secrets readers, the Event Log shows two installation events on Aug. 24. The files were stealth-updated in the early morning hours. (The time stamp will vary, of course, on machines that received the patch on other dates.)

To investigate further, you can open the Event Log's properties for each event. Normally, when a Windows update event occurs, the properties dialog box shows an associated KB number, enabling you to find more information at Microsoft's Web site. Mysteriously, no KB number is given for the WU updates that began in August. The description merely reads, "Installation Successful: Windows successfully installed the following update: Automatic Updates."

No need to roll back the updated files

Again, it's important to note that there's nothing harmful about the updated files themselves. There are no reports of software conflicts and no reason to remove the files (which WU apparently needs in order to access the latest patches). The only concern is the mechanism Microsoft is using to perform its patching, and how this mechanism might be used by the software giant in the future.

I'd like to thank reader Angus Scott-Fleming for his help in researching this topic. He recommends that advanced Windows users monitor changes to their systems' Registry settings via a free program by Olivier Lombart called Tiny Watcher. Scott-Fleming will receive a gift certificate for a book, CD, or DVD of his choice for sending in a comment we printed.

I'll report further on this story when I'm able to find more information on the policies and techniques behind Windows Update's silent patches. Send me your tips on this subject via the Windows Secrets contact page.

[/FONT] [FONT=Verdana,Arial,Sans-serif] Scott Dunn is associate editor of the Windows Secrets Newsletter. He is also a contributing editor of PC World Magazine, where he has written a monthly column since 1992, and co-author of 101 Windows Tips & Tricks (Peachpit) with Jesse Berst and Charles Bermant.
[/FONT]
[FONT=Verdana,Arial,Sans-serif]
Source


:shock:
[/FONT]


[FONT=Verdana,Arial,Sans-serif]
[/FONT]​
 

gxsaurav

You gave been GXified
[FONT=Arial,Sans-serif]No need to roll back the updated files

Again, it's important to note that there's nothing harmful about the updated files themselves. There are no reports of software conflicts and no reason to remove the files (which WU apparently needs in order to access the latest patches).
[/FONT]
Hmmm....what does this file updates? Oh! it updates the "Windows Update" which is required to update rest of the system...

why m i not worried :rolleyes:...I M not hiding something anyway...legit user here
 
Last edited:

din

Tribal Boy
May be the reason they stopped autopatcher lol

Autopatcher was asking user atleast ! I mean before installing something.

May be MS care their customers tooooooooooo much. Like they want all win PCs to be very safe evenif the customer forget the automatic update option.

Poor MS, people blame it for everything ;)
 
OP
mediator

mediator

Technomancer
May be the MS-fanboys shud read why the companies r objecting to it. Again an instance where MS doesn't care bt the user's permissions....a sorry state of closed source softwares indeed!
 

gxsaurav

You gave been GXified
mediator said:
May be the MS-fanboys shud read why the companies r objecting to it. Again an instance where MS doesn't care bt the user's permissions....a sorry state of closed source softwares indeed!

I would have questioned them if it was an update related to something else other then Windows Update. But since i m using legit Windows & WGA doesn't affect me, I m not worried about anything.
 

din

Tribal Boy
No GX, it is not about the type of update or what it updates and what info it sends or you are genuine user or not.

It is all about privacy.

Its just like you buy a TV and when you start watching India-Pak cricket the repair guy enteres into your house without asking permission and doing something in your TV and leaves without telling you anything. Won't you get annoyed ?
 
OP
mediator

mediator

Technomancer
gx_saurav said:
I would have questioned them if it was an update related to something else other then Windows Update. But since i m using legit Windows & WGA doesn't affect me, I m not worried about anything.
Explain in ur own words in not less than 150 words, what do u understand by the first 2 lines of the post which I bolded and increased the font size of.

[FONT=Arial,Sans-serif]Microsoft has begun patching files on Windows XP and Vista without users' knowledge, [/FONT]even when the users have turned off auto-updates.
Is automatic updates a joke? Or disabling/enabling means nuthing? If so, then do fill in ur suggestion box and tell MS to remove a "null" functionality called automatic updates, if they dont have brains to understand wat it is!!

Besides, we r not concerned if MS-fanboys r worried or not, but companies and end-users r affected!! I guess MS doesn't know how to respect privacy!! Terrible! :oops:
 

chesss

mera kutch nahi ho sakta
It would be interesting to know how are they doing this.
I have disabled the automatic updates & background intelligence services, will this still work? or does it require those servicese to be running?
 

alsiladka

Noobie Pro
gx_saurav said:
I would have questioned them if it was an update related to something else other then Windows Update. But since i m using legit Windows & WGA doesn't affect me, I m not worried about anything.

It is not this update that is worrying people GX, it is the method in which the implemented this update.
If they could release this update without any notification to the user, they could release any other update on their own without the permission of the user.

It is this fact which is worrying, a complete disregard for user's privacy.
 

Who

Guess Who's Back
Don't make such a fuss, anyway here is the reason why they do it..
How Windows Update Keeps Itself Up-to-Date

There have been some questions raised about how we service the Windows Update components and concerns expressed about software installing silently. I want to clarify the issue so that everyone can better understand why the self-updating of Windows Update acts the way it does.



So first some background: Windows Update is designed to help our consumer and small business customers (customers without an IT staff) keep their systems up-to-date. To do this, Windows Update provides different updating options: 1) Install updates automatically, 2) Download updates but let me choose whether to install them, 3) Check for updates but let me choose whether to download and install them, and 4) Never check for updates. Our goal is to automate the process wherever possible so that we can increase the likelihood of a system being secure and up-to-date, while giving customers the flexibility to control how and whether updates are installed. The reasons for this are both philosophical and practical. Philosophically, Microsoft believes that users should remain in control of their computer experience. Practically, customers have told us that they want to have time to evaluate our updates before they install them. That said, and to the benefit of both customers and the IT ecosystem, most customers choose to automate the updating experience.



So what is happening here? Windows Update is a service that primarily delivers updates to Windows. To ensure on-going service reliability and operation, we must also update and enhance the Windows Update service itself, including its client side software. These upgrades are important if we are to maintain the quality of the service.



Of course, for enterprise customers who use Windows Server Update Services (WSUS) or Systems Management Server (SMS), all updating (including the WU client) is controlled by the network administrator, who has authority over the download and install experience.



One question we have been asked is why do we update the client code for Windows Update automatically if the customer did not opt into automatically installing updates without further notice? The answer is simple: any user who chooses to use Windows Update either expected updates to be installed or to at least be notified that updates were available. Had we failed to update the service automatically, users would not have been able to successfully check for updates and, in turn, users would not have had updates installed automatically or received expected notifications. That result would not only fail to meet customer expectations but even worse, that result would lead users to believe that they were secure even though there was no installation and/or notification of upgrades. To avoid creating such a false impression, the Windows Update client is configured to automatically check for updates anytime a system uses the WU service, independent of the selected settings for handling updates (for example, “check for updates but let me choose whether to download or install them”). This has been the case since we introduced the automatic update feature in Windows XP. In fact, WU has auto-updated itself many times in the past.



The point of this explanation is not to suggest that we were as transparent as we could have been; to the contrary, people have told us that we should have been clearer on how Windows Update behaves when it updates itself. This is helpful and important feedback, and we are now looking at the best way to clarify WU’s behavior to customers so that they can more clearly understand how WU works. At the same time, however, we wanted to explain the rationale for the product’s behavior so our customers know what the service is doing: WU updates itself to make sure it continues to work properly. We are also confident that the choice to use Automatic Updating continues to be the right choice.



Before closing, I would like to address another misconception that I have seen publically reported. WU does not automatically update itself when Automatic Updates is turned off, this only happens when the customer is using WU to automatically install upgrades or to be notified of updates.



Providing and maintaining the WU service is important to enable us to service our customers and help them maintain safe, more secure and reliable computers. We take this responsibility very seriously and we are proud of the impact that Windows Update has had to help users with safety security and reliability over the years. Updating the client has been and remains a critical piece to this approach.



We appreciate the feedback and I hope that this post helps you to understand the situation and our strategy.



Nate Clinton

Program Manager

Windows Update

source :- *blogs.technet.com/mu/archive/2007/09/13/how-windows-update-keeps-itself-up-to-date.aspx
 

din

Tribal Boy
Good info

But we can see some sensible questions / comments which are un-answered in the same source (Microsoft Update Product Team Blog).
 

aku

Gonna make it BiG
god!... people have even stopped going through the whole post before posting a reply... <sigh>
common.. they are just updating "windows update"... the app reqd. to update windows... nothing else...
only pirates should be bothered about this... not legit user like saurav and me...
just like saurav said.
then from where does the question of privacy comes from???

ps. well this goes without saying,the latest trend: blame ms for anything they do... and you are a wiser guy (really ???)
 

din

Tribal Boy
@akuCRACKER

LOL. from your own post - "god!... people have even stopped going through the whole post before posting a reply... <sigh>"

Go through the above posts. It is NOT about piracy. It is about privacy. It does not matter whether you are a legit user or not. It matters why MS does something (whetever it is) without user permission. And now they claim it is only for win update. Whats gurantee thats the same will not happen for other files.

Just read my example 7 posts above. You are a legit /genuine / proud TV owner. You love some repair guy come into your house at midnight without your permission, does something to your TV while you are watching it and leaves without telling you anything ? Don't you think thats something related to privacy ? Or you will not bothered ? ?

Privacy is an important thing. Whether it is MS or any other company, they should let the user know (first) whats going on before doing something.
 

gxsaurav

You gave been GXified
din said:
You are a legit /genuine / proud TV owner. You love some repair guy come into your house at midnight without your permission, does something to your TV while you are watching it and leaves without telling you anything ? Don't you think thats something related to privacy ? Or you will not bothered

I will be bothered only if...

1) TV stops working after he leaves

2) I m doing something private & don't want to be disturbed.

they should let the user know (first) whats going on before doing something.

Dear customer, we are informing u that u need to update windows right now & boot so that u can update windows after u decide whether u want to update or not. So U need to update Windows update first anyway, whether u like it or not. if u don't want us to update at all....plz go to start menu - > run->Services.msc & disable the service "Windows Update" & "Background intelligent transfer service" . Do u want us to update Windows update so that u can update windows?

Yes, no

Yeah, looks like a nice error message to me.
 

aku

Gonna make it BiG
the word "pricay" comes into play as only pirates will be worried about privacy regarding this matter... and if ur thinking that i'm contradicting my own statements... therez nuthin i've gotta say...
and more ova... they are just updating the updating app... so.. where is the harm????
and by your example... some one comes into my house and starts to repair my tv... this example doesnt evn come close... by doing that the tv guy is disturbing me... invading my privacy.. but whn ms updates its "windows update" tool... it doesnt even remotely affect my privacy...
can u just temme how is it affecting your privacy??? plese i wanna kno...
are they (speaking about the updated files) stealing your docs??? keeping watch of sites you visit???
and please dont justify this by sayin '...what if other files are also being updated like this...'
they are not being updated like this... and thats enough! (you cant go with 'what if's'.
and once again i would like to say... only a pirated sw user should be worried with win update files being updated.
as long as my personal files and info stored in the comp. is secure... therez no question of privacy... adn updating windows update files DO NOT affect my workflow adn anything at all...

@gx_saurav well said man... ;)

ps. sorry for the poor formatting... running outta time
 

din

Tribal Boy
Now whatabout this message

Dear A****

We changed some of the files in your system. We are not going to tell you what it is. We sent many of your information to various places (ah, don't you remember what XP was doing long back when connected to net;) ) and we prefer nt to reveal that either. It may be your PC, it may be the Os you bought, but you do not have any right on the files and we do not care about your privacy at all, you have no option other than pressing any of the buttons below. Thank you for using ****

Buttons - Yes / Yes

@akuCRACKER

LOL, man, do not mix it up again. Privacy has nothing to do with Piracy. Both are different.

Whether you use a pirated software or a genuine software, updating that or making changes to that without your permission always involves - invading your privacy.
 
Last edited:

gxsaurav

You gave been GXified
din said:
Now whatabout this message

MS clearly mentioned that they are only updating Windows Update without notifying & not sending any other info anywhere, neither they are stealing your documents or pics. Those who did the research also said that MS only updated the Windows Update files & nothing else. If they wanted they could have easily included WGA too like this.

Like I have mentioned, if u r so paranoid that disable the service. Simple.
 

praka123

left this forum longback
^nice example @Din.but winboys dont care!they need an example like honeymoon in public is justified :lol: now i hope they understand what privacy stands for!.wtever even if ur beloved M$ also too infringes ur rights u have to react and accept the points @OP posted.
I appreciate @alsiladka be above these feelings.

and reg bashing pirates using windows,they make the majority as u know.and dont expect me there!I am a proud GNU/Linux user OK? :lol:
 

din

Tribal Boy
gx_saurav said:
Like I have mentioned, if u r so paranoid that disable the service. Simple.

Hmm I think news says -

Microsoft has begun patching files on Windows XP and Vista without users' knowledge, even when the users have turned off auto-updates.

So evenif I disable it, it auto updates ;)
 
Status
Not open for further replies.
Top Bottom