In association with heise online

14 September 2007, 11:09

Microsoft secretly installs updates

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A number of users were quite surprised when they looked into their system events log. Apparently, Microsoft had not only distributed, but also installed updates even though users had configured their systems so that they would only be informed about new updates. Now, the vendor has confirmed the event and tried to justify its actions.

Windows Update dialog
Microsoft installs some updates even when users only want to be informed about what has been made available.

In an entry at the Microsoft Update Product Team Blog, Microsoft's Windows Update Program Manager, Nate Clinton, says that the updates are for the Windows Update client used by Windows XP and Windows Vista. He says that the updates were necessary because the old version was no longer finding and reporting new updates as they became available.

Clinton reiterated Microsoft's philosophy of allowing users to retain control of their computers. He said that in practice these users first want to review the updates before installing them. But he also points out that most users have activated the automatic installation of updates. Clinton did not, however, resolve the contradiction between Microsoft's philosophy and its actions in this case of covertly installed updates. He merely argued that the updates helped maintain the quality of the service.

Microsoft installs updates without prompting users if the automatic search for updates is enabled. It does not matter whether users want to have patches installed automatically or merely be informed about new updates. To keep the update from being downloaded and installed altogether, the automatic update function has to be entirely disabled. In enterprise networks that distribute updates locally via Windows Server Update Services (WSUS) or the Systems Management Server (SMS), administrators reportedly have complete control of the updates, including those for the Windows Update client.

Such a furtive update should not have been necessary. Microsoft could just as easily have informed users about the necessity of the update and categorized it as critical, as it does with updates every Patch Tuesday. By installing covert updates, the company merely violates the trust users have in it. Just last March, Microsoft already pushed things too far when it was revealed that the company was taking advantage of the right its reserves for itself in a Privacy Statement by retrieving information about user computers and sending the data to a Microsoft server every time an update is installed.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit