If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#166
|
|||
|
|||
Microsoft updates Windows without users' consent
ceed wrote:
Frank wrote: |ceed wrote: | || Jupiter Jones [MVP] wrote: || | |"Mr Gates was the one proclaiming that we would never need more |than |640kb memory" That is a well known myth with no basis in fact. || || It may be myth or it may not. The jury is still out on that one. || There's no written proof that he said it, you are right there. But ||it doesn't turn into a myth because he denies having said it. I ||would have wanted to deny that also.. || || Take a look he || || ||http://tickletux.wordpress.com/2007/...the-640k-line/ || | | |Well the way the quote is quoted on the referenced URL is: | |“640K ought to be enough for anybody”. | |Which is vastly different from saying: | |"Mr Gates was the one proclaiming that we would never need more than |640kb memory". | |Frank If you never need more then what you have ought to be enough, right? hahaha...or we can always be American about...if enough is just right...then too much has to be better! :-) Frank |
Ads |
#167
|
|||
|
|||
Microsoft updates Windows without users' consent
Jupiter Jones [MVP] wrote:
Charlie and a few others also have shown they need to stoop to personal attacks and name calling at times. A very few other do little else. Neither of which are necessary or appropriate. But I guess you accept it and turn away since it suits you. "...just another Microsoft hyper-shill." "You may try to fool some of the newer..." Since I am not attempting to fool you, it is good you are not fooled by something you imagine. Not at all trying to fool anyone, but name calling to avoid the issues seems the thing for a few critics. You seem to have confused "Name calling" with honesty. The vast majority of Windows users do not and probably will not read the EULA at all, at least not all the way through. Of those folks who do read it many will not understand the finer "Legal" points built into the wording. Even fewer will read the document with a view to nit picking the "May be nefarious" passages from it, yet it seems that is the only way to go. To read the EULA several times with the thought in mind "How does this wording mean Microsoft can screw me?" I don't suggest for one moment that is Microsoft's "Intent", merely that if we take your view of the agreement we must read in that manner. Else we take things at face value, and believing Microsoft to be, in general, a reputable company we do tend to take things at face value. In use, the "Settings" appear to mean you have 3 choices, Download and install Updates, Download and ask, Download nothing until specifically requested. There is nothing in that dialog to suggest other "Updates" or communication of any kind. There are notes in various places on the MS websites to the effect that users with special needs (For example System Admins who need to test on lab machines first) may prefer to turn auto updates off. This is a sensible precaution for both MS and the Admin to take. I have yet to see anything suggesting that this in fact does not stop all updates, and yet the subject of MS Auto Updates has long been an issue discussed with "Privacy" concerns in mind. MS even go to the trouble of stating that they respect privacy and no identifiable information is "Intentionally" collected. From this we can reliably conclude that MS can make themselves aware of user privacy concerns WRT network traffic and actually do make themselves aware of those concerns. It requires no great leap of imagination to deduce that user concerns about what is going out to MS would be equally valid WRT what is coming in... Also, whatever the real intent behind this mechanism is, one must ask the question why, when the update system already identifies when the update system itself needs updating, MS chose to do this stealthily. The updates do not appear to be "Security" related, in which case I could understand MS having a desire to "Push" updates to cover some really drastic security flaw. Maybe it would still be wrong, but it would be "Understandable". It has been suggested that for "Update" to update itself would be like trying to change the oil in a vehicle whilst driving it, or something similar to that. This is nonsense, all that would be necessary in that case is a download followed by a system restart to do the install. This happens all the time when drivers and other things demand it. In any case I see no reason for even that to be necessary. So this warrants an explanation from Microsoft and soon, because without such their entire "Trustworthy Computing" flagship will become their Titanic. This comes at an even worse time with three letter agencies being suspected of planting "Trojans" and various other data collection systems on machines. The fact here is that to persuade the open source community to do such would require an awful lot of "Bought silence" from an awful lot of people. For a corporation like MS it would take very few yet at the same time cover 80-90% of the computers in use. IMHO (and that is all it is) MS have to offer some explanation other than "It's in the contract" or they present themselves as a huge target for criticism, rumors and loss of future business. No animosity involved whatsoever, they simply need to explain this, EULA or not, because it is (or at least seems) to be quite unnecessary. |
#168
|
|||
|
|||
Microsoft updates Windows without users' consent
"You seem to have confused "Name calling" with honesty"
Not at all an unexpected excuse to justify a need for name calling while ignoring the issues. It has no place with those secure in their positions and desiring to keep on topic. "...if we take your view of the agreement we must read..." That is not what I said. However if there are concerns as there are for some now, then they need to reread the applicable parts to see what was actually agreed. In this respect, it is no different than other agreements. People may skim over initially, but they are still responsible for what initially missed. If a contract is clear from a legal standpoint, it is irrelevant if the person did not read thoroughly if they had the chance. There are two issues: 1. What is legal For this I believe the license covers it and there is little that anyone can do from a legal standpoint. 2. What is right with their customers interests. This is where trust is made and lost because it goes beyond legality. It is based on trust based at least partly on a customers understanding based on several things such as a quick view of the license, what is said by the company and other sources. "...appear to mean you have 3 choices..." And I addressed this in another post in which your response was little more than an attack. That seems to be covered in the license even though it is not what you, myself or others like. Trust with Microsoft/Windows update has been brought up before and it will again, your previous attack not withstanding. Similar as you can in your Product Group at Microsoft with your contacts. Now, are you making your opinion heard at Microsoft or are you simply complaining here where there is no expectation or requirement that Microsoft get your message? -- Jupiter Jones [MVP] Windows Server System - Microsoft Update Services http://www3.telus.net/dandemar "Charlie Tame" wrote in message ... You seem to have confused "Name calling" with honesty. The vast majority of Windows users do not and probably will not read the EULA at all, at least not all the way through. Of those folks who do read it many will not understand the finer "Legal" points built into the wording. Even fewer will read the document with a view to nit picking the "May be nefarious" passages from it, yet it seems that is the only way to go. To read the EULA several times with the thought in mind "How does this wording mean Microsoft can screw me?" I don't suggest for one moment that is Microsoft's "Intent", merely that if we take your view of the agreement we must read in that manner. Else we take things at face value, and believing Microsoft to be, in general, a reputable company we do tend to take things at face value. In use, the "Settings" appear to mean you have 3 choices, Download and install Updates, Download and ask, Download nothing until specifically requested. There is nothing in that dialog to suggest other "Updates" or communication of any kind. There are notes in various places on the MS websites to the effect that users with special needs (For example System Admins who need to test on lab machines first) may prefer to turn auto updates off. This is a sensible precaution for both MS and the Admin to take. I have yet to see anything suggesting that this in fact does not stop all updates, and yet the subject of MS Auto Updates has long been an issue discussed with "Privacy" concerns in mind. MS even go to the trouble of stating that they respect privacy and no identifiable information is "Intentionally" collected. From this we can reliably conclude that MS can make themselves aware of user privacy concerns WRT network traffic and actually do make themselves aware of those concerns. It requires no great leap of imagination to deduce that user concerns about what is going out to MS would be equally valid WRT what is coming in... Also, whatever the real intent behind this mechanism is, one must ask the question why, when the update system already identifies when the update system itself needs updating, MS chose to do this stealthily. The updates do not appear to be "Security" related, in which case I could understand MS having a desire to "Push" updates to cover some really drastic security flaw. Maybe it would still be wrong, but it would be "Understandable". It has been suggested that for "Update" to update itself would be like trying to change the oil in a vehicle whilst driving it, or something similar to that. This is nonsense, all that would be necessary in that case is a download followed by a system restart to do the install. This happens all the time when drivers and other things demand it. In any case I see no reason for even that to be necessary. So this warrants an explanation from Microsoft and soon, because without such their entire "Trustworthy Computing" flagship will become their Titanic. This comes at an even worse time with three letter agencies being suspected of planting "Trojans" and various other data collection systems on machines. The fact here is that to persuade the open source community to do such would require an awful lot of "Bought silence" from an awful lot of people. For a corporation like MS it would take very few yet at the same time cover 80-90% of the computers in use. IMHO (and that is all it is) MS have to offer some explanation other than "It's in the contract" or they present themselves as a huge target for criticism, rumors and loss of future business. No animosity involved whatsoever, they simply need to explain this, EULA or not, because it is (or at least seems) to be quite unnecessary. |
#169
|
|||
|
|||
Microsoft updates Windows without users' consent
"PA Bear" Then perhaps you should take the time to read the entire thread. Is our time less valuable than yours? definitely. |
#170
|
|||
|
|||
Microsoft updates Windows without users' consent
The contract would still be invalid regardless of what exceptions were
written in it, it would be an illegal contract. Try assisted suicide and see how many fancy agreements and lawyers got around that one. Plain and simply the law states that you cannot write up contracts that violate applicable laws, if it were otherwise there would in fact be no law. John Bob I wrote: Unless of course there is an exception to the "loan sharking" law that says if you have the document notarized then it is ok to charge rates above 60%. Carefully read the exemptions, as it isn't black and white, and the "illegal" part isn't necessarily there. John John wrote: I have not really followed the discussion and I am not commenting on the EULA legalities. But... An interesting fact in law is that you cannot have someone sign an agreement to circumvent applicable laws and then claim indemnity. For example, charging interest rates above a certain amount is illegal (loansharking). Let's say the that rates above 60% P.A. are illegal. If you loan me money and tell me outright upfront that you will charge me 120% interest, and if I sign the loan agreement and accept your terms, you are still guilty of loansharking and if I were to take you to court you would lose. Even if I signed and accepted your contract you would still lose because the contract violates the law, it is an illegal contract. John Jupiter Jones [MVP] wrote: As has been pointed out, paragraph 7 in the agreement. If you accepted the agreement which is necessary for use, you have already agreed to and been notified even though notification may not have been what customers want. |
#171
|
|||
|
|||
Microsoft updates Windows without users' consent
The "issue" is how the law is written, IF the law provides for
EXCEPTIONS then there are circumstances where the "law" is not violated. Pure and simple. Just like you "can't violate the overtime law" except for the stated exception if a bargaining sets up a contract to do it differently. It's the law that provided for the exception. John John wrote: The contract would still be invalid regardless of what exceptions were written in it, it would be an illegal contract. Try assisted suicide and see how many fancy agreements and lawyers got around that one. Plain and simply the law states that you cannot write up contracts that violate applicable laws, if it were otherwise there would in fact be no law. John Bob I wrote: Unless of course there is an exception to the "loan sharking" law that says if you have the document notarized then it is ok to charge rates above 60%. Carefully read the exemptions, as it isn't black and white, and the "illegal" part isn't necessarily there. John John wrote: I have not really followed the discussion and I am not commenting on the EULA legalities. But... An interesting fact in law is that you cannot have someone sign an agreement to circumvent applicable laws and then claim indemnity. For example, charging interest rates above a certain amount is illegal (loansharking). Let's say the that rates above 60% P.A. are illegal. If you loan me money and tell me outright upfront that you will charge me 120% interest, and if I sign the loan agreement and accept your terms, you are still guilty of loansharking and if I were to take you to court you would lose. Even if I signed and accepted your contract you would still lose because the contract violates the law, it is an illegal contract. John Jupiter Jones [MVP] wrote: As has been pointed out, paragraph 7 in the agreement. If you accepted the agreement which is necessary for use, you have already agreed to and been notified even though notification may not have been what customers want. |
#172
|
|||
|
|||
Microsoft updates Windows without users' consent
On Tue, 18 Sep 2007 09:39:49 -0500, Bob I wrote:
The "issue" is how the law is written, IF the law provides for EXCEPTIONS then there are circumstances where the "law" is not violated. Pure and simple. Just like you "can't violate the overtime law" except for the stated exception if a bargaining sets up a contract to do it differently. It's the law that provided for the exception. Actually it depends only on how the law in interrupted BY the court system, IF it ever gets that far. Of course parties having legal disputes may and often do settle contractual disputes out of court. Limiting the discussion just to United States interpretation there are three broad standards. Criminal law, Civil law and Common law. Criminal law sets up a bunch of "laws", look at them as "rules" that state what a "crime" is and the punishment for it IF the accused is found guilty. Those found guilty of some criminal offense may be subject to incarceration, meaning some length of time is generally served for their offense within either the federal system if a federal law is broken or in the state system if some state law is broken. Read slowly: Common law tends to draw abstract rules from specific cases, which becomes case law, whereas civil law starts with abstract rules which judges must then apply to the various cases before them. Punishment, if found guilty rarely results in prison time and usually results in some monetary punishment in the form of fines. Some may be shocked to learn much of present day's civil law is based on ancient Egyptian law from many thousands of years ago which the ancient Romans adopted and modified that were further adopted throughout Europe and pretty much remained unchanged through the 18th century. Then a process call Codification began to change the legal landscape. This new process is where some enity, ie a Government in a democracy restates and refines the "law" resulting as in the United States as some act of Congress, creating some federal statutes. The official codification of Federal statutes is called the United States Code. This "code" is divided into "titles" numbered 1 through 50. Title 18 for example contains many of the Federal criminal statutes. This process is based on The Corpus Juris Civilis a collection of fundamental works in jurisprudence, issued during the years 529 to 534 by order of Justinian I, Byzantine Emperor. The US Code is very complex and lengthy: http://www.gpoaccess.gov/uscode/browse.html Another difference between common and civil law is civil law is historically common law developed by custom, beginning before there were any written laws and continuing to be applied by courts after there were written laws, whereas civil law developed out of Roman law. The difference between civil law and common law isn't limited to codification, but in the approach taken to codes and statutes. In civil law countries like the United States, legislation is always written by some governmental body, (at the federal level, Congress) which is seen as the primary source of federal law while each state legislature has the same task for writing state laws. Ditto for local governments where some governmental body proposes and creates "law" more commonly called an ordinance; some authoritative decree or direction, again having roots in Roman times. By default, courts thus base their judgments on the provisions of codes and statutes, from which solutions in particular cases are to be derived. Courts therefore have to reason extensively on the basis of general rules and principles of the code, often drawing analogies from statutory provisions to fill in the blanks and to achieve coherence. By contrast, in the common law system, cases are the primary source of law, while statutes are only seen as incursions into the common law and thus interpreted narrowly. My point of all this long winded flowerily language is to remind those that think anything in any "legal" written document such as a contract or Microsoft's EULA is absolute and binding are sadly mistaken and in for a rude shock IF any provision is tested within the court system. Often many contractual clauses fail to pass the smell test and will accordingly be thrown out by the courts. I've seen it happen many times, so sorry, I must snicker when I see the fanboy crowd making reference to the EULA and pretending it trumps everything else. Not even close. John John wrote: The contract would still be invalid regardless of what exceptions were written in it, it would be an illegal contract. Try assisted suicide and see how many fancy agreements and lawyers got around that one. Plain and simply the law states that you cannot write up contracts that violate applicable laws, if it were otherwise there would in fact be no law. John Bob I wrote: Unless of course there is an exception to the "loan sharking" law that says if you have the document notarized then it is ok to charge rates above 60%. Carefully read the exemptions, as it isn't black and white, and the "illegal" part isn't necessarily there. John John wrote: I have not really followed the discussion and I am not commenting on the EULA legalities. But... An interesting fact in law is that you cannot have someone sign an agreement to circumvent applicable laws and then claim indemnity. For example, charging interest rates above a certain amount is illegal (loansharking). Let's say the that rates above 60% P.A. are illegal. If you loan me money and tell me outright upfront that you will charge me 120% interest, and if I sign the loan agreement and accept your terms, you are still guilty of loansharking and if I were to take you to court you would lose. Even if I signed and accepted your contract you would still lose because the contract violates the law, it is an illegal contract. John Jupiter Jones [MVP] wrote: As has been pointed out, paragraph 7 in the agreement. If you accepted the agreement which is necessary for use, you have already agreed to and been notified even though notification may not have been what customers want. |
#173
|
|||
|
|||
Microsoft updates Windows without users' consent
~greg wrote:
"PA Bear" Then perhaps you should take the time to read the entire thread. Is our time less valuable than yours? definitely. Take a hike. plonk |
#174
|
|||
|
|||
Microsoft updates Windows without users' consent
|
#175
|
|||
|
|||
Microsoft updates Windows without users' consent
"ceed" wrote in
: Frank wrote: |ceed wrote: | || Jupiter Jones [MVP] wrote: || | |"Mr Gates was the one proclaiming that we would never need more |than |640kb memory" That is a well known myth with no basis in fact. || || It may be myth or it may not. The jury is still out on that one. || There's no written proof that he said it, you are right there. But ||it doesn't turn into a myth because he denies having said it. I ||would have wanted to deny that also.. || || Take a look he || || ||http://tickletux.wordpress.com/2007/...-say-the-640k- ||line/ || | | |Well the way the quote is quoted on the referenced URL is: | |“640K ought to be enough for anybody”. | |Which is vastly different from saying: | |"Mr Gates was the one proclaiming that we would never need more than |640kb memory". | |Frank If you never need more then what you have ought to be enough, right? The first is in context with the design and expectations at the time. Given the 8086 proc, and IBM's prediction that they would sell about 250,000 of those new compuyers, the first quote is accurate. |
#176
|
|||
|
|||
Microsoft updates Windows without users' consent
I am unable to open .msi & .msu files. I do not have a secretly update
version of windows\system32 i would like to know what to install so as to open these files. (I have registry booster 2. no help) "Silicon neuron" wrote: http://windowssecrets.com/comp/070913/#story1 By Scott Dunn Microsoft has begun patching files on Windows XP and Vista without users' knowledge, even when the users have turned off auto-updates. Many companies require testing of patches before they are widely installed, and businesses in this situation are objecting to the stealth patching. Files changed with no notice to users In recent days, Windows Update (WU) started altering files on users' systems without displaying any dialog box to request permission. The only files that have been reportedly altered to date are nine small executables on XP and nine on Vista that are used by WU itself. Microsoft is patching these files silently, even if auto-updates have been disabled on a particular PC. It's surprising that these files can be changed without the user's knowledge. The Automatic Updates dialog box in the Control Panel can be set to prevent updates from being installed automatically. However, with Microsoft's latest stealth move, updates to the WU executables seem to be installed regardless of the settings - without notifying users. When users launch Windows Update, Microsoft's online service can check the version of its executables on the PC and update them if necessary. What's unusual is that people are reporting changes in these files although WU wasn't authorized to install anything. This isn't the first time Microsoft has pushed updates out to users who prefer to test and install their updates manually. Not long ago, another Windows component, svchost.exe, was causing problems with Windows Update, as last reported on June 21 in the Windows Secrets Newsletter. In that case, however, the Windows Update site notified users that updated software had to be installed before the patching process could proceed. This time, such a notice never appears. For users who elect not to have updates installed automatically, the issue of consent is crucial. Microsoft has apparently decided, however, that it doesn't need permission to patch Windows Updates files, even if you've set your preferences to require it. Microsoft provides no tech information - yet To make matters even stranger, a search on Microsoft's Web site reveals no information at all on the stealth updates. Let's say you wished to voluntarily download and install the new WU executable files when you were, for example, reinstalling a system. You'd be hard-pressed to find the updated files in order to download them. At this writing, you either get a stealth install or nothing. A few Web forums have already started to discuss the updated files, which bear the version number 7.0.6000.381. The only explanation found at Microsoft's site comes from a user identified as Dean-Dean on a Microsoft Communities forum. In reply to a question, he states: "Windows Update Software 7.0.6000.381 is an update to Windows Update itself. It is an update for both Windows XP and Windows Vista. Unless the update is installed, Windows Update won't work, at least in terms of searching for further updates. Normal use of Windows Update, in other words, is blocked until this update is installed." Windows Secrets contributing editor Susan Bradley contacted Microsoft Partner Support about the update and received this short reply: "7.0.6000.381 is a consumer only release that addresses some specific issues found after .374 was released. It will not be available via WSUS [Windows Server Update Services]. A standalone installer and the redist will be available soon, I will keep an eye on it and notify you when it is available." Unfortunately, this reply does not explain why the stealth patching began with so little information provided to customers. Nor does it provide any details on the "specific issues" that the update supposedly addresses. System logs confirm stealth installs In his forum post, Dean-Dean names several files that are changed on XP and Vista. The patching process updates several Windows\System32 executables (with the extensions .exe, .dll, and .cpl) to version 7.0.6000.381, according to the post. In Vista, the following files are updated: 1. wuapi.dll 2. wuapp.exe 3. wuauclt.exe 4. wuaueng.dll 5. wucltux.dll 6. wudriver.dll 7. wups.dll 8. wups2.dll 9. wuwebv.dll In XP, the following files are updated: 1. cdm.dll 2. wuapi.dll 3. wuauclt.exe 4. wuaucpl.cpl 5. wuaueng.dll 6. wucltui.dll 7. wups.dll 8. wups2.dll 9. wuweb.dll These files are by no means viruses, and Microsoft appears to have no malicious intent in patching them. However, writing files to a user's PC without notice (when auto-updating has been turned off) is behavior that's usually associated with hacker Web sites. The question being raised in discussion forums is, "Why is Microsoft operating in this way?" How to check which version your PC has If a system has been patched in the past few months, the nine executables in Windows\System32 will either show an earlier version number, 7.0.6000.374, or the stealth patch: 7.0.6000.381. (The version numbers can be seen by right-clicking a file and choosing Properties. In XP, click the Version tab and then select File Version. In Vista, click the Details tab.) In addition, PCs that received the update will have new executables in subfolders named 7.0.6000.381 under the following folders: c:\Windows\System32\SoftwareDistribution\Setup\Ser viceStartup\wups.dll c:\Windows\System32\SoftwareDistribution\Setup\Ser viceStartup\wups2.dll Users can also verify whether patching occurred by checking Windows' Event Log: Step 1. In XP, click Start, Run. Step 2. Type eventvwr.msc and press Enter. Step 3. In the tree pane on the left, select System. Step 4. The right pane displays events and several details about them. Event types such as "Installation" are labeled in the Category column. "Windows Update Agent" is the event typically listed in the Source column for system patches. On systems that were checked recently by Windows Secrets readers, the Event Log shows two installation events on Aug. 24. The files were stealth-updated in the early morning hours. (The time stamp will vary, of course, on machines that received the patch on other dates.) To investigate further, you can open the Event Log's properties for each event. Normally, when a Windows update event occurs, the properties dialog box shows an associated KB number, enabling you to find more information at Microsoft's Web site. Mysteriously, no KB number is given for the WU updates that began in August. The description merely reads, "Installation Successful: Windows successfully installed the following update: Automatic Updates." No need to roll back the updated files Again, it's important to note that there's nothing harmful about the updated files themselves. There are no reports of software conflicts and no reason to remove the files (which WU apparently needs in order to access the latest patches). The only concern is the mechanism Microsoft is using to perform its patching, and how this mechanism might be used by the software giant in the future. I'd like to thank reader Angus Scott-Fleming for his help in researching this topic. He recommends that advanced Windows users monitor changes to their systems' Registry settings via a free program by Olivier Lombart called Tiny Watcher. Scott-Fleming will receive a gift certificate for a book, CD, or DVD of his choice for sending in a comment we printed. I'll report further on this story when I'm able to find more information on the policies and techniques behind Windows Update's silent patches. Send me your tips on this subject via the Windows Secrets contact page. Scott Dunn is associate editor of the Windows Secrets Newsletter. He is also a contributing editor of PC World Magazine, where he has written a monthly column since 1992, and co-author of 101 Windows Tips & Tricks (Peachpit) with Jesse Berst and Charles Bermant. |
#177
|
|||
|
|||
Microsoft updates Windows without users' consent
Hello,
I have read this post and I am concerned that this Microsoft Stealth update is the reason I can not get my two software video editing programs to burn onto disks. I use Photo Show and Pinnacle video editing software. Neither one will burn onto disks since this Stealth update occured. I spoke with a gentleman that has used Pinnacle since it's infancy and the software has always worked. He can not burn either. The program will create projects but will not burn. Is this Microsofts way of controlling what we do in our homes? I do not resell these projects. I want to be able to use this software. There are others using Pinnacle that have the same problem. How can Pinnacle stay in business with this happening? Is there some way to resolve this issue? Thank you. "Silicon neuron" wrote: http://windowssecrets.com/comp/070913/#story1 By Scott Dunn Microsoft has begun patching files on Windows XP and Vista without users' knowledge, even when the users have turned off auto-updates. Many companies require testing of patches before they are widely installed, and businesses in this situation are objecting to the stealth patching. Files changed with no notice to users In recent days, Windows Update (WU) started altering files on users' systems without displaying any dialog box to request permission. The only files that have been reportedly altered to date are nine small executables on XP and nine on Vista that are used by WU itself. Microsoft is patching these files silently, even if auto-updates have been disabled on a particular PC. It's surprising that these files can be changed without the user's knowledge. The Automatic Updates dialog box in the Control Panel can be set to prevent updates from being installed automatically. However, with Microsoft's latest stealth move, updates to the WU executables seem to be installed regardless of the settings - without notifying users. When users launch Windows Update, Microsoft's online service can check the version of its executables on the PC and update them if necessary. What's unusual is that people are reporting changes in these files although WU wasn't authorized to install anything. This isn't the first time Microsoft has pushed updates out to users who prefer to test and install their updates manually. Not long ago, another Windows component, svchost.exe, was causing problems with Windows Update, as last reported on June 21 in the Windows Secrets Newsletter. In that case, however, the Windows Update site notified users that updated software had to be installed before the patching process could proceed. This time, such a notice never appears. For users who elect not to have updates installed automatically, the issue of consent is crucial. Microsoft has apparently decided, however, that it doesn't need permission to patch Windows Updates files, even if you've set your preferences to require it. Microsoft provides no tech information - yet To make matters even stranger, a search on Microsoft's Web site reveals no information at all on the stealth updates. Let's say you wished to voluntarily download and install the new WU executable files when you were, for example, reinstalling a system. You'd be hard-pressed to find the updated files in order to download them. At this writing, you either get a stealth install or nothing. A few Web forums have already started to discuss the updated files, which bear the version number 7.0.6000.381. The only explanation found at Microsoft's site comes from a user identified as Dean-Dean on a Microsoft Communities forum. In reply to a question, he states: "Windows Update Software 7.0.6000.381 is an update to Windows Update itself. It is an update for both Windows XP and Windows Vista. Unless the update is installed, Windows Update won't work, at least in terms of searching for further updates. Normal use of Windows Update, in other words, is blocked until this update is installed." Windows Secrets contributing editor Susan Bradley contacted Microsoft Partner Support about the update and received this short reply: "7.0.6000.381 is a consumer only release that addresses some specific issues found after .374 was released. It will not be available via WSUS [Windows Server Update Services]. A standalone installer and the redist will be available soon, I will keep an eye on it and notify you when it is available." Unfortunately, this reply does not explain why the stealth patching began with so little information provided to customers. Nor does it provide any details on the "specific issues" that the update supposedly addresses. System logs confirm stealth installs In his forum post, Dean-Dean names several files that are changed on XP and Vista. The patching process updates several Windows\System32 executables (with the extensions .exe, .dll, and .cpl) to version 7.0.6000.381, according to the post. In Vista, the following files are updated: 1. wuapi.dll 2. wuapp.exe 3. wuauclt.exe 4. wuaueng.dll 5. wucltux.dll 6. wudriver.dll 7. wups.dll 8. wups2.dll 9. wuwebv.dll In XP, the following files are updated: 1. cdm.dll 2. wuapi.dll 3. wuauclt.exe 4. wuaucpl.cpl 5. wuaueng.dll 6. wucltui.dll 7. wups.dll 8. wups2.dll 9. wuweb.dll These files are by no means viruses, and Microsoft appears to have no malicious intent in patching them. However, writing files to a user's PC without notice (when auto-updating has been turned off) is behavior that's usually associated with hacker Web sites. The question being raised in discussion forums is, "Why is Microsoft operating in this way?" How to check which version your PC has If a system has been patched in the past few months, the nine executables in Windows\System32 will either show an earlier version number, 7.0.6000.374, or the stealth patch: 7.0.6000.381. (The version numbers can be seen by right-clicking a file and choosing Properties. In XP, click the Version tab and then select File Version. In Vista, click the Details tab.) In addition, PCs that received the update will have new executables in subfolders named 7.0.6000.381 under the following folders: c:\Windows\System32\SoftwareDistribution\Setup\Ser viceStartup\wups.dll c:\Windows\System32\SoftwareDistribution\Setup\Ser viceStartup\wups2.dll Users can also verify whether patching occurred by checking Windows' Event Log: Step 1. In XP, click Start, Run. Step 2. Type eventvwr.msc and press Enter. Step 3. In the tree pane on the left, select System. Step 4. The right pane displays events and several details about them. Event types such as "Installation" are labeled in the Category column. "Windows Update Agent" is the event typically listed in the Source column for system patches. On systems that were checked recently by Windows Secrets readers, the Event Log shows two installation events on Aug. 24. The files were stealth-updated in the early morning hours. (The time stamp will vary, of course, on machines that received the patch on other dates.) To investigate further, you can open the Event Log's properties for each event. Normally, when a Windows update event occurs, the properties dialog box shows an associated KB number, enabling you to find more information at Microsoft's Web site. Mysteriously, no KB number is given for the WU updates that began in August. The description merely reads, "Installation Successful: Windows successfully installed the following update: Automatic Updates." No need to roll back the updated files Again, it's important to note that there's nothing harmful about the updated files themselves. There are no reports of software conflicts and no reason to remove the files (which WU apparently needs in order to access the latest patches). The only concern is the mechanism Microsoft is using to perform its patching, and how this mechanism might be used by the software giant in the future. I'd like to thank reader Angus Scott-Fleming for his help in researching this topic. He recommends that advanced Windows users monitor changes to their systems' Registry settings via a free program by Olivier Lombart called Tiny Watcher. Scott-Fleming will receive a gift certificate for a book, CD, or DVD of his choice for sending in a comment we printed. I'll report further on this story when I'm able to find more information on the policies and techniques behind Windows Update's silent patches. Send me your tips on this subject via the Windows Secrets contact page. Scott Dunn is associate editor of the Windows Secrets Newsletter. He is also a contributing editor of PC World Magazine, where he has written a monthly column since 1992, and co-author of 101 Windows Tips & Tricks (Peachpit) with Jesse Berst and Charles Bermant. |
#178
|
|||
|
|||
Microsoft updates Windows without users' consent
Marsha wrote:
Is there some way to resolve this issue? No. Microsoft is going towards a subscription model, they will control everything in your PC. -- :-) |
Thread Tools | |
Display Modes | |
|
|