bit-tech.net

Windows Update updates itself; people shocked

Windows Update updates itself; people shocked

Secretly downloading updates when it's disabled? Nope, just have the wrong box ticked.

Yesterday, a slew of websites reported that Microsoft's Windows Update secretly downloads files when the update is disabled. It all started when Windows Secrets posted an article titled "Microsoft updated Windows without users' consent." Supposedly, Windows Update downloaded and installed a combination of nine DLL and executable files.

Reports had come in earlier from some eagle-eyed forum poster so Windows Secrets decided to check its machines. On machines that had the Automatic Updates setting set to not do anything, WU updates were downloaded and installed anyways. A search was done on Microsoft's Knowledge Base but there was no reference to the update to be found.

A reply on a Microsoft Communities forum stated, "Windows Update Software 7.0.6000.381 is an update to Windows Update itself. It is an update for both Windows XP and Windows Vista. Unless the update is installed, Windows Update won't work, at least in terms of searching for further updates. Normal use of Windows Update, in other words, is blocked until this update is installed."

As it turns out though, you can stop WU from downloading the files automatically and Microsoft has made a blog post to help clear up some of the confusion.

On all the the systems that were reported to have downloaded the updates without any notification, the Automatic Updates options was set to "Check for updates but let me choose whether to download and install them." That however, is only one out of a total of four options that are given to a user. "Install updates automatically," "Download updates but let me choose whether to install them," and "Never check for updates" round out the rest of the list.

On all of these options except "Never check for updates," Windows Update will automatically download and install files that are crucial to keeping the updater working properly if Microsoft changes something on their end of the system. So if you're wanting none of your system files altered without your consent, that would be the route to go.

So there we have it. Microsoft is not attempting to install files on your computer without your consent, but rather just trying to keep everything working properly. No harm, no foul but perhaps the company could have been a little clearer on how WU operates in the background from the get go.

Discuss this over in the forums or in the comment section below.

23 Comments

Discuss in the forums Reply
C-Sniper 14th September 2007, 18:33 Quote
Great....
I don't care if it auto updates itself just as long as i don't have to go through those annoying " You must restart your PC for the changes to take effect" messages. Hell.... I'd rather have a silent auto-update so as long as i don't have to look at that annoying yellow shield and have to restart my PC 5 times for 1 update.
quack 14th September 2007, 18:36 Quote
I'm stunned at how much this entire issue has been blown out of proportion.

The files that make up the "Automatic Updates" feature need to be kept up-to-date so it can tell you what updates you need, unless you've turned it off entirely. Big deal.



Handy tip #1: Type net stop wuauserv into Start/Run to stop Windows trying to get you to reboot after updating, but don't forget to reboot later!
bloodcar 14th September 2007, 18:36 Quote
I have the same sentiments. I just want to know what the hell happened to not having to restart your computer after an update in Vista. I hated that in XP and I still hate it in Vista.
Breach 14th September 2007, 19:06 Quote
Yeah I don't think this is a big deal given what is being updated, but why be so stealthy about it?
Mankz 14th September 2007, 19:13 Quote
How do you even disable auto-updates in the first place.
Buzzons 14th September 2007, 19:35 Quote
Manks you're kidding right? it is under control panel -> Automatic updates...
boggsi 14th September 2007, 22:26 Quote
Quote:
Automatically installing Windows Updates patches violates our trust. I can guarantee you that anyone that specifically chose to disable automatic installations would rather have to choose to install the new Windows Update patch, even if it meant missing out on further notifications until that was done.

God forbid the Windows Update system was compromised. A false "Windows Update" patch could be pushed to all systems that could install a rootkit, erase harddrives, etc etc etc. The Windows Update client, when the "don't install with asking" option is selected, should not have the capability to install *anything* without asking.

I challenge anyone to disagree with that comment on the blog. I question the motives of any organisation, who feels the need to put in place a system where things can be automatically, without consent, even after requests that this SHOULD NOT HAPPEN. I am happy with the outrage, I feel a little safer knowing people really are happy to get excited about my privacy (something I hold dearly).
Dr. Strangelove 14th September 2007, 23:07 Quote
All I can say i that no mater how many times I click the "i trust microsoft.. bla bla" I never really trust MS enough to let them update my system automatically, I'll do that my self every now and then, thank you very much
leexgx 14th September 2007, 23:13 Quote
Quote:
Originally Posted by Mankz.
How do you even disable auto-updates in the first place.

2600 post heh

any way as long as WGA is not auto updated in vista then Dell oem disks will still work
cpemma 15th September 2007, 00:25 Quote
Quote:
Originally Posted by bloodcar
I have the same sentiments. I just want to know what the hell happened to not having to restart your computer after an update in Vista. I hated that in XP and I still hate it in Vista.
:? My XP looks for any updates at 6pm, downloads them in the background, then when I come to turn off I get a message during shutdown that the updates are being installed. Seems very civilised. ;)
Quote:
Originally Posted by MS
Installing updates before you shut down your computer is another way to keep your computer up to date and more secure. This option is available only in Microsoft Windows XP with Service Pack 2 (SP2), Microsoft Windows Server 2003 with Service Pack 1 (SP1), or an x64-based version of a Windows Server 2003 or Windows XP operating system and only if important updates have been downloaded but not yet installed. Do not turn off or unplug your computer while updates are installing. Windows will automatically turn off your computer after the updates are installed.
I'm cautious, but not paranoid. I also let my AV be updated automatically. On some people's reckoning, that could also expose me to rootkits, etc.
Faulk_Wulf 15th September 2007, 01:09 Quote
Quote:
Originally Posted by cpemma

I'm cautious, but not paranoid. I also let my AV be updated automatically. On some people's reckoning, that could also expose me to rootkits, etc.

You're absolutely right. People could use a "fake" Anti-Virus program that looks like its a real security application to stealthily insert dangerous programs. So can video games, dvd movies, or anything else that auto-runs or needs to be installed to work.

The difference is we're talking about an operating system, not a piece of software. When the malicious scripts are limited to particular programs, people can find ways to combat them. However, when these kinds of scripts are rolled out over an operating system, one of which (regardless of whether you love or hate Microsoft) is still the most popular one for administrating and networking in most businesses and schools, you are facing ENORMOUS security risks that could infect and destroy entire infrastructures.

It has nothing to do with this particular update, nor do I seriously believe that Automatic Update will be compromised anytime soon if at all. Its that like with history classes where civil rights are stripped from a country before a malicious government takes over power. Basically: If you let one company do a stealth update now, sure it might be a .dll and .exe and a .txt file or whatever that IS to update an Updater. But what happens if someone pushes that? And then that? And so on? Yeah, its paranoia to a degree, but its also your computer and your privacy, so maybe this time paranoia is justifiable and prudent.

My 2c. *shrug*
bloodcar 15th September 2007, 04:06 Quote
Quote:
Originally Posted by boggsi
I challenge anyone to disagree with that comment on the blog. I question the motives of any organisation, who feels the need to put in place a system where things can be automatically, without consent, even after requests that this SHOULD NOT HAPPEN. I am happy with the outrage, I feel a little safer knowing people really are happy to get excited about my privacy (something I hold dearly).
You can turn Automatic Updates off. In the cases reported, the functionality wasn't set to being turned off but still allowed WU to check for updates. In order for WU to continue to function correctly, it needed to update some of the local files on the user's machine. If they had turned the function off by selecting the "Never check for updates" option then it does not and will never download any files at all.

A lot of people are making a big issue about this but it seems a lot of people are too damned stupid to choose the "Never check for updates" option if they don't want anything downloaded at all. Maybe people need to employ a little more common sense when looking at the available options without having to have a manual spell everything out for them.

Quote:
Originally Posted by cpemma
:? My XP looks for any updates at 6pm, downloads them in the background, then when I come to turn off I get a message during shutdown that the updates are being installed. Seems very civilised. ;)
Yeah, but I'm of the type that never shuts their computer down unless I absolutely have to. When I'm not on the computer, either torrents or Folding@Home is running at full throttle so when I'm forced to do a restart, I get annoyed.
bilbothebaggins 15th September 2007, 10:37 Quote
Quote:
perhaps the company could have been a little clearer on how ... operates in the background from the get go.
Hahaha. Is this MS you're talking about? They're bloody never clear about anything. It's their philosophy -- if they'd explain anything it might just confuse the users ...

Th WU thing is ok though. If you do not want it to do anything, just switch it off completely. And if you don't switch it off completely, then don't expect it to not do something!!

Some people here should also realize that it does NOT make the system more secure when they have to manually agree to install stuff, if they install the stuff anyways. If the security gets compromised, you will get the crap onto your PC no matter what.

cheers,
-btb-
LinMan 15th September 2007, 10:48 Quote
I'm behind GPRS most of the time and this raised my bill, reason why my autoupdate is only reminding me. Is MS gonna pay for it. I don't think so.
NiHiLiST 16th September 2007, 17:11 Quote
Quote:
Originally Posted by bloodcar
You can turn Automatic Updates off. In the cases reported, the functionality wasn't set to being turned off but still allowed WU to check for updates. In order for WU to continue to function correctly, it needed to update some of the local files on the user's machine. If they had turned the function off by selecting the "Never check for updates" option then it does not and will never download any files at all.

A lot of people are making a big issue about this but it seems a lot of people are too damned stupid to choose the "Never check for updates" option if they don't want anything downloaded at all. Maybe people need to employ a little more common sense when looking at the available options without having to have a manual spell everything out for them.

People being "too damned stupid" isn't the issue at all. If you choose the option to "notify me but don't automatically download or install them" then you would reasonably expect it to do just that. Not for it to notify you about most of the updates, but automatically install some without so much as a notification balloon.
bloodcar 16th September 2007, 21:19 Quote
Quote:
Originally Posted by NiHiLiST
People being "too damned stupid" isn't the issue at all. If you choose the option to "notify me but don't automatically download or install them" then you would reasonably expect it to do just that. Not for it to notify you about most of the updates, but automatically install some without so much as a notification balloon.

How do you expect WU to notify you of new updates if the damn thing doesn't work because the files that make it work are out of date? Sorry if Microsoft didn't tell you, "Hey, we're gonna go ahead and download and install the files that are critical to WU to run properly in order for it to check the update server for you." Bit of common sense there, really it is.

WU has automatically updated itself several times before but you didn't see half of the internet bitching and moaning then.
NiHiLiST 16th September 2007, 22:15 Quote
Quote:
Originally Posted by bloodcar
How do you expect WU to notify you of new updates if the damn thing doesn't work because the files that make it work are out of date? Sorry if Microsoft didn't tell you, "Hey, we're gonna go ahead and download and install the files that are critical to WU to run properly in order for it to check the update server for you." Bit of common sense there, really it is.

That's exactly what I would expect it to do, it notifies you of other updates, why not this one?
completemadness 17th September 2007, 04:24 Quote
if you re-install windows, these patches have to be available anyway, because your copy of windows must be able to update to the later version - from the disk

So if that's the case, windows update only needs to update if its telling you about updates, otherwise, it doesn't
Because if you decide later you do want to know about them, then windows update can update itself, as those updates must be available for new installs in the future

I hope your understand what I'm on about, i don't really care either way and lets face it, everything these days is getting hyped to death, whatever ms do it will be twisted to fit an anti MS argument
Nath 17th September 2007, 06:32 Quote
Quote:
Originally Posted by NiHiLiST
That's exactly what I would expect it to do, it notifies you of other updates, why not this one?
Because notifying you that the updating service is being updated is silly.
boiled_elephant 17th September 2007, 10:43 Quote
Quote:
Originally Posted by quack
I'm stunned at how much this entire issue has been blown out of proportion.

Same. People are always trying to prove that Microsoft are the Evil Empire, and its all ********.
ComputerKing 17th September 2007, 12:01 Quote
Never happened to me! I tell my windows to do it or no, otherwise NO! I think it's kinda about Original Copies of windows, They maybe install some files to check if you have original one or hacked ;) Thank god that I have Original one.

I think Microsoft not that bad.. The windows is bad ;)

Thanks for this news.. Take care.
NiHiLiST 17th September 2007, 20:11 Quote
Quote:
Originally Posted by Nath
Because notifying you that the updating service is being updated is silly.

Why is it silly? I don't see that it's any different from notifying you about security patches, Windows Installer updates and the like.
completemadness 17th September 2007, 20:12 Quote
Quote:
Originally Posted by ComputerKing
I think Microsoft not that bad.. The windows is bad ;)
I think that's the wrong way round TBH

an OS is a very difficult thing, its not easy supporting 15 years of hardware and bad programming, but MS do it
However, its the other things MS do, WGA for one, and all their "standards compliance" that isn't at all

MS has lost its way in recent years, hopefully it will find its way back, but i would still like to have the choice of other OS's rather then the current windows lock in
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums