June 25th, 2009

Are Windows stealth updates back again?

Posted by Adrian Kingsley-Hughes @ 5:00 am

Categories: Stealth Update

Tags: Microsoft Windows Update, Update, Microsoft Windows, Patches, Operating Systems, Software, Adrian Kingsley-Hughes

According to Windows Secrets, Microsoft could be back to its old tricks of stealthily installing Windows Updates on systems where users have specifically specified that they want to verify each update installed.

The forced-install behavior has been witnessed at least three times by Windows Secrets editors, but Microsoft says its procedure for Automatic Updates hasn’t changed in the last 10 months.

The behavior seems to occur only if a Windows user has Automatic Updates configured to “download updates but don’t install them” or “notify me but don’t install them.” If updates are scheduled to occur automatically, with no notice to users, the silent installation of updates would be expected.

There are four options within Windows Update that users can choose, and the wording is different for XP and Vista,

Vista:

• Install updates automatically.
• Download updates but let me choose whether to install them.
• Check for updates but let me choose whether to download and install them.
• Never check for updates.

XP:

• Automatic - automatically download recommended updates for my computer and install them.
• Download updates for me, but let me choose when to install them.
• Notify me but don’t automatically download or install them.
• Turn off Automatic Updates.

Most people out there have their systems set to install updates automatically. The paranoid folks Read the rest of this entry »

August 14th, 2008

Microsoft to push another Windows Update to users ... whether you want it or not

Posted by Adrian Kingsley-Hughes @ 8:35 am

Categories: Microsoft, Software, Stealth Update

Tags: Microsoft Windows Update, Update, Microsoft Corp., Microsoft Windows, Operating Systems, Software, Adrian Kingsley-Hughes

Back in September of 2007 Microsoft carried out what I and many others at the time considered to be a pretty big breach of trust and pushed a stealth update for the Windows Update mechanism. What’s wrong with that, you might ask? Well, as it turned out the update disrupted some Windows XP users ability to repair their installation. Not good, and precisely the reason why there are some people who like to know exactly what is being installed on their systems, and control when that happens.

Well, according to Microsoft, there’s another update to the Windows Update mechanism ready to be unleashed. The difference between this update and the stealth update from back in 2007 is that Microsoft is being more open about this update and actually talking about it before it hits the download servers and starts getting installed on systems.

Why update Windows Update?

Here’s the reason given by Microsoft:

So what are we doing this time? Well, this particular update won’t really change the way the client looks or feels to you, but you may notice some improvements in the length of time it takes Windows Update to scan for updates and how quickly you’ll receive signature updates.  For example, in this update, we’ve invested heavily in reducing the amount of time it takes the Windows Update agent to scan to see if new updates are available.  In this case, we’ve seen some instances of the scan times on some machines decreasing almost 20 percent.

Who will get this update automatically?

It depends on your Windows Update settings. Under Windows Vista there are four possible settings for Read the rest of this entry »

September 15th, 2007

More information from Microsoft on stealth update

Posted by Adrian Kingsley-Hughes @ 3:00 pm

Categories: Microsoft, Stealth Update

Tags: Microsoft Windows Update, Knowledge, Stealth, Microsoft Windows, Microsoft Corp., Knowledge Base, Adrian Kingsley-Hughes

Just to keep you all in the loop, I’ve just received the following information from Microsoft regarding the stealth update.

In particular, I was interested in finding out whether the rumors that the stealth update was in order to correct a problem with the Windows Update mechanism.  According to a Microsoft spokesperson, the update was NOT sent to users to correct a problem with Windows Update:

Q. So what had happened between the 14th and the 24th of August to break Windows Update?

A. Nothing was broken in Windows Update during this time.   In order to constantly improve the performance and reliability of Windows Update, Microsoft periodically updates the Windows Update client-code automatically.  Users should not be concerned that it is broken, but rather that periodic refreshes to the code help Windows Update continue to service customers.

I was also curious about why the information in the Event Log was so vague.

Q. Why is the entry in the Event Log for this update so vague?

A. We realize we weren’t as transparent as we should have been, and are working to do better in the future, both in terms of entries in event logs for WU, and in terms of helping people better understand how the WU service works as a whole.

And why there was no knowledge base article relating to the update …

Q. Why no knowledge base article?

A. It is good feedback, and it’s something they are considering as they listen to customer feedback about how they can be more transparent in the future. 

Thoughts?

September 14th, 2007

Microsoft dodging the real stealth update issues

Posted by Adrian Kingsley-Hughes @ 7:34 am

Categories: Microsoft, Stealth Update

Tags: Microsoft Windows Update, Update, Customer, Microsoft Windows, Microsoft Corp., Adrian Kingsley-Hughes

Breaking news - Latest from Microsoft

I’ve taken some time to properly digest Microsoft’s response to the stealth update issue that I’ve been discussing here for the last few days and I’ve come to the conclusion that Microsoft is dodging the real issues about the stealth updates.

Let’s begin by dissecting the official response I received from a Microsoft spokesperson yesterday.

The files that are being updated are part of the Windows Update client itself. Windows Update automatically updates itself from time to time to ensure that it is running the most current technology, so that it can check for updates and notify customers that new updates are available.

I knew that already.

This is normal behavior, and it has worked this way since the service debuted several years ago.

I’ll get back to this point later …

This is not to suggest that we were as transparent as we could have been; to the contrary, we could have been clearer on how Windows Update behaves when it updates itself. [emphasis added]

Right now Microsoft seem to be trying to defend a way of thinking that’s indefensibleThis point leaves me somewhat confused. I can’t figure out from this whether the Windows Update patch that was released on August 24th could have acted as a normal update (in other words, bought up a notification as usual only released out of step and not on Patch Tuesday) or whether this is referring to the fact that Microsoft could have somehow made the process more transparent but didn’t. I need to clarify this. One possibility here is that Windows update was somehow broken and Microsoft wanted to push a patch before the regular Patch Tuesday so that updates weren’t interrupted. However, coming back to the real world, I have no evidence to suggest that the Windows Update mechanism was broken before this stealth update was applied.

We’ve received helpful and important feedback on this point, and we are now looking at the best way to clarify WU’s behavior to customers so that they can more clearly understand how WU works.

Good.

That said, we continue to be confident that the choice to use Automatic Updating continues to be the best decision for many of our customers. Windows Update remains a popular service with our customers because it helps them stay safe and have confidence that they are running the latest software from us.

Here comes the PR spin. Basically, what I’m reading here is that we should all have Windows set to automatically retrieve and install updates automatically and that those of us that don’t are deviants from the norm. I’m given a choice to “Download updates but let me choose whether to install them” or “Check for updates but let me choose whether to download and install them” (the wording used within Windows Vista) but by choosing one of these options I made the wrong choice.

Next page –>

September 13th, 2007

Microsoft responds to stealth update issue

Posted by Adrian Kingsley-Hughes @ 11:33 am

Categories: In the news, Microsoft, Stealth Update

Tags: Microsoft Windows Update, Microsoft Windows, Microsoft Corp., Adrian Kingsley-Hughes

Breaking news - Latest from Microsoft 

Last night I approached Microsoft for comment on the stealth updating issue.  Here is the response I received from a Microsoft spokesperson:

The files that are being updated are part of the Windows Update client itself. Windows Update automatically updates itself from time to time to ensure that it is running the most current technology, so that it can check for updates and notify customers that new updates are available.  This is normal behavior, and it has worked this way since the service debuted several years ago.

This is not to suggest that we were as transparent as we could have been; to the contrary, we could have been clearer on how Windows Update behaves when it updates itself. We’ve received helpful and important feedback on this point, and we are now looking at the best way to clarify WU’s behavior to customers so that they can more clearly understand how WU works. 

That said, we continue to be confident that the choice to use Automatic Updating continues to be the best decision for many of our customers. Windows Update remains a popular service with our customers because it helps them stay safe and have confidence that they are running the latest software from us.

Nate Clinton, Windows Update Program Manager also comments on this issue.

I’ll comment on these responses later.

September 13th, 2007

Confirmation of stealth Windows Update

Posted by Adrian Kingsley-Hughes @ 3:46 am

Categories: In the news, Microsoft, Stealth Update

Tags: Microsoft Windows Update, Information Technology, Update, Stealth, Microsoft Windows, Adrian Kingsley-Hughes

Breaking news - Latest from Microsoft 

I can now confirm that the stealth Windows Update that I blogged about yesterday actually exists - because I’ve detected its presence on a machine at the PC Doc HQ.

At the PC Doc HQ we have several systems set not to update automatically. This is so that they are kept at a specific patch level for testing duties. Many of these systems are virtual machines but some are physical. When I heard about this stealth update I decided to take a look at one of these systems that don’t update automatically (it was set to download and notify) - and within seconds I found what I was looking for.

[UPDATED - Just to clarify, I can confirm that this stealth update was applied to systems where Windows Update was set to "Download updates but let me choose whether to install them" and "for updates but let me choose whether to download and install them" but not on systems set to "Never check for updates."] 

Which files are updated depends on the OS you are running. The updated files on Vista are:

• wuapi.dll
• wuapp.exe
• wuauclt.exe
• wuaueng.dll
• wucltux.dll
• wudriver.dll
• wups.dll
• wups2.dll
• wuwebv.dll

And on XP SP2:

• cdm.dll
• wuapi.dll
• wuauclt.exe
• wuaucpl.cpl
• wuaueng.dll
• wucltui.dll
• wups.dll
• wups2.dll
• wuweb.dll

The test system was running Windows XP SP2. Reports and rumors suggest that this update was being pushed out on or around the 24th of August so I fired up Event Viewer and scrolled down to this date … and here’s what I found: Read the rest of this entry »

September 12th, 2007

Confirmed: Microsoft is fiddling with system files without permission

Posted by Adrian Kingsley-Hughes @ 1:30 pm

Categories: In the news, Microsoft, Stealth Update

Tags: Permission, Microsoft Windows XP, Microsoft Windows Vista, Microsoft Windows, Microsoft Corp., Adrian Kingsley-Hughes

Breaking news - Latest from Microsoft

[Updated: Sept 13, 2007 @ 6.50 am - After checking a system set not to automatically update I can confirm that this stealth update is real.]

If this turns out to be true, it has some very serious (and disturbing) implications:

Microsoft Corp. has started updating files on computers running Windows XP and Vista, even when users have explicitly disabled the operating systems’ automatic update feature, researchers said today.

Scott Dunn, an editor at the “Windows Secrets” newsletter, said that nine files in XP and Vista — but not the same files in each operating system — have been changed by Windows Update, the Microsoft update mechanism, without displaying the usual notification or permission dialog box. The files, said Dunn, are related to the XP and Vista versions of Windows Update (WU) itself.

The files on Vista are:

• wuapi.dll
• wuapp.exe
• wuauclt.exe
• wuaueng.dll
• wucltux.dll
• wudriver.dll
• wups.dll
• wups2.dll
• wuwebv.dll

And on XP SP2:

• cdm.dll
• wuapi.dll
• wuauclt.exe
• wuaucpl.cpl
• wuaueng.dll
• wucltui.dll
• wups.dll
• wups2.dll
• wuweb.dll

If this turns out to be true (and I want to make it clear that I’ve not confirmed this) then this will be a very serious betrayal of trust on Microsoft’s part. Not only is it hard enough to keep track of changes done to a Windows installation as it is, but if Microsoft (or other companies) start updating systems without consent, this will lead to all sorts of trouble. On top of that, it paves the way for companies to make silent updates to technologies such as DRM and anti-piracy features.

Microsoft needs to address this issue and address it fast because the fallout from this could be very damaging.

Thoughts?