DonationCoder.com Forum
Main Area and Open Discussion => Living Room => Topic started by: Carol Haynes on September 13, 2007, 08:09 AM
-
Worrying trend ...
[ You are not allowed to view attachments ] (http://windowssecrets.com/comp/070913#story1)
See http://windowssecrets.com/comp/070913#story1 for details
-
Hm, that sounds slightly nasty.
-
This is some bullshit, luckily people are not dumb (well non-dumb people), and there are (better) alternatives to M$.
-
Too bad none of those alternatives are even ready for mainstream use.
I really dont consider this a big deal. As long as they arent patching OS components without telling me, thats fine. Automatic updates patching on its own is fine because in the end, its only helping users stay up to date. But I guess this is a case where microsoft is wrong (not in my eyes) for trying to do something that IS useful.
-
Too bad for you and/or your mainstreams ;) I would happily make the switch to *nix permanently. I bet a lot of people feel the same ;D
-
Too bad for me? I love *nix, but I also dont dilute myself into believing it could ever take the place of windows for 90% of users. There is a reason it hasnt taken off yet, lets just leave it at that and let this thread go back to its topic.
-
Actually, it *is* a big deal. Reaching into my computer and changing files -- any files -- when I have expressly denied permission is wrong. Even with the best of intentions, mistakes happen. Recall the WGA disaster of a month ago where Vista machines went dark because they couldn't phone home? All Microsoft's fault, no malicious intent, but the incident should be a wake up call.
How would you feel if one morning you discovered your Windows validation had been revoked, only due to a mistake? They have demonstrated they can stealth-modify files. Even more troubling, the article states there is no way to learn what was modified or why -- only the date & filename are available. No KB article. This is not transparent behavior, and one is compelled to wonder why? If it's a simple bug fix, then say so. The fact they go to some lengths to obsfucate the matter is more upsetting than the action itself.
I utilize a fully-paid MSDN platform subscription for all my Windows test machines. It's not difficult to imagine a block of serial numbers accidently deactivated, and the news sent down the wire to my little herd of test mules. Suddenly I cannot conduct business. What recourse then?
Or try out this far fetched, but still plausible scenario: MS licensing policy changes, and XP schedules itself to stop working on a particluar date, forcing a migration to Vista?
Until we learn more, there is nothing good to say about these activities or by extension the policies they enact.
-
And another article (with a vote at the bottom) ...
http://blogs.zdnet.com/hardware/?p=779#more-779
I have added a poll at the top of this thread ...
-
Can you add another option:
They shouldn't really do it, but life's too short to care
;)
-
True - but I think you are stuck with Don't Care or Buy me a beer
-
Thanks for putting up the poll, Carol. I read this with unease this morning when Windows Secrets hit my mailbox. I think it is disturbing, as Ralf Maximus points out, that these components are updated despite users expressly requesting that automatic updates NOT be installed without their permission.
-
Can you add another option:
They shouldn't really do it, but life's too short to care
;)
-katykaty
True - but I think you are stuck with Don't Care or Buy me a beer
-Carol Haynes
Well, I hate beer - vodka and cranberry's my fave at the moment - so it looks like I'm the lone voice championing 'Do not care'! :D
-
Poll updated to reflect your tastes ;)
-
Poll updated to reflect your tastes ;)
-Carol Haynes
Can't vote again unfortunately :-[
-
That poll is pretty useless.. how about the options be:
"wrong"
"don't care, but buy me beer, vodka + cranberry/orange"
;)
-
Poll updated to reflect your tastes ;)
-Carol Haynes
Can't vote again unfortunately :-[
-katykaty
You can now - just remove your old vote using the link.
-
That poll is pretty useless.. how about the options be:
"wrong"
"don't care, but buy me beer, vodka + cranberry/orange"
;)
-mitzevo
Of course it is pretty useless - we all know the answer, it was only meant as a bit of fun ;)
-
Or better yet, just - "don't care, let's get ripped!"...
-
Microsoft's response How Windows Update Keeps Itself Up-to-Date (http://blogs.technet.com/mu/archive/2007/09/13/how-windows-update-keeps-itself-up-to-date.aspx). Also read the comments!
You may want to recast your votes and go for the beer option :(
-
Microsoft's response How Windows Update Keeps Itself Up-to-Date (http://blogs.technet.com/mu/archive/2007/09/13/how-windows-update-keeps-itself-up-to-date.aspx). Also read the comments!
You may want to recast your votes and go for the beer option :(
-PhilB66
No! Never surrender! But I will take a beer nonetheless... ;D
-
As some of the posted comments on that page say, the MS apologist completely misses the point.
If I have 'notify me of updates and ask if I want to install' enabled then Windows Update should simply report that there is an update to Windows Update. It is then my choice whether I install it or not. OK I may never see any other updates until I do but at least it is my choice.
Silent updates without any information means that if the MS servers are compromised there could be a worldwide automatic distribution of various kinds of malware without user intervention. The fact that MS can even do this means there must be a loophole that already exists that could be exploited by others with drastic consequences. Given that MS is not exactly known for its high security profile I think that these are potential situations that really need to be taken seriously! If Windows Update couldn't accept updates without user consent then this whole can of worms could be avoided.
Personally I think the blanket 'Automatic (recommended)' setting is practically a blank cheque which is open to abuse - and at the very least stupid given the number of problematic patches MS shovels out every year. I have lost count of the number of times 'fixes' from MS have broken more than they fixed.
-
I agree. My Windows installs are set to let me choose if I want to update. And for good reason too, as Windows update has occasionally caused problems in my home network (for a few days to a week a networked HP Printer was offline due to an imcompatibility). So I made sure nobody in my family updated their computers till that was fixed. But if they're silently updating..well that defeats the point doesn't it?
-
Microsoft is shoving their Live update doo-hicky down your throat if you want to keep up to date with their other products,it's basically a Google pack clone.At least google let's you still download apps without it.
If you want to download their IM client,Writer (blog tool),etc.You have to do it through an update console where they try to sell on the ideal of all their other stuff.Not cool!
I subscribe to all the Microsoft employees rss feeds too and you should see how they all fall into lock-step.
"It great !" "It revolutionary!" Hooray!
I love XP pro and i'd most likely like a lot of other products if Microsoft wouldn't hide them behind walls,they come so close...then shoot themselves in the foot.
-
As I don't care, I'll go for the drink for I'm a bit thirsty :D
The same time I saw Carol's post and the photo, I knew that Microsoft was updating the routines used to deliver updates for Windows. And it turned to be true. Perhaps the worrying trend is Windows Secrets bad habit (in the Free edition at least) of being clutching at straws as lately instead of warning about true updates gone wrong, like patching systems running Athlon CPUs with microcode geared towards Core 2 Duo processors, or the .NET 1.1 updating service getting trapped updating the native images and starts being loaded with Windows to finish its job, updating one image at every boot. I think my fears of the newsletter losing quality with the addition of Fred Langa and Scott Dunn are coming to reality, and makes you wonder what the heck was Scott doing to discover these... too much free time I suppose ;D
If Microsoft serves are compromised, it would not help (probably) to have automatic updates deactivated. They can take over normal updates as well and disguise malware as the next critical fix for IE7. You'll only see the name and the description, and a correct link. If the antivirus don't warn you, the computer will get infected for sure. And now I'll ran for cover ;D
-
Well for those who turn off updates. They may wait for the general reports (like I do) from other people installing them.
If people start reporting viruses all across Windows computers after an update..well I could probably guess where it came from :P.
-
I have the same feeling about Windows Secrets and the demise of the LangList. I used to read both and LangaList was the one I read just about every word of. I still have a subscription but I don't think I will be renewing when it expires. I also really object the growing amount of blatant advertising in the paid for version.
-
Setting aside the Windows Secrets tendency to "cry wolf" occasionally, I still feel they're right to make noise about this item. Keep in mind that the real issue here is not that Microsoft is downloading updates without our permission (though that pisses me off no end)... rather it's the amount of information they publish about what it *is* they're downloading.
Zero. In fact, they're being evasive. ANYONE twiddling files on my PC without permission is cause for alarm; being told nothing about what was changed is even worse. It's not hard to describe technical changes in simple english, so why aren't they? The possiblilities are disturbing.
If a stranger sneaks into your house in the middle of the night and "fixes" your plumbing for you, wouldn't that bother you? Wouldn't you be concerned that they might've helped themselves to the beer or maybe installed one of those terrible 1.3 gpf toilets because THEY think it's necessary?
Wouldn't you rather they asked first?
And in fact they DID ask, and you said "no updates to the plumbing please" but they came and did it anyway.
Even if MS publishes a complete spec for what was changed in the wau*.* files, I'd still like an explanation of the process. Why the subterfuge?
-
I also really object the growing amount of blatant advertising in the paid for version.
Yes this is getting on my nerves as well... Perhaps an e-mail campaign to them is in order?
Ralf - great analogy re: the plumbing! You've summed up my feelings exactly, and far better than I could have to boot! :Thmbsup:
-
What I find worrisome is that users' security tools (FW, Intrusion Detection etc.) did not alert/prompt about this stealth install.
-
The stealth updates work because the update program is a "trusted" program. I am having second thoughts about that. Also, I recently noticed a web site that was being contacted at bootup that appears to be some web content provider called Akamai (the dotted web addresses are hardly logged at all in google, so I had to do a whois to find any reference to them). I still don't know who has contracted out their services to Akamai, because the initiator only showed as scvhost. Trustworthy they may be, but I don't like strangers accessing my system - and possibly different ones from time to time - these guys are doing this work on contract from someone. I have some questions about how secure their systems, software and personnel are. If I had to guess, it might be M$, just because they have a history of unloading anything to do with servicing customers. It seems a bit high-handed when they "loan" you the software, and then give any service company access to your computer. I begin to wonder if I want to have software on my computer that makes my security system look like a seive (I am making a bit of a leap here, but whoever is giving this kind of access without my permission is looking for trouble).
-
Anyone who has had their operating system shut off when they were relying on it can attest to the ensuing panic and sense of helplessness. This has occurred to me three times recently on visa and xp systems. All were legal but I made errors in partitioning and repair. Lost one system entirely. If you make a mistake with Linux you just start over.
My thought here, I think, is that the complete LOSS of control over a major investment really makes one think about how much control and potential control MS has over our lives.
-
I like to see my updates and what they are... ;)
I have it set that way for that reason.
-
AFAIK, It's an update to ensue compatibility with the update service, which seems to suggest that not installing means the update functionality (manually or automatic) won't work for you...
There would be a lot more complaints if the update procedure broke, so therefore i voted RIGHT in this case. It's the right thing to do. There's no privacy problem and it makes sure things keep running. Noone would not want to install it, everybody needs it, therefore not having it is not an option.
-
BinderDundat: Microsoft have been offloading to akamai for quite a while now.
justice: it's still a wrong thing to do when you have turned off automatic updates. "keep working"? The right solution would be to update the windows-update components once needed.
-
BinderDundat: If by "trusted" you mean the Windows firewall or ZoneAlarm or something, then you are correct. However, the wa* files Microsoft updates have no special "trustworthiness" assigned to them by the operating system. Windows Update could potentially change ANYTHING on your PC, and they have demonstrated the ability to do so without notifying the user.
Justice: So long as Microsoft ONLY twiddles the mechanism that interfaces with the update servers, then I agree. I am not protesing the maintenance of files Windows needs to update itself; in fact I avail myself of Windows Update periodically to get the recommended patches. That's only common sense.
But MS has demonstrated their ability and willingness to deliver updates DESPITE MY REVOKING PERMISSION TO DO SO. I opted out, they did it anyway. Doesn't matter if the patch was necessary or not, it's frikkin rude to shove software onto my PC without telling me. May even be illegal, since most states prohibit unauthorized tampering with data systems. And no, the EULA does not shield such intrusion; there is plenty of legal precedent protecting computer users.
But here's the kicker: I don't even believe it's necessary. When you login to the Windows Update website, what's the very first thing that happens? You get a small update to your "Installer" and THEN you get to the scanning-your-pc phase. If updates to the wa* files are necessary, then that's the logical place to perform maintenance. I would bet real money that they *are* updated there, also, just in case your machine hasn't been online in awhile and the stealth updates never installed. Not everyone has a 24/7 connection. Note that the Windows Update website works fine even on machines freshly installed from CD without any patches at all.
So it's rude, possibly illegal, potentially dangerous, damages the user's trust in MS, and finally: UNNECESSARY.
All for what? Microsoft's response continues to be evasive, addressing only WHAT was stealth-modified, but not why. Yes, we know those are Automatic Update engine files, and it'd be nice if everyone was 100% in sync all the time with the latest micro-update. But why do it this way, using stealth and sneakiness? If told up front what was being changed and why, I doubt any reasonable user would object.
So again, Microsoft, why?
-
It gets even better - according to the WindowsSecrets newsletter today the updates have broken Windows XP's abilitlity to use the "Repair Install" facility from the CD. If you do this all goes well until you try to update your repaired installation and then there are 80 updates that will not install because MS has deregistered various WU files during the update and they aren't repaired back to a known state properly!
Brilliant!
You can read the article here: http://windowssecrets.com/comp/070927#story1
There are also instructions on how to fix the problem if required!
-
Hmm, according to my log files during this time I did not get these seriptitious updates...
In my Hosts file when WGA first started this (XP) nonesense quite a few months ago, I restored a just prior Image Backup and I added the following...
# Resent MS Joe Bob's wgatray.exe phoning home
# 192.168.0.1 is used to test connectivity to the host computer & can't be used
# 192.168.253.* Not tested
# So, max it up into the TOP unused Host IP
192.168.253.253 stats.update.microsoft.com # primary
192.168.253.253 statsupdate.microsoft.com.nsatc.net # also resolves to...
# /Resented :)
wurx4me....
-
I like to see my updates and what they are... ;)
I have it set that way for that reason.
-CleverCat
Me too. Even if I end up installing all of them, i still like to know what is going on.
-
It get's better and better - now updates are being installed that force a reboot without user consent even when WU is completely disabled.
See http://blogs.zdnet.com/microsoft/?p=832 and the discussion that follows.
If you want to completely disable Windows Update so that you have control over what is going on there are two posts in the discussion which are a really useful overview. The second one is particularly helpful as it only shows how to disable (and re-enable for manual checks) WU without affecting other components:
http://talkback.zdnet.com/5208-12558-0.html?forumID=1&threadID=39891&messageID=733925&start=-9911
http://talkback.zdnet.com/5208-12558-0.html?forumID=1&threadID=39891&messageID=733961&start=-9911
-
It would be nice to have a little hootchie to turn this stuff on/off easily with a click.
Mmmmm... coding snack?
-
It's easy to do that - just create two batch file called WU_On.bat and WU_Off.bat and then edit them with a text editor and add the relevant commands to each.
Then you just need to double click the batch file to switch off and on (assuming Admin status).
You can automatically stop the relevant processes using:
SC STOP <svc_name>
eg. SC STOP waauserv
will stop the "Automatic Updates" service (just go in to START>Run>Services.MSC and double click on the service you want to identify and the service name is as at the top)
[ You are not allowed to view attachments ]
To start it again just use SC START <svc_name>
-
I did it! Presenting my first contribution to DC: WAU Whacker.
A simple utility to start or stop the Windows Automatic Update process (WUAUSERV) via the WMI interface. Requires VB6 runtimes (XP users already have them), tested on XP SP2. Not tested on NT, 2000, or Vista.
If you have the Updates service disabled, and try to start it via Whacker, it will grind its gears for about 5 seconds as it tries to start the service, but will eventually give up.
Please report feedback, bugs, etc.