Researchers say
Silent mods to XP, Vista occur even with auto updates off, claims 'Windows Secrets'
Microsoft Corp. has started updating files on computers running Windows XP and Vista, even when users have explicitly disabled the operating systems' automatic update feature, researchers said today.
Scott Dunn, an editor at the "Windows Secrets" newsletter, said that
nine files in XP and Vista -- but not the same files in each operating
system -- have been changed by Windows Update, the Microsoft update
mechanism, without displaying the usual notification or permission
dialog box. The files, said Dunn, are related to the XP and Vista
versions of Windows Update (WU) itself.
"We started hearing from readers that Windows was modifying
files in the middle of the night, even when Windows Update was turned
off," Dunn said today. Some machines' event logs pinpointed Aug. 24 as
the date when the invisible updates began, but on one of Dunn's
personal machines, the log showed the changes taking place this week.
Dunn identified the changed files on Vista as wuapi.dll, wuapp.exe,
wuauclt.exe, wuaueng.dll, wucltux.dll, wudriver.dll, wups.dll,
wups2.dll and wuwebv.dll.
And on XP SP2, he said, the changed files were cdm.dll,
wuapi.dll, wuauclt.exe, wuaucpl.cpl, wuaueng.dll, wucltui.dll,
wups.dll, wups2.dll, and wuweb.dll.
In the past, Dunn noted, any changes to WU have been presented
to the user for approval. "They at least warned you in advance," he
said.
Not so this time, said Brian Livingston, the founder and
editorial director of the newsletter. "We don't completely understand
the [WU] technology, but apparently this doesn't go through the Auto
Update settings. A lot of companies are very sensitive about changes
made to their PCs, and although there's absolutely no sign of any
malicious intent on the part of Microsoft, if it starts doing this,
people should have a lot of concerns."
Microsoft gives users some flexibility in how their XP- and
Vista-powered PCs retrieve and install updates and patches from the
company's servers. In Vista, for example, users can turn off automatic
updates entirely; check for, but neither download or install, any
fixes; or download files but not install them.
Although Microsoft did not immediately respond to a request for comment, Dunn provided Computerworld
with a copy of an e-mail he said "Windows Secrets" had received from
Microsoft's online partner support. In the message, Microsoft only
hinted at a reason for the changes: "7.0.6000.381 is a consumer-only
release that addresses some issues after .374 was released. It will not
be available via WSUS [Windows Server Update Services]."
"What's waking up at 2 a.m. and downloading files?" asked Livingston.
"Windows Secrets" plans to offer more details tomorrow on its Web site and to subscribers via its normal e-mail channel.
Trackback(0)
Comments 
Write comment
 |
TrackBack URI for this entry
Subscribe to this comment's feed