On the back of the recent WGA fiasco, further research has revealed yet
another citation of what I already knew to be true: Windows updates
itself /without/ explicit permission, even if you turn /off/ automatic
updates.
The procedure is /supposed/ to work like this (on XP at least):
Launch "System Properties".
Select the "Automatic Updates" tab.
Select the "turn off Automatic Updates" (or manual) checkbox.
And that, AFAIAC /should/ be it. Off *means* off.
And yet, according to Microsoft, apparently it /doesn't/.
.----
| If Microsoft ever wanted to get caught with their pants down, they
| succeeded. For most people, the above doesn't make a whole lot of
| sense past the "you might have a virus" part. VerifyMyPC requires a
| little extra knowledge about computer systems when dealing with the
| details. Google is your friend in these cases. Running searches for
| 'wups.dll' and 'wups2.dll' turns up something about Automatic
| Updates. In particular, those DLLs provide Automatic Update
| functionality for Windows.
|
| In other words, the Automatic Updates utility automatically updated
| itself. Now this might not seem like a big deal but I have
| automatic updates set to manual (both download and installation
| have to be approved by me) and not the usual 'automatic' setting
| found on most user PCs. In other words, Windows updated itself
| without my express permission. Such behavior is right in line with
| spyware-like activity.
`----
http://cubicspot.blogspot.com/2007/08/windows-update-updating-without.html
So let this serve as a reminder to all those who denounce claims of
stealth updates as "paranoia" ... Microsoft *do* deploy updates that are
installed *without* user's explicit permission, and indeed /contrary/ to
those users' express instructions. The Windows EULA even states that
Microsoft reserves such a right:
.----
| 2.3 Internet-Based Services Components. The Software contains
| components that enable and facilitate the use of certain
| Internet-based services. You acknowledge and agree that Microsoft
| may automatically check the version of the Software and/or its
| components that you are utilizing and may provide upgrades or fixes
| to the Software that will be automatically downloaded to your
| Workstation Computer.
|
| [Translation]
|
| You agree that Microsoft can automatically and without your consent
| put new software on your computer.
`----
http://web.archive.org/web/20060518123848/http://linuxadvocate.org/articles.php?p=1
Why is this such a big deal?:
1) ... Because the supposed ability to "turn off" Automatic Updates is
little more than a *lie*.
2) ... Lying about updates is /suspicious/ and /untrustworthy/
behaviour, which one does /not/ exactly expect from the vendor
that you *paid* for the privilege of running their software. IOW
if the vendor has lied about /this/, then what else have they
lied about?
3) ... Updates may not necessarily be deployed in good faith. Microsoft
have demonstrated in the past that certain updates are quite
deliberately /designed/ to *cripple* and *inhibit* their
customer's systems. Example: driver update designed to prevent
/all/ DVD playback (conspiracy with nVidia and Macromedia) [1].
4) ... Even when not designed with malicious intent, updates are not
always necessarily a GoodThing®, on /any/ system, including
GNU/Linux. Poorly tested updates may actually *cause* problems,
rather than fix them. Users /need/ to have the freedom of choice
to decide whether or not to apply any given update in a timely
fashion, if at all. User's should be in /control/ of their /own/
systems, for both practical *and* principled reasons. Without
exception.
How to resolve this problem:
. Do not rely on the control panel settings for Windows Updates, it is
untrustworthy and essentially bogus.
. Disable the two services - WAUS and BITS ("Windows Automatic Updates
Service" and "Background Intelligent Transfer Service" respectively).
And *keep* them disabled ... permanently.
. Do not trust updates from Microsoft ... ever ... especially so-called
high priority automatic updates. Consider all software from Microsoft
to be potential Malware.
. Use "WindizUpdate" [2] with Firefox to obtain updates instead, and be
sure to carefully research each and every update before deploying.
. As ever, keep your Anti-Spyware and Anti-Virus definitions up to date
(although it's likely that third party vendors have exception rules
for Windows components, at Microsoft's behest, so do *not* rely on
this either). Use Free Software tools where you can (e.g. packet
sniffers, etc.) to determine /what/ exactly the updated software is
covertly trying to do. IOW - use extreme caution at all times.
Of course there is a more permanent and trustworthy solution, simply
wipe that Malware known as Microsoft Windows off your system completely,
and install GNU/Linux instead, for some peace of mind, real control, and
an overall much better user experience.
References:
[1] http://www.theinquirer.net/?article=8425
[2] http://windowsupdate.62nds.com/whyuse.php
--
K.
http://slated.org
.----
| "Proprietary licenses, the crack cocaine of software finance."
| - Matt Asay, CNET
`----
Fedora release 7 (Moonshine) on sky, running kernel 2.6.22.1-41.fc7
16:42:05 up 17 days, 15:37, 2 users, load average: 1.35, 1.41, 1.47
|
|
