OneCare Slopware to blame, apparently:
Microsoft OneCare Silently Changes Automatic Updates
.----
| Microsoft Corp.'s consumer security software changes the Automatic
| Updates (AU) settings in Windows XP and Vista without telling users
| or getting their approval, a researcher said Thursday -- behavior
| that may explain recent reports of patches being installed and
| systems rebooting without permission.
|
| When Microsoft responded to new charges of silent changes last
| week, however, it denied that AU settings were ever altered without
| user approval, and it didn't mention OneCare as a possible culprit.
|
| Scott Dunn, an editor at the "Windows Secrets" newsletter, reported
| Thursday morning that OneCare silently changes AU settings as it
| installs. No matter what AU setting the user selected previously,
| OneCare's installer quietly changes it to the fully automatic
| option.
|
| [...]
|
| OneCare's willful way with AU may be an explanation for the reports
| two weeks ago of machines downloading and installing the Oct. 9 set
| of security fixes even though their owners had explicitly
| instructed Windows to ignore all downloads or notify them before
| they were installed.
|
| Several days later, after it wrapped up an investigation, Microsoft
| said AU settings were never changed without user consent, and it
| blamed absent-minded users for making modifications and then
| forgetting that they had.
|
| "I find this surprising and very disturbing," said Dunn. "If
| they're going to change [AU] settings, they should let you know."
|
| [...]
|
| "Worse, OneCare silently turns on [Windows] services that have been
| disabled by the user," Dunn said, referring to the two services
| that some users, frustrated at earlier incidents in which Windows
| retrieved and installed patches without permission, have manually
| turned off: Automatic Updates and Background Intelligent Transfer
| Service (BITS). The services can be switched off manually using the
| Windows services.msc utility. Normally, once disabled, they remain
| that way until the user manually turns them back on.
|
| ComputerWorld confirmed Dunn's account of OneCare's AU changes by
| installing the security suite on both Windows XP and Windows Vista.
|
| At no time during installation, said Dunn, does OneCare tell the
| user that the software will modify Windows' settings or provide an
| opt-in dialog. Nor do the various online documents -- including
| Microsoft's privacy statement and an addendum for OneCare -- that
| are offered up early during the process contain any information
| about the changes. "It turns out there's a brief mention of it
| buried deep in one of the OneCare help files," said Dunn. "But
| that's not the same as telling users upfront."
|
| The help file (select "What does Windows Live Update do to help
| manage and maintain my computer's software updates?" to view the
| pertinent section) acknowledges that OneCare makes changes without
| bothering to ask. "When you first install Windows Live OneCare,
| setup automatically enlists your computer in Microsoft Update and
| changes your computer's settings to download and install updates
| automatically using Automatic Updates," it reads.
|
| Who's 'forgetful' now?
|
| Although Microsoft was not immediately available for comment this
| morning, it made it clear last week that reports of unauthorized
| updates, and even PC reboots, could not be blamed on its software.
|
| "I want to stress that the Windows Update client does not change AU
| settings without users' consent," said Nate Clinton, a program
| manager with the Microsoft Update team.
`----
http://www.pcworld.com/article/id,138939-pg,1/article.html
--
K.
http://slated.org
.----
| "[Microsoft] are willing to lose money for years and years just to
| make sure that you don't make any money, either." - Bob Cringely.
| - http://blog.businessofsoftware.org/2007/07/cringely-the-un.html
`----
Fedora release 7 (Moonshine) on sky, running kernel 2.6.22.1-41.fc7
22:29:19 up 77 days, 21:24, 3 users, load average: 0.00, 0.02, 0.03
|
|