back to article Microsoft dispels rumors of stealth Windows updates

Microsoft officials are seeking to dispel rumors the company is performing stealth updates on Windows machines. They are also pledging to be more transparent in the future to prevent such misunderstandings from happening again. Reports of secret updates began circulating after at least two sites reported that Windows Update …


This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Regardless what its purpose is..

    This is the same as buying a car, then the dealer still has access to modify the content of the vehicle, while you sleep in peace knowing your car is locked (you chose to lock to prevent the dealer or anyone getting in).

    The point is simple here, if Windows are set to NOT to update, then NOTHING should be updated without you knowing, regardless what reasons or excuses Microsoft comes up with.

    Looking it from a hackers point of view, this will translate to them able to inject modules into your PC even though Windows are set not to accept any updates, all without you knowing, this sounds dangerous for many users, if MS can inject the update code without the user knowing, hackers can do the same, this Windows so called security/registration is turning into a bad practice, very soon, Microsoft will be able to pop up on your screen to remind you to upgrade to Vista every 5 mins until you buy a copy, all this while your PC are set not to accept junk popups .

  2. Kent Rebman


    If I interpret the comments correctly, the quoted blogger is saying that MS is too stupid to correctly apply principles of backward compatibility in their development and maintenance processes so, so sorry, they'll have to muck around in the innards of your machine without your knowledge.

    I knew they had contempt for their users, but this is a pretty pathetic excuse even for them.

  3. Dennis SMith


    Quote: "They are also pledging to be more transparent in the future to prevent such misunderstandings from happing again."

    Read: "They are pledging to disable logging of stealth updates so as to evade detection by users."

    Sorry, the genie is out of the box now.

  4. Anonymous Coward
    Anonymous Coward

    Utter Balls

    These should have been flagged as critical updates if they are required for further updates and nothing more. Its simple and any excuse is just spin

    This just highlights the big corporations rule of 'we rule the roost and you will do as we long as there is not too much fuss'

    And people will still defend these bemoths of power in what ever form they appear.

    Power corrupts absolutely, not a truer phrase was uttered.

  5. Mike


    In most countries isn't it against the law to access someone's computer without their consent? If Microsoft altered files on my computer without my knowledge or consent, regardless of their reason, then that is the same as someone hacking into my computer and accessing/altering my files. I think the relevant statute in the state of Washington is this one.

    RCW 9A.52.120

    Computer trespass in the second degree.

    (1) A person is guilty of computer trespass in the second degree if the person, without authorization, intentionally gains access to a computer system or electronic data base of another under circumstances not constituting the offense in the first degree.

    (2) Computer trespass in the second degree is a gross misdemeanor.

  6. Ian


    I think... and I don't remember exactly... but you signed that right away in SP2 EULA when MS essentially said that they could enter your computer at their whim.

    I realise that what a company demands is overridden by what a country demands (at the moment) but I think that's where the change in Microsofts policy first appeared, there was a kickup about it then too.

  7. Sundaram

    So, Microsoft admittedly wrote a virus?

    The fact that it is possible to change critical system files that affect the behaviour of the remaining parts of the OS is very disturbing. Microsoft has admitted to exactly this; and worse the owner (also called used or consumer) of the PC is not informed beforehand; and no one from Microsoft spoke about this until it has been brought to light.

    Will Mark Russinovich submit his detailed analysis of the bits of code that got changed with this update aka rootkit? He will not... after all this isn't Sony, and he is now an MS employee.

  8. Martin Maloney

    They've got you under their dispel <boo-hiss>

    "Microsoft officials are seeking to dispel rumors the company is performing stealth updates on Windows machines. They are also pledging to be more transparent in the future to prevent such misunderstandings from happing again."

    It appears that some code, that was stealthily injected, disabled the spell checker.


  9. This post has been deleted by its author

  10. J

    They own your computer

    "files can be changed without the user's knowledge"

    Sounds like a fair definition of malware to me... Now if what Mike said about the law in the state of Washington does really apply here (and I don't see why it wouldn't), can't somebody please start the proceedings? Sorry, I can't. They don't own my computers. :-)

  11. Anonymous Coward
    Anonymous Coward

    Read the EULA before you click ok... or don't complain afterwards.

    It is clearly stated in the EULA (or an addendum to the EULA) that Microsoft can and will make changes to Windows whenever they find necessary.

  12. D. Suse

    They are only acting in character...

    I do not see why people are acting all surprised by this latest violation of personal privacy rights by Microsoft. Just off the top of my head, historically they have:

    1) Shipped software to end users that is so poorly designed that over 10 years of constant patching is still unable to render it *secure* (cases in point, Windows 95, 98, 2000, Windows XP, MS Office, Internet Explorer...).

    2) Instead of actually fixing the problems, they turned the insecurity of their software products into another *cash-cow* revenue stream with their $50USD/year *Windows OneCare* subscription service (the customers of which, being the cow)...

    3) Knowingly hid their *Windows Genuine Advantage* datamining spyware in windows updates, which collected and sent your HD serial number, MAC address, BIOS checksum, computer make and model, MS product keys, locale, your language, and more back to Microsoft's servers without your permission. Then it passed automated judgment on all users (resulting in a 20% *false positive* rate, i.e., 20% of MS users who had legitimately purchased their products were treated as criminals via this fully-automated, rights-removing trial). The nice WGA tool then inserted a time-bomb, causing nag screens to pop up and disabling open access to all updates (which are constantly and urgently needed as discussed in the first 2 points). Many of those contacting MS by phone concerning validation problems were similarly treated as criminals, and many paid even more money using their credit cards to *re-validate* their legitimately purchased software, instead of continuing to be subjected to harassment.

    4) Delayed distribution of many patches for glaring security holes which had been identified and published by security researchers, and which were known to be causing harm to their customers via viruses etc. designed to take advantages of said security holes. Instead, they rushed out patches to shore up comparatively harmless breaches of their "windows media format" DRM to satisfy their moneyed friends in the recording industry (proving that, at Micro$oft, it's *all about money*).

    5) Greased the palms of hundreds of key people to get them to vote and sign MS-penned form letters advocating the wisdom of fast-tracking the adoption a 6000 page non-open *Open XML* document format as a proposed international ISO standard document format (a format which they could then control and alter at their whim, wiping out their competitors while continuing to bleed the world into their bank coffers). All the while coyly ignoring the possibility of supporting and contributing to the existing and truly open ISO standard ODF format. Luckily, sanity prevailed, and this harebrained idea was shot down, so far...gee, I wonder if there could be any more security issues in that 6000 + pages...

    I could go on, but you (hopefully) get the drift. Complaining about these repeated violations of respect, your security, and your rights does nothing, at least according to this historical reckoning. The easiest (and only) way to protect yourself is to JUST STOP USING MICROSOFT PRODUCTS. PERIOD. Dell is doing it, HP, Lenovo are selling great Linux-powered PC's fully loaded with secure open-source software like OpenOffice, etc. Lots of people are starting by giving MS Office the boot off of their windows PC's and installing OpenOffice instead. Then they download and try Ubuntu or some other popular free version of Linux and never turn back. Myself: I got fed up with Microsoft's antics years ago, switched to Linux, no more virus problems, lots of great free a (long-overdue) breath of fresh air...

  13. John Doe

    Read the EULA before you click ok... or don't complain afterwards.

    It is clearly stated in the EULA (or an addendum to the EULA depending of Windows version) that Microsoft can and will change files on the computer without the users knowledge whenever they find it necessary.

    It is furthermore stated that the user do not own the operating system or any components of it.

    Noone has ever tried the EULA in a court of law...

    btw. I don't care... I got tired of Microsoft and changed to something better.

  14. Ken Hagan Gold badge


    "Had we failed to update the service automatically, users would not have been able to successfully check for updates and, in turn, users would not have had updates installed automatically or received expected notifications. ... That result would not only fail to meet customer expectations but even worse, that result would lead users to believe that they were secure even though there was no installation and/or notification of upgrades. ... [Windows Update] does not automatically update itself when Automatic Updates is turned off."

    Ermm, so all those who turned it off are now permanently cut off from WU, but they will never actually discover this because the older version of the software just isn't compatible with even the most basic "you are out of date" notification.

    Sorry, I don't believe it. At least one of the quoted statements must be false.

  15. Stuart Van Onselen

    @Kent Rebman: re:Balderdash

    Quoth Kent: "MS is too stupid to correctly apply principles of backward compatibility in their development and maintenance processes"

    Ya think? :-)

    This has been a complaint against MS for, literally, decades. Either they hobble their new systems by clumsily implementing backward-compatibility, or they break backward compatibility completely. They never get the balance right.

    So yes, they *are* that stupid!

    Of course, they are *also* that slimey that they will deliberately fiddle with your machine, without your knowledge, purely for their own ends.

  16. Anonymous Coward
    Anonymous Coward

    Read it!

    Excerpt from XP SP2 Professional EULA

    2. AUTOMATIC INTERNET-BASED SERVICES. The Software features described below are enabled by default to connect via the Internet to Microsoft computer systems automatically, without separate notice to you. You consent to the operation of these features, unless you choose to switch them off or not use them. Microsoft does not obtain personal information through any of these features. For more information about these features, please see your Software documentation, the Microsoft online support site, or the privacy statement at

  17. adnim

    Open book

    So m$ can update components of your machine without permission, silently, steathily. I would hazard a guess that the reading or transfer of data from any file on your PC to m$ is also possible silently and stealthily.

    For those of you who still trust m$, or indeed any large multi-national corporation, . Wake the fugg up! You are a consumer, a source of income and nothing more.

  18. Gavin Berry

    Re:Regardless what its purpose is..

    Do you really think the windows update system can be hacked?

    This update does not open it up to hackers, you clearly have no clue how it works.

    Just to be clear, "Hackers cannot use the Windows update system"

    If they could it would have happened a long long time ago.

  19. Simon Parmenter


    Is the placement of any files on your computer property without your knowledge breaking any UK law?

    If so, then why has not any person taken them to court?

    If so, then why have not any of our elected representatives taken action?

    If not, then we must have a law that unambiguously requires that any commercial software must come with accessible documentation that describes any communication, and the reason for it, with any device external to the computer that the software is installed on and that the user has the option to stop said communication.

  20. Anonymous Coward
    Anonymous Coward

    The EULA is not valid, they installed Malware

    "It is clearly stated in the EULA (or an addendum to the EULA) that Microsoft can and will make changes to Windows whenever they find necessary."

    The EULA is an after-sale contract. I do not accept that when I buy a computer I am buying a 'license' with terms to be disclosed at a future time constitutes a contract. The purchase is not the same as buying a service delivered in future, such as buying an airline ticket, or buying a cruise ticket. I am buying a product that I take home immediately, there is no future 'service' aspect and no reason for any additional terms to be disclosed at a future date.

    If a court should ever decide that MS EULAs *are* contracts, then I do not accept that I agreed to the EULA. Clicking 'I Accept' does not indicate my acceptance of those terms, I am exercising my rights under the unfair contracts act, to ignore unfair terms in contracts that are not individually negotiated. Microsoft's EULA is not individually negotiated with their customers and hence subject to this law that permits people to ignore the unfair terms.

    I told it not to auto update my machine, Microsoft has deliberately ignored my choice and installed software, no different to any other malware installer. It did not have my permission, there was a clear refusal there. How come I should accept such an action from them?

    As for *requiring* it to be updated to permit future updates, that is false. Any future update could simply be provided as a download link to a web browser. That does not require auto update to be upgraded.

    I think this is part of their 'black screen of death' story, where they plan on turning off machines that WGA thinks are not genuine Windows licensed machines. That is why I think they forced this malware on people.;1029262671

    They claimed after this received negative press, that it was a hoax and they had not rolled out any such upgrade. We now find that this is false and they have rolled out a forced upgrade.

    In other words I think they installed malware intended to attack your machine at their discretion at a future time.

    To me the first machine they turn off that is falsely disabled should result in a criminal prosecution, no different than if any other malware company had installed software to attack your machine. It is no different.

  21. Joe

    less of the senseless MS bashing please

    If the Automatic Updates service is switched off, or configured never to check for updates then it won't. The issue here is the paranoid crowd flying off the handle because the Automatic Updates service silently updates itself (and nothing else) without user interaction. Am I the only one who thinks that people are grossly overreacting? Let's be honest, if the auto-update service prompted you that it needed to be updated before you could check for other updates it'd just serve as another barrier to people keeping their computers updated, and consequently we'd have even more vulnerable computers ready to start accepting commands from botnet controllers.

    I'm hardly a big fan of their business practices but they're damned if they do and damned if they don't here. Either the generic home user turns off "all those annoying update options" because they don't understand what it's doing, or the DON'T TOUCH MY COMPUTER!!!!11111 crowd go mental.

  22. Anonymous Coward
    Anonymous Coward

    EULA - worthless?

    I've often wondered if the EULA is actually enforceable in a company. Its the case that very few people in a company, particularly large organisations, have the right to sign a contract on behalf of that company.

    Therefore it can't be enforceable?

    Has this ever been tested?

  23. Richard Dawson

    Not a push mechanism

    Just a minor point, but I don't think that these updates are 'injected' onto your PC. I thought that Windows Update made a request to an MS server, which would then supply the updates. So it doesn't provide a loophole to hackers.

    Well, assuming that it's not riddled with bugs anyway.

  24. Anonymous Coward
    Anonymous Coward


    Perhaps the EULA should be tried in court, it would be interesting, as on the one hand you have what a country defines as virus creation and hacking, and then you have on the other a company saying we reserve teh right to hack your system.

    It would be interesting to see how the EULA stands up in many countries. My major concern with EULA is that they "never" get read, they are in a language your average user dsont understand, and you dont get a chance to negotiate the contract.

    Take it to court, see what happens.

    Now do I chose a nice iMac or do i go linux.....hmmmm

  25. Andy Enderby

    @ Ken Hagan

    >>so all those who turned it off are now permanently cut off from WU, but they will never actually discover this because the older version of the software just isn't compatible with even the most basic "you are out of date" notification.<<

    You're not the only calling BS here Ken. If the above case were true then anything sat on a shelf in your local PC vendor would be cut off from WU. That's not the case however.

    MS == BS on this one.

  26. Anonymous Coward
    Anonymous Coward

    The forth option updates as well...

    I have a Vista installation with Windows Update switch off completely and I've just checked it... WU has updated itself.

    If I could get (when I can get?) certain software running under my other OS installation (the superior one) I'd dump M$ and their 'get-out clauses', sorry I mean their EULA.

  27. This post has been deleted by its author

  28. JeffyPooh

    Explains those unexplained delays on dial-up

    Due to geographical constraints, I access the Internet via 33kbps dial-up.

    Because of this limitation, I have set everything to not access the Internet automatically because it is annoying to click on something and then have to wait 3 minutes because (for example) Norton decides that now would be a good time to automatically check for updates.

    Honestly, it is almost a full time job to make sure that all these STUPID programs remain set to stay off my connection until I manually tell them to. Every time a Norton software update comes along, it tries to default back to being annoying.

    Now those dim-witted twits at Microsoft have been outed. They're plugging up my Internet connection just when THEY think it is a good opportunity; instead of waiting for me to click the button just before I wander off to have supper. This in spite of the settings.

    Listen here you stupid-programmers-of-the-world - not everyone has a high speed connection. Even some high speed connections are not very fast. You must keep your programs off my Internet connection NO MATTER WHAT unless I click on the damn button if I have set up your stupid program that way.

    In fact, it would be nice if your stupid little software could distinguish the speed of the connection (hint: dial-up is not fast) and automatically configure itself to stay off dial-up connections unless explicitly clicked.

    Privacy and all that is important, but a more practical issue is to stay the hell of my thin and slow dial-up Internet connection until *I* decide it is the right time.

    Programmers that fail to take this into account are STUPID STUPID STUPID.

    I'm talking about *YOU* Norton and Microsoft.

    Not to mention MS-Vista software on my new laptop (like IE) crashing (!) because the Internet connection went open circuit somewhere along the line. STUPID.

  29. Rabbi


    From what your article said, these "stealth" updates only occur if Automatic Updates is turned on in some form.

    Even though AU may be set only to notify you of available updates, it is still turned on - and it is updating itself to work better. If AU is off and you visit Windows Update, this process is far more obvious - you have to install an update to WU before you can check for Windows Updates.

    Microsoft's only fault here IS lack of transparency. When you turn on AU, it should be made clear to you that AU may update itself regardless of whether other updates run automatically. Either that, or it should ask the user explicitly before updating itself. They've created enough trouble already with things like WGAN - they REALLY should know better by now!

    Nowadays, few people can be unaware of Automatic Updates. You KNOW it connects to Microsoft and downloads data. Far from complaining that this is virus-like activity, you should be grateful - if hackers found a way to compromise AU, this automatic updating is excatly the way Microsoft would try to close the hole.

    @Ken Hagan

    Nobody is "cut off" from WU. If you turn on AU, it will update itself to the latest version, then you can get updates. If you visit the Windows/Microsoft update site, you will be asked to update the software, then you can scan for updates.

  30. Ash

    Agree with John Doe

    It's not like a car manufacturer tinkering with your car when you've locked it, it's like the salesman saying "You don't actually own the car, you are licensed to use it. We can come to your house and tinker with your car when we want. We don't have to notify you beforehand, or ask permission." before you buy it, and then whinging impotently, toys-out-of-pram style, when they do just that.

    If you don't like it, get another OS.

  31. Pascal Monett Silver badge

    "ensure that Windows Update will behave in dependable manner in the future"

    Read : "ensure that we will retain access to your PC whatever you do".

    Nothing new under the sun, folks. As has been exhaustively pointed out above, MS has a perfect (ahem) track record as far as respecting the consumer is concerned.

    What is more insidious is that this "you are now mine" mentality has been taken up across the board.

    Once upon a time, when you installed a new application, it would quietly go to its own little folder and sit there innocently, not bothering anything else. Nowadays, there is no longer any application from any street vendor that does that. No, these days they impose upon you to let them write whatever they want in the Windows directory (and they write, by God do they write !), they muck up that joke of a database called the Registry six ways from Sunday, and then they have to gall to make you click on a pseudo-legal agreement that they can change whenever they want without your consent, agreement by which you acknowledge that whatever they did to muck up your computer, you cannot hold them responsible.

    A hundred years ago, if a vendor had tried to do that, the people would have taken him to the nearest tree with a length of rope and left him hanging.

    Nowadays ? Well, we can't let the terrorists win, can we ? Bend over then, have some more. And don't forget to pay on your way out.

  32. Anonymous Coward
    Anonymous Coward

    Only yourself to blame

    Anyone who lets their Windowbox connect to the net gets what they deserve.

  33. Claire Rand


    firewall, not an MS one, blocking the connections?

    seems basic common sense with a windows machine

  34. John Benson

    It didn't happen and we promise never to do it again...

    'Nuff said.

  35. This post has been deleted by its author

  36. James

    Surprise surprise.....

    I think the sooner vendors go to open source the better - I also wish Apple would relax a little to allow users to adopt their OS as there are a lot of clause all aimed at invalidating the warranty which to be quite frank put me off it.

    For the past few years Microsoft have blatantly been marketing orientated and for some strange reason the powers that be overlook Microsofts data collection policies.

    I installed Veritas onto a server once in which part of the server install was the .Net 2.0 framework - the router crashed during the install (which I didn't think was required anyway for a local install) - an error message flagged advising the connection to a URL had been dropped (something like -

    On querying this with Symantec (Who were seemingly as shocked as myself) it turned out Microsoft had taken the liberty of allowing each install to register itself. I did query the contents of data which was logged but alas I am still awaiting the information Microsoft said they would supply.

    I must how ever point out another 'Big Guy' for who this is common practice is Sky TV - they also routinely collect personal data on viewing - although they advise they do not track where they get viewing stats from which to me defeats the purpose if you don't track where it comes from to allow corelation.

  37. George Johnson

    Please explain to my CEO why the company is going down

    So Mr MS you have deliberatly installed stuff without my consent, so when my main business critical servers go belly up and the apps start failing, please can you explain to my CEO why we are crapping out money at a rate that would rival a Posh Spice shopping spree!

  38. Mike


    I think the portion of the EULA that applies here is this one.

    2. AUTOMATIC INTERNET-BASED SERVICES. The Software features described below are enabled by default to connect via the Internet to Microsoft computer systems automatically, without separate notice to you. You consent to the operation of these features, UNLESS YOU CHOOSE TO SWITCH THEM OFF OR NOT USE THEM (my caps). Microsoft does not obtain personal information through any of these features.

    Seems to me that by selecting "let me choose when to install them" or "notify me but don't automatically download or install them" in automatic updates you are effectively telling Microsoft not to automatically install software and if they go ahead and do it anyway then they committed a trespass.

  39. Justin Stone


    "It is clearly stated in the EULA (or an addendum to the EULA) that Microsoft can and will make changes to Windows whenever they find necessary."

    Laws over ride EULAs. Besides, just because the EULA says they're allowed to modify Windows at any time doesn't mean it allows them to break Local Law to do it. It's like buying a clock off a clock maker and you agreeing to allow him to add stuff to it later on. One night he breaks your window with a brick and does some updates, then leaves. ;)

  40. Danny

    You know what to do...

    This is just one of the many reason why 98SE was my last Windows. It's been said often enough and I fail to see why everyone is surprised when MS screws them, again.

    Get Linux. Be in control of your own destiny.

  41. Anonymous Coward
    Anonymous Coward

    Transparent? Windows?..

    ..that'll be the day.

  42. Anonymous Coward
    Anonymous Coward

    Third party firewall

    Time to configure a third party firewall to block all traffic to/from MS, and to alert you when an attempt is made.

  43. Mark Broadhurst

    Read the inital blog

    Geez you MS haters love jumping on the band wagon.

    it says in the blog that Windows update updates its self and he had updates on "Download and dont install" nothing was updated appart from windows update files. it cant download new files with out knowing whats out there.

    its like trying to get a file off a server you have no idea where it is and you cant list it.

  44. Ross


    A few points about the EULA argument.

    1. You mean the "agreement" that pops up when you install Windows? The one I never saw or agreed to because I bought the box with Windows on it? Not sure if XP/Vista require you to agree on your first login but my install certainly didn't.

    2. The fact that Kazaas EULA told everyone that installed it that it contained spyware didn;t do them much good.

    3. As has been pointed out EULAs are of dubious value in law - you can't read it until you've removed the shrink wrap, at which point you can't return the item for a refund unless it is faulty. I don't think the courts will look too kindly at that catch-22 if you don't agree with the contents of the EULA.

    4. Giving permission for someone to access your computer involves *knowing* you gave permission. For example, if I open a public FTP server with a directory that people can download some of my files from I give permission for *everyone* to access that bit pf my computer. If however I buy a PC with Windows installed and it already has open shares and some nerfarious type accesses my PC using them I *haven't* given permission as I am oblivious to it and so a crime takes place.

    Given the complexity of the EULA and the fact that some users may never have even been given the opportunity to see it (see #1) it isn't a given that the courts will accept that you *should* reasonably be expected to know what permission you have allegedly given.

    5. The EULA isn't a contract. To be a legally binding contract you need 3 things - offer, acceptance and consideration (basically something of value that passes between the 2 parties). MS can argue that the EULA is an offer and clicking accept, yes, agree, whatever consitutes acceptance, but as you never give anything to MS (you pay the shop for your copy of Windows not MS) there is no consideration so no contract.

    Bringing it all back to the article, MS are on extremely fragile ground here by not giving you the opportunity to refuse the changes. Of course nothing will be done about it other than them being told not to do it again, but they have committed a prima facie criminal offence in many countries. In the USA I presume it would be a Federal offence given that they "crossed state lines" (wow, I feel like a gangsta rapper saying that)

  45. Anonymous Coward
    Anonymous Coward

    Easy solution

    If you're running Windows, always have Automatic Updates completely off, and use a good (i.e. third party) firewall and AV to protect you in the absence of patches that might be applied by Windows Update.

    Been doing it for years, haven't been hit yet. Among my machines are one running Win2KProSP4 with no updates applied, and another running WinXPProSP1, again never updated.

    Of course this could prevent you running IE7 or the latest WMP, but who wants those when Firefox and DivX Player are available?

  46. Dave

    Why should we care

    we don't even own the copy Windows on our PeeCees

  47. Jon Thompson

    Re: EULA comments

    Correct me if I'm wrong, but doesn't the law of the land override any contractual obligations, regardless of whether that contract claims you've signed away certain rights.

    And anyway, stealth injections without your knowledge are still an unauthorised access - you haven't given your express permission for those files to be installed or executed on your machine.

  48. BitTwister

    @D. Suse

    Very nicely put, my friend.

  49. Anonymous Coward
    Anonymous Coward

    @Read the EULA before you click....

    I'm curious. In order to update Windows MS has to go through my hardware (modem, NIC card, CPU, Etc). Could turning off automatic updates be used as implied denial of access to my hardware? In short MS trespassed on my property without my knowledge to get to their software.

    If I manually start the update process I could see them doing a hidden update and getting away with it legally as it can be implied that I gave them permission. If they had put up a window that requires me to agree to an update is also permission to access my hardware. Doing it behind the users back cannot be legal no matter what rights they may have to 'their' software.

    So, does the EULA say that they also own my hardware?

    Careful everyone, one of these days they are going to stick a line in there that says 'By agreeing to the EULA all property that you own is hereby transferred to our ownership. Please vacate the premises within 30 days.'

  50. Ken Hagan Gold badge

    Re: Over-reaction (@Rabbi)

    You say nobody is cut-off from WU. That's nice, and Andy Enderby kindly points out an obvious reason why this has to be true. My point is simply that the MS chap made three specific claims to get MS off the hook, and one of those is that they had to foist this update on everyone without asking because WU itself couldn't "pull" it the next time the user gave explicit permission.

    Unless I write my own (or grovel over the sources), I have to trust whoever wrote my OS. That trust is undermined if people make false statements when cornered.

  51. Anonymous Coward
    Anonymous Coward

    ProCD vs Zeidenberg

    First of all, EULAs are untested and likely invalid in the UK. UK has good protection from these after sale contracts.

    In the US, the pro EULA lobby like to point to ProCD vs Zeidenberg, but they ignore the key points the judge makes.

    So before anyone claims it, let me explain why I think that case is not applicable more widely.

    ProCD isn't typical because Zeidenberg made a business around selling a website that resold ProCDs database. (People would use the website, which would query the software and return the information to them). He also bought several versions of the ProCD software as newer versions came out.

    So he could reasonably be assumed to have read, understood and even pre-investigated the license, the appeal judge makes such an assumption, that he read and understood the license.

    If you bought a piece of software, there are 2 possible sets of terms that apply. The normal 'merchantability/fit for purpose' terms that are assumed in a normal purchase, and the EULA terms which is what the vendors claims are the terms.

    Zeidenberg did not use his software according to any terms a reasonable person would assume from the purchase. He built a web site reselling the use of the contents of the package, so this is a special case.

    The main thrust of UCC stands, EULAs are not valid.

    The judge also confirmed this "the American Law Institute and the National Conference of Commissioners on Uniform Laws have conceded the invalidity of shrink- wrap licenses under current law, see 908 F. Supp. at 655- 66"

    He then goes on to make it clear that this decision is a norrow refinement to clear up an ambiguous case.

    "To propose a change in a law's text is not necessarily to propose a change in the law's effect....New words may be designed to fortify the current rule with a more precise text that curtails uncertainty."

    'Fortify' rather than reverse, 'uncertainty' means this was an ambiguous area, 'more precise', i.e. narrow.

  52. Andy S

    not just me that thinks this is it?

    But, if i disable automatic updates, my pc shouldn't even know there are any updates to get. Windows shouldn't be initiating a connection to Microsoft Update unless i explicitly tell it to.

  53. Sean Thompson

    firewall software

    3rd party firewall software will do very little to stop MSWin from connecting to the internet if it is installed on top of MSWin. A hardware or OS Virtualization solution would need to be used to effectively keep the OS communication under control.

  54. Anonymous Coward
    Anonymous Coward

    Yet more proof that many Linux users haven't a freaking clue about how computers work

    If you're running a service that reaches out to a website and downloads an update, the update has not been "injected" into your system.

    If you don't want Windows Update to update itself, turn it off.

  55. Anonymous Coward
    Anonymous Coward

    The EULA...

    Sorry guys, the EUA is valid until a court has decided that it is either invalid or illegal.

  56. Morely Dotes

    Lies? Or incompetence?

    "Had we failed to update the service automatically, users would not have been able to successfully check for updates and, in turn, users would not have had updates installed automatically or received expected notifications," the product manager, Nate Clinton, wrote. "That result would not only fail to meet customer expectations but even worse, that result would lead users to believe that they were secure even though there was no installation and/or notification of upgrades."


    In Linux, I can either run Synaptic, or go to the command prompt and enter:

    apt-get update

    to get the latest list of updates from the Internet repository. I can add or remove repositories at a whim, using a simple text editor.

    So Microsoft is claiming either that they are too incompetent to write a simple script, or an ActiveX application, to update Windows Updater *on demand* byt the user, or they are simply lying to cover up the fact that they have committed *MILLIONS* of illegal computer accesses all ocer the wordl - probably orders of magnitude more such illegal accesses than all virus writers combined, ever, in the history of the PC.

    My bet would be on the lying and illegal access.

  57. Anonymous Coward
    Anonymous Coward

    Reverse the changes?

    Has anyone tried restoring the older versions of the DLL's and retrying WU?

  58. Anonymous

    HIPAA problem

    Seems to me that anyone with a HIPAA-compliant computer has a serious problem here, since the updates are being made outside of their control

  59. 0D0A

    Not Surprised

    It is not the broken code, lazy programming practices, or the phenomenal number of exploits that everyone is getting excited about. It is the attitude of a BIG corporation flaunting its wealth and sneering at its end users for paying top dollar for a poorly written operating system.

    It just happened that a point and click interface was just what a suitably numbed workforce needed. And since they were in a hurry to get it to market...

    After they realized all of the holes in their code and the amount of work required to fix it...

    Data mining and AV were born. Two more lucrative industries that bright-but-too-busy end users could subsidize.

    The reason why linux and open source hasn't taken over is because people really do need to make a living. Maybe they could live with less, but who would do that willingly? And certainly not if they have a family to provide for.

    Now, if the world, collectively, more or less, stopped and asked themselves: "Why are we making all of these widgets and who exactly is benefitting from them?"

    The answer to that question might provide some progress as a civilization because if you weren't born in the back seat of a Rolls Royce then you will probably never own one.

    Since M$ has clearly overstepped their legal rights, why not file a class action lawsuit? Count me in.

  60. Emo


    So is this how the worldwide deployment of Vista will begin?

    Slowly slowly updating XP until you suddenly realise your on booting Vista haha!!

  61. Anonymous Coward
    Anonymous Coward

    OMG.... get real...

    Personally I think most of the comments are pathetic.

    First of all, you don’t own Windows, you don’t own any of the files, you are LICENCED to use it. Nothing more nothing less….

    Second the EULA that comes with SP2… you are given the option to accept the terms that they can modify or alter any of the files MICROSOFT own, the ones they let you use. If you don’t want to accept the terms, you don’t have to. But equally, Microsoft does not have to let you use the service pack if you don’t accept. The terms are not unreasonable, so they have nothing to do with the unfair contracts laws.

    Third... If you have installed SP2 or WMP9 you already have agreed to let Microsoft alter or change any of the files they own. They have already notified you, you have already given permission. So they have broken no laws. Bitching about it later is no good.

    The only leg you have to stand on is if its legal for them to attach additional terms, for updates to fix problems that were there when you bought the license for Windows. Although I think you still will not have a leg to stand on, as most fixes are to patch security holes. I can’t see how Microsoft can be held liable for some third party code which compromises your OS…

  62. George Williams


    I've just found this old thread, written a few few hours before Skynet goes online on Judgement Day.

    It probably warrants further investigation, it may hold a pointer to one of the early causes of the rise of the machines.


    Luitenant George, TechCom, 2020

  63. Anteaus

    Automatic Updates - a two-edged sword in any case.

    On networked computers (with other means of applying updates) I tend to stop the updater service itself, and I imagine this would prevent any behind-the-scenes activity.

    Automatic updates are in any case a two-edged sword; While they may patch vulnerabilities, they also 'condition' users into saying 'Yes' to any popups the computer produces. That in itself is a security problem, as update-prompts can be spoofed by malicious websites as a means of getting Trojans onto the computer. . If the user understands that the computer should NOT normally produce such popups, then security is greatly enhanced.

    Another point, what would you say If you invited me into your house, and I promptly picked-up a phone I spotted lying-around, and dialled my friend in Beijing while you weren't looking? Would you conside that ethical, or dishonest? Yet, the same questions of ethics apply to any software which 'Phones Home' without permission. The 'call' might be free, but it might also be an Inmarsat link at seven pounds a megabyte. If the latter, then the software-writer is stealing.

  64. Chris

    Signing rights away

    At least in the UK you cannot sign your rights away, and can void contracts (i remember this very clearly from my courses about contract law), so technically speaking you can agree with the EULA, then complain like a mofo about them intruding into your system.

    Shame that most UK residents don't know this.

This topic is closed for new posts.

Other stories you might like