Nasty, with Nasty Implications, and a side order of Nasty
Let me see if I understand this:
Automatic Updates is *allegedly* under user control. There are 3 options.
i) Automatically Update the system with all the relevant new patches.
ii) Present the user with a list of the new relevant patches and allow the user to determine whether or not to apply them.
iii) The user has expressed a preference not to be notified of the existence of patches at all. They will either get the patches from another source (Company Update sites, Removable media, with the list of patches compiled by someone who vaguely knows what they are doing) or do without.
Now it turns out that choosing to be responsible for the configuration of your own hardware is not being honoured. There always exists the possibility that some fool in M$ could ( via action / inaction / malice / love / social engineering) allow an arbitrary package to be silently sent to any Intarweb connected Windows box.
Isn't this a Backdoor into the system? How secure is this backdoor? (Help! We are through the Looking Glass; I appear to be positing the existence of Secure Security Holes !?)
How easy would it be for someone to spoof a Mega Kritikal Update to dump the wacky world of Warez, Virii, Trojanuses, and other software Buckets of Sunshine [(c) Lewis Page 2007] straight onto my harddrive?
It would seem that the only way to secure your system from these buckets would be to break an allegedly disabled feature, by repairing it, and then manually repatch the system back to it's previous level.
Is that right? Is the above really a simplified and exaggerated version of what's happened, and its potential implications?
Does Windows Update go looking for new patches to Pull down, regardless of the AU settings, or were they Pushed onto the boxes? (Trying to figure how how this would be exploited.)
--------------------------------------------
Bonus Feature for the TinFoil Hatters - Pick your favourite:
THEY (You know who THEY are!) have had full control to your PC all along. And you never suspected a thing. And even if you did there's nothing you could have done about it. You're no better than those mindless meat-sack drones that we (uhh, you) call Sheeple!!! Run!! Hide!! It's all True!!
or
It's all a Giant Conspiracy to improve Vista Sales!!! It's now impossible to assume you have a secure XP installation!!!11!!one! To ensure security you must either: Go Linux, Mac, OtherOS, which is unlikely, cos you'd have done it already; or Buy Vista, which is safe from all this nastiness, thanks to it's updated security model.
or
Tehy blew it!!! A Brave Courageous Whistleblower revealed teh existence of tehir Top Secret Back door! Now we have evidence taht TEHY (see "THEY" - first option) have been secretly infesting our computers all along. Now we can fight back! Teh Revelation taht starts teh Revolution!!shift+one!!11!!!