±Recent Visitors

Recent Visitors to Com-Central!

±User Info-big


Welcome Anonymous

Nickname
Password

Membership:
Latest: cgsimpson
New Today: 0
New Yesterday: 0
Overall: 6646

People Online:
Members: 0
Visitors: 112
Total: 112
Who Is Where:
 Visitors:
01: News Archive
02: Community Forums
03: Community Forums
04: Photo Gallery
05: Photo Gallery
06: Photo Gallery
07: CPGlang
08: Community Forums
09: Community Forums
10: CPGlang
11: Community Forums
12: Community Forums
13: Home
14: CPGlang
15: Home
16: Community Forums
17: Home
18: Community Forums
19: Community Forums
20: Community Forums
21: Community Forums
22: Community Forums
23: Member Screenshots
24: Photo Gallery
25: Community Forums
26: Community Forums
27: Photo Gallery
28: Photo Gallery
29: Home
30: CPGlang
31: Community Forums
32: Community Forums
33: Community Forums
34: CPGlang
35: Photo Gallery
36: CPGlang
37: Community Forums
38: Community Forums
39: Home
40: Home
41: Community Forums
42: Community Forums
43: Community Forums
44: Photo Gallery
45: Home
46: Statistics
47: Community Forums
48: Community Forums
49: Home
50: Community Forums
51: Community Forums
52: Home
53: CPGlang
54: Home
55: Community Forums
56: Photo Gallery
57: Community Forums
58: CPGlang
59: Home
60: CPGlang
61: Home
62: Community Forums
63: Home
64: Community Forums
65: Photo Gallery
66: Community Forums
67: Community Forums
68: Community Forums
69: Community Forums
70: Home
71: Home
72: CPGlang
73: Community Forums
74: Community Forums
75: Member Screenshots
76: Community Forums
77: Photo Gallery
78: Photo Gallery
79: CPGlang
80: Home
81: CPGlang
82: Photo Gallery
83: Community Forums
84: Community Forums
85: Community Forums
86: Community Forums
87: Home
88: Community Forums
89: Community Forums
90: Community Forums
91: Your Account
92: Statistics
93: Community Forums
94: Community Forums
95: Community Forums
96: Photo Gallery
97: Home
98: Home
99: Community Forums
100: CPGlang
101: Home
102: Home
103: Community Forums
104: Photo Gallery
105: Community Forums
106: Community Forums
107: Photo Gallery
108: CPGlang
109: Home
110: Home
111: Community Forums
112: Photo Gallery

Staff Online:

No staff members are online!
Microsoft Changes files on your PC without permission :: Archived
A general meeting place for all pilots!
Post new topic    Revive this topic    Printer Friendly Page     Forum Index ›  Officer's Club

Topic Archived View previous topic :: View next topic  
Author Message
Uhu_Fledermaus
Aircraft Demolition Expert

Offline Offline
Joined: Nov 28, 2004
Posts: 4369
Location: Blaricum, The Netherlands ~GMT+1
PostPosted: Sat Sep 15, 2007 10:48 am
Post subject: Microsoft Changes files on your PC without permission

Microsoft updates Windows without users' consent

By Scott Dunn

Microsoft has begun patching files on Windows XP and Vista without users' knowledge, even when the users have turned off auto-updates.

Many companies require testing of patches before they are widely installed, and businesses in this situation are objecting to the stealth patching.


Files changed with no notice to users

In recent days, Windows Update (WU) started altering files on users' systems without displaying any dialog box to request permission. The only files that have been reportedly altered to date are nine small executables on XP and nine on Vista that are used by WU itself. Microsoft is patching these files silently, even if auto-updates have been disabled on a particular PC.

It's surprising that these files can be changed without the user's knowledge. The Automatic Updates dialog box in the Control Panel can be set to prevent updates from being installed automatically. However, with Microsoft's latest stealth move, updates to the WU executables seem to be installed regardless of the settings — without notifying users.

When users launch Windows Update, Microsoft's online service can check the version of its executables on the PC and update them if necessary. What's unusual is that people are reporting changes in these files although WU wasn't authorized to install anything.

This isn't the first time Microsoft has pushed updates out to users who prefer to test and install their updates manually. Not long ago, another Windows component, svchost.exe, was causing problems with Windows Update, as last reported on June 21 in the Windows Secrets Newsletter. In that case, however, the Windows Update site notified users that updated software had to be installed before the patching process could proceed. This time, such a notice never appears.

For users who elect not to have updates installed automatically, the issue of consent is crucial. Microsoft has apparently decided, however, that it doesn't need permission to patch Windows Updates files, even if you've set your preferences to require it.

Microsoft provides no tech information — yet

To make matters even stranger, a search on Microsoft's Web site reveals no information at all on the stealth updates. Let's say you wished to voluntarily download and install the new WU executable files when you were, for example, reinstalling a system. You'd be hard-pressed to find the updated files in order to download them. At this writing, you either get a stealth install or nothing.

A few Web forums have already started to discuss the updated files, which bear the version number 7.0.6000.381. The only explanation found at Microsoft's site comes from a user identified as Dean-Dean on a Microsoft Communities forum. In reply to a question, he states:

"Windows Update Software 7.0.6000.381 is an update to Windows Update itself. It is an update for both Windows XP and Windows Vista. Unless the update is installed, Windows Update won't work, at least in terms of searching for further updates. Normal use of Windows Update, in other words, is blocked until this update is installed."

Windows Secrets contributing editor Susan Bradley contacted Microsoft Partner Support about the update and received this short reply:


"7.0.6000.381 is a consumer only release that addresses some specific issues found after .374 was released. It will not be available via WSUS [Windows Server Update Services]. A standalone installer and the redist will be available soon, I will keep an eye on it and notify you when it is available."

Unfortunately, this reply does not explain why the stealth patching began with so little information provided to customers. Nor does it provide any details on the "specific issues" that the update supposedly addresses.

System logs confirm stealth installs

In his forum post, Dean-Dean names several files that are changed on XP and Vista. The patching process updates several Windows\System32 executables (with the extensions .exe, .dll, and .cpl) to version 7.0.6000.381, according to the post.

In Vista, the following files are updated:

1. wuapi.dll
2. wuapp.exe
3. wuauclt.exe
4. wuaueng.dll
5. wucltux.dll
6. wudriver.dll
7. wups.dll
8. wups2.dll
9. wuwebv.dll

In XP, the following files are updated:

1. cdm.dll
2. wuapi.dll
3. wuauclt.exe
4. wuaucpl.cpl
5. wuaueng.dll
6. wucltui.dll
7. wups.dll
8. wups2.dll
9. wuweb.dll

These files are by no means viruses, and Microsoft appears to have no malicious intent in patching them. However, writing files to a user's PC without notice (when auto-updating has been turned off) is behavior that's usually associated with hacker Web sites. The question being raised in discussion forums is, "Why is Microsoft operating in this way?"

How to check which version your PC has

If a system has been patched in the past few months, the nine executables in Windows\System32 will either show an earlier version number, 7.0.6000.374, or the stealth patch: 7.0.6000.381. (The version numbers can be seen by right-clicking a file and choosing Properties. In XP, click the Version tab and then select File Version. In Vista, click the Details tab.)

In addition, PCs that received the update will have new executables in subfolders named 7.0.6000.381 under the following folders:

c:\Windows\System32\SoftwareDistribution\Setup\ServiceStartup\wups.dll
c:\Windows\System32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll

Users can also verify whether patching occurred by checking Windows' Event Log:

Step 1. In XP, click Start, Run.

Step 2. Type eventvwr.msc and press Enter.

Step 3. In the tree pane on the left, select System.

Step 4. The right pane displays events and several details about them. Event types such as "Installation" are labeled in the Category column. "Windows Update Agent" is the event typically listed in the Source column for system patches.

On systems that were checked recently by Windows Secrets readers, the Event Log shows two installation events on Aug. 24. The files were stealth-updated in the early morning hours. (The time stamp will vary, of course, on machines that received the patch on other dates.)

To investigate further, you can open the Event Log's properties for each event. Normally, when a Windows update event occurs, the properties dialog box shows an associated KB number, enabling you to find more information at Microsoft's Web site. Mysteriously, no KB number is given for the WU updates that began in August. The description merely reads, "Installation Successful: Windows successfully installed the following update: Automatic Updates."

No need to roll back the updated files

Again, it's important to note that there's nothing harmful about the updated files themselves. There are no reports of software conflicts and no reason to remove the files (which WU apparently needs in order to access the latest patches). The only concern is the mechanism Microsoft is using to perform its patching, and how this mechanism might be used by the software giant in the future.

I'd like to thank reader Angus Scott-Fleming for his help in researching this topic. He recommends that advanced Windows users monitor changes to their systems' Registry settings via a free program by Olivier Lombart called Tiny Watcher. Scott-Fleming will receive a gift certificate for a book, CD, or DVD of his choice for sending in a comment we printed.

I'll report further on this story when I'm able to find more information on the policies and techniques behind Windows Update's silent patches. Send me your tips on this subject via the Windows Secrets contact page.

Scott Dunn is associate editor of the Windows Secrets Newsletter. He is also a contributing editor of PC World Magazine, where he has written a monthly column since 1992, and co-author of 101 Windows Tips & Tricks (Peachpit) with Jesse Berst and Charles Bermant.

source => windowssecrets.com/com...13/#story1

just tought to inform you all


fled
Back to top
View user's profile ICQ Number MSN Messenger Photo Gallery
Shades
Forum Tree-Rat

Offline Offline
Joined: Mar 07, 2005
Posts: 6457
Location: 3rd Branch up, 'Ye Olde Oak', Green Wood.
PostPosted: Sat Sep 15, 2007 1:23 pm
Post subject: Re: Microsoft Changes files on your PC without permission

Been watching this developing on BYO as well.
lolol
All the Linux guys have been like Cheshire Cats this week.
LOL

_________________
Skwerl's place.

Com-Central's cutest, fluffiest, twitchiest, tail.
CPU > Intel i9-9900k (o/c 4.9GHz); COOLING > BeQuiet! Dark Rock Pro 4;
MOBO > ASUS PRIME Z390-A; RAM > 2x32GB Corsair LPX 2666MHz;
GPU > Gigabyte GEFORCE GTX650Ti PCI-e 3.0 2Gb GDDR5;
AUDIO > Creative X-Fi Xtreme Music (plus - Universal Audio UAD2 Quad Custom accelerator);
HDD > 3x1TB+ M.2. SSDs; LCD > DELL - S2419HGF (1920x1080);
PSU > 650W be quiet Straight Power 11 - 80+ Gold;
CASE > BeQuiet! SILENT BASE 601; OS > Windows 10 Home Advanced (64-bit).
Back to top
View user's profile Visit poster's website ICQ Number
JG300-Stoopy
Power User

Offline Offline
Joined: Jan 05, 2005
Posts: 5840
Location: Group W bench
PostPosted: Sat Sep 15, 2007 1:34 pm
Post subject: Re: Microsoft Changes files on your PC without permission

Hey I was thinking of de-fraggin' my HD tonight but now that I think about it it would be COOL if they can just go ahead and do that bit of maintenance for me as well....

_________________
"Once your reputation is ruined, you can live quite freely."
Back to top
View user's profile Visit poster's website Photo Gallery
Uhu_Fledermaus
Aircraft Demolition Expert

Offline Offline
Joined: Nov 28, 2004
Posts: 4369
Location: Blaricum, The Netherlands ~GMT+1
PostPosted: Sat Sep 15, 2007 1:38 pm
Post subject: Re: Microsoft Changes files on your PC without permission

Just posted this to keep ya fella's updated, and your system in the same go as iut looks ..............alltough personally I don't think it's the right way to do by MS
Back to top
View user's profile ICQ Number MSN Messenger Photo Gallery
JG300-Stoopy
Power User

Offline Offline
Joined: Jan 05, 2005
Posts: 5840
Location: Group W bench
PostPosted: Sat Sep 15, 2007 1:41 pm
Post subject: Re: Microsoft Changes files on your PC without permission

Not defending this in the least...but thinking out loud, I'd say if it doesn't show up on the "Add/Remove Programs" list like other security patches, it would be a definite bad thing.....just in case someone had to troubleshoot a prgram or patch conflict and couldn't remove it to see if it's a cause of a problem.

_________________
"Once your reputation is ruined, you can live quite freely."
Back to top
View user's profile Visit poster's website Photo Gallery
HA_needacar
Power User

Offline Offline
Joined: Feb 13, 2005
Posts: 52
Location: Michigan
PostPosted: Sat Sep 15, 2007 8:47 pm
Post subject: Re: Microsoft Changes files on your PC without permission

Sony BMG got in trouble for this a while ago.....

_________________
Back to top
View user's profile AIM Address MSN Messenger
Shadow_Bshwackr
Janitor

Offline Offline
Joined: Jan 21, 2005
Posts: 6989
Location: Central Illinois, USA
PostPosted: Sun Sep 16, 2007 10:52 am
Post subject: Re: Microsoft Changes files on your PC without permission

- Shades
Been watching this developing on BYO as well.
lolol
All the Linux guys have been like Cheshire Cats this week.
LOL


I bet they are!...lol

I don't agree in no way shape or form to let anyone update any files without my permission. While MS updated with 'no harm' files, it's the principal of the situation that should be in the forefront of everyone's mind. How would you like it if the 'bank' moved funds of your's around because they thought 'it was needed and they didn't think you would mind' ?

Another reason to run Linux ( I use www.linuxmint.com ) for your everyday needs and run 'the other one' for Gaming... and yes, you CAN dual boot...lol Wink
Back to top
View user's profile Visit poster's website Photo Gallery
Shades
Forum Tree-Rat

Offline Offline
Joined: Mar 07, 2005
Posts: 6457
Location: 3rd Branch up, 'Ye Olde Oak', Green Wood.
PostPosted: Sun Sep 16, 2007 12:10 pm
Post subject: Re: Microsoft Changes files on your PC without permission

Totally agree with the general sentiment.
If I choose to disable auto-update it's for a reason, and I don't want anyone bypassing that without my knowledge and permission;
That's what we have hackers for.

_________________
Skwerl's place.

Com-Central's cutest, fluffiest, twitchiest, tail.
CPU > Intel i9-9900k (o/c 4.9GHz); COOLING > BeQuiet! Dark Rock Pro 4;
MOBO > ASUS PRIME Z390-A; RAM > 2x32GB Corsair LPX 2666MHz;
GPU > Gigabyte GEFORCE GTX650Ti PCI-e 3.0 2Gb GDDR5;
AUDIO > Creative X-Fi Xtreme Music (plus - Universal Audio UAD2 Quad Custom accelerator);
HDD > 3x1TB+ M.2. SSDs; LCD > DELL - S2419HGF (1920x1080);
PSU > 650W be quiet Straight Power 11 - 80+ Gold;
CASE > BeQuiet! SILENT BASE 601; OS > Windows 10 Home Advanced (64-bit).
Back to top
View user's profile Visit poster's website ICQ Number
Shadow_Banshee
Power User

Offline Offline
Joined: Feb 03, 2005
Posts: 575

PostPosted: Thu Sep 20, 2007 8:52 pm
Post subject: Re: Microsoft Changes files on your PC without permission

can we sue um? i'll accept a couple of k lol

_________________
Lay me place and bake me Pie
I'm starving for me Gravy
Back to top
View user's profile
Display posts from previous:   
Post new topic    Revive this topic    Printer Friendly Page    Forum Index ›  Officer's Club
Page 1 of 1
All times are GMT - 6 Hours

Archive Revive
Username:
This is an archived topic - your reply will not be appended here.
Instead, a new topic will be generated in the active forum.
The new topic will provide a reference link to this archived topic.