±Recent Visitors

Recent Visitors to Com-Central!

±User Info-big


Welcome Anonymous

Nickname
Password

Membership:
Latest: cgsimpson
New Today: 0
New Yesterday: 0
Overall: 6646

People Online:
Members: 0
Visitors: 143
Total: 143
Who Is Where:
 Visitors:
01: Home
02: CPGlang
03: Community Forums
04: Community Forums
05: CPGlang
06: Home
07: Community Forums
08: Community Forums
09: Home
10: Community Forums
11: Community Forums
12: Home
13: Community Forums
14: Home
15: Community Forums
16: Home
17: CPGlang
18: Community Forums
19: Community Forums
20: Home
21: Home
22: Your Account
23: Community Forums
24: Home
25: Home
26: Community Forums
27: Community Forums
28: Photo Gallery
29: CPGlang
30: Photo Gallery
31: Home
32: Community Forums
33: Community Forums
34: Home
35: Home
36: Community Forums
37: Community Forums
38: Home
39: Community Forums
40: CPGlang
41: Community Forums
42: Community Forums
43: Community Forums
44: Community Forums
45: Community Forums
46: CPGlang
47: Home
48: Community Forums
49: CPGlang
50: Community Forums
51: Your Account
52: Home
53: Community Forums
54: Community Forums
55: CPGlang
56: Home
57: Community Forums
58: Community Forums
59: Community Forums
60: Downloads
61: Home
62: Home
63: CPGlang
64: Community Forums
65: CPGlang
66: Community Forums
67: Home
68: Community Forums
69: Home
70: Photo Gallery
71: Home
72: Community Forums
73: CPGlang
74: Home
75: Community Forums
76: Community Forums
77: Your Account
78: CPGlang
79: Community Forums
80: Home
81: Home
82: CPGlang
83: Community Forums
84: Home
85: Community Forums
86: Community Forums
87: Home
88: Home
89: CPGlang
90: Home
91: Home
92: CPGlang
93: Home
94: Community Forums
95: Community Forums
96: CPGlang
97: Home
98: Community Forums
99: Community Forums
100: Community Forums
101: CPGlang
102: Community Forums
103: Community Forums
104: Community Forums
105: Member Screenshots
106: Community Forums
107: Home
108: Community Forums
109: Photo Gallery
110: Community Forums
111: Community Forums
112: Home
113: Community Forums
114: Community Forums
115: Community Forums
116: Community Forums
117: Home
118: Home
119: Community Forums
120: Community Forums
121: Community Forums
122: Home
123: Community Forums
124: Home
125: CPGlang
126: Community Forums
127: CPGlang
128: Photo Gallery
129: Community Forums
130: Home
131: Home
132: Community Forums
133: Community Forums
134: CPGlang
135: Your Account
136: Your Account
137: Community Forums
138: Community Forums
139: Community Forums
140: Home
141: CPGlang
142: Community Forums
143: Home

Staff Online:

No staff members are online!
Microsoft Changes files on your PC without permission :: Archived
A general meeting place for all pilots!
Post new topic    Revive this topic    Printer Friendly Page     Forum Index ›  Officer's Club

Topic Archived View previous topic :: View next topic  
Author Message
Uhu_Fledermaus
Aircraft Demolition Expert

Offline Offline
Joined: Nov 28, 2004
Posts: 4369
Location: Blaricum, The Netherlands ~GMT+1
PostPosted: Sat Sep 15, 2007 10:48 am
Post subject: Microsoft Changes files on your PC without permission

Microsoft updates Windows without users' consent

By Scott Dunn

Microsoft has begun patching files on Windows XP and Vista without users' knowledge, even when the users have turned off auto-updates.

Many companies require testing of patches before they are widely installed, and businesses in this situation are objecting to the stealth patching.


Files changed with no notice to users

In recent days, Windows Update (WU) started altering files on users' systems without displaying any dialog box to request permission. The only files that have been reportedly altered to date are nine small executables on XP and nine on Vista that are used by WU itself. Microsoft is patching these files silently, even if auto-updates have been disabled on a particular PC.

It's surprising that these files can be changed without the user's knowledge. The Automatic Updates dialog box in the Control Panel can be set to prevent updates from being installed automatically. However, with Microsoft's latest stealth move, updates to the WU executables seem to be installed regardless of the settings — without notifying users.

When users launch Windows Update, Microsoft's online service can check the version of its executables on the PC and update them if necessary. What's unusual is that people are reporting changes in these files although WU wasn't authorized to install anything.

This isn't the first time Microsoft has pushed updates out to users who prefer to test and install their updates manually. Not long ago, another Windows component, svchost.exe, was causing problems with Windows Update, as last reported on June 21 in the Windows Secrets Newsletter. In that case, however, the Windows Update site notified users that updated software had to be installed before the patching process could proceed. This time, such a notice never appears.

For users who elect not to have updates installed automatically, the issue of consent is crucial. Microsoft has apparently decided, however, that it doesn't need permission to patch Windows Updates files, even if you've set your preferences to require it.

Microsoft provides no tech information — yet

To make matters even stranger, a search on Microsoft's Web site reveals no information at all on the stealth updates. Let's say you wished to voluntarily download and install the new WU executable files when you were, for example, reinstalling a system. You'd be hard-pressed to find the updated files in order to download them. At this writing, you either get a stealth install or nothing.

A few Web forums have already started to discuss the updated files, which bear the version number 7.0.6000.381. The only explanation found at Microsoft's site comes from a user identified as Dean-Dean on a Microsoft Communities forum. In reply to a question, he states:

"Windows Update Software 7.0.6000.381 is an update to Windows Update itself. It is an update for both Windows XP and Windows Vista. Unless the update is installed, Windows Update won't work, at least in terms of searching for further updates. Normal use of Windows Update, in other words, is blocked until this update is installed."

Windows Secrets contributing editor Susan Bradley contacted Microsoft Partner Support about the update and received this short reply:


"7.0.6000.381 is a consumer only release that addresses some specific issues found after .374 was released. It will not be available via WSUS [Windows Server Update Services]. A standalone installer and the redist will be available soon, I will keep an eye on it and notify you when it is available."

Unfortunately, this reply does not explain why the stealth patching began with so little information provided to customers. Nor does it provide any details on the "specific issues" that the update supposedly addresses.

System logs confirm stealth installs

In his forum post, Dean-Dean names several files that are changed on XP and Vista. The patching process updates several Windows\System32 executables (with the extensions .exe, .dll, and .cpl) to version 7.0.6000.381, according to the post.

In Vista, the following files are updated:

1. wuapi.dll
2. wuapp.exe
3. wuauclt.exe
4. wuaueng.dll
5. wucltux.dll
6. wudriver.dll
7. wups.dll
8. wups2.dll
9. wuwebv.dll

In XP, the following files are updated:

1. cdm.dll
2. wuapi.dll
3. wuauclt.exe
4. wuaucpl.cpl
5. wuaueng.dll
6. wucltui.dll
7. wups.dll
8. wups2.dll
9. wuweb.dll

These files are by no means viruses, and Microsoft appears to have no malicious intent in patching them. However, writing files to a user's PC without notice (when auto-updating has been turned off) is behavior that's usually associated with hacker Web sites. The question being raised in discussion forums is, "Why is Microsoft operating in this way?"

How to check which version your PC has

If a system has been patched in the past few months, the nine executables in Windows\System32 will either show an earlier version number, 7.0.6000.374, or the stealth patch: 7.0.6000.381. (The version numbers can be seen by right-clicking a file and choosing Properties. In XP, click the Version tab and then select File Version. In Vista, click the Details tab.)

In addition, PCs that received the update will have new executables in subfolders named 7.0.6000.381 under the following folders:

c:\Windows\System32\SoftwareDistribution\Setup\ServiceStartup\wups.dll
c:\Windows\System32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll

Users can also verify whether patching occurred by checking Windows' Event Log:

Step 1. In XP, click Start, Run.

Step 2. Type eventvwr.msc and press Enter.

Step 3. In the tree pane on the left, select System.

Step 4. The right pane displays events and several details about them. Event types such as "Installation" are labeled in the Category column. "Windows Update Agent" is the event typically listed in the Source column for system patches.

On systems that were checked recently by Windows Secrets readers, the Event Log shows two installation events on Aug. 24. The files were stealth-updated in the early morning hours. (The time stamp will vary, of course, on machines that received the patch on other dates.)

To investigate further, you can open the Event Log's properties for each event. Normally, when a Windows update event occurs, the properties dialog box shows an associated KB number, enabling you to find more information at Microsoft's Web site. Mysteriously, no KB number is given for the WU updates that began in August. The description merely reads, "Installation Successful: Windows successfully installed the following update: Automatic Updates."

No need to roll back the updated files

Again, it's important to note that there's nothing harmful about the updated files themselves. There are no reports of software conflicts and no reason to remove the files (which WU apparently needs in order to access the latest patches). The only concern is the mechanism Microsoft is using to perform its patching, and how this mechanism might be used by the software giant in the future.

I'd like to thank reader Angus Scott-Fleming for his help in researching this topic. He recommends that advanced Windows users monitor changes to their systems' Registry settings via a free program by Olivier Lombart called Tiny Watcher. Scott-Fleming will receive a gift certificate for a book, CD, or DVD of his choice for sending in a comment we printed.

I'll report further on this story when I'm able to find more information on the policies and techniques behind Windows Update's silent patches. Send me your tips on this subject via the Windows Secrets contact page.

Scott Dunn is associate editor of the Windows Secrets Newsletter. He is also a contributing editor of PC World Magazine, where he has written a monthly column since 1992, and co-author of 101 Windows Tips & Tricks (Peachpit) with Jesse Berst and Charles Bermant.

source => windowssecrets.com/com...13/#story1

just tought to inform you all


fled
Back to top
View user's profile ICQ Number MSN Messenger Photo Gallery
Shades
Forum Tree-Rat

Offline Offline
Joined: Mar 07, 2005
Posts: 6457
Location: 3rd Branch up, 'Ye Olde Oak', Green Wood.
PostPosted: Sat Sep 15, 2007 1:23 pm
Post subject: Re: Microsoft Changes files on your PC without permission

Been watching this developing on BYO as well.
lolol
All the Linux guys have been like Cheshire Cats this week.
LOL

_________________
Skwerl's place.

Com-Central's cutest, fluffiest, twitchiest, tail.
CPU > Intel i9-9900k (o/c 4.9GHz); COOLING > BeQuiet! Dark Rock Pro 4;
MOBO > ASUS PRIME Z390-A; RAM > 2x32GB Corsair LPX 2666MHz;
GPU > Gigabyte GEFORCE GTX650Ti PCI-e 3.0 2Gb GDDR5;
AUDIO > Creative X-Fi Xtreme Music (plus - Universal Audio UAD2 Quad Custom accelerator);
HDD > 3x1TB+ M.2. SSDs; LCD > DELL - S2419HGF (1920x1080);
PSU > 650W be quiet Straight Power 11 - 80+ Gold;
CASE > BeQuiet! SILENT BASE 601; OS > Windows 10 Home Advanced (64-bit).
Back to top
View user's profile Visit poster's website ICQ Number
JG300-Stoopy
Power User

Offline Offline
Joined: Jan 05, 2005
Posts: 5840
Location: Group W bench
PostPosted: Sat Sep 15, 2007 1:34 pm
Post subject: Re: Microsoft Changes files on your PC without permission

Hey I was thinking of de-fraggin' my HD tonight but now that I think about it it would be COOL if they can just go ahead and do that bit of maintenance for me as well....

_________________
"Once your reputation is ruined, you can live quite freely."
Back to top
View user's profile Visit poster's website Photo Gallery
Uhu_Fledermaus
Aircraft Demolition Expert

Offline Offline
Joined: Nov 28, 2004
Posts: 4369
Location: Blaricum, The Netherlands ~GMT+1
PostPosted: Sat Sep 15, 2007 1:38 pm
Post subject: Re: Microsoft Changes files on your PC without permission

Just posted this to keep ya fella's updated, and your system in the same go as iut looks ..............alltough personally I don't think it's the right way to do by MS
Back to top
View user's profile ICQ Number MSN Messenger Photo Gallery
JG300-Stoopy
Power User

Offline Offline
Joined: Jan 05, 2005
Posts: 5840
Location: Group W bench
PostPosted: Sat Sep 15, 2007 1:41 pm
Post subject: Re: Microsoft Changes files on your PC without permission

Not defending this in the least...but thinking out loud, I'd say if it doesn't show up on the "Add/Remove Programs" list like other security patches, it would be a definite bad thing.....just in case someone had to troubleshoot a prgram or patch conflict and couldn't remove it to see if it's a cause of a problem.

_________________
"Once your reputation is ruined, you can live quite freely."
Back to top
View user's profile Visit poster's website Photo Gallery
HA_needacar
Power User

Offline Offline
Joined: Feb 13, 2005
Posts: 52
Location: Michigan
PostPosted: Sat Sep 15, 2007 8:47 pm
Post subject: Re: Microsoft Changes files on your PC without permission

Sony BMG got in trouble for this a while ago.....

_________________
Back to top
View user's profile AIM Address MSN Messenger
Shadow_Bshwackr
Janitor

Offline Offline
Joined: Jan 21, 2005
Posts: 6989
Location: Central Illinois, USA
PostPosted: Sun Sep 16, 2007 10:52 am
Post subject: Re: Microsoft Changes files on your PC without permission

- Shades
Been watching this developing on BYO as well.
lolol
All the Linux guys have been like Cheshire Cats this week.
LOL


I bet they are!...lol

I don't agree in no way shape or form to let anyone update any files without my permission. While MS updated with 'no harm' files, it's the principal of the situation that should be in the forefront of everyone's mind. How would you like it if the 'bank' moved funds of your's around because they thought 'it was needed and they didn't think you would mind' ?

Another reason to run Linux ( I use www.linuxmint.com ) for your everyday needs and run 'the other one' for Gaming... and yes, you CAN dual boot...lol Wink
Back to top
View user's profile Visit poster's website Photo Gallery
Shades
Forum Tree-Rat

Offline Offline
Joined: Mar 07, 2005
Posts: 6457
Location: 3rd Branch up, 'Ye Olde Oak', Green Wood.
PostPosted: Sun Sep 16, 2007 12:10 pm
Post subject: Re: Microsoft Changes files on your PC without permission

Totally agree with the general sentiment.
If I choose to disable auto-update it's for a reason, and I don't want anyone bypassing that without my knowledge and permission;
That's what we have hackers for.

_________________
Skwerl's place.

Com-Central's cutest, fluffiest, twitchiest, tail.
CPU > Intel i9-9900k (o/c 4.9GHz); COOLING > BeQuiet! Dark Rock Pro 4;
MOBO > ASUS PRIME Z390-A; RAM > 2x32GB Corsair LPX 2666MHz;
GPU > Gigabyte GEFORCE GTX650Ti PCI-e 3.0 2Gb GDDR5;
AUDIO > Creative X-Fi Xtreme Music (plus - Universal Audio UAD2 Quad Custom accelerator);
HDD > 3x1TB+ M.2. SSDs; LCD > DELL - S2419HGF (1920x1080);
PSU > 650W be quiet Straight Power 11 - 80+ Gold;
CASE > BeQuiet! SILENT BASE 601; OS > Windows 10 Home Advanced (64-bit).
Back to top
View user's profile Visit poster's website ICQ Number
Shadow_Banshee
Power User

Offline Offline
Joined: Feb 03, 2005
Posts: 575

PostPosted: Thu Sep 20, 2007 8:52 pm
Post subject: Re: Microsoft Changes files on your PC without permission

can we sue um? i'll accept a couple of k lol

_________________
Lay me place and bake me Pie
I'm starving for me Gravy
Back to top
View user's profile
Display posts from previous:   
Post new topic    Revive this topic    Printer Friendly Page    Forum Index ›  Officer's Club
Page 1 of 1
All times are GMT - 6 Hours

Archive Revive
Username:
This is an archived topic - your reply will not be appended here.
Instead, a new topic will be generated in the active forum.
The new topic will provide a reference link to this archived topic.