Confirmed: Microsoft is fiddling with system files without permission
Breaking news - Latest from Microsoft
[Updated: Sept 13, 2007 @ 6.50 am - After checking a system set not to automatically update I can confirm that this stealth update is real.]If this turns out to be true, it has some very serious (and disturbing) implications:
Microsoft Corp. has started updating files on computers running Windows XP and Vista, even when users have explicitly disabled the operating systems' automatic update feature, researchers said today.
Scott Dunn, an editor at the "Windows Secrets" newsletter, said that nine files in XP and Vista -- but not the same files in each operating system -- have been changed by Windows Update, the Microsoft update mechanism, without displaying the usual notification or permission dialog box. The files, said Dunn, are related to the XP and Vista versions of Windows Update (WU) itself.
The files on Vista are:
- wuapi.dll
- wuapp.exe
- wuauclt.exe
- wuaueng.dll
- wucltux.dll
- wudriver.dll
- wups.dll
- wups2.dll
- wuwebv.dll
And on XP SP2:
- cdm.dll
- wuapi.dll
- wuauclt.exe
- wuaucpl.cpl
- wuaueng.dll
- wucltui.dll
- wups.dll
- wups2.dll
- wuweb.dll
If this turns out to be true (and I want to make it clear that I've not confirmed this) then this will be a very serious betrayal of trust on Microsoft's part. Not only is it hard enough to keep track of changes done to a Windows installation as it is, but if Microsoft (or other companies) start updating systems without consent, this will lead to all sorts of trouble. On top of that, it paves the way for companies to make silent updates to technologies such as DRM and anti-piracy features.
Microsoft needs to address this issue and address it fast because the fallout from this could be very damaging.
Thoughts?