Microsoft Corp. has started updating files on computers running Windows XP and Vista, even when users have explicitly disabled the operating systems' automatic update feature, researchers said today.
Scott Dunn, an editor at the "Windows Secrets" newsletter, said that nine files in XP and Vista -- but not the same files in each operating system -- have been changed by Windows Update, the Microsoft update mechanism, without displaying the usual notification or permission dialog box. The files, said Dunn, are related to the XP and Vista versions of Windows Update (WU) itself.
The files on Vista are:
wuapi.dll
wuapp.exe
wuauclt.exe
wuaueng.dll
wucltux.dll
wudriver.dll
wups.dll
wups2.dll
wuwebv.dll
And on XP SP2:
cdm.dll
wuapi.dll
wuauclt.exe
wuaucpl.cpl
wuaueng.dll
wucltui.dll
wups.dll
wups2.dll
wuweb.dll
If this turns out to be true (and I want to make it clear that I've not confirmed this) then this will be a very serious betrayal of trust on Microsoft's part. Not only is it hard enough to keep track of changes done to a Windows installation as it is, but if Microsoft (or other companies) start updating systems without consent, this will lead to all sorts of trouble. On top of that, it paves the way for companies to make silent updates to technologies such as DRM and anti-piracy features.
Microsoft needs to address this issue and address it fast because the fallout from this could be very damaging.