Microsoft pulls plug on security patch project

AutoPatcher, a four-year-old project to distribute Microsoft patches and other updates to software that runs on Windows, has shut down because of a Microsoft request.

"Today we received an e-mail from Microsoft, requesting the immediate takedown of the download page, which of course means that AutoPatcher is probably history," said project manager Antonis Kaladis in a post Wednesday. "As much as we disagree, we can do very little, and ... we took the download page down."

AutoPatcher had a variety of uses. For example, people with limited bandwidth could download patches once and install them on multiple computers, or people setting up new machines could apply security updates without having to expose the computer to network security risks. AutoPatcher could handle updates from Microsoft as well as third-party software such as Sun Microsystems' Java.

Microsoft representatives weren't immediately available for comment about why the company objected to AutoPatcher and why they raised their objections now.

According to a post on the Neowin news and discussion site, which hosted the official AutoPatcher forum, the company wants to be the sole distributor of its own software updates. Microsoft's legal department notified Neowin cofounder Steven Parker of the company's objections and had requested Neowin cut a tie it had to AutoPatcher.

"I had a call from Microsoft Legal this morning and they have told me that we are no longer allowed to endorse AutoPatcher on Neowin. Microsoft will only allow updates to be downloaded from its own servers," Parker said in the post.

The reason for Microsoft's timing is unclear. AutoPatcher and its network of download 'mirror' sites have been operating for four years, and the project's frequently-asked-questions page describes it as legal. "The AutoPatcher project has been going strong since 2003 and never had a sniff of trouble from Microsoft," the page says.

Parker reported that Windows Genuine Advantage, a Microsoft antipiracy program that checks legitimacy of a version of Windows, apparently isn't involved. WGA certification is required to install some software updates.

"I asked the representative if Windows Genuine Advantage had anything to do with it, and he categorically told me this was not the case," Parker said. "The concern at Microsoft had more to do with the possible malicious code that could be redistributed with certified Microsoft updates."

The representative also told Parker that Firefox, an open source Web browser rival to Microsoft's Internet Explorer, now can be used to access Microsoft's Windows Update service for versions of Windows predating Vista. However, some forum posters said they were unable to do so.

Stephen Shankland writes for CNET News.com