Microsoft 'stealth' Windows update damages trust

Microsoft has been criticised for automatically uploading and installing files to user PCs even if they had specifically been set to not auto-install patches.
Written by Robert Vamosi, Contributor and  Munir Kotadia, Contributor

Microsoft has been criticised for automatically uploading and installing files to PCs even if their users have specifically forbidden the auto-installation of patches.

Microsoft described the procedure as "normal behaviour" because Windows only updated the Windows Update tool itself, and not the general operating system.

A Microsoft spokesperson said: "Windows Update automatically updates itself from time to time to ensure that it is running the most current technology, so that it can check for updates and notify customers that new updates are available."

In a blog, Nate Clinton, program manager for Windows Update, said that Microsoft "should have been clearer on how Windows Update behaves when it updates itself."

However, users have been critical of the so-called "stealth" update and numerous comments posted on Clinton's blog indicate that many Windows users are dissatisfied with the company's response.

"There is absolutely no excuse for updating executable code on a customer's machine when the customer has selected a choice of "but let me choose whether to install them". Period. Full stop. No exceptions," commented one user.

Another agreed: "If I have the setting enabled to be notified of updates I expect to be notified of all updates ... I'm a paying customer -- well, maybe not in the future as you've violated my trust -- and I expect to be treated with respect."

One other user questioned the consequences if the "stealth" updating mechanism was ever compromised by attackers: "A false Windows Update patch could ... install a rootkit, erase hard drives. When the 'don't install without asking' option is selected, it should not have the capability to install anything without asking."

Editorial standards