All the latest UK technology news, reviews and analysis
|
|
|
26 Oct 2007
The newsletter editor who uncovered a series of covert downloads in Windows is now claiming that Microsoft's Onecare package is responsible for further unauthorised updates.
Scott Dunn, who publishes the Windows Secrets newsletter, said that the Microsoft security service changes the settings on the Automatic Updates component without warning.
Automatic Updates has an option to prevent patches from automatically installing on a system. This option is typically chosen by users who wish to test patches for compatibility issues before installing.
The problem, said Dunn, occurs on installation. Onecare changes the settings within Automatic Updates to accept and download Microsoft updates without warning, he reported.
Users had reported unauthorised downloads earlier this month following the monthly security update. At that time, Microsoft said in a company blog that nothing in the monthly update had changed the setting, and that all the users filing the report had the automatic update feature enabled prior to the download.
Dunn suggests that this may be because the settings had been changed when OneCare was installed.
"Users could have installed OneCare — even a free trial version — at any time in the recent past and been unaware of any changes until Automatic Updates forced a reboot in the wee hours," he wrote.
Dunn noted that in the Onecare Frequently Asked Questions page, Microsoft admits to the condition.
"Windows Live OneCare makes sure that Automatic Updates is turned on to the recommended [automatic] setting," reads the page.
A Microsoft spokesperson told vnunet.com that the company would address the report in an upcoming blog posting.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
My client is a well established, non profit organisation;...
PHP Web Developer – £30,000 - £35,000 PHP, MySQL, HTML...
HEAD OF DIGITAL - London - £80-95K + Excellent Bens...
Agile C# Developer - (North London) £55,000 - £65,000...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
MS not completely truthful about automatic updates?
I do not use Windows Live OneCare, but I have on more than one occasion found automatic updates turned on (XP SP3) when I had specifically set this option to "download updates but let me choose when to install them." It seems that there are other "features" of XP that are making unannounced changes to the update policy. Perhaps this occurs with certain OS updates without informing the user. Whatever the case, it IS happening without my knowledge.
Posted by: Richard Mead 16 Feb 2009