The newsletter editor who uncovered a series of covert downloads in Windows is now claiming that Microsoft's Onecare package is responsible for further unauthorised updates.

Scott Dunn, who publishes the Windows Secrets newsletter, said that the Microsoft security service changes the settings on the Automatic Updates component without warning.

Automatic Updates has an option to prevent patches from automatically installing on a system. This option is typically chosen by users who wish to test patches for compatibility issues before installing.

The problem, said Dunn, occurs on installation. Onecare changes the settings within Automatic Updates to accept and download Microsoft updates without warning, he reported.

Users had reported unauthorised downloads earlier this month following the monthly security update. At that time, Microsoft said in a company blog that nothing in the monthly update had changed the setting, and that all the users filing the report had the automatic update feature enabled prior to the download.

Dunn suggests that this may be because the settings had been changed when OneCare was installed.

"Users could have installed OneCare — even a free trial version — at any time in the recent past and been unaware of any changes until Automatic Updates forced a reboot in the wee hours," he wrote.

Dunn noted that in the Onecare Frequently Asked Questions page, Microsoft admits to the condition.

"Windows Live OneCare makes sure that Automatic Updates is turned on to the recommended [automatic] setting," reads the page.

A Microsoft spokesperson told vnunet.com that the company would address the report in an upcoming blog posting.