http://windowssecrets.com/comp/070913/#story1

 

By Scott Dunn

 

Microsoft has begun patching files on Windows XP and Vista without users'

knowledge, even when the users have turned off auto-updates.

 

Many companies require testing of patches before they are widely installed,

and businesses in this situation are objecting to the stealth patching.

 

 

Files changed with no notice to users

 

In recent days, Windows Update (WU) started altering files on users' systems

without displaying any dialog box to request permission. The only files that

have been reportedly altered to date are nine small executables on XP and

nine on Vista that are used by WU itself. Microsoft is patching these files

silently, even if auto-updates have been disabled on a particular PC.

 

It's surprising that these files can be changed without the user's

knowledge. The Automatic Updates dialog box in the Control Panel can be set

to prevent updates from being installed automatically. However, with

Microsoft's latest stealth move, updates to the WU executables seem to be

installed regardless of the settings - without notifying users.

 

When users launch Windows Update, Microsoft's online service can check the

version of its executables on the PC and update them if necessary. What's

unusual is that people are reporting changes in these files although WU

wasn't authorized to install anything.

 

This isn't the first time Microsoft has pushed updates out to users who

prefer to test and install their updates manually. Not long ago, another

Windows component, svchost.exe, was causing problems with Windows Update, as

last reported on June 21 in the Windows Secrets Newsletter. In that case,

however, the Windows Update site notified users that updated software had to

be installed before the patching process could proceed. This time, such a

notice never appears.

 

For users who elect not to have updates installed automatically, the issue

of consent is crucial. Microsoft has apparently decided, however, that it

doesn't need permission to patch Windows Updates files, even if you've set

your preferences to require it.

 

Microsoft provides no tech information - yet

 

To make matters even stranger, a search on Microsoft's Web site reveals no

information at all on the stealth updates. Let's say you wished to

voluntarily download and install the new WU executable files when you were,

for example, reinstalling a system. You'd be hard-pressed to find the

updated files in order to download them. At this writing, you either get a

stealth install or nothing.

 

A few Web forums have already started to discuss the updated files, which

bear the version number 7.0.6000.381. The only explanation found at

Microsoft's site comes from a user identified as Dean-Dean on a Microsoft

Communities forum. In reply to a question, he states:

 

"Windows Update Software 7.0.6000.381 is an update to Windows Update itself.

It is an update for both Windows XP and Windows Vista. Unless the update is

installed, Windows Update won't work, at least in terms of searching for

further updates. Normal use of Windows Update, in other words, is blocked

until this update is installed."

 

Windows Secrets contributing editor Susan Bradley contacted Microsoft

Partner Support about the update and received this short reply:

 

 

"7.0.6000.381 is a consumer only release that addresses some specific issues

found after .374 was released. It will not be available via WSUS [Windows

Server Update Services]. A standalone installer and the redist will be

available soon, I will keep an eye on it and notify you when it is

available."

 

Unfortunately, this reply does not explain why the stealth patching began

with so little information provided to customers. Nor does it provide any

details on the "specific issues" that the update supposedly addresses.

 

System logs confirm stealth installs

 

In his forum post, Dean-Dean names several files that are changed on XP and

Vista. The patching process updates several Windows\System32 executables

(with the extensions .exe, .dll, and .cpl) to version 7.0.6000.381,

according to the post.

 

In Vista, the following files are updated:

 

1. wuapi.dll

2. wuapp.exe

3. wuauclt.exe

4. wuaueng.dll

5. wucltux.dll

6. wudriver.dll

7. wups.dll

8. wups2.dll

9. wuwebv.dll

 

In XP, the following files are updated:

 

1. cdm.dll

2. wuapi.dll

3. wuauclt.exe

4. wuaucpl.cpl

5. wuaueng.dll

6. wucltui.dll

7. wups.dll

8. wups2.dll

9. wuweb.dll

 

These files are by no means viruses, and Microsoft appears to have no

malicious intent in patching them. However, writing files to a user's PC

without notice (when auto-updating has been turned off) is behavior that's

usually associated with hacker Web sites. The question being raised in

discussion forums is, "Why is Microsoft operating in this way?"

 

How to check which version your PC has

 

If a system has been patched in the past few months, the nine executables in

Windows\System32 will either show an earlier version number, 7.0.6000.374,

or the stealth patch: 7.0.6000.381. (The version numbers can be seen by

right-clicking a file and choosing Properties. In XP, click the Version tab

and then select File Version. In Vista, click the Details tab.)

 

In addition, PCs that received the update will have new executables in

subfolders named 7.0.6000.381 under the following folders:

 

c:\Windows\System32\SoftwareDistribution\Setup\ServiceStartup\wups.dll

c:\Windows\System32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll

 

Users can also verify whether patching occurred by checking Windows' Event

Log:

 

Step 1. In XP, click Start, Run.

 

Step 2. Type eventvwr.msc and press Enter.

 

Step 3. In the tree pane on the left, select System.

 

Step 4. The right pane displays events and several details about them. Event

types such as "Installation" are labeled in the Category column. "Windows

Update Agent" is the event typically listed in the Source column for system

patches.

 

On systems that were checked recently by Windows Secrets readers, the Event

Log shows two installation events on Aug. 24. The files were stealth-updated

in the early morning hours. (The time stamp will vary, of course, on

machines that received the patch on other dates.)

 

To investigate further, you can open the Event Log's properties for each

event. Normally, when a Windows update event occurs, the properties dialog

box shows an associated KB number, enabling you to find more information at

Microsoft's Web site. Mysteriously, no KB number is given for the WU updates

that began in August. The description merely reads, "Installation

Successful: Windows successfully installed the following update: Automatic

Updates."

 

No need to roll back the updated files

 

Again, it's important to note that there's nothing harmful about the updated

files themselves. There are no reports of software conflicts and no reason

to remove the files (which WU apparently needs in order to access the latest

patches). The only concern is the mechanism Microsoft is using to perform

its patching, and how this mechanism might be used by the software giant in

the future.

 

I'd like to thank reader Angus Scott-Fleming for his help in researching

this topic. He recommends that advanced Windows users monitor changes to

their systems' Registry settings via a free program by Olivier Lombart

called Tiny Watcher. Scott-Fleming will receive a gift certificate for a

book, CD, or DVD of his choice for sending in a comment we printed.

 

I'll report further on this story when I'm able to find more information on

the policies and techniques behind Windows Update's silent patches. Send me

your tips on this subject via the Windows Secrets contact page.

 

Scott Dunn is associate editor of the Windows Secrets Newsletter. He is also

a contributing editor of PC World Magazine, where he has written a monthly

column since 1992, and co-author of 101 Windows Tips & Tricks (Peachpit)

with Jesse Berst and Charles Bermant.

Silicon neuron wrote:

>

>

> Microsoft has begun patching files on Windows XP and Vista without users'

> knowledge, even when the users have turned off auto-updates.

>

>

 

 

Actually, this is *not* being done _without_ user consent. Just the

opposite. Every user of each operating systems has been given advance

notice that such things could happen, and has consented to it.

 

Read the Vista EULA. Section 7 makes it clear that this could happen:

 

========================================================================

 

7. INTERNET-BASED SERVICES. Microsoft provides Internet-based services

with the software. It may *change* or cancel them at any time.

a. Consent for Internet-Based Services. The software features

described below and in the Windows Vista Privacy Statement connect to

Microsoft or service provider computer systems over the Internet. *In

some cases, you will not receive a separate notice when they connect.*

You may switch off these features or not use them. For more information

about these features, see the Windows Vista Privacy Statement at

http://go.microsoft.com/fwlink/?linkid=20615. By using these features,

you consent to the transmission of this information. Microsoft does not

use the information to identify or contact you.

 

========================================================================

(Emphasis mine)

 

The WinXP EULA also made this clear:

 

========================================================================

 

Internet-Based Services Components. The SOFTWARE contains

components that enable and facilitate the use of certain

Internet-based services. You acknowledge and agree that

MS, Microsoft Corporation or their subsidiaries may

automatically check the version of the SOFTWARE and/or

its components that you are utilizing and may provide

upgrades or supplements to the SOFTWARE that may be

*automatically* downloaded to your COMPUTER.

 

========================================================================

(Again, emphasis mine)

 

 

Do I approve of this practice? Not really. I'd prefer to know about

each and every change as it happens, just on the off chance that, if a

problem occurs, I've better information on which to base my

troubleshooting. But I'm an exception most people simply don't want to

know about technical details of how the OS is working.

 

 

--

 

Bruce Chambers

 

Help us help you:

http://dts-l.org/goodpost.htm

http://www.catb.org/~esr/faqs/smart-questions.html

 

They that can give up essential liberty to obtain a little temporary

safety deserve neither liberty nor safety. -Benjamin Franklin

 

Many people would rather die than think in fact, most do. -Bertrand Russell

On Thu, 13 Sep 2007 10:05:43 -0600, Bruce Chambers

<bchambers@cable0ne.n3t> wrote:

>Silicon neuron wrote:

>>

>>

>> Microsoft has begun patching files on Windows XP and Vista without users'

>> knowledge, even when the users have turned off auto-updates.

> Actually, this is *not* being done _without_ user consent. Just the

>opposite. Every user of each operating systems has been given advance

>notice that such things could happen, and has consented to it.

>

>Read the Vista EULA. Section 7 makes it clear that this could happen:

 

Yea sure, and I bet most people aren't aware that buried deep in the

EULA Microsoft claims the right to your first born and anybody in

Redmond above a certain rank can have sex with your wife or girl

friend if a there's a fifth Saturday in any month. Better check your

calendar. -)

Adam Albright wrote:

> On Thu, 13 Sep 2007 10:05:43 -0600, Bruce Chambers

> <bchambers@cable0ne.n3t> wrote:

>

>> Silicon neuron wrote:

>>>

>>> Microsoft has begun patching files on Windows XP and Vista without users'

>>> knowledge, even when the users have turned off auto-updates.

>

>> Actually, this is *not* being done _without_ user consent. Just the

>> opposite. Every user of each operating systems has been given advance

>> notice that such things could happen, and has consented to it.

>>

>> Read the Vista EULA. Section 7 makes it clear that this could happen:

>

> Yea sure, and I bet most people aren't aware that buried deep in the

> EULA Microsoft claims the right to your first born and anybody in

> Redmond above a certain rank can have sex with your wife or girl

> friend if a there's a fifth Saturday in any month. Better check your

> calendar. -)

>

 

 

Sarcasm aside, I'm glad to see that for once you agree that the EULA

does so stipulate and that all users have given their consent. It's not

often you let facts get in the way of your rabid anti-Microsoft stance.

 

 

--

 

Bruce Chambers

 

Help us help you:

http://dts-l.org/goodpost.htm

http://www.catb.org/~esr/faqs/smart-questions.html

 

They that can give up essential liberty to obtain a little temporary

safety deserve neither liberty nor safety. -Benjamin Franklin

 

Many people would rather die than think in fact, most do. -Bertrand Russell

Atta boy Bruce!

"Bruce Chambers" <bchambers@cable0ne.n3t> wrote in message

news:ecNoKxi9HHA.5684@TK2MSFTNGP05.phx.gbl...

> Adam Albright wrote:

>> On Thu, 13 Sep 2007 10:05:43 -0600, Bruce Chambers

>> <bchambers@cable0ne.n3t> wrote:

>>

>>> Silicon neuron wrote:

>>>>

>>>> Microsoft has begun patching files on Windows XP and Vista without

>>>> users' knowledge, even when the users have turned off auto-updates.

>>

>>> Actually, this is *not* being done _without_ user consent. Just the

>>> opposite. Every user of each operating systems has been given advance

>>> notice that such things could happen, and has consented to it.

>>>

>>> Read the Vista EULA. Section 7 makes it clear that this could happen:

>>

>> Yea sure, and I bet most people aren't aware that buried deep in the

>> EULA Microsoft claims the right to your first born and anybody in

>> Redmond above a certain rank can have sex with your wife or girl

>> friend if a there's a fifth Saturday in any month. Better check your

>> calendar. -)

>>

>

>

> Sarcasm aside, I'm glad to see that for once you agree that the EULA does

> so stipulate and that all users have given their consent. It's not often

> you let facts get in the way of your rabid anti-Microsoft stance.

>

>

> --

>

> Bruce Chambers

>

> Help us help you:

> http://dts-l.org/goodpost.htm

> http://www.catb.org/~esr/faqs/smart-questions.html

>

> They that can give up essential liberty to obtain a little temporary

> safety deserve neither liberty nor safety. -Benjamin Franklin

>

> Many people would rather die than think in fact, most do. -Bertrand

> Russell

On Thu, 13 Sep 2007 11:34:11 -0600, Bruce Chambers

<bchambers@cable0ne.n3t> wrote:

>Adam Albright wrote:

>> On Thu, 13 Sep 2007 10:05:43 -0600, Bruce Chambers

>> <bchambers@cable0ne.n3t> wrote:

>>

>>> Silicon neuron wrote:

>>>>

>>>> Microsoft has begun patching files on Windows XP and Vista without users'

>>>> knowledge, even when the users have turned off auto-updates.

>>

>>> Actually, this is *not* being done _without_ user consent. Just the

>>> opposite. Every user of each operating systems has been given advance

>>> notice that such things could happen, and has consented to it.

>>>

>>> Read the Vista EULA. Section 7 makes it clear that this could happen:

>>

>> Yea sure, and I bet most people aren't aware that buried deep in the

>> EULA Microsoft claims the right to your first born and anybody in

>> Redmond above a certain rank can have sex with your wife or girl

>> friend if a there's a fifth Saturday in any month. Better check your

>> calendar. -)

>>

>

>

> Sarcasm aside, I'm glad to see that for once you agree that the EULA

>does so stipulate and that all users have given their consent. It's not

>often you let facts get in the way of your rabid anti-Microsoft stance.

 

Me anti Microsoft? Hardly as I've said many times I wouldn't be a

stockholder in a company I don't like. I simply wish they would clean

up their act. What I find fascinating is how fanboys automatically

stick their heads in the sand and just ignore all the failings in

Vista and the anti-customer stance Microsoft has had since say one.

 

As far as any EULA, they are like the fine print on insurance polices.

NOBODY reads them or for that matter could understand half the double

talk contained there in.

How Windows Update Keeps Itself Up-to-Date

http://blogs.technet.com/mu/archive/2007/09/13/how-windows-update-keeps-itself-up-to-date.aspx

 

"Bruce Chambers" <bchambers@cable0ne.n3t> wrote in message

news:ecNoKxi9HHA.5684@TK2MSFTNGP05.phx.gbl...

| Adam Albright wrote:

| > On Thu, 13 Sep 2007 10:05:43 -0600, Bruce Chambers

| > <bchambers@cable0ne.n3t> wrote:

| >

| >> Silicon neuron wrote:

| >>>

| >>> Microsoft has begun patching files on Windows XP and Vista without

users'

| >>> knowledge, even when the users have turned off auto-updates.

| >

| >> Actually, this is *not* being done _without_ user consent. Just the

| >> opposite. Every user of each operating systems has been given advance

| >> notice that such things could happen, and has consented to it.

| >>

| >> Read the Vista EULA. Section 7 makes it clear that this could happen:

| >

| > Yea sure, and I bet most people aren't aware that buried deep in the

| > EULA Microsoft claims the right to your first born and anybody in

| > Redmond above a certain rank can have sex with your wife or girl

| > friend if a there's a fifth Saturday in any month. Better check your

| > calendar. -)

| >

|

|

| Sarcasm aside, I'm glad to see that for once you agree that the EULA

| does so stipulate and that all users have given their consent. It's not

| often you let facts get in the way of your rabid anti-Microsoft stance.

|

|

| --

|

| Bruce Chambers

|

| Help us help you:

| http://dts-l.org/goodpost.htm

| http://www.catb.org/~esr/faqs/smart-questions.html

|

| They that can give up essential liberty to obtain a little temporary

| safety deserve neither liberty nor safety. -Benjamin Franklin

|

| Many people would rather die than think in fact, most do. -Bertrand

Russell

Adam Albright wrote:

>

>

> As far as any EULA, they are like the fine print on insurance polices.

> NOBODY reads them or for that matter could understand half the double

> talk contained there in.

>

 

 

"Nobody?" What planet do you live on? I read every contract I'm asked

to sign. I seek legal advice for any portions I don't understand. Don't

you? Are you saying that the *everyone* is too stupid or too lazy to

look out for their own interests? And I though I had a dim view of the

general public.

 

Regardless, the signer's not having bothered to read a contract doesn't

make that contract any less binding.

 

Oh, and the Windows EULA is written at what I'd consider an 8th grade

(A 1960's era American public school 8th grade, that is probably closer

to today's high school level, now. Nevertheless the average McDonalds

burger-flipper should have no trouble with it.) reading level. It's not

at all confusing to the functionally literate.

 

 

--

 

Bruce Chambers

 

Help us help you:

http://dts-l.org/goodpost.htm

http://www.catb.org/~esr/faqs/smart-questions.html

 

They that can give up essential liberty to obtain a little temporary

safety deserve neither liberty nor safety. -Benjamin Franklin

 

Many people would rather die than think in fact, most do. -Bertrand Russell

Bruce Chambers <bchambers@cable0ne.n3t> wrote:

> Sarcasm aside, I'm glad to see that for once you agree that the EULA

>does so stipulate and that all users have given their consent. It's not

>often you let facts get in the way of your rabid anti-Microsoft stance.

 

"Giving consent" in this context is nebulous. None of us reads every

EULA we see, we just click the "I agree" button.

 

And for an operating system's EULA, most people aren't even aware that

it exists. They open the box, setup their new computer, and turn it

on. They click any buttons they need to to get through the setup.

 

--

Tim Slattery

MS MVP(DTS)

Slattery_T@bls.gov

http://members.cox.net/slatteryt

Bruce Chambers <bchambers@cable0ne.n3t> wrote:

>Adam Albright wrote:

>> As far as any EULA, they are like the fine print on insurance polices.

>> NOBODY reads them or for that matter could understand half the double

>> talk contained there in.

> "Nobody?" What planet do you live on? I read every contract I'm asked

>to sign. I seek legal advice for any portions I don't understand. Don't

>you? Are you saying that the *everyone* is too stupid or too lazy to

>look out for their own interests? And I though I had a dim view of the

>general public.

 

Do you read every single EULA you run into? Do you have time to do

anything else?

 

--

Tim Slattery

MS MVP(DTS)

Slattery_T@bls.gov

http://members.cox.net/slatteryt

An explanation of Windows Update automatic updating:

http://windowsvistablog.com/blogs/windowsvista/archive/2007/09/13/an-explanation-of-windows-update-automatic-updates.aspx

 

The above Vista Team blog entry seems to be a little more transparent:

 

<QP>

This self-updating is done regardless of whether the user has enabled

automatic checking, download and/or installation of updates. It does so in

an effort to avoid WU misleading the user to think s/he is up-to-date simply

because s/he was not receiving notification that updates are available. Put

another way, WU cannot alert the user that there are security updates

available if it is not in the necessary updated state that will allow it to

recognize those updates...

</QP>

--

~Robear Dyer (PA Bear)

MS MVP-Windows (IE, OE, Security, Shell/User) since 2002

AumHa VSOP & Admin http://aumha.net DTS-L http://dts-l.org/

 

 

Tom [Pepper] Willett wrote:

> How Windows Update Keeps Itself Up-to-Date

> http://blogs.technet.com/mu/archive/2007/09/13/how-windows-update-keeps-itself-up-to-date.aspx

>

> "Bruce Chambers" <bchambers@cable0ne.n3t> wrote in message

> news:ecNoKxi9HHA.5684@TK2MSFTNGP05.phx.gbl...

>> Adam Albright wrote:

>>> On Thu, 13 Sep 2007 10:05:43 -0600, Bruce Chambers

>>> <bchambers@cable0ne.n3t> wrote:

>>>

>>>> Silicon neuron wrote:

>>>>>

>>>>> Microsoft has begun patching files on Windows XP and Vista without

>>>>> users' knowledge, even when the users have turned off auto-updates.

>>>

>>>> Actually, this is *not* being done _without_ user consent. Just the

>>>> opposite. Every user of each operating systems has been given advance

>>>> notice that such things could happen, and has consented to it.

>>>>

>>>> Read the Vista EULA. Section 7 makes it clear that this could happen:

>>>

>>> Yea sure, and I bet most people aren't aware that buried deep in the

>>> EULA Microsoft claims the right to your first born and anybody in

>>> Redmond above a certain rank can have sex with your wife or girl

>>> friend if a there's a fifth Saturday in any month. Better check your

>>> calendar. -)

>>>

>>

>>

>> Sarcasm aside, I'm glad to see that for once you agree that the EULA

>> does so stipulate and that all users have given their consent. It's not

>> often you let facts get in the way of your rabid anti-Microsoft stance.

>>

>>

>> --

>>

>> Bruce Chambers

>>

>> Help us help you:

>> http://dts-l.org/goodpost.htm

>> http://www.catb.org/~esr/faqs/smart-questions.html

>>

>> They that can give up essential liberty to obtain a little temporary

>> safety deserve neither liberty nor safety. -Benjamin Franklin

>>

>> Many people would rather die than think in fact, most do. -Bertrand

>> Russell

This is just the pratice run. Next time MS will also try disabling any

systems it thinks is using pirated software!! Watch the space!!!

 

 

Silicon neuron wrote:

>

> http://windowssecrets.com/comp/070913/#story1

>

> By Scott Dunn

>

> Microsoft has begun patching files on Windows XP and Vista without users'

> knowledge, even when the users have turned off auto-updates.

>

> Many companies require testing of patches before they are widely installed,

> and businesses in this situation are objecting to the stealth patching.

>

> Files changed with no notice to users

>

> In recent days, Windows Update (WU) started altering files on users' systems

> without displaying any dialog box to request permission. The only files that

> have been reportedly altered to date are nine small executables on XP and

> nine on Vista that are used by WU itself. Microsoft is patching these files

> silently, even if auto-updates have been disabled on a particular PC.

>

> It's surprising that these files can be changed without the user's

> knowledge. The Automatic Updates dialog box in the Control Panel can be set

> to prevent updates from being installed automatically. However, with

> Microsoft's latest stealth move, updates to the WU executables seem to be

> installed regardless of the settings - without notifying users.

>

> When users launch Windows Update, Microsoft's online service can check the

> version of its executables on the PC and update them if necessary. What's

> unusual is that people are reporting changes in these files although WU

> wasn't authorized to install anything.

>

> This isn't the first time Microsoft has pushed updates out to users who

> prefer to test and install their updates manually. Not long ago, another

> Windows component, svchost.exe, was causing problems with Windows Update, as

> last reported on June 21 in the Windows Secrets Newsletter. In that case,

> however, the Windows Update site notified users that updated software had to

> be installed before the patching process could proceed. This time, such a

> notice never appears.

>

> For users who elect not to have updates installed automatically, the issue

> of consent is crucial. Microsoft has apparently decided, however, that it

> doesn't need permission to patch Windows Updates files, even if you've set

> your preferences to require it.

>

> Microsoft provides no tech information - yet

>

> To make matters even stranger, a search on Microsoft's Web site reveals no

> information at all on the stealth updates. Let's say you wished to

> voluntarily download and install the new WU executable files when you were,

> for example, reinstalling a system. You'd be hard-pressed to find the

> updated files in order to download them. At this writing, you either get a

> stealth install or nothing.

>

> A few Web forums have already started to discuss the updated files, which

> bear the version number 7.0.6000.381. The only explanation found at

> Microsoft's site comes from a user identified as Dean-Dean on a Microsoft

> Communities forum. In reply to a question, he states:

>

> "Windows Update Software 7.0.6000.381 is an update to Windows Update itself.

> It is an update for both Windows XP and Windows Vista. Unless the update is

> installed, Windows Update won't work, at least in terms of searching for

> further updates. Normal use of Windows Update, in other words, is blocked

> until this update is installed."

>

> Windows Secrets contributing editor Susan Bradley contacted Microsoft

> Partner Support about the update and received this short reply:

>

> "7.0.6000.381 is a consumer only release that addresses some specific issues

> found after .374 was released. It will not be available via WSUS [Windows

> Server Update Services]. A standalone installer and the redist will be

> available soon, I will keep an eye on it and notify you when it is

> available."

>

> Unfortunately, this reply does not explain why the stealth patching began

> with so little information provided to customers. Nor does it provide any

> details on the "specific issues" that the update supposedly addresses.

>

> System logs confirm stealth installs

>

> In his forum post, Dean-Dean names several files that are changed on XP and

> Vista. The patching process updates several Windows\System32 executables

> (with the extensions .exe, .dll, and .cpl) to version 7.0.6000.381,

> according to the post.

>

> In Vista, the following files are updated:

>

> 1. wuapi.dll

> 2. wuapp.exe

> 3. wuauclt.exe

> 4. wuaueng.dll

> 5. wucltux.dll

> 6. wudriver.dll

> 7. wups.dll

> 8. wups2.dll

> 9. wuwebv.dll

>

> In XP, the following files are updated:

>

> 1. cdm.dll

> 2. wuapi.dll

> 3. wuauclt.exe

> 4. wuaucpl.cpl

> 5. wuaueng.dll

> 6. wucltui.dll

> 7. wups.dll

> 8. wups2.dll

> 9. wuweb.dll

>

> These files are by no means viruses, and Microsoft appears to have no

> malicious intent in patching them. However, writing files to a user's PC

> without notice (when auto-updating has been turned off) is behavior that's

> usually associated with hacker Web sites. The question being raised in

> discussion forums is, "Why is Microsoft operating in this way?"

>

> How to check which version your PC has

>

> If a system has been patched in the past few months, the nine executables in

> Windows\System32 will either show an earlier version number, 7.0.6000.374,

> or the stealth patch: 7.0.6000.381. (The version numbers can be seen by

> right-clicking a file and choosing Properties. In XP, click the Version tab

> and then select File Version. In Vista, click the Details tab.)

>

> In addition, PCs that received the update will have new executables in

> subfolders named 7.0.6000.381 under the following folders:

>

> c:\Windows\System32\SoftwareDistribution\Setup\ServiceStartup\wups.dll

> c:\Windows\System32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll

>

> Users can also verify whether patching occurred by checking Windows' Event

> Log:

>

> Step 1. In XP, click Start, Run.

>

> Step 2. Type eventvwr.msc and press Enter.

>

> Step 3. In the tree pane on the left, select System.

>

> Step 4. The right pane displays events and several details about them. Event

> types such as "Installation" are labeled in the Category column. "Windows

> Update Agent" is the event typically listed in the Source column for system

> patches.

>

> On systems that were checked recently by Windows Secrets readers, the Event

> Log shows two installation events on Aug. 24. The files were stealth-updated

> in the early morning hours. (The time stamp will vary, of course, on

> machines that received the patch on other dates.)

>

> To investigate further, you can open the Event Log's properties for each

> event. Normally, when a Windows update event occurs, the properties dialog

> box shows an associated KB number, enabling you to find more information at

> Microsoft's Web site. Mysteriously, no KB number is given for the WU updates

> that began in August. The description merely reads, "Installation

> Successful: Windows successfully installed the following update: Automatic

> Updates."

>

> No need to roll back the updated files

>

> Again, it's important to note that there's nothing harmful about the updated

> files themselves. There are no reports of software conflicts and no reason

> to remove the files (which WU apparently needs in order to access the latest

> patches). The only concern is the mechanism Microsoft is using to perform

> its patching, and how this mechanism might be used by the software giant in

> the future.

>

> I'd like to thank reader Angus Scott-Fleming for his help in researching

> this topic. He recommends that advanced Windows users monitor changes to

> their systems' Registry settings via a free program by Olivier Lombart

> called Tiny Watcher. Scott-Fleming will receive a gift certificate for a

> book, CD, or DVD of his choice for sending in a comment we printed.

>

> I'll report further on this story when I'm able to find more information on

> the policies and techniques behind Windows Update's silent patches. Send me

> your tips on this subject via the Windows Secrets contact page.

>

> Scott Dunn is associate editor of the Windows Secrets Newsletter. He is also

> a contributing editor of PC World Magazine, where he has written a monthly

> column since 1992, and co-author of 101 Windows Tips & Tricks (Peachpit)

> with Jesse Berst and Charles Bermant.

Tim,

 

I agree with you. I'm surprised MS hasn't put a printed copy of the EULA

right with the software in such a way that in order to use the software the

user would *have* to at least see there is a piece of paper there. Whether

they choose to read it or not is for another thread.

 

I honestly don't understand all the *itching about MS, and their products.

If you don't like their products, policies, etc., go somewhere else. Nobody

is forcing anyone to "buy" MS products or policies.

 

And before anyone asks, I'm not "an *ss-kissing MVP" either!

 

--

HTH,

Curt

 

Windows Support Center

http://www.aumha.org

Practically Nerded,...

http://dundats.mvps.org/Index.htm

 

"Tim Slattery" <Slattery_T@bls.gov> wrote in message

news:ic6je3hr0aqntredv5his1onh2rk9ckq4d@4ax.com...

| Bruce Chambers <bchambers@cable0ne.n3t> wrote:

|

| > Sarcasm aside, I'm glad to see that for once you agree that the EULA

| >does so stipulate and that all users have given their consent. It's not

| >often you let facts get in the way of your rabid anti-Microsoft stance.

|

| "Giving consent" in this context is nebulous. None of us reads every

| EULA we see, we just click the "I agree" button.

|

| And for an operating system's EULA, most people aren't even aware that

| it exists. They open the box, setup their new computer, and turn it

| on. They click any buttons they need to to get through the setup.

|

| --

| Tim Slattery

| MS MVP(DTS)

| Slattery_T@bls.gov

| http://members.cox.net/slatteryt

My guess is reading every EULA with every word is the exception, but some do

it.

I seldom read every word but I attempt to read what I think might be

significant.

 

However if I would hear of something that seems unusual, I would and have

read more thoroughly to see if there was something I may have missed.

 

In any case I can hardly blame something I was unaware when it was stated in

a document I chose to partially read or not read.

 

--

Jupiter Jones [MVP]

Windows Server System - Microsoft Update Services

http://www3.telus.net/dandemar

 

 

"Tim Slattery" <Slattery_T@bls.gov> wrote in message

news:8h6je3pst120sa1695sefvapkg985iaad0@4ax.com...

> Do you read every single EULA you run into? Do you have time to do

> anything else?

>

> --

> Tim Slattery

> MS MVP(DTS)

> Slattery_T@bls.gov

> http://members.cox.net/slatteryt

The sky is falling!!

 

--

 

Curt

 

Windows Support Center

http://www.aumha.org

Practically Nerded,...

http://dundats.mvps.org/Index.htm

 

"Kevin Brunt (Fat Baztard)" <Kevin.Brunt@MSproducts.com> wrote in message

news:46E9A183.14926934@NEWSGROUPS.COM...

|

| This is just the pratice run. Next time MS will also try disabling any

| systems it thinks is using pirated software!! Watch the space!!!

This is getting to be as bad as all those worried about all the electrons

being wasted by double posting.

"Curt Christianson" <curtchristnsn@NOSPAM.Yahoo.com> wrote in message

news:erfW0Al9HHA.5840@TK2MSFTNGP03.phx.gbl...

> The sky is falling!!

>

> --

>

> Curt

>

> Windows Support Center

> http://www.aumha.org

> Practically Nerded,...

> http://dundats.mvps.org/Index.htm

>

> "Kevin Brunt (Fat Baztard)" <Kevin.Brunt@MSproducts.com> wrote in message

> news:46E9A183.14926934@NEWSGROUPS.COM...

> |

> | This is just the pratice run. Next time MS will also try disabling any

> | systems it thinks is using pirated software!! Watch the space!!!

>

>

>> "Kevin Brunt (Fat Baztard)" <Kevin.Brunt@MSproducts.com> wrote in message

>> news:46E9A183.14926934@NEWSGROUPS.COM...

>> |

>> | This is just the pratice run. Next time MS will also try disabling any

>> | systems it thinks is using pirated software!! Watch the space!!!

 

Actually, they already can.

 

One of the big "improvements" with Vista is that it gives Microsoft the

ability to disable hardware drivers and whole systems that it feels is not

appropriate for use.

 

In other words, they could detect that you have Alcohol 120% on your system

and shut you down.

Adam Albright wrote:

>

>

> Me anti Microsoft?

 

Totally!

 

Hardly as I've said many times I wouldn't be a

> stockholder in a company I don't like.

 

Don't make me laugh!

 

I simply wish they would clean

> up their act.

 

Start with yourself!

 

What I find fascinating is how fanboys automatically

> stick their heads in the sand and just ignore all the failings in

> Vista and the anti-customer stance Microsoft has had since say one.

 

Still can't get that one little in place (bad move!) upgrade install of

Vista business to run correctly, huh?

So blame MS for your stupidity and incompetence right?

>

> As far as any EULA, they are like the fine print on insurance polices.

> NOBODY reads them or for that matter could understand half the double

> talk contained there in.

>

Especially a village idiot like you!

Frank

On Thu, 13 Sep 2007 13:46:09 -0600, Bruce Chambers

<bchambers@cable0ne.n3t> wrote:

>Adam Albright wrote:

>>

>>

>> As far as any EULA, they are like the fine print on insurance polices.

>> NOBODY reads them or for that matter could understand half the double

>> talk contained there in.

>>

>

>

> "Nobody?" What planet do you live on? I read every contract I'm asked

>to sign. I seek legal advice for any portions I don't understand.

 

Sure right, next thing you'll try to tell us is you count the paper

clips in each box to make sure there's a 100 and of course your count

the issues on each roll of toilet paper to be sure there are a 1,000.

>Don't you? Are you saying that the *everyone* is too stupid or too lazy to

>look out for their own interests? And I though I had a dim view of the

>general public.

 

I have a dim view of FANBODYS because they proved themselves to be

total idiots judging the crap they post to this goofy newsgroup. You

obviously are no exception to that rule.

> Regardless, the signer's not having bothered to read a contract doesn't

>make that contract any less binding.

 

Hey bub, trying to play attorney now? A EULA technically isn't a

contract and it's legal weight has yet to be tested in the courts.

Again you being just a moronic fanboy immediately accept whatever crap

Microsoft shovels your way as gospel.

>

> Oh, and the Windows EULA is written at what I'd consider an 8th grade

>(A 1960's era American public school 8th grade, that is probably closer

>to today's high school level, now. Nevertheless the average McDonalds

>burger-flipper should have no trouble with it.) reading level. It's not

>at all confusing to the functionally literate.

 

Oh please... a document can be written at a fourth grade level and

still be deliberately misleading, vague and contradictory.

Relax, It's Only An Updated Version Of Windows Update, All Other Files Were

Left Unchanged, Just FYI.

 

"Silicon neuron" <sili@gmail.com> wrote in message

news:46e8fcec@newsgate.x-privat.org...

> http://windowssecrets.com/comp/070913/#story1

>

> By Scott Dunn

>

> Microsoft has begun patching files on Windows XP and Vista without users'

> knowledge, even when the users have turned off auto-updates.

>

> Many companies require testing of patches before they are widely

> installed, and businesses in this situation are objecting to the stealth

> patching.

>

>

> Files changed with no notice to users

>

> In recent days, Windows Update (WU) started altering files on users'

> systems without displaying any dialog box to request permission. The only

> files that have been reportedly altered to date are nine small executables

> on XP and nine on Vista that are used by WU itself. Microsoft is patching

> these files silently, even if auto-updates have been disabled on a

> particular PC.

>

> It's surprising that these files can be changed without the user's

> knowledge. The Automatic Updates dialog box in the Control Panel can be

> set to prevent updates from being installed automatically. However, with

> Microsoft's latest stealth move, updates to the WU executables seem to be

> installed regardless of the settings - without notifying users.

>

> When users launch Windows Update, Microsoft's online service can check the

> version of its executables on the PC and update them if necessary. What's

> unusual is that people are reporting changes in these files although WU

> wasn't authorized to install anything.

>

> This isn't the first time Microsoft has pushed updates out to users who

> prefer to test and install their updates manually. Not long ago, another

> Windows component, svchost.exe, was causing problems with Windows Update,

> as last reported on June 21 in the Windows Secrets Newsletter. In that

> case, however, the Windows Update site notified users that updated

> software had to be installed before the patching process could proceed.

> This time, such a notice never appears.

>

> For users who elect not to have updates installed automatically, the issue

> of consent is crucial. Microsoft has apparently decided, however, that it

> doesn't need permission to patch Windows Updates files, even if you've set

> your preferences to require it.

>

> Microsoft provides no tech information - yet

>

> To make matters even stranger, a search on Microsoft's Web site reveals no

> information at all on the stealth updates. Let's say you wished to

> voluntarily download and install the new WU executable files when you

> were, for example, reinstalling a system. You'd be hard-pressed to find

> the updated files in order to download them. At this writing, you either

> get a stealth install or nothing.

>

> A few Web forums have already started to discuss the updated files, which

> bear the version number 7.0.6000.381. The only explanation found at

> Microsoft's site comes from a user identified as Dean-Dean on a Microsoft

> Communities forum. In reply to a question, he states:

>

> "Windows Update Software 7.0.6000.381 is an update to Windows Update

> itself. It is an update for both Windows XP and Windows Vista. Unless the

> update is installed, Windows Update won't work, at least in terms of

> searching for further updates. Normal use of Windows Update, in other

> words, is blocked until this update is installed."

>

> Windows Secrets contributing editor Susan Bradley contacted Microsoft

> Partner Support about the update and received this short reply:

>

>

> "7.0.6000.381 is a consumer only release that addresses some specific

> issues found after .374 was released. It will not be available via WSUS

> [Windows Server Update Services]. A standalone installer and the redist

> will be available soon, I will keep an eye on it and notify you when it is

> available."

>

> Unfortunately, this reply does not explain why the stealth patching began

> with so little information provided to customers. Nor does it provide any

> details on the "specific issues" that the update supposedly addresses.

>

> System logs confirm stealth installs

>

> In his forum post, Dean-Dean names several files that are changed on XP

> and Vista. The patching process updates several Windows\System32

> executables (with the extensions .exe, .dll, and .cpl) to version

> 7.0.6000.381, according to the post.

>

> In Vista, the following files are updated:

>

> 1. wuapi.dll

> 2. wuapp.exe

> 3. wuauclt.exe

> 4. wuaueng.dll

> 5. wucltux.dll

> 6. wudriver.dll

> 7. wups.dll

> 8. wups2.dll

> 9. wuwebv.dll

>

> In XP, the following files are updated:

>

> 1. cdm.dll

> 2. wuapi.dll

> 3. wuauclt.exe

> 4. wuaucpl.cpl

> 5. wuaueng.dll

> 6. wucltui.dll

> 7. wups.dll

> 8. wups2.dll

> 9. wuweb.dll

>

> These files are by no means viruses, and Microsoft appears to have no

> malicious intent in patching them. However, writing files to a user's PC

> without notice (when auto-updating has been turned off) is behavior that's

> usually associated with hacker Web sites. The question being raised in

> discussion forums is, "Why is Microsoft operating in this way?"

>

> How to check which version your PC has

>

> If a system has been patched in the past few months, the nine executables

> in Windows\System32 will either show an earlier version number,

> 7.0.6000.374, or the stealth patch: 7.0.6000.381. (The version numbers can

> be seen by right-clicking a file and choosing Properties. In XP, click the

> Version tab and then select File Version. In Vista, click the Details

> tab.)

>

> In addition, PCs that received the update will have new executables in

> subfolders named 7.0.6000.381 under the following folders:

>

> c:\Windows\System32\SoftwareDistribution\Setup\ServiceStartup\wups.dll

> c:\Windows\System32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll

>

> Users can also verify whether patching occurred by checking Windows' Event

> Log:

>

> Step 1. In XP, click Start, Run.

>

> Step 2. Type eventvwr.msc and press Enter.

>

> Step 3. In the tree pane on the left, select System.

>

> Step 4. The right pane displays events and several details about them.

> Event types such as "Installation" are labeled in the Category column.

> "Windows Update Agent" is the event typically listed in the Source column

> for system patches.

>

> On systems that were checked recently by Windows Secrets readers, the

> Event Log shows two installation events on Aug. 24. The files were

> stealth-updated in the early morning hours. (The time stamp will vary, of

> course, on machines that received the patch on other dates.)

>

> To investigate further, you can open the Event Log's properties for each

> event. Normally, when a Windows update event occurs, the properties dialog

> box shows an associated KB number, enabling you to find more information

> at Microsoft's Web site. Mysteriously, no KB number is given for the WU

> updates that began in August. The description merely reads, "Installation

> Successful: Windows successfully installed the following update: Automatic

> Updates."

>

> No need to roll back the updated files

>

> Again, it's important to note that there's nothing harmful about the

> updated files themselves. There are no reports of software conflicts and

> no reason to remove the files (which WU apparently needs in order to

> access the latest patches). The only concern is the mechanism Microsoft is

> using to perform its patching, and how this mechanism might be used by the

> software giant in the future.

>

> I'd like to thank reader Angus Scott-Fleming for his help in researching

> this topic. He recommends that advanced Windows users monitor changes to

> their systems' Registry settings via a free program by Olivier Lombart

> called Tiny Watcher. Scott-Fleming will receive a gift certificate for a

> book, CD, or DVD of his choice for sending in a comment we printed.

>

> I'll report further on this story when I'm able to find more information

> on the policies and techniques behind Windows Update's silent patches.

> Send me your tips on this subject via the Windows Secrets contact page.

>

> Scott Dunn is associate editor of the Windows Secrets Newsletter. He is

> also a contributing editor of PC World Magazine, where he has written a

> monthly column since 1992, and co-author of 101 Windows Tips & Tricks

> (Peachpit) with Jesse Berst and Charles Bermant.

>

Adam Albright wrote:

>

>

> Hey bub, trying to play attorney now? A EULA technically isn't a

> contract

 

You're the idiot! The EULA is an agreement...an agreement is a legally

binding contract.

How fukkin dumb are you mr genius?

Frank

Noozer wrote:

> In other words, they could detect that you have Alcohol 120% on your system

> and shut you down.

>

>

Would that be like drunk driving! :-)

Frank

Adam Albright wrote:

>

> Sure right, next thing you'll try to tell us is you count the paper

> clips in each box to make sure there's a 100 and of course your count

> the issues on each roll of toilet paper to be sure there are a 1,000.

>

 

I used to do that. I bought a gross of condoms once, but there were only 143

in the box. When I complained to the pharmacist the next day, he gave me a

free one along with the apology: "I'm sorry we spoiled your evening."

I don't read anything in the EULA portions quoted below that indicates MS

has any right to install updates when one has explicitly opted out of them.

Continuing on in section 7 the Vista EULA,

 

.. Windows Update Feature. You may connect new hardware to your device.

Your device may not have the drivers needed to communicate with that

hardware. If so, the update feature of the software can obtain the correct

driver from Microsoft and install it on your device. You can switch off

this update feature.

 

As a consumer, I would expect that if I do "...switch off this update

feature", I expect it to stay switched off. Period. No quibbling.

 

It's my computer.

 

Val

 

 

"Bruce Chambers" <bchambers@cable0ne.n3t> wrote in message

news:OEFCv$h9HHA.3400@TK2MSFTNGP03.phx.gbl...

Silicon neuron wrote:

>

>

> Microsoft has begun patching files on Windows XP and Vista without users'

> knowledge, even when the users have turned off auto-updates.

>

>

 

 

Actually, this is *not* being done _without_ user consent. Just the

opposite. Every user of each operating systems has been given advance

notice that such things could happen, and has consented to it.

 

Read the Vista EULA. Section 7 makes it clear that this could happen:

 

========================================================================

 

7. INTERNET-BASED SERVICES. Microsoft provides Internet-based services

with the software. It may *change* or cancel them at any time.

a. Consent for Internet-Based Services. The software features

described below and in the Windows Vista Privacy Statement connect to

Microsoft or service provider computer systems over the Internet. *In

some cases, you will not receive a separate notice when they connect.*

You may switch off these features or not use them. For more information

about these features, see the Windows Vista Privacy Statement at

http://go.microsoft.com/fwlink/?linkid=20615. By using these features,

you consent to the transmission of this information. Microsoft does not

use the information to identify or contact you.

 

========================================================================

(Emphasis mine)

 

The WinXP EULA also made this clear:

 

========================================================================

 

Internet-Based Services Components. The SOFTWARE contains

components that enable and facilitate the use of certain

Internet-based services. You acknowledge and agree that

MS, Microsoft Corporation or their subsidiaries may

automatically check the version of the SOFTWARE and/or

its components that you are utilizing and may provide

upgrades or supplements to the SOFTWARE that may be

*automatically* downloaded to your COMPUTER.

 

========================================================================

(Again, emphasis mine)

 

 

Do I approve of this practice? Not really. I'd prefer to know about

each and every change as it happens, just on the off chance that, if a

problem occurs, I've better information on which to base my

troubleshooting. But I'm an exception most people simply don't want to

know about technical details of how the OS is working.

 

 

--

 

Bruce Chambers

 

Help us help you:

http://dts-l.org/goodpost.htm

http://www.catb.org/~esr/faqs/smart-questions.html

 

They that can give up essential liberty to obtain a little temporary

safety deserve neither liberty nor safety. -Benjamin Franklin

 

Many people would rather die than think in fact, most do. -Bertrand Russell

Val

This is referring to the part that updates drivers and does not apply to

other updates.

 

--

Jupiter Jones [MVP]

Windows Server System - Microsoft Update Services

http://www3.telus.net/dandemar

 

 

"Val" <vmanes@NOSPAMrap.midco.net> wrote in message

news:KaydnZyMFoyYeXTbnZ2dnUVZ_gGdnZ2d@midco.net...

>I don't read anything in the EULA portions quoted below that indicates MS

> has any right to install updates when one has explicitly opted out of

> them.

> Continuing on in section 7 the Vista EULA,

>

> . Windows Update Feature. You may connect new hardware to your device.

> Your device may not have the drivers needed to communicate with that

> hardware. If so, the update feature of the software can obtain the

> correct

> driver from Microsoft and install it on your device. You can switch off

> this update feature.

>

> As a consumer, I would expect that if I do "...switch off this update

> feature", I expect it to stay switched off. Period. No quibbling.

>

> It's my computer.

>

> Val