It is in the blog is this not what you where looking for:

One question we have been asked is why do we update the client code for Windows Update automatically if the customer did not opt into automatically installing updates without further notice? The answer is simple: any user who chooses to use Windows Update either expected updates to be installed or to at least be notified that updates were available. Had we failed to update the service automatically, users would not have been able to successfully check for updates and, in turn, users would not have had updates installed automatically or received expected notifications. That result would not only fail to meet customer expectations but even worse, that result would lead users to believe that they were secure even though there was no installation and/or notification of upgrades. To avoid creating such a false impression, the Windows Update client is configured to automatically check for updates anytime a system uses the WU service, independent of the selected settings for handling updates (for example, "check for updates but let me choose whether to download or install them"). This has been the case since we introduced the automatic update feature in Windows XP. In fact, WU has auto-updated itself many times in the past.

blogs.technet.com/mu/archive/2007/09/13/how-windows-update-keeps-itself-up-to-date.aspx

But then your right later on contridicts that statement with in the blog. No need to go to other MS sources to have the contidiction.

Before closing, I would like to address another misconception that I have seen publically reported. WU does not automatically update itself when Automatic Updates is turned off, this only happens when the customer is using WU to automatically install upgrades or to be notified of updates.

It appears that by looking at the links you put up and looking at ZDNet these are NOT setup for "Never check for updates".

And therefore by MS explanation would get the "Silent Download"?

I've always been one to put a leash on Automatic Updates. Sure, you can download the patches to my machine, but please notify me before they get installed. I always look through the knowledgebase articles before installing anything. Inevitably, I accept everything the agent offers me, but I still want that control over what goes onto my system.

blogs.eweek.com/signaling_it/content001/security/the_automatic_automatic_updates_update.html

At the PC Doc HQ we have several systems set not to update automatically. This is so that they are kept at a specific patch level for testing duties. Many of these systems are virtual machines but some are physical. When I heard about this stealth update I decided to take a look at one of these systems that don't update automatically (it was set to download and notify) - and within seconds I found what I was looking for.

blogs.zdnet.com/hardware/?p=779

I think it needs to be clear that it is set to "Never check for updates" and not "Download updates but let me choose whether to install them."

Excellent report Joe.

"Our computers belong to us, and therefore, we are ones who decide what to do about them, whatever the outcome. Not Microsoft (no excuse is valid)".

Your report talks about something we were suspicious about all along, due to strange behaviour in our computers, but we did not have the chance to test it or analyse it and/or we put the blame on the software complexity (now thanks to you and to people like you, it can be proved this suspicions were well based)

In my case, based on the above said (computer strange behaviour), disabled updates from Microsoft and only enable it when I have the appropriate time to thoroughly check what is actually going on.

Regarding to my browsers, in Internet explorer I have disabled most of Active X controls (Internet options, Programs, Manage Add-ons). I make very occasional use of it, normally I do employ Mozilla Firefox (one of the reasons why many people use Mozilla instead of Internet Explorer is because they feel stalked).I have taken very similar actions with Windows Media Player.

Since I have done this have not have this kind of problems anymore. The current problem I am struggling with is that the wuauclt.exe slows down my computer for a few minutes after being booted, when I have disabled Microsoft updates.

Others Opinions:
http://blogs.zdnet.com/hardware/?cat=55

"If this turns out to be true (and I want to make it clear that I’ve not confirmed this) then this will be a very serious betrayal of trust on Microsoft’s part. Not only is it hard enough to keep track of changes done to a Windows installation as it is, but if Microsoft (or other companies) start updating systems without consent, this will lead to all sorts of trouble."

http://blogs.zdnet.com/hardware/?p=779

"These updates without notification is a slippery slope. I just don’t like the idea of having updates foisted upon systems without being aware that they are coming in and having the option to postpone them. Why? Simple. IT’S MY PC!!! If a user chooses not to have updates installed automatically, Microsoft needs to respect this decision."

Windows Update files are only being updated in order to provide the best service. All claims, about trust, integrity etc are totally rediculous.

Obviously, here the bottom problem has been solved long time ago, "The ends justifies the means?" and the response is known by everybody.(perhaps not,but in case of lack of knowledge, enough common sense then)
Although think about this is MS's problem (and totalitarianism's too.)

Marco said:
"Our computers belong to us, and therefore, we are ones who decide what to do about them, whatever the outcome. Not Microsoft (no excuse is valid)".

Excuse me! Your computer does belong to you, but software does not. Your Microsoft Windows installation is sole property of Microsoft, you are just a licensee.

And?...I said "Our computers belong to us"
And about the software is Ms who is NOT respecting the rules...still, it is strange that people renounce their rights to aid monopolies.

man, rules are simple: Microsoft Windows bits are property of Microsoft. Anybody can do with his property whatever he wants...

Man, you are mad. You pay a software that spy on you, obeys Microsoft instead of you, and according to you does not even belong to you in the simplest of ways, so you cannot decide what to do with your own computer...in other words, Microsoft decides for you in your own computer...DESPITE THE FACT YOU DECIDED OTHERWISE!!!...it reminds me of Communist Russia...mate, bear in mind this is the free world, over here people has got Rights, and even monopolies must play by the rules.

"Man, you are mad."

That's what I call an intelligent argument.

Thanks.

But, for those who do not reflections' deep understanding of the language.

Mad:Feeling or showing strong liking or enthusiasm: "mad about sports."or "mad about MS"

Well ,this is finito.
arrivedeci

I am not mad, I do not own Windows license :) I am just making fun on you from my shiny Ubuntu :)

I read this but never noticed joe using the word "apologize". Because that's what his readers deserve, for his hasty posting of the original story. He was simply abused by windowsecrets.com's PR agency. That website PAID for a press release, and lazy reporters (joe/etc) did what most reporters do... they simply re-worded the press release.

value added = 0
credibility lost? yes

My XP computer stopped booting up yesterday, but I have become a recent convert to Ubuntu. The XP drive did not have any errors, and was a very clean recent (about 4 months ago) install, with all the antiviral stuff installed, and not used to surf with.

What I am wondering, is if these update (auto updates is turned off) bonked the system. Hard to tell, as windows is so complex. I was able to reboot once into safe mode, and after that it just keeps rebooting. Oh, well, maybe its time to just completely dump Windows, nothing but problems and headaches for me anyway.

Joe
You should have put this as your heading...
"Joe Wilcox's perception Problem"
The vast majority of people were against you on your previous post.
Some comments were:
I miss Mary Jo Foley, she was a real reporter..
He has a vendetta. Its that simple, and nothing more sinister than that.
or this one ....http://blogs.technet.com/mu/archive/2007/09/13/how-windows-update-keeps-itself-up-to-date.aspx
Yet another beat up to please the Linux troops. You can always tell who they are by the number times they post ... on this article alone 9 times, At least Chips only posted "once" on the previous article (I'll give him that) !

Very Nice post Joe. Well documented as usual with the research of Andrew Garcia.

While the update feature in XP SP2 can be turned off and patches done manually, these get threw the system. So perhaps a good question here is about the which other systems can Micro$ucks do this to?

Joe your link with Andrew Garcia has some useful information in it. Even the comment by:

Rick Newton :

"Although Windows 2000 may be "pasee," this sneaky update for the WU client does install to this version of Windows... And to receive this update to the WU client, on a WSUS client system, all you have to do is review the WU web site to see if anything might be missing from the WSUS posted updates... bingo, teh client update to "381" is yours without request..."
--------------------------------------------------
Furthermore, Andrew identifies the the wups and wups2 dll's.

Now what I going suggest here is that Micro$ucks is using the B.I.T.S service to do its dirty work here. And at least in Vi$ta, if I am correct, the B.I.T.S service cannot be turned off. Not sure about XP. Further, the B.I.T.S service cannot be blocked with a simple "host file" that will block sights. And yes, there are host file available on the internet to block MS sites.

The question is, will going back to say XP with SP1 or W2000 prevent these unwanted forced updates? Maybe, but as commentator Rick has stated; " all you have to do is review the WU web site to see if anything might be missing from the WSUS posted updates... bingo, teh client update to "381" is yours without request..."

My guess here is Micro$ucks is installing on XP SP1 or 2000 only when visiting those sites like a piece of malware, unlike the automatic install by means of perhaps BITS in XP SP2 and Vi$ta.

Once the older systems visit the MS WU web site and get hit with the drive by Malware, MS probably has updated the system to full BITS system, just like XP SP2 and Vi$ta. Or total control by MS to basically install whatever they want to.

couple of other thoughts here, wonder what would happen if one deleted the two dll's that Andrew Garcia identified, or replaced them with blank files?

This whole type of forced installs, will end up becoming some type of future WGA. Its where its all going.

It would be interesting to see Andrew Garcia comfirm Ricks statememt, and to further check out to see if W98SE would have the same problem.

It was only a matter time I suppose before you know who "chipped" in !

I wonder if Marco (and Joe!) lets Windows (or Linux or MacOS) update his clock for dalylight savings time?

I suppose he has a special program so it's always midnight on his computer so he can stay in the dark ...

For all of you awaiting XP SP3 and Vi$ta SP1, remember, improvements from MicroSoft in the form of Service Packs, only come with more hidden control (WGA/DRM) features. MS is the ultimate control freak.

I "used to" use Win98SE but that was years ago, why bring it up, microsoft doesn't even support it now as it is too old.
It won't be long before XP has had it's time, but you wouldn't have to worry about that would you chips ?
Mind you you do remind me of someone very famous chips... Chips B. Malroy should be Malfoy ! With the trouble you and you compatriot Marco get up to here.
As one person said of late you are anti microsoft and pro LInux in the extreme !
Too bad Linux can't pay you for your efforts ...you would be rich by now. And although you call me an MS Shill I like you do it for nothing ! So therefore in the strictest sense of the word "shill" I am not one !

To PMC;

Since you asked about Linux updating the clock for dalylight savings time, let me explain how it works for you. In the distro's of GNU/Linux I use, PCLinuxOS, Mepis, Sidux, Kanotix, there is NOT an automatic update.

You can download the "update" though Apt-get or better the GUI synaptic package manager, very easy too. But nothing is forced on you like MS does it in Windows. Hope that explains it to you.

I think a partial work around to this MS forced upgrade problem might be to remove the internet cable, do a fresh install of XP SP1 (not SP2), or earlier legacy Windows versions, like 2000, W98SE or NT4, turn off auto updates. Download an microsoft host blocking file. Believe that bluetack may have one. Kill some of the services that XP runs. Any that are not needed. Completely disable Internet Exployer, to the point it no longer will work. Install firefox and opera.

Background Intelligent Transfer Service or B.I.T.S service

http://www.blackviper.com/WinXP/Services/Background_Intelligent_Transfer_Service.htm

"Now what I going suggest here is that Micro$ucks is using the B.I.T.S service to do its dirty work here. "

LOL. Micro$ucks? You do want to be taken seriously, don't you, chips?

FWIW, I think Joe's posts are extremely polarizing and this is reflected in the comments on this site. I think he does this intentionally. It increases the number of comments per post.

"...improvements from MicroSoft..."

Damn! You missed a dollar sign. I'm sure you're upset now.

http://www.jasonn.com/turning_off_unnecessary_services_on_windows_xp

Looks like Background Intelligent Transfer Service or B.I.T.S service can be turned off in XP SP2, although I believe it cannot be turned off in Vista.

I would also sugguest downloading and running the free programs SafeXP and XPantiSpy for XP. And of course, a Micro$oft host blocking file to block all the MS sites as well.

Of course, doing all that may not do any good, if your computer is hooked up to the internet and has already downloaded all those forced updates that Joe is talking about. And its only a maybe this will work on a fresh install without and internet connection.

more on this topic, similar to Joe's post;

http://blogs.zdnet.com/hardware/?p=779

Neil, never mind chips getting paid by Linux its just too bad MS doesn't pay you for being the MS cheerleader on these boards. Maybe you might get to go on holiday and learn to stop whoring yourself to a multi-nationals. MS is a capitalist profit making organisation, not your best fucking friend. Give it up Neil.

Andriy Gerasika said: man, rules are simple: Microsoft Windows bits are property of Microsoft. Anybody can do with his property whatever he wants...

But the internet connection and bandwidth this action uses is NOT MS property. Neither is the hardware that Windows runs on. And neither does MS have the right to violate your privacy or security setup.

If the rules were so simple and universally acceptable, why do you think MS did NOT put in in those terms right up front instead of burying it somewhere in the fine print? Becuase they knew this would NOT be popular.

As for Neil, try raising some real issues with substance, will you?

"MS is a capitalist profit making organisation, not your best fucking friend."

What about Canonical, IBM, Google,...? Are they not "capitalist profit making organizations"?

"learn to stop whoring yourself to a multi-nationals."

So should he start whoring himself to companies that are anti-Microsoft like chips, etc. do? That wouldn't be wrong now, would it?

Y'all may fool yourselves into thinking that you're on some crusade, fighting for a noble cause. Somehow, rooting for Microsoft's "enemies" is justified because Micro$ucks is EVIL. What you don't realize is that the "Micro$ucks" you love to hate is no less or more evil than all these corporations you root for. In the end, it's all business.

I use Linux and Mac at work, but I have a Windows machine at home. I don't want to upgrade to Vista.

Since I know Microsoft tactics, I'm suspicious of any upgrade they release in the last months of the product cycle.

I'm really afraid that they could subrepticiously degrade XP, or install DRM "features", to make XP less usable. (It's easier to break XP than to fix Vista, I suppose.)

Perhaps I'm being simply paranoid, but it's my right: I disabled automatic updates so that Microsoft wouldn't "upgrade" my machine.

And I'm really outraged that they did.

It only confirms I can't trust Microsoft.

>>"MS is a capitalist profit making organisation, not
>>your best fucking friend."
>
>What about Canonical, IBM, Google,...?

Wait a moment! Not all the companies are the same.

Google motto is: "Don't Be Evil". Of course it will be difficult to keep that as the company grow up, but this is one of their north principles.

Canonical credo is "Ubuntu", which is an African concept of "humanity towards others".

How about Microsoft? What are the north principles from which the company was built?

I use Linux regularly, and I've never seen apt-get updating itself without warning. If there is an update it will ask me what to do; and if I choose not to upgrade, I'm confident it won't break my system.

I also use Mac OS X, and it is just the same.

Why does Microsoft think they can update my computer without my consent?

> Had we failed to update the service automatically,
> users would not have been able to successfully
> check for updates and, in turn, users would not
> have had updates installed automatically or
> received expected notifications.

That's a pretty lame response, if you think that Linux package management tools (which are much more advanced than Microsoft's) never had to update themselves silently.

Why does Microsoft have to push their updates into my computer?

If it wasn't for the games, I would have formated that Windows partition a long time ago.

LOL. Gates has always been a back-door kind of guy. After all these years, why are you chattel suddenly surprised? It would be nice though if he wore a condom once in a while.

How about Microsoft? What are the principles from which the company was built?

From the pen of Bill Gates himself:

As the majority of hobbyists must be aware, most of you steal your software.

You can read the rest in his famous 3 February 1976 "OPEN LETTER TO HOBBYISTS".

I don't know why people are so willing to allow MS to behave in this way. There is a back door in your OS and anyone can use it if MS can use it.

The security of Windows XP and Vista just went south! WGA and WU have just been revealed as malware. What free PR this has handed to Linux and Mac OS X!

I knew that MS's arrogance would come back to haunt it sooner or later. Nobody has the right to update anything on my computer unless I agree. If they supply software that circumvents my rights, they are behaving in a reprehensible, if not criminal, manner.

I shall look for an alternative OS urgently!

Why is this such a big deal? Call me naive, but I don't think that this situation really qualifies for the end-of-the-world response that it's gotten. If some large update or service pack were installed without consent, we'd have a different story, but a couple of small files for Windows Update itself aren't exactly system-critical. Not receiving the latest updates is irresponsible, so I won't fault Microsoft too much for making sure that users are capable of seeing which updates are available. Yes, they should have notified users, but I'm not out to sue over privacy violations or whatever.

This is yet another example of Microsoft pushing the envelope on trampling users privacy and getting the hand caught in the cookie jar. It begs the question why give us a choice to not automatically update? that implies i have a choice which i dont.I use only macs at home as they are far more secure.
we now have a great backdoor created for hackers to send the Vista world a billion more malware approaches.
good riddens.

Holy crap do you and your colleague look stupid here. Wrongly suggesting that WU updates itself even if turned off. Wrongly suggesting that how it works is something new. Reality? If you select to use WU, it updates itself to ensure you are always presented with an up-to-date list of updates. Big deal. Will we see any formal apology from you or your colleague for the numerous factual errors in your respective reports? Ans: NO.

> Why is this such a big deal?... If some large update
> or service pack were installed without consent, we'd
> have a different story, but a couple of small files ...

How many bytes it takes to screw up your computer? How about... 9 bytes? ("format C:")

Of course Microsoft wouldn't do that. It would generate a lot of bad PR for them.

But they can make XP slower, less reliable... include DRM and anti-piracy checks that force customers to upgrade to Vista. (They're already doing that!)

After all, it's much easier to break XP than to fix Vista.

And, if you know Microsoft, you know it's not impossible. That's why I don't want them messing with my computer!

Patrick,
>"Why is this such a big deal"?

It's a big deal because it's Microsoft. If it was someone else nobody would even notice or give a damn.
The scrutiny Windows receives, is one more reason why it is the safest OS out there, whether some people like it or not.

I will update my windows when I what to update it..not with Microsoft what to do it...KEEP OUT OF MY COMPUTER...its not up to you to update my computer...its up to me...SO KEEP OUT

"It's a big deal because it's Microsoft. If it was someone else nobody would even notice or give a damn."

That may be true of those who use their computers merely for play. To those of us who use our computers for work, to hold our private data, and other non-trivial purposes a security breach in our OS is serious. I for one would castigate Apple or the Linux developers if a designed-in back door were found in their systems. I'd be after IBM, Amdahl, Burroughs, or any of the other 'big-iron' manufacturers similarly.

Unlike 'grown-up' OSs, Windows was originally intended for single-user, non-connected machines - and it shows even now. Other OSs or their forebears started as multi-user systems, often used in large corporations where insecurity cost jobs and, occasionally, companies their very existence. When Microsoft announced that it was entering the enterprise marketplace, there was loud laughter from the hard-working administrators in companies across the world - now, you can see why.

If an OS has a back door such as this, only a comedian or a marketeer (or someone writing an MS blog) would call it 'the safest OS out there'. Uncommanded )or automatic) updates are a recipe for disaster unless your PC is just a toy. MS needs to issue an update for XP and Vista that will make automatic updating impossible, closing this gaping hole before hackers drive a coach and horses through it.

without much mumbo jumbo, i believe that this "silent downloading" of "patches" is as offensive as the landlady sneaking inside my leased house at night and putting things or changing things in my leased place without my permission or knowledge. fact is, MS OS is "leased" to me by microsoft but this does not give them any right to come in and do as they please.

by any chance is this thing they placed or changed in their OS beneficial to me or to them? no acceptable answer to "what" still?

i was just handed an UBUNTU install disk this afternoon. i'm currently 50/50 in reformating as i write this.

"The scrutiny Windows receives, is one more reason why it is the safest OS out there, whether some people like it or not."

...what are you smoking?

I've disabled the windows update service on all of my machines (of course who knows if that will be effective or not, since until yesterday I believed that turning off automatic updates would be effective too). I'm also looking into ways of disabling access to the windows update sites in my firewall, except when I want to apply updates, as this episode has made clear that whatever steps you take within windows to stop this behavior, MS can and will bypass it if they feel it's in their best interests to do so.

Just think about what would happen if a bad guy was able to corrupt your hosts file and/or dns server to point windows update to their own server, and then be able to use the interface MS has so conveniently provided to apply their own stealth patches. It would be the gift that keeps on giving. You would have no defense whatsoever, as any virus or antispyware software you have would allow this activity to pass because it appears to be coming from windows update, a trusted service. And unlike the Sony rootkit, this backdoor is open on millions and millions of PCs, not just a few thousand.

Of course, MS is far more concerned about ensuring that nobody is able to use a pirated copy of windows, than it is about the security of the people who own a legitimate copy of windows; because after all, they already have those people's money. Make no mistake, regardless of what they say, the real purpose of this technology is to give them the ability to shut down copies of Windows which they believe aren't legitimate, and eventually it will openly be used for that purpose.

I'm sure that all this stuff, and probably more, is in Vista, and the only reason that it hasn't been turned on yet is that Vista isn't selling so well and doesn't need anymore bad press; but once MS stops allowing any more sales of XP, and everyone is forced to go Vista, the thumbscrews will start to be turned.

Unfortunately we only have ourselves to blame, because we, John Q. BuyingPublic, gave MS this power by allowing them to obtain a de-facto monopoly on desktop operating systems. If there were viable competitors in this market (sorry, Linux isn't a viable competitor yet) MS would not be able to treat their customers in this manner.

J H Tiernan,
I am a programmer and I don't use my computer for play. I still don't give a damn if microsoft updates a couple of "Windows Update" files, to ensure good service, given also that I have "Automatic Updates" turned on.

Evan, I decline to engage in intellectual combat with an unarmed man.

Not sure why businesses & people are complaining so much, per M$ EULA you *DO NOT* own the software, your acceptance of the EULA is evident that you agree. You merely paid for AND accepted the right to use the software.

The EULA gives them TOTAL power of your computer no matter what you do short of taking away any connection between you and them..

The new passage of the EULA says that _Microsoft_ may check _your_ computer, without your notice, and then "upload" their "fixes". This is, if you haven't noticed, the other way around. The automatic update can be disabled (it is on my working machine), but this? Since you gave _them_ the right to mess around with your computer, I doubt that you can disable this "push update". Furthermore, this may constitute a serious security problem: if MS can upload what they want on your system, some other people could do, too.

In reference to the top post the way I interpreted this article was that people that weren't using the systems update were still receiving updates to the program regardless of not regularly downloading updates. It would be my opinion someone sets it not to just do this behind if their not using it on client pc's like on a domain and controlling the flow of updates to pc's on their network. If the user want to eventually check for updates, to ask then for the update to the update program which maybe could take just 5 min and then your up and running collecting you manual downloads through windows update would make better sense to control your system and users privacy better.

I use Linux.

Sometimes apt-get (Linux equivalent of Windows Update) has to upgrade itselft, but it never had to update itself silently.

First you download the list of updates; then, you choose to update or not. You don't have to accept a 50+Mb service pack. You can select packages individually. Or just let apt-get to download and install everything.

But the important lesson is:

You may want to keep back one package; you may want to postpone the decision.

It's your computer, you choose.

I just got totally screwed by Windows update automatically rebooting my computer for me while I was away from my desktop ... Arrrrrggggghhhhh!

I have never been so destroyed by a softweare screwup that was made by an 'inactive' auto-update feature ...

How the hell did this happen (today November 14th 2007) .. I had all settings set so they were supposed to ask me for a reboot prior to doing such a thing .... It automatically rebooted my computer for me -- $12,000.00 worth of data/work lost ... Who can I sue .... Arrrrrggggghhhhh!

Goddamn Microsoft and all the underlings who program code there ... Goddamn them all!

Gentlemen,
This computer is only a week old brand new and Internrt Exployer Doswn't work at all!!

haywardtf@juno.com Tom
*A New E Machine