September 13, 2007 8:12 PM PDT

Windows is spyware

Posted by Michael Horowitz

Microsoft has crossed the line. They have been disliked by many techies, for arrogance, incompetence and more. But, this wasn't a universal opinion and reasonable people could have disagreed. Now however, the question of Microsoft's corporate character has left the realm of opinion and landed firmly in fact.

They are bad guys.

If there was any doubt, the final straw came today, in the September 13 edition of the Windows Secrets newsletter where the lead article by Scott Dunn (Microsoft updates Windows without users' consent) ended the debate.

According to Scott, "Microsoft has begun patching files on Windows XP and Vista without users' knowledge, even when the users have turned off auto-updates."

Wow. Updating Windows without your being aware of it? And after telling it not to? That's what spyware does. It's what the bad guys do. And now, it's what Microsoft does. They seem to think that they own Windows, and you and I are just renting our copies. Maybe we should read the lease.

There's a saying in the computer security field that if a bad guy gets physical access to your computer, it's not your computer anymore. If Microsoft can silently update Windows against our will, whose computer is it?

Over at ZDNet, Adrian Kingsley-Hughes has Confirmation of stealth Windows Update. He describes a Windows XP machine that was set to download new bug fixes and notify the user, but not to automatically install anything. Yet, install it did.

He writes "I just don't like the idea of having updates foisted upon systems without being aware that they are coming in and having the option to postpone them. Why? Simple. IT'S MY PC!!!" No, Adrian, it's not your computer anymore. It has been assimilated into Microsoft's collective. Rather than being an individual, your copy of Windows does what the Queen tells it to do.

Windows is now malware and our computers are zombies.

The changes Scott describes affect Windows Update. Anyone who runs Windows Update manually, as I prefer to, has been forced to install new versions of it over and over and over again. So why the secrecy this time? And speaking of secrecy, Scott says "To make matters even stranger, a search on Microsoft's Web site reveals no information at all on the stealth updates."

It's inconceivable to me, that any other software company would do exactly what their customers told them not to do.

Exhibit Two


Exhibit two against Microsoft's corporate character is Windows Update.

Many Windows users still have a dial-up Internet connection. The bug fixes to Windows are often large, and a dial-up user may find them too big to download, especially after falling way behind in applying them. Nothing new here, it's been true for years.

So why doesn't Microsoft sell, at cost, a CD containing Windows bug fixes? They did once, briefly, in reaction to a torrent of publicity about security problems in Windows. Why was this the exception and not the rule?

Next time, defending yourself against Microsoft--how to really turn off Automatic Updates. Then back to surge protectors.

Update: September 14, 2007. Integrated Adrian Kingsley-Hughes topic into the posting.

Topics:

Windows,

Gripes

Tags:

windows,

gripes

Bookmark:
Digg
Del.icio.us
Reddit
Recent posts from Defensive Computing
The main problem with Windows Vista
Foxit PDF reader v2.3 updated with bug fixes
Cringely's iPhone Gripes
A warning about IE8 and Windows XP SP3
Be safer than NASA: Disable autorun
Add a Comment (Log in or register) 8 comments
Drama Queen
by deerfield88 September 13, 2007 10:39 PM PDT
Reply to this comment
What a lot of BS
by joliett September 13, 2007 10:57 PM PDT
Without microsoft we would be typing on a royal or a commodore.
Reply to this comment
The Kindest Thing to Describe You is ... Foolish
by pmchefalo September 13, 2007 11:44 PM PDT
When you activated Windows you were given a choice: to use Windows Update or not. When you chose to use it, you also authorized Microsoft to update Windows Update. This is true whether or not you agreed to accept CRITICAL updates automatically. When/if you updated to Microsoft Update (highly recommended for the non-control freak) you agreed again to Microsoft updating its updating capability. If Windows Update didn't update itself automatically, I suspect that the updating process would be slow and troublesome, and maybe useless. At a minimum, you would have to agree to its updates again and again (and then you would complain about that, like people complain about UAC in Vista.)

When Windows update checks for updates, it writes a message in the event log. When it updates itself, it writes messages in the event log TELLING you it updated itself. It leaves the updated files in plain view, with versions and signatures.

Spyware does not operate this way. In fact, this is the INVERSE of spyware. Spyware does none of those things.

I'm not completely happy with WGA, because its implementation was poor, and has bothered some folks with completely valid licenses with temporary connectivity problems, etc. It also has screwed up machines that were allowed updates at first, then denied them after tuning revealed them to have license flaws, even if the flaws were corrected. However, Windows Update and especially Microsoft Update has generally been a valuable feature, with few problems.

Try to get over yourself, and make a real contribution. You're acting like a fool.
Reply to this comment
Nothing new here
by Doug Woodall September 14, 2007 8:44 AM PDT
Nothing different here. License aggrements can mean anything they want it to.
And I never had to worry about privacy when I used my C-64 to get online. Tee Hee, it had a 300 baud modem!
Reply to this comment
Microsoft wants to control your updates.
by eCurmudgeon September 14, 2007 8:54 AM PDT
So now that explains why Microsoft killed Autopatcher. Autopatcher users could turn off automatic updates completely, and so stealth updates would be more difficult.

As for releasing update CDs -- impractical, given the production time involved and the urgency of so many of the security updates. It would just give the malware authors more time to do their mischief if we had to wait for the mailman to deliver.
Reply to this comment
Another perspective...
by g3po2 September 14, 2007 1:13 PM PDT
Judging from some of the other comments made by readers, it seems to me that some people don't understand some of the ramifications of allowing Microsoft to get away with force-feeding Windows users with updates.

So let us play a very brief version of the game: "What If?"

What if some disgruntled Microsoft employee decided to wreak havoc on Windows users? The mechanism described in your article is an ideal vehicle to deliver disaster.

What if a cyber-crook becomes a Microsoft employee and exploits this "feature" to pocket huge sums of money?

What if a terrorist goes to work for Microsoft? Fill in the blanks...

What if a government makes a deal with Microsoft, or plants a spy as a Microsoft employee, for the purpose of invading the privacy of people?

Some of your critics should perhaps reread George Orwell. Every time the public allows these "little, unimportant things" to happen, more freedom is lost.
Reply to this comment
The same old song...
by tenc21 September 14, 2007 11:54 PM PDT
As usual, I find consistency lacking in this blogger's postings and in one of the comments as well.

Just one side comment on the previous comment by "joliett"--and what is wrong with typing on a royal or commodore? [are you some kind of computer snob?]

Both Michael and commenter g3po2 are doomsday prophets--anyone can pose any number of "what-ifs." The crux of these dire warnings are how likely are the predicted disasters and are the methods or processes hailed as salvation tools the appropriate and effective solutions.

If as Michael has stated that this is the "last straw" by Microsoft, why, being such a security nut, had he stuck with them for so long? It is not as though there were no alternatives, and it's not that Microsoft hadn't failed miserably before in terms of security. To respond to g3po2's "what if" scenarios involving all sorts of disgruntled employees, cybercrooks, terrorists and government plotters, who needs these malevolent characters when Microsoft all by itself has done a pretty good job of screwing up everyone's computers without any resort to intentional malicious actions.

If Microsoft and Windows is this all-powerful evil enterprise, why would anyone think a simple disabling of an automatic patch update process defeat them? Why even continue to use it? [of course, there'd be no "defensive computing" for a good functional OS--Michael isn't that "foolish," he needs Windows to be bad to have material for his blog]
Reply to this comment
The sky is falling! (Anti-MS Hysteria)
by john55440 September 16, 2007 9:25 AM PDT
At best, this article is an illogical, extreme, overreation to a very minor issue.
Reply to this comment
Powered by Jive Software
advertisement

Latest tech news headlines

Resource center from News.com sponsors
What you need in business class email.
Mailtrust

Click Here!
Never worry about email again. From mobility and shared calendaring to virus and spam protection starting at only $3 per mailbox. more>

Rackspace Mailtrust
Total Email Relief

We'll take care of your email so you can take care of your business.

14 Day Free Trial

With expert support 24x7x365 we guarentee 100% uptime. Try us for free for 14 days. Never worry about your email again.

Just $3 per mailbox

Choose the plan that is right for your company and only pay for what you need.

About Defensive Computing

Michael Horowitz is an independent computer consultant and the author of several classes on Defensive Computing. He views Defensive Computing as taking steps, when things are running well, to avoid or minimize the inevitable problems down the road. It's about educating yourself to the level where you can make your own intelligent decisions about keeping your computers and data happy and healthy. If you depend on computers, yet are on your own, without an IT department or nearby nerd, this blog's for you. His personal web site is michaelhorowitz.com.

He is a member of the CNET Blog Network and is not an employee of CNET.

Disclosure.

Add this feed to your online news reader

Defensive Computing topics

Featured blogs

advertisement

Inside CNET News

Scroll Left Scroll Right

  • News - Business Tech

    Chrome's JavaScript challenge to Silverlight

    The advent of Google's Chrome browser, software pros say, should spur a big speedup for JavaScript, which would raise its standing against Microsoft's Silverlight technology.

  • Gallery

    Photos: Top 10 reviews of the week

    Here are CNET Reviews' 10 favorite items from the past week, including the TiVo HD XL, Sony Cyber-shot DSC-H50, and the Dish Network's newest digital TV converter box.

  • News - Apple

    Apple watchers spot 'iPod Nano' pix, iTunes hints

    The rumor mill has long been predicting a longer, leaner new version of the iPod Nano, and now it's conjuring up some pictures.

  • Coop's Corner

    Chris Shipley 1, Internet lynch mob 0

    Demo's impresario goes public with a tart and smartly written riposte to the shoot-from-the-lip crowd.

  • Video

    Katie Couric reflects on first Webcast

    The political conventions are over and so are CBS Evening News anchor Katie Couric's first series of Webcasts. CNET's Kara Tsuboi sat down with Couric on the final night of the Republican National Convention to discuss what she liked about Webcasting, some of her most memorable guests, and whether TV news will still be around by the next round of conventions.

  • News - Digital Media

    Google-focused satellite enters orbit

    The search titan has exclusive rights among online mapping sites to images from the new GeoEye-1 satellite, which launched Saturday.

  • Video

    YouTube plays party politics

    During the presidential campaigning four years ago, YouTube didn't even exist. Now it's a tool candidates must master to get their message across. CNET's Kara Tsuboi stops by the YouTube upload booths at the Democratic and Republican conventions to find out why Google's video site has such a big presence in Denver and St. Paul, Minn.

  • News - Gaming and Culture

    Are Demo and TechCrunch50 fragmenting their audiences?

    With both events scheduled to start Monday, many press, as well as venture capitalists and others are having to choose which one to attend.

  • News - Cutting Edge

    Execs predict next Google-like tech

    On eve of company's 10-year anniversary, researchers and business pundits speculate about what technologies might someday have as much impact as Google.

  • Gallery

    Images: The art of 'Spore' prototypes

    Will Wright and his Maxis team worked on dozens of prototypes to test the elements of their soon-to-be-released evolution game. Here's a sampling.

  • Webware

    At the TechCrunch50, an unfair advantage?

    Inside baseball: How Webware and other blogs can compete with TechCrunch in covering the TechCrunch50 event.

  • Green Tech

    Duke Energy to invest in mini solar power plants

    Can hundreds of rooftop solar panels collectively operate like a central power plant? Duke Energy launches $100 million distributed solar program to find out.

News
Latest news
Business tech
Green tech
Wireless
Security
Media
Popular topics
Apple iPhone
Apple iPod
Dell
PlayStation 3
Wii
Windows Vista
CNET sites
CNET TV
Downloads
Forums
News
Reviews
Site map
More information
Newsletters
Corrections
Customer Help Center
RSS
What's new
About CNET