Patch service shuts after Microsoft request

AutoPatcher, a 4-year-old project to distribute Microsoft patches and other updates to software that runs on Windows, has shut down because of a Microsoft request.

"Today we received an e-mail from Microsoft, requesting the immediate takedown of the download page, which of course means that AutoPatcher is probably history," said project manager Antonis Kaladis in a post Wednesday. "As much as we disagree, we can do very little, and...we took the download page down."

AutoPatcher had a variety of uses. For example, people with limited bandwidth could download patches once and install them on multiple computers, or people setting up new machines could apply security updates without having to expose the computer to network security risks. AutoPatcher could handle updates from Microsoft as well as third-party software such as Sun Microsystems' Java.

Microsoft said it "discourages" others from distributing supplemental software such as hot fixes, security patches and service packs and that doing so infringes the company's copyright. "This policy is in place due to concern for the safety and security of our customers, as we can only guarantee the download's contents when it comes from a Microsoft Web site," the company said in a statement. "We contacted AutoPatcher earlier today to request that they stop redistributing our Microsoft intellectual property."

According to a post on the Neowin news and discussion site, which hosted the official AutoPatcher forum, the company wants to be the sole distributor of its own software updates. Microsoft's legal department notified Neowin co-founder Steven Parker of the company's objections and had requested Neowin cut a tie it had to AutoPatcher.

"I had a call from Microsoft Legal this morning and they have told me that we are no longer allowed to endorse AutoPatcher on Neowin. Microsoft will only allow updates to be downloaded from its own servers," Parker said in the post.

Microsoft indicated it acted now because it just found out about the site. "Microsoft tries to contact anyone who is in violation of our policy as soon as we can once we are aware of what they're doing," the company said.

However, the company has had plenty of time.

AutoPatcher and its network of download "mirror" sites have been operating for four years, and the project's frequently-asked-questions page describes it as legal. "The AutoPatcher project has been going strong since 2003 and never had a sniff of trouble from Microsoft," the page says. "Kaladis once spoke to a Microsoft employee and apparently they know about us but don't care what we do," the page also says.

Parker reported that Windows Genuine Advantage, a Microsoft antipiracy program that checks legitimacy of a version of Windows, apparently isn't involved. WGA certification is required to install some software updates.

"I asked the representative if Windows Genuine Advantage had anything to do with it, and he categorically told me this was not the case," Parker said. "The concern at Microsoft had more to do with the possible malicious code that could be redistributed with certified Microsoft updates."

The representative also told Parker that Firefox, an open-source Web browser rival to Microsoft's Internet Explorer, now can be used to access Microsoft's Windows Update service for versions of Windows predating Vista. However, some forum posters said they were unable to do so.

[ptroxler]

stop whining, get moving

wouldn't this be a good moment to abandon MS windows
alltogether for an alternative solution?

[The_Decider]

Agreed

Why deal with AV and AS software?

Why put up with constant nags if you don't want to slow down your system with automatic updates that doesn't even update all MS software much less the rest of your software? It is not like updates are common enough to justify running yet another service.

Why not pick a solution that doesn't tell you what you can and can't do and gives you all updates for 99.999% of the programs on your computer?

[Renegade Knight]

Already There

My next upgrade is a Smart Phone. Symbian, Linux, Palm, even Blackberry are all on the table. What's not is the one product that has shown it doesn't work reliably.

[inachu]

Now only if MS owned autopatcher.

Sometimes in a private lan that is infected one must be disconnected to protect itself.

Autopatcher was the fix for this then after patches are installed and antivirus/spyware software is isntalled then it can connected back to the lan and stay clean.

Microsoft should think twice about this.

[MaLvaDo39]

Get a Mac

Now!

[rapier1]

Of course!

because Mac's *never* need to be updated. I'm sure if they did
need to be patched you'd be able to find their patches from any
number of sources other than Apple and their updater service.

(In case you missed it, that was sarcasm - Currently I'm running
10.4.10 because, lo and behold, the 10.4 has been updated and
patched multiple times. This doesn't include the security patches
obviously. Also, as far as I can tell - there is no source for
patches other than Apple. As such, same Apple is no better in
this regard and its a false criticism and complaint).

[gggg sssss]

because

the nice folks at Apple aren't as propritary about their stuff? what an as*

[Vegaman_Dan]

Because Apple allows anyone to host their OS patches

Oh wait, they don't. They control the only source of officially supported patches.

It's a responsible move to keep a single point of updates. Apple does it and it makes sure when you visit that site, you're getting the official latest and supported updates, not something that is out of date, unsupported, or even potentially compromised.

I'm glad to see Microsoft putting the clamps down on this like Apple has.

[dolynn]

I'm getting one in October

Everyone I have talked to that bought a Vista PC for home did not like it at all and wished they hadn't bought it. They said it's similar to learning a new OS. If I have to go through all that, it will be on a Mac. Watching the iLife demo has given me some very creative ideas now, something MS has never done for me.

[groink_hi]

Hunch on why now...

Microsoft is probably shutting down the 3rd-party patch sites in preparation for their SMS 4.0 product release - renamed System Center Configuration Manager 2007. If organizations like AutoPatcher continues to distribute hotfixes, it pretty much defeats the purpose of services like WUS and SMS. Even companies like LANDesk at least links to WUS for its hotfixes. Using AutoPatcher totally bypasses anything with a microsoft.com tacked on.

What I basically do is use MBSA to figure out what patches I'm lacking, download them, package them, and then distribute to my PCs through things like SMS, Active Directory, etc. You can even burn them to CD and mail to some remote island.

[fred dunn]

WGA and SPP are M$ Motive...

So Autopatcher went against the license agreement for the patches indicating that MS is the sole source of patches, SO WHAT!
I am not naive enough to know that malicious code can be injected into a patch coming from anybody other than MS but I am also not naive enough to think that MS move was in the best interest of the users.
Rather it was another move to ensure that ALL Windows systems check in with MS regularly so that they can do their WGA/SPP tricks.
If you have XP it's not so bad but if you have Vista and for one reason or another (like the last weekend's server failure) then your Vista box just becomes a space heater.
It will be a cold day in hell before I buy and install Vista on any of my systems knowing that MS can disable the OS.
I plan on continuing with XP until either MS removes that capability or I go to another OS altogether.
AutoPatcher was a service to a great deal of folks because you could download all of the patches to a CD and upgrade a rebuilt or new OS BEFORE it goes onto the network.
What MS has done now is force you to put a unpatched machine on the network to get all 70 or 80 odd patches from MS.
Another idication of where MS stands on security.

[umbrae]

Windows Update on Firefox?

Yeah right. They say the same about Sharepoint, but it is an outright lie. Neither work in FF. This is the message you get going to Windows Update in FF:

"To use this site, you must be running Microsoft Internet Explorer 5 or later.

To upgrade to the latest version of the browser, go to the Internet Explorer Downloads website.

If you prefer to use a different web browser, you can obtain updates from the Microsoft Download Center or you can stay up to date with the latest critical and security updates by using Automatic Updates. To turn on Automatic Updates:

1. Click Start, and then click Control Panel.
2. Depending on which Control Panel view you use, Classic or Category, do one of the following:
* Click System, and then click the Automatic Updates tab.
* Click Performance and Maintenance, click System, and then click the Automatic Updates tab.
3. Click the option that you want. Make sure Automatic Updates is not turned off."

[Renegade Knight]

Man, I wish I had known about this site before...

I like being able to download and store my patches so when I reformat (which I will, it's a windows machine after all). I can install all the patches and be good to go.

Plus when MS drops support, and they will, you still have access to the patchs that your money paid for. Right now I need a Win 95 legacy machine for some old software.

[groink_hi]

You can still download and archive...

As I mentioned in my earlier comment, you can run Microsoft Baseline Security Analyzer. Google it. Run it on your PC, and then use the hyperlinks it generates in its reports to download and archive the hotfixes. You can even take these hotfixes and slip stream them into an XP or Vista install folder.

AutoPatcher just made the process simple. But Microsoft does in fact provide similar tools. It just takes some research.

[Jim Harmon]

Update sources

Personally, I don't trust any updates unless I get them from the MS site. Anyone who's surfed the web long anough knows there are far too many fake "updates" out there. I've even gotten emails that say I need to click a link in order to get the update. Yeah, I'll get right on that - immediately after I reply to this guy in Nigeria.

[atglabs]

Control Freaks - Screw the users

Attaching an unprotected Windows PC to the internet takes from 10 to 30 minutes max (depending on the source of the test) to have the system exploited by at least one severe security exploit. Bots, trojans, etc. There are probably millions of already infected systems trying to locate infectable systems, often by just examining all machines on their IP subnet.

If you got cable or DSL, your neighbor's compromised machine will nail your newly reinstalled unprotected XPsp1 before you can even find the patch to update to SP2.

In Microsoft's pathological control madness, pulling the only source of slipstreamed updates off the net shows they don't give a s*t about their customer's security.

Maybe it's time for some good class-action lawyer to put a couple-hundred unpatched windows machines on the internet and then sue microsoft for not making a secure patch acquisition service available.

(I know that if I spend 10 or 20 hours to find and then download patches from an already-patched machine, and then spend hours making a slipstream install disk, that I don't need AutoPatcher. But, at say $75/hour, it give the class-action lawyer a good idea of the magnitude of the expense Microsoft is thrusting on each user who needs to reinstall one of their OSes.)

AutoPatcher did the hard work for me, and without costing a fortune. Microsoft, I need your business practices like I need hemmoroids.

Bahh.

[wbenton]

Microsoft indicated it acted now because it just found out about the site.

The company has been around for 4 years and Microsoft is just now finding out about it.

(* ROFLMAO *)

That in itself speaks volumes.

Microsoft is always behind the times... this only proves that it's about 4 years behind the times. (* ROFLOL *)

Sorry, but I just can't help but laugh at this report!

Walt