August 29, 2007 12:32 PM PDT

Patch service shuts after Microsoft request

AutoPatcher, a 4-year-old project to distribute Microsoft patches and other updates to software that runs on Windows, has shut down because of a Microsoft request.

"Today we received an e-mail from Microsoft, requesting the immediate takedown of the download page, which of course means that AutoPatcher is probably history," said project manager Antonis Kaladis in a post Wednesday. "As much as we disagree, we can do very little, and...we took the download page down."

AutoPatcher had a variety of uses. For example, people with limited bandwidth could download patches once and install them on multiple computers, or people setting up new machines could apply security updates without having to expose the computer to network security risks. AutoPatcher could handle updates from Microsoft as well as third-party software such as Sun Microsystems' Java.

Microsoft said it "discourages" others from distributing supplemental software such as hot fixes, security patches and service packs and that doing so infringes the company's copyright. "This policy is in place due to concern for the safety and security of our customers, as we can only guarantee the download's contents when it comes from a Microsoft Web site," the company said in a statement. "We contacted AutoPatcher earlier today to request that they stop redistributing our Microsoft intellectual property."

According to a post on the Neowin news and discussion site, which hosted the official AutoPatcher forum, the company wants to be the sole distributor of its own software updates. Microsoft's legal department notified Neowin co-founder Steven Parker of the company's objections and had requested Neowin cut a tie it had to AutoPatcher.

"I had a call from Microsoft Legal this morning and they have told me that we are no longer allowed to endorse AutoPatcher on Neowin. Microsoft will only allow updates to be downloaded from its own servers," Parker said in the post.

Microsoft indicated it acted now because it just found out about the site. "Microsoft tries to contact anyone who is in violation of our policy as soon as we can once we are aware of what they're doing," the company said.

However, the company has had plenty of time.

AutoPatcher and its network of download "mirror" sites have been operating for four years, and the project's frequently-asked-questions page describes it as legal. "The AutoPatcher project has been going strong since 2003 and never had a sniff of trouble from Microsoft," the page says. "Kaladis once spoke to a Microsoft employee and apparently they know about us but don't care what we do," the page also says.

Parker reported that Windows Genuine Advantage, a Microsoft antipiracy program that checks legitimacy of a version of Windows, apparently isn't involved. WGA certification is required to install some software updates.

"I asked the representative if Windows Genuine Advantage had anything to do with it, and he categorically told me this was not the case," Parker said. "The concern at Microsoft had more to do with the possible malicious code that could be redistributed with certified Microsoft updates."

The representative also told Parker that Firefox, an open-source Web browser rival to Microsoft's Internet Explorer, now can be used to access Microsoft's Windows Update service for versions of Windows predating Vista. However, some forum posters said they were unable to do so.

See more CNET content tagged:
Microsoft Windows Genuine Advantage, network security, project manager, Microsoft Corp., patch management


Join the conversation!
Add your comment
stop whining, get moving
wouldn't this be a good moment to abandon MS windows
alltogether for an alternative solution?
Posted by ptroxler (4 comments )
Reply Link Flag
Why deal with AV and AS software?

Why put up with constant nags if you don't want to slow down your system with automatic updates that doesn't even update all MS software much less the rest of your software? It is not like updates are common enough to justify running yet another service.

Why not pick a solution that doesn't tell you what you can and can't do and gives you all updates for 99.999% of the programs on your computer?
Posted by The_Decider (3097 comments )
Link Flag
Already There
My next upgrade is a Smart Phone. Symbian, Linux, Palm, even Blackberry are all on the table. What's not is the one product that has shown it doesn't work reliably.
Posted by Renegade Knight (13748 comments )
Link Flag
Now only if MS owned autopatcher.
Sometimes in a private lan that is infected one must be disconnected to protect itself.

Autopatcher was the fix for this then after patches are installed and antivirus/spyware software is isntalled then it can connected back to the lan and stay clean.

Microsoft should think twice about this.
Posted by inachu (963 comments )
Reply Link Flag
Get a Mac
Posted by MaLvaDo39 (365 comments )
Reply Link Flag
Of course!
because Mac's *never* need to be updated. I'm sure if they did
need to be patched you'd be able to find their patches from any
number of sources other than Apple and their updater service.

(In case you missed it, that was sarcasm - Currently I'm running
10.4.10 because, lo and behold, the 10.4 has been updated and
patched multiple times. This doesn't include the security patches
obviously. Also, as far as I can tell - there is no source for
patches other than Apple. As such, same Apple is no better in
this regard and its a false criticism and complaint).
Posted by rapier1 (2722 comments )
Link Flag
the nice folks at Apple aren't as propritary about their stuff? what an as*
Posted by gggg sssss (2285 comments )
Link Flag
Because Apple allows anyone to host their OS patches
Oh wait, they don't. They control the only source of officially supported patches.

It's a responsible move to keep a single point of updates. Apple does it and it makes sure when you visit that site, you're getting the official latest and supported updates, not something that is out of date, unsupported, or even potentially compromised.

I'm glad to see Microsoft putting the clamps down on this like Apple has.
Posted by Vegaman_Dan (6683 comments )
Link Flag
I'm getting one in October
Everyone I have talked to that bought a Vista PC for home did not like it at all and wished they hadn't bought it. They said it's similar to learning a new OS. If I have to go through all that, it will be on a Mac. Watching the iLife demo has given me some very creative ideas now, something MS has never done for me.
Posted by dolynn (7 comments )
Link Flag
Hunch on why now...
Microsoft is probably shutting down the 3rd-party patch sites in preparation for their SMS 4.0 product release - renamed System Center Configuration Manager 2007. If organizations like AutoPatcher continues to distribute hotfixes, it pretty much defeats the purpose of services like WUS and SMS. Even companies like LANDesk at least links to WUS for its hotfixes. Using AutoPatcher totally bypasses anything with a tacked on.

What I basically do is use MBSA to figure out what patches I'm lacking, download them, package them, and then distribute to my PCs through things like SMS, Active Directory, etc. You can even burn them to CD and mail to some remote island.
Posted by groink_hi (380 comments )
Reply Link Flag
WGA and SPP are M$ Motive...
So Autopatcher went against the license agreement for the patches indicating that MS is the sole source of patches, SO WHAT!
I am not naive enough to know that malicious code can be injected into a patch coming from anybody other than MS but I am also not naive enough to think that MS move was in the best interest of the users.
Rather it was another move to ensure that ALL Windows systems check in with MS regularly so that they can do their WGA/SPP tricks.
If you have XP it's not so bad but if you have Vista and for one reason or another (like the last weekend's server failure) then your Vista box just becomes a space heater.
It will be a cold day in hell before I buy and install Vista on any of my systems knowing that MS can disable the OS.
I plan on continuing with XP until either MS removes that capability or I go to another OS altogether.
AutoPatcher was a service to a great deal of folks because you could download all of the patches to a CD and upgrade a rebuilt or new OS BEFORE it goes onto the network.
What MS has done now is force you to put a unpatched machine on the network to get all 70 or 80 odd patches from MS.
Another idication of where MS stands on security.
Posted by fred dunn (793 comments )
Reply Link Flag
Windows Update on Firefox?
Yeah right. They say the same about Sharepoint, but it is an outright lie. Neither work in FF. This is the message you get going to Windows Update in FF:

"To use this site, you must be running Microsoft Internet Explorer 5 or later.

To upgrade to the latest version of the browser, go to the Internet Explorer Downloads website.

If you prefer to use a different web browser, you can obtain updates from the Microsoft Download Center or you can stay up to date with the latest critical and security updates by using Automatic Updates. To turn on Automatic Updates:

1. Click Start, and then click Control Panel.
2. Depending on which Control Panel view you use, Classic or Category, do one of the following:
* Click System, and then click the Automatic Updates tab.
* Click Performance and Maintenance, click System, and then click the Automatic Updates tab.
3. Click the option that you want. Make sure Automatic Updates is not turned off."
Posted by umbrae (1073 comments )
Reply Link Flag
Man, I wish I had known about this site before...
I like being able to download and store my patches so when I reformat (which I will, it's a windows machine after all). I can install all the patches and be good to go.

Plus when MS drops support, and they will, you still have access to the patchs that your money paid for. Right now I need a Win 95 legacy machine for some old software.
Posted by Renegade Knight (13748 comments )
Reply Link Flag
You can still download and archive...
As I mentioned in my earlier comment, you can run Microsoft Baseline Security Analyzer. Google it. Run it on your PC, and then use the hyperlinks it generates in its reports to download and archive the hotfixes. You can even take these hotfixes and slip stream them into an XP or Vista install folder.

AutoPatcher just made the process simple. But Microsoft does in fact provide similar tools. It just takes some research.
Posted by groink_hi (380 comments )
Link Flag
Update sources
Personally, I don't trust any updates unless I get them from the MS site. Anyone who's surfed the web long anough knows there are far too many fake "updates" out there. I've even gotten emails that say I need to click a link in order to get the update. Yeah, I'll get right on that - immediately after I reply to this guy in Nigeria.
Posted by Jim Harmon (329 comments )
Reply Link Flag
Control Freaks - Screw the users
Attaching an unprotected Windows PC to the internet takes from 10 to 30 minutes max (depending on the source of the test) to have the system exploited by at least one severe security exploit. Bots, trojans, etc. There are probably millions of already infected systems trying to locate infectable systems, often by just examining all machines on their IP subnet.

If you got cable or DSL, your neighbor's compromised machine will nail your newly reinstalled unprotected XPsp1 before you can even find the patch to update to SP2.

In Microsoft's pathological control madness, pulling the only source of slipstreamed updates off the net shows they don't give a s*t about their customer's security.

Maybe it's time for some good class-action lawyer to put a couple-hundred unpatched windows machines on the internet and then sue microsoft for not making a secure patch acquisition service available.

(I know that if I spend 10 or 20 hours to find and then download patches from an already-patched machine, and then spend hours making a slipstream install disk, that I don't need AutoPatcher. But, at say $75/hour, it give the class-action lawyer a good idea of the magnitude of the expense Microsoft is thrusting on each user who needs to reinstall one of their OSes.)

AutoPatcher did the hard work for me, and without costing a fortune. Microsoft, I need your business practices like I need hemmoroids.

Posted by atglabs (7 comments )
Reply Link Flag
Microsoft indicated it acted now because it just found out about the site.
The company has been around for 4 years and Microsoft is just now finding out about it.


That in itself speaks volumes.

Microsoft is always behind the times... this only proves that it's about 4 years behind the times. (* ROFLOL *)

Sorry, but I just can't help but laugh at this report!

Posted by wbenton (522 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.