Linked by Thom Holwerda on Fri 14th Sep 2007 14:02 UTC, submitted by tux68
Microsoft has begun patching files on Windows XP and Vista without users' knowledge, even when the users have turned off auto-updates. Many companies require testing of patches before they are widely installed, and businesses in this situation are objecting to the stealth patching. "Normal behaviour," according to Microsoft.
Thread beginning with comment 271828
To view parent comment, click here.
To read all comments associated with this story, please click here.
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:2005-07-06
Member since:2007-02-17
Disable the Windows Update service. Disable. it. It won't run.
What don't you understand?
What don't you understand?
Disable it and your system can be compromised by any new 0 day exploit that is discovered. As soon as a new 0 day is discovered, you have no effective choice but to enable WU, in order to get the update that fixes the new 0 day vulnerability.
Enable it so that WU runs and you cannot prevent some types of alleged "updates" using it as a backdoor, even if you set it to "inform me but do not install updates".
You can't afford to disable WU, but you can't afford to run it either. Either way, you are screwed, and not in control of your own Windows system.
What don't you understand?
Edited 2007-09-17 00:46
Member since:
2007-02-17
Sigh!
Even if we take MS cheerleaders at their word and assume that WU can be disabled, then that in effect means that the Windows system is now vulnerable (after WU has been disabled) to the very latest "Windows exploit of the day". In this sense it is not safe to completely disable WU ... because your system is bound to get compromised sooner or later through another exploit.
In this sense you cannot disable WU because you cannot afford to.
If we set WU to one of the "tell me about updates but don't install them" options, the it turns out that Windows doesn't actually obey the "don't install them" setting at all times ... and in that sense the WU backdoor into a Windows system cannot be disabled.
In this sense you cannot disable the WU system-level backdoor because WU doesn't do what you set it to do.
So with a Windows system, you cannot remove Microsoft's "push" control over the system without isolating the system from the Internet, nor can you afford to. You cannot have a secure system, by design.
Edited 2007-09-16 23:07