Linked by Thom Holwerda on Mon 13th Apr 2009 21:41 UTC
Internet Explorer Microsoft will soon start encouraging users running old versions of Internet Explorer to upgrade to the latest edition of its browser. People running IE 6 and 7 on Windows XP, Windows Vista, Windows Server 2003 and Windows Server 2008 will in the third week of April receive a notification through the Automate Update service that encourages them to upgrade their system to IE 8, Microsoft has said. This is not a hard sell, though. IE 8, released last month, won't start automatically installing itself on your machine - you'll have to opt in, by clicking the install button itself on the update message's accompanying screen.
Thread beginning with comment 358484
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Amazing!
by lemur2 on Tue 14th Apr 2009 14:06 UTC in reply to "RE: Amazing!"
lemur2
Member since:
2007-02-17

Good troll, you got a few people worked up.

MS could only force IE8 onto those people who have automatic updates enabled. If these are switched off then you will never be bothered by the update message or the IE8 install.


That is true of the way that MS have decided to deploy IE8.

It is not, however, true in general. There was one occasion where an update from Microsoft installed itself via Windows Update silently (ie. without asking the local administrator), and despite whatever settings that the local administrator had selected for updates.

In the ensuing investigation, Microsoft admitted that it was the design of Windows Update to allow this for "updates to Windows Update". That is to say, anything that Microsoft tags as an "update to Windows Update" can be pushed on to your Windows system, by Microsoft, without your say so, and regardless of your selected options for updates.

http://blogs.zdnet.com/hardware/?p=779

Now if Microsoft can push an "update to Windows Update" on to your machine, then it transpires that they can also push a sequence of updates such as this:

(1) A silent update to Windows Update.
(2) Whatever Microsoft wants, silently, as allowed by the new Windows Update installed at (1)
then
(3) Another silent update to Windows Update, which restores the original Windows Update behaviour.

So using such a sequence, Microsoft have the ability to silently install whatever they want on your Windows machine, without your knowledge or permission, and without Microsoft having to know any password of your choosing.

This then is a classic case of a computing backdoor.

Edited 2009-04-14 14:16 UTC

Reply Parent Score: 1

RE[3]: Amazing!
by HappyGod on Tue 14th Apr 2009 14:30 in reply to "RE[2]: Amazing!"
HappyGod Member since:
2005-10-19

I think you might be stumbling over the line to paranoia there! Certainly had me reaching for my tin foil hat :-)

Anyhow, I actually agree that auto updates are getting a bit out of hand, but you can't really point the finger solely at MS.

Practically everything you install these days comes with it's own auto-update software. Apple's is the worst because it actually installs new software as well as updating your existing software! Not cool.

I'm actually writing an auto-update routine for my company's software suite at the moment...

Please, no hate mail :-)

Reply Parent Score: 2

RE[4]: Amazing!
by lemur2 on Tue 14th Apr 2009 23:36 in reply to "RE[3]: Amazing!"
lemur2 Member since:
2007-02-17

I think you might be stumbling over the line to paranoia there! Certainly had me reaching for my tin foil hat :-)


Well, it is indeed paranoid thinking in the sense that Microsoft have never used that capability as far as anyone is aware. I certainly make no claim that they have.

The one incident that highlighted this aspect of Windows Update behaviour was actually an accident on Microsoft's part. Unintentional. But it did demonstrate that a silent update from Microsoft was possible.

However, it is not paranoid at all to point out that the backdoor certainly exists, especially in light of the fact that the Microsoft EULA for Windows specifically reserves the right for Microsoft to change the Windows software on your machine.

Remember, despite the fact that you pay for it, Microsoft believe that the Windows software on your machine is still their property, and they have reserved for themselves the right, and the means, to change it at their own discretion, not yours.

This mechanism, BTW, even allows Microsoft a "kill switch" on your Windows machine.

Interesting, isn't it?

Even more interesting is the fact that millions upon millions of people either: will not believe that this is the case; or do not know or care (or both) that this is the case; or are aware that this is the case but still actively try to discredit or drown out any voices that point it out to the general public.

My own post on this OSNews thread which describes the mechanism of this potential backdoor was modded down, apparently by someone that "can't handle the truth".

Edited 2009-04-14 23:41 UTC

Reply Parent Score: 2