This kind of invasive behavior is yet another reason to avoid using Vista or XP unless you really, really have to. The questiion then is, are you willing to live with this kind of security breach?

Although Windows 2000 may be "pasee," this sneaky update for the WU client does install to this version of Windows... And to receive this update to the WU client, on a WSUS client system, all you have to do is review the WU web site to see if anything might be missing from the WSUS posted updates... bingo, teh client update to "381" is yours without request...

The Windows Update (and Microsoft Update) sites have done the auto update thing to the Automatic Update engine for a few years now. Whereas they don't give you a lot of choice (install this or you can't check for patches), at least it was a choice.

What a bunch of whiners, you said it was ok to download the latest updates, to do that the updater needed to be updated. If it asked if you wanted the updater updated each time you would then complain about that. Microsoft is not the best but, jeeze, let it rest!

That's the key word - download. I gave permission to download. To install, I want that do be my choice on some machines. If the client needs to be updated to provide an out of band DST patch - or whatever the reason for this upgrade was - notify me and I will take it under advisement.

So what's the problem? Microsoft is an upstanding, squeaky-clean and honest corporation, you can completely trust all your personal information with them.

(Gaak, boy am I glad none of my critical servers are IIS)

Not to be paranoid, but preferential treatment at the DOJ can't possibly be connected with the myriad back doors in Windows, could it?

This is exactly why I don't allow MS to do anything automatically on my PC. I run windows update myself...

What would you say if I said that I think I saw one of those come down and it also wanted to restart my computer. There was no name for this patch, not a single identifying remark about it, except a box popping up indicating that it was finished installing and needed to restart the computer. I mistakenly had my laptop on automatic and happened to be using it when this occurred.

Now I know why over the past three days for no apartent reason my computer has shut down and restarted.

Since you brought up the DOJ and back doors into Microsoft, did you know that Judge Stanley Sporkin, who presided over MS's antitrust lawsuit, was also general counsel for the CIA under Bill Casey in the mid 80's? He was appointed to the court in 1987(?)after Iran/Contra blew up in his face. He presided over the MS case up until about 1994 before Jackson took over. Personally I don't like conspiracy theories but CIA influence over the DOJ is an ongoing problem not only in software but in all matters of the court. I wouldn't be a damn bit surprised if there was a CIA backdoor into XP/Vista. Long live Linux!

Re: Joe's comment about giving permission to download the latest updates. My computer isn't even set to download the updates, it's set to notify only. Despite this, MS downloaded and installed the update without permisson or any notice at all.

Well, this is enough to convince me to turn off automatic update downloading, in fact to turn off all manner of automatic updating.

Like Andrew, I have been downloading the updates automatically and reviewing them before I install, invariably installing most of them.

I have no axe to grind with Microsoft. I simply prefer that my wishes be observed.

I think I see both sides of this, but have to lean towards Joe's comment above. When I first saw the headline for this, I thought some seriously nefarious, underhanded stuff was afoot, but jeez! If you need an auto-update so your auto-update will still work, that's kinda understandable, even if it is a little obnoxious. This borders on flogging a product for the sake of flogging...but still a good catch by Andrew, and valuable to know that MS did this without any public knowledge. That's maybe a little bothersome. At the least, they should announce that they might sometimes auto-update you whether you like it or not....

Remember you do not own the OS you only pay large amounts of money to use the OS on a system. M$ owns the OS and can do what they please with it when ever they want. You have only as much say so as M$ decides you should have after all you are only the user not the owner of the OS.
NOW having said that! I say what a crock! but what else can we expect from M$ but to take that point of view.

One of my machines is set to notify me that updates are available, not to download and to manually install the updates (XP Pro SP2). The other is set to download, but not install (XP Home SP2). Both machines updated themselves, one on 8/21, and the other 8/23. Like others, I usually install the updates, but I want to know what the machines are doing - so if a crash happens, I'll know a possible cause (or at least what was done in the last few days). Makes one uncomfortable that a MS bot can take control - I wonder what else is running that I have no control over??

So Bill does own the world...Think he (or a disgruntled employee) could crash them all?

I had the Update Service and the Background Intelligent Transfer Service (which Update relies on) disabled. In spite of which, I have a shiny new Update Service. My choice to keep the service disabled was overruled, too. I found it up and running, and no longer dependent on BITS.

But it gets better. I have a watchdog that's supposed to ask me before any program is allowed to launch. It has never failed to check with me on any previous Windows Updates, but it failed this time. I have another watchdog that's supposed to ask me about any program or service that tries to add itself to the start-up list. It didn't bother to mention Automatic Update adding itself to the list. Go figure. I have a tripwire that's supposed to notify me if any .exe or .dll has been replaced or modified. Not a peep.

Yes, I'm paranoid. But it wasn't enough, was it?

How long before the bad guys figure out how Microsoft blew past all of my security? How would I know if they've already figured it out? I can't take the risk. Game over.

I'm downloading a Linux distro as I type this. Nope, I'm not a fanboy. In fact, I'm way too old a dog to be learning new tricks. But getting used to Linux can't be any harder than trying to secure Windows, can it?

Is this part of the "Trustworthy Computing Initiative"?

I was able to prevent this from occurring by leaving my computer off. So far, I believe it has worked but I won't know for sure unless I turn the computer back on. Hmmmm, what to do?

Now let's step back and think about this for a moment... that's long enough. So here is what I think part of the underlying reason for an automatic 'automatic updater' install. One of the messages I always see flash by when manually running the update relates to a valid copy of WindowsXP. So if MS was to make the automatic update automattically update then it would allow them the ability to track that issue more robustly. This is also the reasaon one would want the updater to automaticaly update first when performing an update.

And you thought Britney was confused...

Okay, time to turn off my WindowsXp box so it doesn't get any more automatic automatic updater updates... never mind... I know what to do Britney go back to Linux now.

Turn off automatic updates completely. Initiate it manually that way you know what's going on. Or better yet, get your updates through Firefox and Windizupdate. That way all you get is security updates and no extra Microsoft malware.

Wow! Do you guys not get it?? It is NOT updating you machine! It is NOT installing updates, security patches, etc. to your machine! It IS updating the updater, which starts the update service to do just that! Geez! Learn a thing or two before you post! I bet 90% of you think the government is watching you right now. Grab your tin foil hats!! Do some research before you speak please. It forum posts like this that cause mass hysteria.

Richard - MCSE, CISSP

http://blogs.technet.com/mu/archive/2007/09/13/how-windows-update-keeps-itself-up-to-date.aspx

Richard is absolutly right!

richard is completely wrong...

shows the value of those msce exams really...

if its installing software on your machine its installing software on your machine...

where do you think the bloody updater resides you dumbarse...

and you clearly have never had to debug a facking machine thats gone to pot because some idiot has installed something that was unapproved and untested...

hmmm...lets use microsofts own pr as evidence its all ok...it couldnt possibly be biased...next you'll be quoting some wikipedia article...

Oh! Wonderful job!
Very interesting and useful post.
I add your interesting blog in my Netvibes page!