Friday, October 26, 2007

Detect Changes to Windows Automatic Updates with WinPatrol

On September 13, 2007, Scott Dunn of Windows Secrets reported
"Windows Update (WU) started altering files on users' systems without displaying any dialog box to request permission. The only files that have been reportedly altered to date are nine small executables on XP and nine on Vista that are used by WU itself. Microsoft is patching these files silently, even if auto-updates have been disabled on a particular PC."
There has been a series of articles on numerous sites about mysterious changes to user Automatic Update settings, many of which are shown below as references. The most likely explanation to the changes in the AU settings is explained by Scott Dunn as attributable to Windows OneCare.

Well, instead of beating the drums, Bill Pytlovany took action. As of the WinPatrol update issued today, WinPatrol 12.2.2007 will alert you if changes are made to your Automatic Update settings. Bill explained the purpose of the update:
"Like most features, the intention is to protect users from changes made by malicious programs. As a side however, it will also detect if Microsoft or one of their applications decide to change these settings without your knowledge.

Also included in this new version will be detection of a few other unique settings like the prefix inserted by your browser (http://). If you don’t include http:// when you type in an address, Windows automatically adds it. If I changed this setting to http://www.billp.com/ no matter what you typed into your browser you’d always come to me. Depending on what comes after it, I could display a fake look-alike phishing page and grab your eBay, or Paypal account number."

As a devoted WinPatrol fan, I installed the update, launched the Security Center and selected "Turn Automatic Updating on or off". As you can see from the screen copy below, WinPatrol notified me that a change was detected in Windows Auto Updates (AU), providing the opportunity to prevent the change or restore the previous settings.

For a change intentionally being made to AU, tell Scotty "No" and WinPatrol will leave your changes untouched. However, if some unknown force attempts to change the settings without your permission, merely click "Yes" to give Scotty permission to restore the original settings.

Way to go Bill!

There is so much more that WinPatrol can do to monitor your computer. The WinPatrol update today is frosting on the cake.


References:

27Oct07 Edit Note: Updated to add Windows Live OneCare Team Blog link.



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...




No comments: