"Windows Update (WU) started altering files on users' systems without displaying any dialog box to request permission. The only files that have been reportedly altered to date are nine small executables on XP and nine on Vista that are used by WU itself. Microsoft is patching these files silently, even if auto-updates have been disabled on a particular PC."There has been a series of articles on numerous sites about mysterious changes to user Automatic Update settings, many of which are shown below as references. The most likely explanation to the changes in the AU settings is explained by Scott Dunn as attributable to Windows OneCare.
Well, instead of beating the drums, Bill Pytlovany took action. As of the WinPatrol update issued today, WinPatrol 12.2.2007 will alert you if changes are made to your Automatic Update settings. Bill explained the purpose of the update:
"Like most features, the intention is to protect users from changes made by malicious programs. As a side however, it will also detect if Microsoft or one of their applications decide to change these settings without your knowledge.As a devoted WinPatrol fan, I installed the update, launched the Security Center and selected "Turn Automatic Updating on or off". As you can see from the screen copy below, WinPatrol notified me that a change was detected in Windows Auto Updates (AU), providing the opportunity to prevent the change or restore the previous settings.
Also included in this new version will be detection of a few other unique settings like the prefix inserted by your browser (http://). If you don’t include http:// when you type in an address, Windows automatically adds it. If I changed this setting to http://www.billp.com/ no matter what you typed into your browser you’d always come to me. Depending on what comes after it, I could display a fake look-alike phishing page and grab your eBay, or Paypal account number."
For a change intentionally being made to AU, tell Scotty "No" and WinPatrol will leave your changes untouched. However, if some unknown force attempts to change the settings without your permission, merely click "Yes" to give Scotty permission to restore the original settings.
Way to go Bill!
There is so much more that WinPatrol can do to monitor your computer. The WinPatrol update today is frosting on the cake.
- Read about WinPatrol Features: http://www.winpatrol.com/features.html
- Download WinPatrol: http://www.winpatrol.com/download.html
- See Bits from Bill: Detect Changes to Windows Automatic Updates
- Update 29Oct07: Press Release (PDF)
- Scott Dunn, Windows Secrets (13Sep07): Microsoft updates Windows without users' consent
- AeroXperience Blog (10Oct07): Automatic Updates feature forces machines across the globe to reboot
- Nate Clinton, TechNet (12Oct07): Response to recent web posts [updated]
- MaryJo Foley, ZDNet (12Oct07): Windows Update automatically changing user settings (again)
- Scott Dunn, Windows Secrets (25Oct07): PC rebooting? The cause may be MS OneCare
- Gregg Keizer, InfoWorld (19Oct07): Microsoft: We didn't change Automatic Updates
- Gregg Keizer, InfoWorld (25Oct07): Microsoft's OneCare silently changes Automatic Updates
- Windows Live OneCare Team (25Oct07): Understanding OneCare's integration with Microsoft Update