Sep 18, 2007

[Security] Microsoft sneaks in updates while no one's looking

Before, I called Microsoft's Windows Genuine Advantage Tool as spyware. Now, another suspicious activity regarding Windows XP and Vista has been reported.

InformationWeek reports on Microsoft secretly updating Windows Update, the tool used by Windows for checking and installing patches to the operating system, even if the Windows Update is turned off by the user. In short, the operating system is being updated without the user's permission.

Microsoft's stance was understandable but quite risky. As Bruce Schneier opines:

Note that Microsoft can do this; that's just stupid company stuff. But what's to stop anyone else from using Microsoft's stealth remote install capability to put anything onto anyone's computer? How long before some smart hacker exploits this, and then writes a program that will allow all the dumb hackers to do it?

When you build a capability like this into your system, you decrease your overall security.

For Windows users: have you turned off Automatic Updates? Why?

No comments:

Post a Comment