Newest Windows Update snafu puzzles Microsoft
- 17 October, 2007 09:10
For the second time in a month, Microsoft has had to defend Windows Update against charges that it upgraded machines without users' permission. So far, it has no explanation for the newest instance of unauthorized updating.
In a post published late last week to a company blog, Nate Clinton, program manager for Microsoft Update, denied that Windows' update mechanism was to blame for reports of settings being changed without user interaction, updates downloading and installing, and systems rebooting.
"We have received some logs from customers, and have so far been able to determine that their AU [Automatic Update] settings were not changed by any changes to the AU client itself and also not changed by any updates installed by AU," Clinton said.
Claims started to trickle in shortly after the rollout last week of multiple security patches that machines running Windows Vista had updated on their own, even though users had set Automatic Update to require their approval before downloading and/or installing patches. Some users also reported that machines had rebooted, which caused data loss in applications that had been left open.
The Windows enthusiast site AeroXperience was the first to notice the wildcat updates, and collected accounts from users. "I had mine set to 'Check for updates but let me choose whether to download and install them,' it's now on 'Install Automatically'," said Jon Abbott on an AeroXperience forum last week.
Others noted that the mysteriously changed settings resulted in downloaded and installed patches with a reboot to finalize the installation. "Just now I had my computer reboot on me because windows update, without my permission, downloaded and installed updates for my computer and then rebooted," said a member identified as "Zeros and Ones."
According to other messages on the AeroXperience forum, users running Vista Service Pack 1 (SP1) were unaffected. Also, no reports originated from users running Windows XP or Windows Server 2003.
This incident follows the disclosure last month that, contrary to users' instructions, Automatic Update had updated itself. Microsoft tried to deflect the criticism by saying that the practice was necessary to keep AU up-to-date, and thus keep users' computers safe. At that time, Clinton said Microsoft would consider changes to make the update process more transparent to customers. "We are now looking at the best way to clarify WU's behavior to customers so that they can more clearly understand how WU works," he said in a post to the same company blog on September 13.
Since then, neither Microsoft nor Clinton has made any additional announcements about changes being considered to Windows Update.
Even Microsoft seems unsure about what caused the Vista-powered systems to mutiny and install updates without orders. "We are still looking into this to see if another application is making this change during setup with user consent, or if this issue is related to something else," Clinton said.
AeroXperience, which claimed to be working with Microsoft on tracking down the bug, hinted that it might be the fault of Windows Live OneCare, Microsoft's consumer-grade security suite. The site asked members who had experienced the forced update and who also had installed OneCare to forward the program's event logs to a designated e-mail address.
Join the Computerworld Australia group on Linkedin. The group is open to IT Directors, IT Managers, Infrastructure Managers, Network Managers, Security Managers, Communications Managers.
- IDC: Delivering Customer Value with Enterprise Flash Deployments
- Protecting Your Data, Intellectual Property, and Brand from Cyber Attacks
- Securing the Promise of Virtualisation
- Six Reasons to Empower Your SharePoint Citizen Developers
- Cloud Computing for Midsize Businesses: Delivering Innovation and Efficiency
Skill shortages? Not if you pay or train
Dell replays Windows 8 blame card as PC sales slide
Telstra continues with billion dollar 4G plan
What’s life really like on the NBN? (Part II)
40 years ago, Ethernet's fathers were the startup kids