Windows is spyware
Microsoft has crossed the line. They have been disliked by many techies, for arrogance, incompetence and more. But, this wasn't a universal opinion and reasonable people could have disagreed. Now however, the question of Microsoft's corporate character has left the realm of opinion and landed firmly in fact.
They are bad guys.
If there was any doubt, the final straw came today, in the September 13 edition of the Windows Secrets newsletter where the lead article by Scott Dunn (Microsoft updates Windows without users' consent) ended the debate.
According to Scott, "Microsoft has begun patching files on Windows XP and Vista without users' knowledge, even when the users have turned off auto-updates."
Wow. Updating Windows without your being aware of it? And after telling it not to? That's what spyware does. It's what the bad guys do. And now, it's what Microsoft does. They seem to think that they own Windows, and you and I are just renting our copies. Maybe we should read the lease.
There's a saying in the computer security field that if a bad guy gets physical access to your computer, it's not your computer anymore. If Microsoft can silently update Windows against our will, whose computer is it?
Over at ZDNet, Adrian Kingsley-Hughes has Confirmation of stealth Windows Update. He describes a Windows XP machine that was set to download new bug fixes and notify the user, but not to automatically install anything. Yet, install it did.
He writes "I just don't like the idea of having updates foisted upon systems without being aware that they are coming in and having the option to postpone them. Why? Simple. IT'S MY PC!!!" No, Adrian, it's not your computer anymore. It has been assimilated into Microsoft's collective. Rather than being an individual, your copy of Windows does what the Queen tells it to do.
Windows is now malware and our computers are zombies.
The changes Scott describes affect Windows Update. Anyone who runs Windows Update manually, as I prefer to, has been forced to install new versions of it over and over and over again. So why the secrecy this time? And speaking of secrecy, Scott says "To make matters even stranger, a search on Microsoft's Web site reveals no information at all on the stealth updates."
It's inconceivable to me, that any other software company would do exactly what their customers told them not to do.
Exhibit Two
Exhibit two against Microsoft's corporate character is Windows Update.
Many Windows users still have a dial-up Internet connection. The bug fixes to Windows are often large, and a dial-up user may find them too big to download, especially after falling way behind in applying them. Nothing new here, it's been true for years.
So why doesn't Microsoft sell, at cost, a CD containing Windows bug fixes? They did once, briefly, in reaction to a torrent of publicity about security problems in Windows. Why was this the exception and not the rule?
Next time, defending yourself against Microsoft--how to really turn off Automatic Updates. Then back to surge protectors.
Update: September 14, 2007. Integrated Adrian Kingsley-Hughes topic into the posting.
CompUSA - Save on Apple Products!
When Windows update checks for updates, it writes a message in the event log. When it updates itself, it writes messages in the event log TELLING you it updated itself. It leaves the updated files in plain view, with versions and signatures.
Spyware does not operate this way. In fact, this is the INVERSE of spyware. Spyware does none of those things.
I'm not completely happy with WGA, because its implementation was poor, and has bothered some folks with completely valid licenses with temporary connectivity problems, etc. It also has screwed up machines that were allowed updates at first, then denied them after tuning revealed them to have license flaws, even if the flaws were corrected. However, Windows Update and especially Microsoft Update has generally been a valuable feature, with few problems.
Try to get over yourself, and make a real contribution. You're acting like a fool.
And I never had to worry about privacy when I used my C-64 to get online. Tee Hee, it had a 300 baud modem!
As for releasing update CDs -- impractical, given the production time involved and the urgency of so many of the security updates. It would just give the malware authors more time to do their mischief if we had to wait for the mailman to deliver.
So let us play a very brief version of the game: "What If?"
What if some disgruntled Microsoft employee decided to wreak havoc on Windows users? The mechanism described in your article is an ideal vehicle to deliver disaster.
What if a cyber-crook becomes a Microsoft employee and exploits this "feature" to pocket huge sums of money?
What if a terrorist goes to work for Microsoft? Fill in the blanks...
What if a government makes a deal with Microsoft, or plants a spy as a Microsoft employee, for the purpose of invading the privacy of people?
Some of your critics should perhaps reread George Orwell. Every time the public allows these "little, unimportant things" to happen, more freedom is lost.
Just one side comment on the previous comment by "joliett"--and what is wrong with typing on a royal or commodore? [are you some kind of computer snob?]
Both Michael and commenter g3po2 are doomsday prophets--anyone can pose any number of "what-ifs." The crux of these dire warnings are how likely are the predicted disasters and are the methods or processes hailed as salvation tools the appropriate and effective solutions.
If as Michael has stated that this is the "last straw" by Microsoft, why, being such a security nut, had he stuck with them for so long? It is not as though there were no alternatives, and it's not that Microsoft hadn't failed miserably before in terms of security. To respond to g3po2's "what if" scenarios involving all sorts of disgruntled employees, cybercrooks, terrorists and government plotters, who needs these malevolent characters when Microsoft all by itself has done a pretty good job of screwing up everyone's computers without any resort to intentional malicious actions.
If Microsoft and Windows is this all-powerful evil enterprise, why would anyone think a simple disabling of an automatic patch update process defeat them? Why even continue to use it? [of course, there'd be no "defensive computing" for a good functional OS--Michael isn't that "foolish," he needs Windows to be bad to have material for his blog]