RE: Via Slashdot: Microsoft updates Windows without users'consent

["Larry Seltzer" <Larry () larryseltzer com>]

> From Microsoft:
 
http://windowsvistablog.com/blogs/windowsvista/archive/2007/09/13/an-exp
lanation-of-windows-update-automatic-updates.aspx

The Microsoft Update team has posted a statement
<http://blogs.technet.com/mu/>  addressing the current community
discussion on Windows Update's self-updating behavior.  The upshot is
that a longstanding procedure in Windows Update requires it to
self-update before it is able to recognize that new updates are
available.  This self-updating is done regardless of whether the user
has enabled automatic checking, download and/or installation of updates.
It does so in an effort to avoid WU misleading the user to think s/he is
up-to-date simply because s/he was not receiving notification that
updates are available.  Put another way, WU cannot alert the user that
there are security updates available if it is not in the necessary
updated state that will allow it to recognize those updates (see
"chicken and egg <http://en.wikipedia.org/wiki/Chicken_and_egg> "
dilemma).

However, we do recognize that we should have been clearer in our
explanation of this process earlier in the game; the MU team's blog post
is an effort to rectify that oversight.

In short, this is a poorly understood process, so I invite you to take a
look at the details in the MU blog post to learn more.

Questions on this behavior are best addressed directly to the team via
the MU blog <http://blogs.technet.com/mu/default.aspx> .

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.