funsec mailing list archives
RE: Via Slashdot: Microsoft updates Windows without users'consent
From: "Larry Seltzer" <Larry () larryseltzer com>
Date: Thu, 13 Sep 2007 14:56:54 -0400
From Microsoft:
http://windowsvistablog.com/blogs/windowsvista/archive/2007/09/13/an-exp lanation-of-windows-update-automatic-updates.aspx The Microsoft Update team has posted a statement <http://blogs.technet.com/mu/> addressing the current community discussion on Windows Update's self-updating behavior. The upshot is that a longstanding procedure in Windows Update requires it to self-update before it is able to recognize that new updates are available. This self-updating is done regardless of whether the user has enabled automatic checking, download and/or installation of updates. It does so in an effort to avoid WU misleading the user to think s/he is up-to-date simply because s/he was not receiving notification that updates are available. Put another way, WU cannot alert the user that there are security updates available if it is not in the necessary updated state that will allow it to recognize those updates (see "chicken and egg <http://en.wikipedia.org/wiki/Chicken_and_egg> " dilemma). However, we do recognize that we should have been clearer in our explanation of this process earlier in the game; the MU team's blog post is an effort to rectify that oversight. In short, this is a poorly understood process, so I invite you to take a look at the details in the MU blog post to learn more. Questions on this behavior are best addressed directly to the team via the MU blog <http://blogs.technet.com/mu/default.aspx> .
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Via Slashdot: Microsoft updates Windows without users' consent rms (Sep 13)
- RE: Via Slashdot: Microsoft updates Windows without users'consent Larry Seltzer (Sep 13)