tag:blogger.com,1999:blog-8742720.post2313154753484718308..comments2024-03-19T08:44:42.902-04:00Comments on Cubic: Windows Update updating without permission!Thomas Hruskahttp://www.blogger.com/profile/03374180853410256194noreply@blogger.comBlogger34125tag:blogger.com,1999:blog-8742720.post-9086914261298369722008-03-08T10:28:00.000-05:002008-03-08T10:28:00.000-05:00Marty List: Let's see. I'm an individual attempt...Marty List: Let's see. I'm an individual attempting to run a business. I have two options available to me:<BR/><BR/>1) I could constantly fiddle with license agreements and get nothing useful done.<BR/><BR/>2) I could develop new features for my software. Speaking of which, any specific features you are looking for?<BR/><BR/>So what if I wrote the legal agreement? It was written in a hurry (because someone like you complained about the previous agreement) and I probably threw that in as a legal catch-all in case I royally messed something up in the previous paragraphs. I can't afford a lawyer. And I'm not a lawyer. So...you should buy enough licenses of VerifyMyPC so that I can afford to rent one. (Hmm...RentALawyer.com - yup, there's a domain squatter).<BR/><BR/>Some people take things WAAAY too seriously. Time to take a chill pill.<BR/><BR/>Since I apparently can't "win" and I can't afford a lawyer and you're not likely to pay for one for me, I've decided to just have fun with my EULA. I've changed the EULA for the next release of VerifyMyPC to be a significantly more entertaining read. [goofy, lopsided grin with a couple twinkles in each eye]<BR/><BR/>You are assuming too much about me from one blog post. This blog is my rant zone. A place to let off steam. Everyone needs one of those, right? In general, I'm a pleasant, hilarious, and unusual person. Someone recently said to me, "You're always smiling." This blog helps keep it that way. Consider it a privilege that you even get to see my "darker side", but, even as I blog here, I try to have fun.Thomas Hruskahttps://www.blogger.com/profile/03374180853410256194noreply@blogger.comtag:blogger.com,1999:blog-8742720.post-85479249426989817612008-03-08T02:23:00.000-05:002008-03-08T02:23:00.000-05:00This rant sounds very hypocritical coming from som...This rant sounds very hypocritical coming from someone whose own software (VerifyMyPC) has this absurd section in the license agreement: "You agree that this agreement is subject to change without notice and you implicitly agree to those changes except where prohibited by law."Unknownhttps://www.blogger.com/profile/13319816631254087319noreply@blogger.comtag:blogger.com,1999:blog-8742720.post-46945381090416427182007-08-29T15:04:00.000-04:002007-08-29T15:04:00.000-04:00fate: Just to make you happy I ran Ad-Aware, Spyb...fate: Just to make you happy I ran Ad-Aware, Spybot S&D, Clam AV, and Resplendance Rootkit Revealer. All came back clean. VerifyMyPC is the only tool I know of that will catch system changes like this. I've never seen malware, that modifies system files, hide from a cryptographic hash comparison. VerifyMyPC is just one tool in my arsenal but I consider it my first line of defense.<BR/><BR/>jiri: [shrug] I'm not a lawyer but I'm also not interested in arguing the point. What I find interesting is that people are more interested in this blog entry than the connection of "issuing this secret Windows Update caused the Windows Genuine Advantage servers to go down" (see my other blog entry). It is like people don't want to admit that there is a connection. To me, THAT is interesting. It gives me insight into the type of software that sells.<BR/><BR/>What is also interesting is that, just yesterday, Microsoft released a couple regular Windows Updates. As if to say, "We're going to cover this up in case someone noticed the secret Windows Update and makes the connection to the WGA servers going down". Too late for that. I noticed. And made the connection.<BR/><BR/>But as far as anyone's concerned, this will probably be brushed under the rug. I mean, no one important really noticed. Microsoft will make it shine with a little PR magic and the problem will go away. Oh well. I'll keep blogging.Thomas Hruskahttps://www.blogger.com/profile/03374180853410256194noreply@blogger.comtag:blogger.com,1999:blog-8742720.post-49988984584618220582007-08-29T14:26:00.000-04:002007-08-29T14:26:00.000-04:00XweAp0nX: I'm not talking about "product specifica...XweAp0nX: I'm not talking about "product specification may change without notice"; that's a fairly common notice (on advertising, mind, not in licenses).<BR/><BR/>What I'm talking about is language like this: <I>Internet-Based Services Components. ... You acknowledge and agree that Microsoft may automatically check the version of the Software and/or its components that you are utilizing and may provide upgrades or fixes to the Software that will be automatically downloaded to your Workstation Computer.</I><BR/><BR/>Let's have an instant replay: <I>You acknowledge and agree</I> ... <I>will be automatically downloaded</I>.<BR/><BR/>If that isn't express permission, I don't know what is.<BR/><BR/><BR/>Thomas Hruska: <I>Just because I agreed to a EULA doesn't necessarily make it legally binding.</I><BR/><BR/>Well, maybe it's a contract of adhesion, or maybe it's presented post-sale and therefore void. Probably varies state by state; some have laws making EULAs weaker, some have laws making them stronger. Consult a lawyer.<BR/><BR/>In any case, the headline is inaccurate; it wasn't "without permission", at best it was "with dubious permission" :-)<BR/><BR/>For myself, I choose software that doesn't have such onerous terms to begin with, regardless of their enforceability or otherwise.Jiříhttps://www.blogger.com/profile/17532175396409093883noreply@blogger.comtag:blogger.com,1999:blog-8742720.post-47531014258765647832007-08-29T14:04:00.000-04:002007-08-29T14:04:00.000-04:00I haven't seen that, but it doesn't mean you don't...I haven't seen that, but it doesn't mean you don't have malware ect. you should still give yourself a scan just to be sure. Never know what can get installed without your knowing or even with VerifyMyPc its very easy to also inject something in such a way that a program like VerifyMyPc wont be able to detect if someone wanted to.Fatehttps://www.blogger.com/profile/14990232478937701035noreply@blogger.comtag:blogger.com,1999:blog-8742720.post-86445584371962548212007-08-28T11:24:00.000-04:002007-08-28T11:24:00.000-04:00fate: But do those malware programs copy the _ori...fate: But do those malware programs copy the _original_ files before installing their malware? Look at the original blog entry closely - the files in the last good configuration are the same as the files that used to be in the Windows\System32 directory. I can imagine malware installing itself to both locations but NOT backing up the original files.Thomas Hruskahttps://www.blogger.com/profile/03374180853410256194noreply@blogger.comtag:blogger.com,1999:blog-8742720.post-70722761410480363312007-08-28T10:53:00.000-04:002007-08-28T10:53:00.000-04:00While several have mentioned that turning off Auto...While several have mentioned that turning off Automatic Updates does not, in fact, actually stop them, no one has mentioned BITS. (Background Intelligent Transfer Service).<BR/><BR/>This is the means by which most MS patches are piped to the user.<BR/><BR/>If you want to stop it, in MSconfig, disable BITS on the Services tab.<BR/><BR/>Mind you, there are other ways for MS to slip you undesired updates. But BITS is the usual method, and activity is difficult to detect without active monitoring.<BR/><BR/>Someone suggested using the HOSTS file. Forget about it. It only affects the primary client ports. (Browser, FTP, Telnet, and a few others). Besides, BITS has direct WinSock access.<BR/><BR/>Mr FUBARMrFUBARhttps://www.blogger.com/profile/07676066844881822621noreply@blogger.comtag:blogger.com,1999:blog-8742720.post-36226100843124450502007-08-28T10:36:00.000-04:002007-08-28T10:36:00.000-04:00@Thomas: Hate to say this Thomas but their have be...@Thomas: Hate to say this Thomas but their have been malware programs that do copy to the last good configuration folder around for at least 2 years now. I find that they do this so that you can’t get rid of them easily. You should realize that when you update your windows updater you are agreeing to a separate license agreement from that of windows and this one is explicitly for the updater if I remember from my installs of XP.Fatehttps://www.blogger.com/profile/14990232478937701035noreply@blogger.comtag:blogger.com,1999:blog-8742720.post-27441280442222356132007-08-27T20:38:00.000-04:002007-08-27T20:38:00.000-04:00@Tim McCormack: I believe the IP for the Windows U...@Tim McCormack: I believe the IP for the Windows Update servers URL is hardcoded in the Windows kernel -- no matter your DNS setup, windowsupdate.microsoft.com will always resolve correctly, along with other Microsoft URLs.Alexhttps://www.blogger.com/profile/12243062320894184585noreply@blogger.comtag:blogger.com,1999:blog-8742720.post-13859820490715916162007-08-27T17:31:00.000-04:002007-08-27T17:31:00.000-04:00auer: Ubuntu isn't really quite ready for the ave...auer: Ubuntu isn't really quite ready for the average user to use it. It appeals a lot more to technical users/geeks like myself. If I recommend anything to a user as an alternate to Windows, it is OSX.Thomas Hruskahttps://www.blogger.com/profile/03374180853410256194noreply@blogger.comtag:blogger.com,1999:blog-8742720.post-81399118165346046812007-08-27T15:45:00.000-04:002007-08-27T15:45:00.000-04:00Well, the only way to be sure you own your compute...Well, the only way to be sure you own your computer and have control over the software is to use something that doesnt force Microsoft EULAs and policies upon you. Something that is free and peer-reviewed. Something that has its source code available for anyone, even you, to verify.<BR/><BR/>That something is called open source. Most people have heard of Linux operating systems. <BR/><BR/>Reclaim your computer from corporate interests and switch to free, open source systems.<BR/><BR/>A good one for beginners is Ubuntu, www.ubuntu.com, with plenty of community help available from ubuntuforums.org. I made the switch 3 years ago, now both my desktops and my laptop run exclusively Linux. No more madness from MS..Unknownhttps://www.blogger.com/profile/18004068903183530179noreply@blogger.comtag:blogger.com,1999:blog-8742720.post-11486956023878556232007-08-27T15:35:00.000-04:002007-08-27T15:35:00.000-04:00rantGeez, people, let's quibble over semantics, wh...rant<BR/><BR/>Geez, people, let's quibble over semantics, why don't we? After all, that's what the guy's post was about, right? Using proper english and semantics and punctuation and what the heck, who let the English teachers in here!!! If you want to worry about these type of things, go to taco bell and order a specially made whatever and see if they get it right - or, heck, go to McDonald's and order a double quarter with cheese, no onion or pickle, add lettuce and mayo and see what kind of bizzarro-world creation you get back! <BR/><BR/>Let the subject stick to the subject.<BR/><BR/>/rantMaster Zachhttps://www.blogger.com/profile/05214278717321529283noreply@blogger.comtag:blogger.com,1999:blog-8742720.post-28823815349888997612007-08-27T15:25:00.000-04:002007-08-27T15:25:00.000-04:00matt: I've updated the blog entry with pretty con...matt: I've updated the blog entry with pretty conclusive proof that Microsoft was the one who made the changes. I mean, what malware author is going to copy the original files to the "Last Good" configuration? And it would have to be a pretty slick job to modify all those files, look all official, and still have the system look and act like it still works. Malware authors are pretty good, but I have yet to see something that elaborate pulled off successfully (the most elaborate worm I've seen was, thankfully, botched in its programming).Thomas Hruskahttps://www.blogger.com/profile/03374180853410256194noreply@blogger.comtag:blogger.com,1999:blog-8742720.post-75334460669644443672007-08-27T12:51:00.000-04:002007-08-27T12:51:00.000-04:00Just to play devil's advocate here - can you be ce...Just to play devil's advocate here - can you be certain that it was Microsoft that did this? Can yourule out the possibility that (as the VerifyMyPC notification suggests) some sort of spyware, virus, etc. designed to target the windows update dll's has hit your system?Unknownhttps://www.blogger.com/profile/08097701288615208463noreply@blogger.comtag:blogger.com,1999:blog-8742720.post-16126743384361877822007-08-27T12:36:00.000-04:002007-08-27T12:36:00.000-04:00XweAp0nX: The difference here is that I didn't do...XweAp0nX: The difference here is that I didn't do anything. I had not even visited Microsoft's site in a while. In this case, this was a secret worldwide update pushed out to people, which also probably had the side-effect of taking out the Windows Genuine Advantage (WGA) servers.Thomas Hruskahttps://www.blogger.com/profile/03374180853410256194noreply@blogger.comtag:blogger.com,1999:blog-8742720.post-26738222916928749562007-08-27T12:13:00.000-04:002007-08-27T12:13:00.000-04:00In other words, Windows updated itself without my ...<I>In other words, Windows updated itself without my express permission.<BR/><BR/>Look, I hate Microsoft as much as the next guy, but this is just not true.<BR/><BR/>The EULA specifically says that they may do that, and you clicked "I agree" to that.</I><BR/><BR/>ANY Eula will say that. the EULA for a CAR will say that. Or a PIE that you buy at the supermarket.<BR/><BR/>The Eula says that Microsoft can CHANGE XP if they want... It does not say that they can change it without telling you about it.<BR/><BR/>Anway, the WUPS is the Windows Update Client Proxy Stub, and is downloaded after it tells you that it is going to download some files for Windows Update, right after the active X control is installed.<BR/><BR/>So, in a way, they are notifying you, they juyst aree not telling you the names of the files in the forced update.<BR/><BR/>When you click that rectangular "Download" button, you kind of are giving your express permission.XweAponXhttps://www.blogger.com/profile/08173403567232883470noreply@blogger.comtag:blogger.com,1999:blog-8742720.post-72498459311534246352007-08-26T17:01:00.000-04:002007-08-26T17:01:00.000-04:00russ: You are touching on an area I think about r...russ: You are touching on an area I think about regularly. Although, what I think about are what I call "disaster scenarios". A virus would merely be a nuisance. Scenarios such as "deploy a bot via Automatic Updates that scans a LAN for Visual SourceSafe, Subversion, and CVS repositories and sends the company's entire source code base out to a distributed network" would result in significant financial loss across the entire software industry (in the billions!).<BR/><BR/>However, Automatic Updates update executables are signed prior to distribution with Microsoft's internal private key (cryptographic key involved in signing and verifying that code came from someone and has not been tampered with). So whoever hacked the system would have to get their hands on the private key...and probably only a small number of internal people could do it. A disgruntled Microsoft employee with access to that private key and very careful programming would probably have to be involved. More than likely someone would get caught or botch up the code than such an effort actually succeeding.<BR/><BR/>I would be scary as a bad guy. That's just one scenario I've thought of. Hollywood should bring me on for consulting :)Thomas Hruskahttps://www.blogger.com/profile/03374180853410256194noreply@blogger.comtag:blogger.com,1999:blog-8742720.post-34348972493103152892007-08-26T15:04:00.000-04:002007-08-26T15:04:00.000-04:00The man is trying to pass on information. He is n...The man is trying to pass on information. He is not teaching English composition. As long as the idea gets across then he is doing a fine job.<BR/><BR/>As to the topic, I have always wondered why someone couldn't hijack the automatic update and do bad things to all Windows systems. It could be done and not show up as a virus.Unknownhttps://www.blogger.com/profile/15075710241600756730noreply@blogger.comtag:blogger.com,1999:blog-8742720.post-20747050786697846232007-08-26T14:22:00.000-04:002007-08-26T14:22:00.000-04:00Rich: I hadn't thought to check and make sure the...Rich: I hadn't thought to check and make sure the setting had not been altered, so I did that just now. It is (still) clearly set to "Notify me but don't automatically download or install them".<BR/><BR/>Tim McCormack: DNS poisoning (altering the HOSTS file) is a bit overkill...but, hey, if it floats yer boat...<BR/><BR/>einexile: Excellent point. On the plus side, I've been in the bowels of Windows and know how to analyze DLLs. A former version of VerifyMyPC (1.x series) was capable of determining what functions changed in DLLs. It was a tradeoff for a ton of other enhancements.<BR/><BR/><BR/>Everyone else: I don't usually look up words in the dictionary. I generally learn the meaning of words by observation of how other people use them in sentences. This is so that when I actually go to use the word, I get strange looks. And, even though it is a blog, I still try to be grammatically correct but don't always succeed and therefore only somewhat care about grammar (spelling, on the other hand, I'm always picky about). I use my blog as my "rant-platform"...gotta let off steam somehow, right?Thomas Hruskahttps://www.blogger.com/profile/03374180853410256194noreply@blogger.comtag:blogger.com,1999:blog-8742720.post-84733054239572517322007-08-26T13:36:00.000-04:002007-08-26T13:36:00.000-04:00'Express written permission' is entirely grammatic...'Express written permission' is entirely grammatical. 'Express' is an adjective meaning 'explicitly stated'. Plus, this is the idiomatic form of the expression.<BR/><BR/>And . . . what the EULA says is irrelevant if it is contradicted by the plain language of the Automatic Updates applet: "Notify me but don't automatically download or install them".rkillingshttps://www.blogger.com/profile/00449704927207443251noreply@blogger.comtag:blogger.com,1999:blog-8742720.post-8636972585015912922007-08-26T13:12:00.000-04:002007-08-26T13:12:00.000-04:00According to everyone I know, including old-skool ...According to everyone I know, including old-skool Webster's, "express" is a perfectly fine adjective, and even preferable to the more complex passive-verb-cum-adj. version:<BR/><BR/><I>...9. clearly indicated; distinctly stated; definite; explicit; plain: He defied my express command.<BR/>10. special; definite: We have an express purpose in being here.<BR/>...<BR/><BR/>13. duly or exactly formed or represented: an express image.</I>chanhttps://www.blogger.com/profile/06956545872378847062noreply@blogger.comtag:blogger.com,1999:blog-8742720.post-16593529674780005822007-08-26T12:25:00.000-04:002007-08-26T12:25:00.000-04:00I also have my computer set to require my permissi...I also have my computer set to require my permission to load updates. A few weeks ago I was offered a list of about 8 or 9 updates and I looked through them as I usually do. One was vague in it's wording, saying it's purpose was to "enhance the user experience" and to "verify and validate" programs. I left this one off thinking I would see if I heard more about it first. The next day it installed itself without bothering to ask permission. I checked my settings and found they had been re-set to allow automatic updates.Unknownhttps://www.blogger.com/profile/13064460984451591344noreply@blogger.comtag:blogger.com,1999:blog-8742720.post-37587400365298169032007-08-26T11:34:00.000-04:002007-08-26T11:34:00.000-04:00Wow, and I thought I was clever for turning off au...Wow, and I thought I was clever for turning off automatic downloading and updating. Maybe I should use the HOSTS file to remap the Microsoft update server to an unreachable IP.<BR/><BR/>And sorry, mike, it is "express". :-)Tim McCormackhttps://www.blogger.com/profile/00876284453669909044noreply@blogger.comtag:blogger.com,1999:blog-8742720.post-28222059671449585072007-08-26T10:36:00.000-04:002007-08-26T10:36:00.000-04:00mike: "express permission" is correct grammar. Loo...mike: "express permission" is correct grammar. Look it up.Unknownhttps://www.blogger.com/profile/00130985745018566358noreply@blogger.comtag:blogger.com,1999:blog-8742720.post-79349029166210744212007-08-26T09:56:00.000-04:002007-08-26T09:56:00.000-04:00No, Mike's wrong, it IS 'express'. In this context...No, Mike's wrong, it IS 'express'. In this context it means the same as 'explicit' and has nothing to do with an utterance. Look it up, Mikey.Mikehttps://www.blogger.com/profile/16983072757328579692noreply@blogger.com