Microsoft changes Windows files on user PCs without permission, researchers say

Computerworld - Microsoft Corp. has started updating files on computers running Windows XP and Vista, even when users have explicitly disabled the operating systems' automatic update feature, researchers said today.

Scott Dunn, an editor at the "Windows Secrets" newsletter, said that nine files in XP and Vista -- but not the same files in each operating system -- have been changed by Windows Update, the Microsoft update mechanism, without displaying the usual notification or permission dialog box. The files, said Dunn, are related to the XP and Vista versions of Windows Update (WU) itself.

"We started hearing from readers that Windows was modifying files in the middle of the night, even when Windows Update was turned off," Dunn said today. Some machines' event logs pinpointed Aug. 24 as the date when the invisible updates began, but on one of Dunn's personal machines, the log showed the changes taking place this week.

Dunn identified the changed files on Vista as wuapi.dll, wuapp.exe, wuauclt.exe, wuaueng.dll, wucltux.dll, wudriver.dll, wups.dll, wups2.dll and wuwebv.dll.

And on XP SP2, he said, the changed files were cdm.dll, wuapi.dll, wuauclt.exe, wuaucpl.cpl, wuaueng.dll, wucltui.dll, wups.dll, wups2.dll, and wuweb.dll.

In the past, Dunn noted, any changes to WU have been presented to the user for approval. "They at least warned you in advance," he said.

Not so this time, said Brian Livingston, the founder and editorial director of the newsletter. "We don't completely understand the [WU] technology, but apparently this doesn't go through the Auto Update settings. A lot of companies are very sensitive about changes made to their PCs, and although there's absolutely no sign of any malicious intent on the part of Microsoft, if it starts doing this, people should have a lot of concerns."

Microsoft gives users some flexibility in how their XP- and Vista-powered PCs retrieve and install updates and patches from the company's servers. In Vista, for example, users can turn off automatic updates entirely; check for, but neither download or install, any fixes; or download files but not install them.

Although Microsoft did not immediately respond to a request for comment, Dunn provided Computerworld with a copy of an e-mail he said "Windows Secrets" had received from Microsoft's online partner support. In the message, Microsoft only hinted at a reason for the changes: "7.0.6000.381 is a consumer-only release that addresses some issues after .374 was released. It will not be available via WSUS [Windows Server Update Services]."

"What's waking up at 2 a.m. and downloading files?" asked Livingston.

"Windows Secrets" plans to offer more details tomorrow on its Web site and to subscribers via its normal e-mail channel.

Related Articles and Opinion