Microsoft changes Windows files on user PCs without permission, researchers say
Silent mods to XP, Vista occur even with auto updates off, claims 'Windows Secrets'
Computerworld - Microsoft Corp. has started updating files on computers running Windows XP and Vista, even when users have explicitly disabled the operating systems' automatic update feature, researchers said today.
Scott Dunn, an editor at the "Windows Secrets" newsletter, said that nine files in XP and Vista -- but not the same files in each operating system -- have been changed by Windows Update, the Microsoft update mechanism, without displaying the usual notification or permission dialog box. The files, said Dunn, are related to the XP and Vista versions of Windows Update (WU) itself.
"We started hearing from readers that Windows was modifying files in the middle of the night, even when Windows Update was turned off," Dunn said today. Some machines' event logs pinpointed Aug. 24 as the date when the invisible updates began, but on one of Dunn's personal machines, the log showed the changes taking place this week.
Dunn identified the changed files on Vista as wuapi.dll, wuapp.exe, wuauclt.exe, wuaueng.dll, wucltux.dll, wudriver.dll, wups.dll, wups2.dll and wuwebv.dll.
And on XP SP2, he said, the changed files were cdm.dll, wuapi.dll, wuauclt.exe, wuaucpl.cpl, wuaueng.dll, wucltui.dll, wups.dll, wups2.dll, and wuweb.dll.
In the past, Dunn noted, any changes to WU have been presented to the user for approval. "They at least warned you in advance," he said.
Not so this time, said Brian Livingston, the founder and editorial director of the newsletter. "We don't completely understand the [WU] technology, but apparently this doesn't go through the Auto Update settings. A lot of companies are very sensitive about changes made to their PCs, and although there's absolutely no sign of any malicious intent on the part of Microsoft, if it starts doing this, people should have a lot of concerns."
Microsoft gives users some flexibility in how their XP- and Vista-powered PCs retrieve and install updates and patches from the company's servers. In Vista, for example, users can turn off automatic updates entirely; check for, but neither download or install, any fixes; or download files but not install them.
Although Microsoft did not immediately respond to a request for comment, Dunn provided Computerworld with a copy of an e-mail he said "Windows Secrets" had received from Microsoft's online partner support. In the message, Microsoft only hinted at a reason for the changes: "7.0.6000.381 is a consumer-only release that addresses some issues after .374 was released. It will not be available via WSUS [Windows Server Update Services]."
"What's waking up at 2 a.m. and downloading files?" asked Livingston.
"Windows Secrets" plans to offer more details tomorrow on its Web site and to subscribers via its normal e-mail channel.
Related Articles and Opinion


- Excel 2010 Cheat Sheet
- Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.
- Practice Management: Double Billing Rate and Improve Patient Services
- Would you like to double your billing rate and achieve faster payment for services?
Download this customer success story to see how One Health... - Mission Critical Data Explosion and Customer Case Study
- Would you like to double your tier 1 storage capacity while simultaneously reducing your storage footprint?
Download this customer success story to see how... - Protecting Against Database Attacks and Insider Threats: Top 5 Scenarios
- Read this new eBook to learn the top five scenarios and essential best practices for preventing database attacks and insider threats.
- Database Activity Monitoring Is Evolving
- Read the analyst report and learn how you can leverage the core capabilities of a DAP solution for better database security.
- Establishing a Strategy for Database Security is No Longer Optional
- The options for securing increasingly valuable databases are very broad and deep, and can be confusing. This research provides an overview of three... All Windows White Papers
- Distributed Database Security with Real-time Monitoring
- View this demo and learn how IBM InfoSphere Guardium database activity monitoring can help protect your sensitive data in distributed DBMS environments with...
- InfoSphere Warehouse Packs Demo
- These flash modules make warehousing more tangible and relevant to business users through detailed explanations of the InfoSphere Warehouse Packs.
- Delivery Management -- Extending Lifecycle Management
- Date: Wednesday, June 20, 2012, 1:00 PM EDT
Siloed organizations continue doing the wrong things and doing things wrong, leading to increased costs,... - Leverage automation today to reduce IT complexity
- Date: Tuesday, June 5, 2012, 2:00 PM EDT
Whether your B2B complexity is caused by multiple technologies due to M&A, business or application specific... - Redefine Expectations in the Data Center
- Need to do more with less? Watch this video to learn how HP ProLiant Gen8 servers can help your business deploy servers three... All Windows Webcasts