Microsoft updates Windows without users' consent

[Charlie Tame]

JackLondon wrote:
> Charlie Tame453678 Wrote:
>> JackLondon wrote:
>>
>>
>> You may be confussed but the key here is deceptive wording, turn auto
>> updates off = turn them off, not partly turn them off or anything
>> similar. The implication for a serious IT professional (Which
>> apparently
>> you are not) is to maintain stability and a known and trustworthy
>> environment.
>>
>>
>>
>>
>> And you say it yourself here without realizing. "As long as it will
>> resolve problems" and that also is key, what if it doesn't? What if it
>> breaks some vital process.
>>
>> An IT pro will often need to prevent ALL communication with the outside
>> world except that which is specifically desired, what if he blocks
>> these
>> updates accidentally simply because he doesn't know about them? You are
>> about to say "That's harmless", so if it's harmless to miss them what's
>> the pressing need to sneak them in the back door?
>
>
> Firstly I did not turned off the Auto Updates, I know some people do
> and some don't and it's everyone choice. The main point is that my Vista
> is not working properly either way I try to run it. I am not an IT
> professional and I came here for advise. Fully respecting your point of
> view I do actually read the Terms&Conditions of usage and don't have any
> problems with Microsoft running some patching of files as I would
> imagine that it has to and is so stuck up their own brand that nobody in
> Microsoft can actually stand up and say ''We screwed up'' because then
> everyone would realise that they are not so good OS. I have been running
> XPSP2 for about 3 years without even one crash and you know what happend
> ???I bought a laptop with pre-loaded Vista that wen Blue Screenish on me
> on the first boot and then 24 times in next 14 day. I'd rather have
> those updates if they correct even the smallest bit of application then
> have an electronic piece for $1100 that crashes around 2 times a day
>
>


Well those updates are not likely to fix anything like the problems you
are having and yes, XP has run for years here 24/7 with no problems.

Where did you get the laptop from? The vendor should help you with this
one because it sounds as if there may be a serious hardware fault if it
BSOD's to that extent. At the very least if it's crashed as badly as
that you would want to reinstall Vista. Vista does have some serious
flaws (IMHO) but it should run solidly enough if everything else is working.

If you can give some details of the machine maybe someone can help a bit
- it is just possible that your problems are related to software like
drivers, but honestly the machine sounds "Unusable" and therefore the
vendor should step up and help.

Trying to sort this out with help from here could take a long time, and
if the Vista install has been damaged it ain't going to be right when
we're done.

 

[FIsc]

On 16 sep, 20:43, "Jupiter Jones [MVP]" <jones_jupi...@hotnomail.com>
wrote:
> It is not what I would expect but that is not the same as what is legal.
> Do not confuse what we want or expect with what is legal because quite often
> they are not the same.
>
> --
> Jupiter Jones [MVP]
> Windows Server System - Microsoft Update Serviceshttp://www3.telus.net/dandemar
>

Microsoft indicates themselves a user can refuse to have automatic
updates installed.

When a computer is accessed without the proper consent of the user
isn't this what hackers do and isn't this considered to be illegal?

 

[Jupiter Jones [MVP]]

You have been notified in the license.

"...isn't this considered to be illegal?"
If you want an actual legal opinion, as has been stated many times before,
you need to consult a lawyer specializing in licensing law.

--
Jupiter Jones [MVP]
Windows Server System - Microsoft Update Services
http://www3.telus.net/dandemar


"FIsc" <Linda.De.Coster@gmail.com> wrote in message
news:1189973002.415659.36580@w3g2000hsg.googlegroups.com...
> When a computer is accessed without the proper consent of the user
> isn't this what hackers do and isn't this considered to be illegal?

 

[Adam Albright]

On Sun, 16 Sep 2007 12:42:21 -0700, "Jupiter Jones [MVP]"
<jones_jupiter@hotnomail.com> wrote:

>Ford can't.
>There is NOTHING in any agreement that even vaguely gives Ford that right
>assuming I and not Ford own the vehicle.
>If Ford did, I would seek a competent attorney.

Yet your being some unabashed fanboy and Microsoft apologist you
willing give them rights to your first born or whatever else they
want. If you only had the intelligence to understand how stupid that
is, but we both know you don't.

 

[Charlie Tame]

Jupiter Jones [MVP] wrote:
> Ford can't.
> There is NOTHING in any agreement that even vaguely gives Ford that
> right assuming I and not Ford own the vehicle.
> If Ford did, I would seek a competent attorney.
>
> You already know that but see it convenient to ignore that fact in a
> vain attempt with this irrelevant comparison.
>

Wasn't exactly in vain, you answered it, and you are correct of course,
however one could argue, as you are doing for Microsoft, that Ford took
that measure "For your own good" since an accident might have occurred
had they not done so, and should Ford decide to build that clause into
future sales we therefore conclude that you'd have no problem with it.

Remember MS add bits to their EULAs all the time so if Ford did that and
included "The buyer agrees that in the event of an alternator failure
the entire vehicle becomes subject to this agreement" for their
replacement alternators some 5 years after you bought the car you would
consider the original sale "Deception".

The real problem is that Microsoft, in the settings dialogue do not say
"You can pretend to turn this off but not really", they clearly imply
that updates can be turned off which they cannot.

Any security minded professional would consider unannounced "Back doors"
into an OS to be a concern, simply because they are there, so frankly
your insistence that this is NOT an important issue and that it is the
users' fault for not reading deceptive language in such a frame of mind
as to "Expect" Microsoft to be dishonest goes against your own claim,
that we should believe Microsoft IS honest.

Are you saying then that in future we should "Expect" Microsoft to
mislead users with legal agreements, it sure seems like you are, and
that being the case the aforementioned professional with security in
mind has only one choice...

 

[Slobber Mouth *Albright*]

Adam Albright wrote:
> On Sun, 16 Sep 2007 09:59:07 -0700, FIsc <Linda.De.Coster@gmail.com>
> wrote:
>
>> On 13 sep, 18:05, Bruce Chambers <bchamb...@cable0ne.n3t> wrote:
>>> Silicon neuron wrote:
>>>
>>>> Microsoft has begun patching files on Windows XP and Vista without users'
>>>> knowledge, even when the users have turned off auto-updates.
>>> Actually, this is *not* being done _without_ user consent. Just the
>>> opposite. Every user of each operating systems has been given advance
>>> notice that such things could happen, and has consented to it.
>>>
>>> Read the Vista EULA. Section 7 makes it clear that this could happen:
>>>
>>> ========================================================================
>>>
>>> You may switch off these features or not use them.
>> And what about this part? If it was done without user consent even
>> when automatic updates were not accepted, isn't this in breach with
>> their own rules?
>
>
> Microsoft is infamous for proclaiming "rules" only to break the rules
> themselves. Classic example and what's getting a lot of noise now is
> UAC and standard user. For YEARS Windows and every Microsoft product
> was by DESIGN written to run as administrator. Until Vista, Windows
> installed itself with one user, will full administrative rights unless
> you changed it. Now the boys of Redmond bellow loudly that's not a
> good idea, yet it was Microsoft that not only started the practice but
> encouraged it. The biggest hypocrites of all are found at Microsoft!
>

<You should be worrying about Identity Theft (some real damage) running
around out here on the Internet, instead of the BS.>

 

[Charlie Tame]

FIsc wrote:
> On 16 sep, 20:43, "Jupiter Jones [MVP]" <jones_jupi...@hotnomail.com>
> wrote:
>> It is not what I would expect but that is not the same as what is legal.
>> Do not confuse what we want or expect with what is legal because quite often
>> they are not the same.
>>
>> --
>> Jupiter Jones [MVP]
>> Windows Server System - Microsoft Update Serviceshttp://www3.telus.net/dandemar
>>
>
> Microsoft indicates themselves a user can refuse to have automatic
> updates installed.
>
> When a computer is accessed without the proper consent of the user
> isn't this what hackers do and isn't this considered to be illegal?
>
>


It's deception, plain and simple, no matter how much Jones cares to
pontificate about it.

The fact is that nobody has yet proven that this behavior is necessary.
Past behavior has been that Windows / Microsoft update will tell you
that your updating mechanism is out of date when you first check, no
reason has yet been given why that is no longer viable.

 

[Jupiter Jones [MVP]]

"...should Ford decide to build that clause..."
Totally irrelevant again as is much of your point.
Vehicles can have some commonalities and this is not on.

"...if Ford did that..."
then we would need to comply to the point of the law.
But for now irrelevant.

"NOT an important issue and that it is the users' fault"
I never said that, ANOTHER assumption on your part.

"...updates can be turned off which they cannot."
But they can and you know it.
Your conveniently ignoring that fact does nothing for your point.
Turn off the service and it is done with the usual note it will need to be
enabled before Windows Update can function.

"Are you saying then that in future..."
Not at all.
You should stop such assumptions.
You have shown yourself to be wrong in the past when making assumptions
about me.

--
Jupiter Jones [MVP]
Windows Server System - Microsoft Update Services
http://www3.telus.net/dandemar


"Charlie Tame" <charlie@tames.net> wrote in message
news:OBgdYJK%23HHA.2004@TK2MSFTNGP06.phx.gbl...
> Wasn't exactly in vain, you answered it, and you are correct of course,
> however one could argue, as you are doing for Microsoft, that Ford took
> that measure "For your own good" since an accident might have occurred had
> they not done so, and should Ford decide to build that clause into future
> sales we therefore conclude that you'd have no problem with it.
>
> Remember MS add bits to their EULAs all the time so if Ford did that and
> included "The buyer agrees that in the event of an alternator failure the
> entire vehicle becomes subject to this agreement" for their replacement
> alternators some 5 years after you bought the car you would consider the
> original sale "Deception".
>
> The real problem is that Microsoft, in the settings dialogue do not say
> "You can pretend to turn this off but not really", they clearly imply that
> updates can be turned off which they cannot.
>
> Any security minded professional would consider unannounced "Back doors"
> into an OS to be a concern, simply because they are there, so frankly your
> insistence that this is NOT an important issue and that it is the users'
> fault for not reading deceptive language in such a frame of mind as to
> "Expect" Microsoft to be dishonest goes against your own claim, that we
> should believe Microsoft IS honest.
>
> Are you saying then that in future we should "Expect" Microsoft to mislead
> users with legal agreements, it sure seems like you are, and that being
> the case the aforementioned professional with security in mind has only
> one choice...

 

[Adam Albright]

On Sun, 16 Sep 2007 15:44:17 -0500, Charlie Tame <charlie@tames.net>
wrote:

>Jupiter Jones [MVP] wrote:
>> Ford can't.
>> There is NOTHING in any agreement that even vaguely gives Ford that
>> right assuming I and not Ford own the vehicle.
>> If Ford did, I would seek a competent attorney.
>>
>> You already know that but see it convenient to ignore that fact in a
>> vain attempt with this irrelevant comparison.
>>
>
>Wasn't exactly in vain, you answered it, and you are correct of course,
>however one could argue, as you are doing for Microsoft, that Ford took
>that measure "For your own good" since an accident might have occurred
>had they not done so, and should Ford decide to build that clause into
>future sales we therefore conclude that you'd have no problem with it.
>
>Remember MS add bits to their EULAs all the time so if Ford did that and
>included "The buyer agrees that in the event of an alternator failure
>the entire vehicle becomes subject to this agreement" for their
>replacement alternators some 5 years after you bought the car you would
>consider the original sale "Deception".

It seems the fanboy crowd is hung up on the principle involved. They
foolishly think Microsoft can do whatever it wants, much like George
Bush just ignores Congress or fires generals that don't do what he
wants. Relationships are built on TRUST. Two times now in recent
memory Microsoft has betrayed that trust. A couple weeks ago in
sheepishly admitted they 'my mistake, oh it was just human error'
marked perfectly legal copies of Vista as counterfeit and now
admitting they may on the sneak update your computer even when they've
told you that you have the option to turn off automatic updates. If or
not it is a good idea is totally irrelevant. It's the sneakiness of
what Microsoft always seems to get caught doing that pisses off
customers. Except of course for the moronic fanboy crowd that seems
too stupid to known or understand the consequences. The EULA is not a
one sided agreement. All contracts have rights for both parties.
Microsoft keeps pissing on customer rights. THAT is what should and
does piss off smarter customers. Dummies will of course remain dummies
because they are dummies.

 

[Adam Albright]

On Sun, 16 Sep 2007 14:13:20 -0700, "Jupiter Jones [MVP]"
<jones_jupiter@hotnomail.com> wrote:


>You should stop such assumptions.

You should put in a voucher for being a Microsoft apologist. You know
lobbyists working on behave of some other government need to register
as foreign agents. MVPs with their heads stuck up their ass should be
forced to register as Microsoft agents.

>You have shown yourself to be wrong in the past when making assumptions
>about me.

You are judged by what you post. Damn man, I've rarely see anybody get
off on pontificating and trying to hold court more then you obviously
do.

 

[Laughingstar~*]

A great deal changed when Bush signed the recent security amendment Bill for
the NSA--at his request. Nothing is confidential any more. Use hushmail.com
if you want but you're still on an open system--we can still dream, though.

"Adam Albright" <AA@ABC.net> wrote in message
news:jp8re3lhtkbbibmd3nneklttbupsf0889v@4ax.com...
> On Sun, 16 Sep 2007 15:44:17 -0500, Charlie Tame <charlie@tames.net>
> wrote:
>
>>Jupiter Jones [MVP] wrote:
>>> Ford can't.
>>> There is NOTHING in any agreement that even vaguely gives Ford that
>>> right assuming I and not Ford own the vehicle.
>>> If Ford did, I would seek a competent attorney.
>>>
>>> You already know that but see it convenient to ignore that fact in a
>>> vain attempt with this irrelevant comparison.
>>>
>>
>>Wasn't exactly in vain, you answered it, and you are correct of course,
>>however one could argue, as you are doing for Microsoft, that Ford took
>>that measure "For your own good" since an accident might have occurred
>>had they not done so, and should Ford decide to build that clause into
>>future sales we therefore conclude that you'd have no problem with it.
>>
>>Remember MS add bits to their EULAs all the time so if Ford did that and
>>included "The buyer agrees that in the event of an alternator failure
>>the entire vehicle becomes subject to this agreement" for their
>>replacement alternators some 5 years after you bought the car you would
>>consider the original sale "Deception".
>
> It seems the fanboy crowd is hung up on the principle involved. They
> foolishly think Microsoft can do whatever it wants, much like George
> Bush just ignores Congress or fires generals that don't do what he
> wants. Relationships are built on TRUST. Two times now in recent
> memory Microsoft has betrayed that trust. A couple weeks ago in
> sheepishly admitted they 'my mistake, oh it was just human error'
> marked perfectly legal copies of Vista as counterfeit and now
> admitting they may on the sneak update your computer even when they've
> told you that you have the option to turn off automatic updates. If or
> not it is a good idea is totally irrelevant. It's the sneakiness of
> what Microsoft always seems to get caught doing that pisses off
> customers. Except of course for the moronic fanboy crowd that seems
> too stupid to known or understand the consequences. The EULA is not a
> one sided agreement. All contracts have rights for both parties.
> Microsoft keeps pissing on customer rights. THAT is what should and
> does piss off smarter customers. Dummies will of course remain dummies
> because they are dummies.
>

 

[Charlie Tame]

Jupiter Jones [MVP] wrote:
> "...should Ford decide to build that clause..."
> Totally irrelevant again as is much of your point.
> Vehicles can have some commonalities and this is not on.



Quite the contrary, Microsoft do write EULA additions that impact the
entire installation, which is fundamentally doubtful since any other
deal you "Sign" is done once signed unless BOTH parties decide on a new
one. However the EULA is far less of an issue than the clearly intended
deception in the dialog...




> "...if Ford did that..."
> then we would need to comply to the point of the law.
> But for now irrelevant.
>
> "NOT an important issue and that it is the users' fault"
> I never said that, ANOTHER assumption on your part.



Certainly sounds like you don't consider it important.





> "...updates can be turned off which they cannot."
> But they can and you know it.
> Your conveniently ignoring that fact does nothing for your point.
> Turn off the service and it is done with the usual note it will need to
> be enabled before Windows Update can function.



That is not what it says on the dialog and YOU KNOW IT. That's the whole
point and is what makes the deception clearly intentional. No amount of
sidestepping is going to change that.




> "Are you saying then that in future..."
> Not at all.
> You should stop such assumptions.
> You have shown yourself to be wrong in the past when making assumptions
> about me.
>

Not really, I assumed you to be a pompous self righteous ass and haven't
yet seen any indication that I got it wrong


People buy an OS for various reasons, Windows has tried to be all
singing all dancing, suitable for entertainment use and for important
business. Microsoft has long led the field in preaching "Trustworthy
Computing", despite the fact that for many years they concentrated on
the usability side rather than on the security side. This is proven time
and again by holes such as those left in IE and OE for years. Then,
suddenly, security became a selling point. A lot of more recent business
has been based around this "Security" model and I have found MS servers
to be as secure as anyone else's, with the condition that they are
patched, W2000 was, one hoped, the end of dubious default settings
leaving only actual flaws to deal with, however the philosophy of
"Integrating" a browser with the OS itself still had some of us doubting.

Of what remained, well, there was and still is ActiveX. This should have
been kept quite separate from the auto update functionality. Sure the
same kind of technology might be used, but frankly being able to "Scan"
my system for updates is, in effect, a vulnerability scan. I trust MS to
fix what they find, not abuse it, otherwise I would not entertain having
their OS in use at all. However if ActiveX can raise privileges to the
extent that it can alter vital OS components there is potential for a
problem. This is of course mitigated by the fact that the user has to
answer the question whether to go ahead or not but to make that judgment
one has to "Trust" Microsoft in the same way one "Trusts" their doctor,
to "Do no harm".

The problem with the lack of separation is that the update method only
raises the same kinds of ActiveX warnings that other things raise, with
the expectation that an ordinary user or a skilled user in a hurry will
correctly interpret what he sees. Why not clarify this by saying
"Microsoft Update needs your permission to..."

That way it's clear what is going on to the less skilled and easy to
read for the hurried. This is the same problem that continues with UAC
and why most, given the chance, will turn it off.

That is not to say other OS are considerably better, only that Windows
"Could" be better in this regard than any. We should be aiming to make
Windows better shouldn't we? Not explaining to people why it isn't but
that's what you get and would know that if you read the manual.

So people have expectations and they expect MS to not pull the kind of
sneaky trick some hacker might pull. True enough in this case no harm
seems to have been done, but were I the kind with ill intent I'd be
disassembling BITS to see how it got that privilege elevation and how it
used it stealthily. UAC for all the crap boasting about it did
absolutely NOTHING to improve security in this case, and there will be
others.

 

[Jupiter Jones [MVP]]

"Certainly sounds like you don't consider it important."
Your selective reading has led you to false assumptions before.

"Quite the contrary"
Not at all, your comparison with Ford was irrelevant.

--
Jupiter Jones [MVP]
Windows Server System - Microsoft Update Services
http://www3.telus.net/dandemar


"Charlie Tame" <charlie@tames.net> wrote in message
news:uuBQsEL%23HHA.1212@TK2MSFTNGP05.phx.gbl...

> Quite the contrary, Microsoft do write EULA additions that impact the
> entire installation, which is fundamentally doubtful since any other deal
> you "Sign" is done once signed unless BOTH parties decide on a new one.
> However the EULA is far less of an issue than the clearly intended
> deception in the dialog...
>
>
>
>
>> "...if Ford did that..."
>> then we would need to comply to the point of the law.
>> But for now irrelevant.
>>
>> "NOT an important issue and that it is the users' fault"
>> I never said that, ANOTHER assumption on your part.
>
>
>
> Certainly sounds like you don't consider it important.
>
>
>
>
>
>> "...updates can be turned off which they cannot."
>> But they can and you know it.
>> Your conveniently ignoring that fact does nothing for your point.
>> Turn off the service and it is done with the usual note it will need to
>> be enabled before Windows Update can function.
>
>
>
> That is not what it says on the dialog and YOU KNOW IT. That's the whole
> point and is what makes the deception clearly intentional. No amount of
> sidestepping is going to change that.
>
>
>
>
>> "Are you saying then that in future..."
>> Not at all.
>> You should stop such assumptions.
>> You have shown yourself to be wrong in the past when making assumptions
>> about me.
>>
>
> Not really, I assumed you to be a pompous self righteous ass and haven't
> yet seen any indication that I got it wrong
>
>
> People buy an OS for various reasons, Windows has tried to be all singing
> all dancing, suitable for entertainment use and for important business.
> Microsoft has long led the field in preaching "Trustworthy Computing",
> despite the fact that for many years they concentrated on the usability
> side rather than on the security side. This is proven time and again by
> holes such as those left in IE and OE for years. Then, suddenly, security
> became a selling point. A lot of more recent business has been based
> around this "Security" model and I have found MS servers to be as secure
> as anyone else's, with the condition that they are patched, W2000 was, one
> hoped, the end of dubious default settings leaving only actual flaws to
> deal with, however the philosophy of "Integrating" a browser with the OS
> itself still had some of us doubting.
>
> Of what remained, well, there was and still is ActiveX. This should have
> been kept quite separate from the auto update functionality. Sure the same
> kind of technology might be used, but frankly being able to "Scan" my
> system for updates is, in effect, a vulnerability scan. I trust MS to fix
> what they find, not abuse it, otherwise I would not entertain having their
> OS in use at all. However if ActiveX can raise privileges to the extent
> that it can alter vital OS components there is potential for a problem.
> This is of course mitigated by the fact that the user has to answer the
> question whether to go ahead or not but to make that judgment one has to
> "Trust" Microsoft in the same way one "Trusts" their doctor, to "Do no
> harm".
>
> The problem with the lack of separation is that the update method only
> raises the same kinds of ActiveX warnings that other things raise, with
> the expectation that an ordinary user or a skilled user in a hurry will
> correctly interpret what he sees. Why not clarify this by saying
> "Microsoft Update needs your permission to..."
>
> That way it's clear what is going on to the less skilled and easy to read
> for the hurried. This is the same problem that continues with UAC and why
> most, given the chance, will turn it off.
>
> That is not to say other OS are considerably better, only that Windows
> "Could" be better in this regard than any. We should be aiming to make
> Windows better shouldn't we? Not explaining to people why it isn't but
> that's what you get and would know that if you read the manual.
>
> So people have expectations and they expect MS to not pull the kind of
> sneaky trick some hacker might pull. True enough in this case no harm
> seems to have been done, but were I the kind with ill intent I'd be
> disassembling BITS to see how it got that privilege elevation and how it
> used it stealthily. UAC for all the crap boasting about it did absolutely
> NOTHING to improve security in this case, and there will be others.

 

[NT Canuck]

Charlie Tame wrote:

>>> You may switch off these features or not use them.
>>
>> And what about this part? If it was done without user consent even
>> when automatic updates were not accepted, isn't this in breach with
>> their own rules?

Hell with the rules Charlie, both windows update and
the client side service are obviously obsolete and
insecure, apparently since at least 2001 (WinXP release).

Just how hard would it be for a tech' wizard pirate
or unfriendly .mil to slither a custom update while
client is downloading mainstream updates?
How about a maninmiddle loop where downloaded updates
were decompressed then modified and recompressed then
sent back on their merry way? I dunno', now I wonder.
Cloning/faking routers or servers is trivial these days.

Don't get sidetracked with politics or legal BS,
we need a better and transparent system yesterday.
As long as we demand an easy to 'use and apply'
system for updates and security we will have an easy
to manipulate or abuse system...MS did us a favor.

NT Canuck
'Seek and ye shall find'

 

[Jupiter Jones [MVP]]

"despite old Jonesy using it in an attempt"
These little snips by you are becoming more common.
Your need to do so while selectively reading are more of a reflection on
you.

--
Jupiter Jones [MVP]
Windows Server System - Microsoft Update Services
http://www3.telus.net/dandemar


"Charlie Tame" <charlie@tames.net> wrote in message
news:OmKe92I%23HHA.5404@TK2MSFTNGP02.phx.gbl...
> Well done, everybody else seems to have missed that despite old Jonesy
> using it in an attempt to bolster his case.
>
> That phrase does not say what specifically you can turn off BUT it sure
> does imply that you can turn all of it off.
>
> Now, on many occasions I have seen the "Windows is checking if you have
> the latest version of the updating software" or whatever and I wait and it
> says I need to install some ActiveX to proceed with the process. I see
> nothing wrong with this and see no reason why, suddenly, MS decided to not
> ask that question and do it anyway. When I say check for updates it's
> obviously going to check that the updater on my machine is the current
> version, why go sneaking about the back door UNLESS you have something to
> hide?
>
> You can't always leave auto install on, if a restart is needed and shuts
> down an industrial process control you're in trouble, bt most people could
> and probably should, however sneaking about in the background is NOT going
> to encourage that

 

[Charlie Tame]

NT Canuck wrote:
> Charlie Tame wrote:
>
>>>> You may switch off these features or not use them.
>>>
>>> And what about this part? If it was done without user consent even
>>> when automatic updates were not accepted, isn't this in breach with
>>> their own rules?
>
> Hell with the rules Charlie, both windows update and
> the client side service are obviously obsolete and
> insecure, apparently since at least 2001 (WinXP release).
>
> Just how hard would it be for a tech' wizard pirate
> or unfriendly .mil to slither a custom update while
> client is downloading mainstream updates?
> How about a maninmiddle loop where downloaded updates
> were decompressed then modified and recompressed then
> sent back on their merry way? I dunno', now I wonder.
> Cloning/faking routers or servers is trivial these days.
>
> Don't get sidetracked with politics or legal BS,
> we need a better and transparent system yesterday.
> As long as we demand an easy to 'use and apply'
> system for updates and security we will have an easy
> to manipulate or abuse system...MS did us a favor.
>
> NT Canuck
> 'Seek and ye shall find'


Well if you read my reply to Jupiter I have a couple of issues with
ActiveX being indistinguishable from the update software as far as
messages are concerned, I do think it should be possible to have some
single separate thing to do the job. That's not to say it's possible to
make any communication 100% secure, but at least IT folks would have a
clue when something was reported to them.

We have a locked server at work and the terminals can't browse the
internet normally, but if they hit windows update IE opens up and away
they go. It was a nurse who found this

I think IE and standard technology being involved with updates for a
modern OS is not a good idea...

 

[Charlie Tame]

Jupiter Jones [MVP] wrote:
> "despite old Jonesy using it in an attempt"
> These little snips by you are becoming more common.
> Your need to do so while selectively reading are more of a reflection on
> you.
>


You're getting more pompous, so what?

The fact is that your attempts to play down the seriousness of the
world's leading supplier of operating systems leaving security concerns
by choice in 90% of the country's computers is irresponsible. Fair
enough, nothing serious happened "This time", but only weeks ago their
sneaky software declared a lot of their "Flagship" products illegal,
causing REAL loss of functionality BY DESIGN. What are Microsoft thinking?

Maybe their action then was accidental, maybe the sneak updates are
"Legal", but both of these are a serious blow to their claims of being
the leaders in "Trustworthy Computing" from the user's point of view.

You state that there is a "Workaround" for the update issue, and there
is, but it's not stated clearly and not something the average user would
think of, even a good IT Pro might miss it. So my question for MS is
"What Workaround do we have to look for next, what else are you doing
that we should know about?"

Failure to deal with these matter by denial helps nobody, especially
Microsoft if disillusioned users start voting with their feet.

 

[Frank]

norm wrote:
> Frank wrote:
>
>> norm wrote:
>>
>>> ...However, you have avowed (on occasion in very strong terms) that
>>> you believe in God, so I will restate what I said above as this:
>>> And you, as an avowed believer in God, certainly do not present
>>> yourself as such in this group.
>>
>>
>> Oh really? Now you're going to sit in judgment of me? So you must be
>> without sin to be able to cast the first stone right?
>
> There is no judgement to be made. You provide ample evidence that your
> proclamation of belief and your actions do not jibe.
>
>>
>>> Regardless of being a Christian or not, your actions and statements
>>> still belie your belief.
>>
>>
>> They do? What beliefs are those, huh?
>>
>> You are still a hypocrite.
>>
>> And which of the deadly sins are you guilty of committing?
>
> Did I accuse you of committing a deadly sin? No. I called you a
> hypocrite. Bit of stretch on your part for the sake of argument.
>
>>>
>>>>>
>>>>>>
>>>>>> Do you think people don't notice your behavior?
>>>>>>
>>>>>> I sure as hell hope they do! Otherwise why would I post in a
>>>>>> public ng, huh?
>>>>>
>>>>>
>>>>>
>>>>> Pitiful need for attention, I take it?
>>>>
>>>>
>>>>
>>>> Nice try but no cigar. If you want to be heard, public forums are
>>>> the place to be, right?
>>>> Or do you prefer being alone and talking to yourself?
>>>>
>>>>>
>>>>>>
>>>>>> The
>>>>>>
>>>>>>> word "hypocrite" seems an apt description for you.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Oh, and what is it that I've professed to that would make you say
>>>>>> such a thing?
>>>>>
>>>>>
>>>>>
>>>>> If you are not Christian, why do you make the statements you do in
>>>>> the course of your "arguments"?
>>>>
>>>>
>>>>
>>>> Please point out where I've used the term "Christian" as a point of
>>>> argument, ok?
>>>
>>>
>>> Per my corrected comment above, you might not have used the term
>>> "Christian" but you certainly have used God's name in your
>>> "arguments" and accusations of someone being a godless atheist.
>>
>>
>> Yeah and alias is proud of being an atheist, right?
>> So...?
>
> The issue is not whether alias is an atheist or not. The issue is that
> you are a hypocrite.
>
>>
>> Your belief and your
>>
>>> actions appear to be on opposite ends of the spectrum.
>>
>>
>> Which spectrum is that norm...the one you made up?
>
> The spectrum of proclaiming belief on one hand and your actions on the
> other.
>
>>>
>>>>
>>>> Or could it be that you will use any
>>>>
>>>>> "weapon" whether you subscribe to a belief or not to continue your
>>>>> little game to gain the attention you need?
>>>>
>>>>
>>>>
>>>>
>>>> Careful, you're about to fall on your own sword.
>>>
>>>
>>> Again, I think not.
>>>
>> Oh, I think you've already done it!
>>
>>>>
>>>> Then again, why bother to
>>>>
>>>>> ask anything of you?
>>>>
>>>>
>>>>
>>>> You tell me? Seeing as how you're the one doing the questioning.
>>>>
>>>> There will be nothing of substance forthcoming
>>>>
>>>>> anyway.
>>>>
>>>>
>>>>
>>>> Ahhh...the final try at an insult! Sorry norm, but engaging you in
>>>> any substantive discussion now seems out of reason and reach.
>>>
>>>
>>> So says the master of insults. As you have so many times asked
>>> others, I in turn ask you. How can it be an insult if it is the truth?
>>
>>
>> Remember what RR said..."the truth is only a reality that can be
>> manipulated".
>> Who do you answer to norm?
>> Frank
>
> I don't answer to you. Spin it any way you want. You are no less a
> hypocrite regardless of your arguments or your new questions. You
> proclaim your belief in God and you act in direct opposition to that
> belief.
> hyp·o·crite /?h?p?kr?t/ Pronunciation Key - Show Spelled
> Pronunciation[hip-uh-krit] Pronunciation Key - Show IPA Pronunciation
> –noun
> 1. a person who pretends to have virtues, moral or religious beliefs,
> principles, etc., that he or she does not actually possess, esp. a
> person whose actions belie stated beliefs.
> 2. a person who feigns some desirable or publicly approved attitude,
> esp. one whose private life, opinions, or statements belie his or her
> public statements.
> [Origin: 1175–1225 ME ipocrite < OF < LL hypocrita < Gk hypokrits a
> stage actor, hence one who pretends to be what he is not, equiv. to
> hypokr(nesthai) (see hypocrisy) + -tés agent suffix]
>
> Main Entry: hyp·o·crite
> Pronunciation: 'hi-p&-"krit
> Function: noun
> Etymology: Middle English ypocrite, from Anglo-French, from Late Latin
> hypocrita, from Greek hypokritEs actor, hypocrite, from hypokrinesthai
> 1 : a person who puts on a false appearance of virtue or religion
> 2 : a person who acts in contradiction to his or her stated beliefs or
> feelings
>

hehehe...I guess I pushed all of your buttons, right norm?
But guess what, you're opinion of me is obviously only important to you.
Pity that you're such a small person.
Frank

 

[NT Canuck]

Charlie Tame wrote:

> We have a locked server at work and the terminals can't browse the
> internet normally, but if they hit windows update IE opens up and away
> they go. It was a nurse who found this

and if some don't know...
you can use IE (or any browser) as a file manager.
Thankfully with wuac enabled IE asked before going to c:/

Please tell me that the system mentioned has wuac enabled
and that she had to ok a warning popup...

> I think IE and standard technology being involved with updates for a
> modern OS is not a good idea...

There are a few problems with the Vista system inheriting
IE7 problems that need tending, hopefully folks will give
useful info/links so that they can be replicated.

NT Canuck
'Seek and ye shall find'

 

[Jupiter Jones [MVP]]

"more pompous"
Your need to insult instead of dealing with the issues reflects on your own
character and not on those you need to insult.

"even a good IT Pro might miss it"
Then the IT Pro clearly is not.

"Failure to deal with these matter by denial helps nobody"
Your selective reading is getting old.
Your inability or unwillingness to see that I have given the solution for
users is solely your problem.
You deal with it by insulting others and you call me "pompous".

You need to read my posts again, possibly for the first time.
Your assumptions and selectively reading do nothing to help the OP.

--
Jupiter Jones [MVP]
Windows Server System - Microsoft Update Services
http://www3.telus.net/dandemar


"Charlie Tame" <charlie@tames.net> wrote in message
news:%230PO7ZL%23HHA.2140@TK2MSFTNGP06.phx.gbl...
> You're getting more pompous, so what?
>
> The fact is that your attempts to play down the seriousness of the world's
> leading supplier of operating systems leaving security concerns by choice
> in 90% of the country's computers is irresponsible. Fair enough, nothing
> serious happened "This time", but only weeks ago their sneaky software
> declared a lot of their "Flagship" products illegal, causing REAL loss of
> functionality BY DESIGN. What are Microsoft thinking?
>
> Maybe their action then was accidental, maybe the sneak updates are
> "Legal", but both of these are a serious blow to their claims of being the
> leaders in "Trustworthy Computing" from the user's point of view.
>
> You state that there is a "Workaround" for the update issue, and there is,
> but it's not stated clearly and not something the average user would think
> of, even a good IT Pro might miss it. So my question for MS is "What
> Workaround do we have to look for next, what else are you doing that we
> should know about?"
>
> Failure to deal with these matter by denial helps nobody, especially
> Microsoft if disillusioned users start voting with their feet.