Microsoft has crossed the line with some Windows users by secretly deploying software through Windows Update — even to users who had turned off motorized updates. Microsoft has issued an apology, of sorts, but some safety degree experts are still warning that the practice of updating Windows without user consent could lead to dire consequences.

As its name suggests, Windows Update is a service that primarily delivers updates to Windows. To ensure ongoing service reliability and operation, Microsoft must update and enhance the Windows Update service itself, including its client-side software.

However, Microsoft discussion boards that week revealed that Redmond was updating Windows without permission. Specifically, Windows Update has updated nine files in both Windows XP and Windows Vista by the past few weeks, according to reports.

catastrophe Waiting To Happen?

Paul Henry, Secure Computing’s vice president of technology evangelism, verified the stealth updates on a Windows machine in his own lab. Henry said that what initially

struck him as strange is that Microsoft began the updates without any end-user notification. Beyond that, he said, there are larger shield concerns.

“First, with no way of turning off Microsoft updates, it makes the use of a compromised update process a very appealing vehicle for a would-be hacker,” he explained. “Second, that plus raises concerns for law enforcement.” Henry pointed out that a great deal of caution is exercised to preserve stability in convinced environments. For example, documented Microsoft installs in computer forensics are essential to guarantee that potential evidence isn’t compromised.

Henry said that although the Windows process has not yet created any reported issues, the ramifications of Microsoft’s stealth updates have the potential to be meaningful. He said he can easily assume a patch being automatically deployed that causes things to break and go terribly wrong in a Windows environment.

“Just look what happened to Skype in…

Original post by Jimmy Lee Shreeve