(This is a somewhat old story.) I left a comment on Bruce Schneier’s cryptogram blog on his article about how Microsoft Windows Update was found to be updating even in the event where the user had turned off automatic updates. The article is located here.
My comment on Bruce Schneier’s blog is below:
After a careful reading of Adrian Kingsley-Hughes’s ZDnet article and Nate Clinton’s (PM for Windows Update) blog response on this, I’d have to say that MS is in the wrong, for this point:
The silent update was (I assume from Clinton’s blog) so that WU itself can continue to function and notify the user of future updates. They seem to have made the assumption that the user wants WU updated so they can continue to receive update notifications. The problem is that users who select “2) Download updates but let me choose whether to install them” or “3) Check for updates but let me choose whether to download and install them” are EXPLICITLY saying that every update, no matter how crucial, should be subject to their discretion, not Microsoft’s.
Think about it: I assume most Grandpa J. NewUsers have “1) Install updates automatically” set because they don’t understand the technology or have an implicit trust in MS. The people who set to have WU notify them before downloading/installing have that set for a reason, be it for controlled testing environments or system stability or whatever. Selecting the notify-first option is not the choice the “just make the computer work”-user makes. They want to be notified before ANY changes, and understand the risks of not immediately updating.
The fact that Clinton himself states that (“of course”) the WU client is not silently updated for WSUS or SMS enterprise customers shows that they realize the merit of my above point.
So unless my premises are flawed, the WU team’s decision was perhaps expedient but dead wrong. It is very troubling that their software does the exact opposite of the user intention, especially during a time when DRM and so-called anti-piracy systems are increasingly pushed as “necessary security features”.