Later On

A blog written for those whose interests more or less match mine.

The problem with Microsoft stealth updates

with one comment

I blogged earlier how Microsoft updates its OS on your computer, even if you’ve turned “automatic updates” off. Bruce Schneier points out the serious problem:

Note that Microsoft can do this; that’s just stupid company stuff. But what’s to stop anyone else from using Microsoft’s stealth remote install capability to put anything onto anyone’s computer? How long before some smart hacker exploits this, and then writes a program that will allow all the dumb hackers to do it?

When you build a capability like this into your system, you decrease your overall security.

Some comments at the link contest his analysis.

Written by Leisureguy

17 September 2007 at 3:05 pm

One Response

Subscribe to comments with RSS.

  1. http://blogs.technet.com/mu/archive/2007/09/13/how-windows-update-keeps-itself-up-to-date.aspx

    The Microsoft Team stated this does not happen when auto updates are turned off. Also, in response to Bruce Schneier’s comments, any program you install can call home and check for an update. You’ve seen Java, Acrobat, Flash, etc, all tell you there’s an update. Your antivirus software does this as well. The windows update service is not a ‘back door’ per se, it’s a front door. To prevent this from happening, install a 2 way firewall like Zone Alarm or PC-Cillin and it won’t let anything call home unless you say it’s OK to do so.

    Like

    Zach

    18 September 2007 at 11:39 am


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: