19-09-07

Microsoft Updates becoming trojans, backdoors and ransomware

On the blogosphere there is much discussion about the stealth downloads that Microsoft has installed together with the latest updates and that weren't published. This isn't the first time as far as I know because windows 2003 servers that were cracked beyond their trial period because payment didn't go through fast enough were also desactivated only after an auto-update. They are now promising Vista prirates will be black-outed soon.

The update process has all the reasons to be trusted in every sense of its word. This is necessary to be sure that you can install the updates nearly automatically without having to worry much about side-effects. But now it seems that there are different changes that came along with this installment and it makes you wonder what would be next. Microsoft says that these changes were only to the updater process itself

At the same time Microsoft is trying to shut down freeware that uses the update fixes but gives the user more control over the installation. Autopatcher is such a freeware that was used by many as a control tool. For microsoft it is a way around WGA and thus gave unlicensed machines the possiblity to install patches they don't have the right to. (more info)

This is a very dangerous vision of patching. Machines are patched to be sure that they aren't used by the malware netwerk that is attacking all levels of the internetbusiness and -community. It is in the interest of no-one that only registered machines are protected. THe whole internet community is better protected if all machines are protected. For this reason the Microsoft update process has become a ransomware.  (pay or be unsafe)

Or is Microsoft preparing a paid subscription service in which you would have to pay for the security updates ? At the other side the updates from Microsoft are so easy if you compare it to other OS and their informationcampaigns about these updates are so wide and extensive that this aspect should be a standard for the whole of the software - industry (including Apple, Sun and Oracle). So these incidents are sidetracking this and can't be the main goal of the update process. Think again Microsoft and reconsider.

free alternatives

http://www.vulnerabilityassessment.co.uk/ctupdate.htm

http://sourceforge.net/projects/updater-cd/

http://wud.jcarle.com/UpdateLists.aspx

there are commercial alternatives also and they have the permission

You can also try to isolate the downloads in a sandbox

http://www.sandboxie.com/index.php?DownloadSandboxie  30 days

the alternatives of this product didn't protect against malware

or free personal virtualisation

http://www.trustware.com/virtualization/free.html

copy software http://fileforum.betanews.com/detail/AutoPatcher_XP/10671...

sign petition for autopatcher

 

10:39 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

De commentaren zijn gesloten.