On the back of the recent WGA fiasco, further research has revealed yet another citation of what I already knew to be true: Windows updates itself without explicit permission, even if you turn off automatic updates.
The procedure is supposed to work like this (on XP at least):
Launch "System Properties".
Select the "Automatic Updates" tab.
Select the "turn off Automatic Updates" (or manual) checkbox.
And that, AFAIAC should be it. Off means off.
And yet, according to Microsoft, apparently it doesn't.
If Microsoft ever wanted to get caught with their pants down, they succeeded. For most people, the above doesn't make a whole lot of sense past the "you might have a virus" part. VerifyMyPC requires a little extra knowledge about computer systems when dealing with the details. Google is your friend in these cases. Running searches for 'wups.dll' and 'wups2.dll' turns up something about Automatic Updates. In particular, those DLLs provide Automatic Update functionality for Windows.
In other words, the Automatic Updates utility automatically updated itself. Now this might not seem like a big deal but I have automatic updates set to manual (both download and installation have to be approved by me) and not the usual 'automatic' setting found on most user PCs. In other words, Windows updated itself without my express permission. Such behavior is right in line with spyware-like activity.
New information from the ZDNet article suggests that the total number of files that are covertly replaced by Microsoft in this latest attack totals 9 on Vista and XP, as follows:
Common to both Vista and XP:
Kingsley-Hughes is also running a poll, asking his readers whether they approve or disapprove of these stealth updates. Unsurprisingly the vote is currently standing at 94% disapproval. I encourage you to add your vote to the 10,000+ already cast.
So let this serve as a reminder to all those who denounce claims of stealth updates as "paranoia" ... Microsoft do deploy updates that are installed without the user's explicit permission, and indeed contrary to the user's express instructions. The Windows EULA even states that Microsoft reserves such a right:
2.3 Internet-Based Services Components. The Software contains components that enable and facilitate the use of certain Internet-based services. You acknowledge and agree that Microsoft may automatically check the version of the Software and/or its components that you are utilizing and may provide upgrades or fixes to the Software that will be automatically downloaded to your Workstation Computer.
You agree that Microsoft can automatically and without your consent put new software on your computer.
Why is this such a big deal?:
How to resolve this problem:
Of course there is a more permanent and trustworthy solution, simply wipe that Malware known as Microsoft Windows off your system completely, and install GNU/Linux instead, for some peace of mind, real control, and an overall much better user experience.