Sorry, you need to enable JavaScript to visit this website.

Windows By Stealth: The Updates You Don't Want

Homer's picture

On the back of the recent WGA fiasco, further research has revealed yet another citation of what I already knew to be true: Windows updates itself without explicit permission, even if you turn off automatic updates.

NEW! ... Further proof, confirmation, and details of this has been provided by Scott Dunn of Windows Secrets, and Adrian Kingsley-Hughes of ZDNet.

The procedure is supposed to work like this (on XP at least):

Launch "System Properties".
Select the "Automatic Updates" tab.
Select the "turn off Automatic Updates" (or manual) checkbox.

And that, AFAIAC should be it. Off means off.

And yet, according to Microsoft, apparently it doesn't.

If Microsoft ever wanted to get caught with their pants down, they succeeded. For most people, the above doesn't make a whole lot of sense past the "you might have a virus" part. VerifyMyPC requires a little extra knowledge about computer systems when dealing with the details. Google is your friend in these cases. Running searches for 'wups.dll' and 'wups2.dll' turns up something about Automatic Updates. In particular, those DLLs provide Automatic Update functionality for Windows.

In other words, the Automatic Updates utility automatically updated itself. Now this might not seem like a big deal but I have automatic updates set to manual (both download and installation have to be approved by me) and not the usual 'automatic' setting found on most user PCs. In other words, Windows updated itself without my express permission. Such behavior is right in line with spyware-like activity.

New information from the ZDNet article suggests that the total number of files that are covertly replaced by Microsoft in this latest attack totals 9 on Vista and XP, as follows:


  • wuapp.exe
  • wucltux.dll
  • wudriver.dll
  • wuwebv.dll


  • cdm.dll
  • wuaucpl.cpl
  • wucltui.dll
  • wuweb.dll

Common to both Vista and XP:

  • wuapi.dll
  • wuauclt.exe
  • wups.dll
  • wups2.dll
  • wuaueng.dll

Kingsley-Hughes is also running a poll, asking his readers whether they approve or disapprove of these stealth updates. Unsurprisingly the vote is currently standing at 94% disapproval. I encourage you to add your vote to the 10,000+ already cast.

So let this serve as a reminder to all those who denounce claims of stealth updates as "paranoia" ... Microsoft do deploy updates that are installed without the user's explicit permission, and indeed contrary to the user's express instructions. The Windows EULA even states that Microsoft reserves such a right:

2.3 Internet-Based Services Components. The Software contains components that enable and facilitate the use of certain Internet-based services. You acknowledge and agree that Microsoft may automatically check the version of the Software and/or its components that you are utilizing and may provide upgrades or fixes to the Software that will be automatically downloaded to your Workstation Computer.


You agree that Microsoft can automatically and without your consent put new software on your computer.

Archive of the original article on the WayBack Machine

Why is this such a big deal?:

  • Because the supposed ability to "turn off" Automatic Updates is little more than a lie.
  • Lying about updates is suspicious and untrustworthy behaviour, which one does not exactly expect from the vendor that you paid for the "privilege" of running their software. IOW if the vendor has lied about this, then what else have they lied about?
  • Updates may not necessarily be deployed in good faith. Microsoft have demonstrated in the past that certain updates are quite deliberately designed to cripple and inhibit their customers' systems. Example: driver update designed to prevent all DVD playback (conspiracy with nVidia and Macrovision).
  • Even when not designed with malicious intent, updates are not always necessarily a GoodThing®, on any system, including GNU/Linux. Poorly tested updates may actually cause problems, rather than fix them. Users need to have the freedom of choice to decide whether or not to apply any given update in a timely fashion, if at all. User's should be in control of their own systems, for both practical and principled reasons. Without exception.

How to resolve this problem:

  • Do not rely on the control panel settings for Windows Updates, it is untrustworthy and essentially bogus. Disable the two services - WAUS and BITS ("Windows Automatic Updates Service" and "Background Intelligent Transfer Service" respectively). And keep them disabled ... permanently.
  • Do not trust updates from Microsoft ... ever ... especially so-called high priority automatic updates. Consider all software from Microsoft to be potential Malware. Use WindizUpdate with Firefox to obtain updates instead, and be sure to carefully research each and every update before deploying.
  • As ever, keep your Anti-Spyware and Anti-Virus definitions up to date (although it's likely that third party vendors have exception rules for Windows components, at Microsoft's behest, so do not rely on this either). Use Free Software tools where you can (e.g. packet sniffers, etc.) to determine what exactly the updated software is covertly trying to do. IOW - use extreme caution at all times.

Of course there is a more permanent and trustworthy solution, simply wipe that Malware known as Microsoft Windows off your system completely, and install GNU/Linux instead, for some peace of mind, real control, and an overall much better user experience.


Anony Mouse's picture

Look at the bright side...

They invalidated your EULA for you. You are now free to use the software however you would like without a contractual binding! :)

Anony Mouse's picture

Bill Gates you turd!

Windows has a screw loose in so many places it's almost impossible to fix! I'm using XP and each day I loathe it to some extent. I've made up my mind to switch to Linux for next yr but I might have to move it a bit closer. Microsoft is going downhill for sure with pranks like this. You disgust me.

Anony Mouse's picture

Article error...

I don't think Macromedia (now Adobe) conspired with anyone about DVD playback. I think you meant Macrovision.

Homer's picture


Corrected my Freudian sloop ;)

Anony Mouse's picture

In addition to "Why is this

In addition to "Why is this such a big deal?", Automatic updates will restart your computer if you don't cancel it manually. Pain in the arse if you've left your computer carrying out some tasks and left the room.