Trojan.WSUS

Now I think that Microsoft has finally gone over the edge. They have, as it seems to me, used their backdoors into user's PCs to install software users would not have installed otherwise.

This software, Windows Desktop Search 3.01, competes with Google's much more succuessful desktop search tool. Windows Desktop Search, based on Windows Search, has been very unpopular. In my own experience, all Microsoft search tools perform worse than virtually all other search tools I have used. I depend on Google search to even search Microsoft's own sites. Google has often returned accurate lists of matching Microsoft pages when Microsoft's own search yielded no results. They can't even index their own sites.

This week, I was in Houston, Texas. I got a call from my wife about some new search "thing" in her task bar that was driving her nuts. This was very disturbing to me. I have been very careful about keeping all my PCs patched and protected. She definitely understands enough to know not to open unexpected emails, not to click links or open attachments in emails that aren't expected, and so forth. I could not figure out how someone would get access to our PCs to install such an unwanted tool. When I got home, I checked out and it soon was obvious that it was a Microsoft search tool. That gave me some relief - initially.

Because I have several physical PCs at home and even more virtual PCs, and a relatively poor Internet connection from satellite, rather than each PC downloading updates from Microsoft, I installed a Microsoft Windows Server Update Services, or WSUS, server at home. This server downloads updates from Microsoft once and then distributes those updates to all the PCs on my network.

To find out how the Windows Desktop Search "update" was installed on my wife's PC, I checked my WSUS server. WSUS showed that the Windows Desktop Service update was approved for install on October 23, 2007. The only problem is, I was out of town on October 23, 2007. I certainly had not approved this installation.

I found statements from Microsoft and others saying that there is a setting that, by default and without most users knowing it is there, tells WSUS to automatically approve revisions to previously approved updates. Sure enough, my WSUS installation had that setting set. The only problem is, I had never approved any other installation of Windows Desktop Search so that setting should not have allowed Microsoft to approve any installations on my PCs.

Microsoft has stated that some people may have approved the installation before but not had any PCs actually install it and "an error" in the new package caused it to be installed in all PCs where previously approved and not only those PCs that already had Windows Desktop Search. Well, this is just plain not accurate.

I have also read on Microsoft newsgroups where some posters are claiming that there is no way to tell, once the new update is approved automatically, that any previous update was not approved so there's no way to prove Microsoft's statements wrong.

Well, here's the proof. Here is a screenshot from my WSUS server showing that WSUS 3.1 was specifically declined in March 2007. Where it shows now that it was also declined on October 23, 2007 is because I overrode Microsoft's approval and declined the install.



It sure seems to me that Microsoft has used its access to the world's PCs in order to force the installation of a Microsoft product that Microsoft has otherwise been unable to convince large numbers of people to install.

I am really anxious to see what Google does with this. Will there be lawsuits? Will the U.S. Department of Justice re-open anti-trust investigations? The fallout of this, I think, should and will be serious. If not, then it seems to me that our very souls have been sold out from under us to the highest bidder - or contributor.




Perhaps millions of installations of Microsoft's Windows Desktop Search were installed worldwide.
- posted by Dale Preston @ 10/26/2007 01:50:00 PM