Dear Microsoft: Please Stop Pushing Potentially Unwanted Software Through Windows Update

One of my home machines is Windows 7 Enterprise x64. A few days ago an interesting thing started happening. Windows Update (WU) traybar is notifying that there is a new “Important Update” that needs to be installed. I have it configured for manual update because I want to decide what gets installed and what doesn’t. So I open the WU console and look at the details of the “Important Update” and to my surprise its not an update at all but rather a bunch of new software which I don’t really want in the first place nor have already installed on my machine, so it doesn’t need updating.

It seems Microsoft is reverting to using WU to push unwanted software, kinda like what adware, spyware and rogue software does. I guess if you can’t convince users to download and install your software the next best thing is to push it down their throats whether they like it or not. Nice move MSFT!

I decide to un-check the “Important Update” and forget about it. But to my (second) surprise, the WU notification from the traybar does not disappear as it normally does when you decide not to install an update. I open the WU console again and, surprise surprise, the “Important Update” is still there checked by default (even though I already told it I don’t want it), ready to be installed as soon as a user hits the “Install Updates” button.

The “important” software bundle is named Windows Live Essentials 2011 and at a 160MB size includes the following:
– Messenger
– Photo Gallery
– Mail
– Movie Maker
– Writer
– Family Safety
– Windows Live Mesh
– Messenger Companion
– Microsoft Outlook Hotmail Connector
– MS Outlook Social Connector Provider for Messenger
– Microsoft Silverlight
– And as a BONUS you also get: Bing Toolbar for your browser, agreeing to a new Service Agreement and a new Privacy Policy updated a couple of months ago and asking you to provide personal information.

Searching around a bit I found a couple of interesting blog posts by Microsoft. One here saying that the install will only be shown as “Recommended Update” or even “Optional Update”, which is not true as it is showing as an “Important Update”. But more interestingly, here and here there’s hundreds of users complaining not only about the tactics of the installation but also about the buggy software and how this “update” has changed their preferences, lost their business contacts, lost functionality previsouly used in other software, etc.

This is wrong is so many levels that I’m still amazed that such a respectable company can get away with it.

a) Microsoft is conveniently confusing “updating” with “installing” and using WU for their own business benefit. WU should only be used for updating software and drivers already on the machine, not for installing completely new software which the user didn’t ask for and which in some cases replaces non-Microsoft software chosen by the user and already installed on the machine.

b) The tactics for installing this software bundle are less than ethical. Microsoft has configured it so that it tries to install again and again, even if WU is configured as allowing the user to choose which updates s/he wants and even if the user already chose not to install it. Even if you’re part of the lucky ones that has WU set to manual, chances are the next time Microsoft releases some real security updates, Windows Live Essentials 2011 will be installed along with it as it is checked by default. This is suspiciously close to how adware and spyware behaves.

c) Is this the type of behaviour we are to expect from Microsft’s WU in the future? What’s to stop them from changing your browser, your Office, your settings, your search engine provider, your preference for other software, etc. and replacing it with their own? What if I don’t want Silverlight, Bing toolbar, Writer or any of that other software? I already have chosen other software or services to perform those tasks. Is Microsoft ignoring user decisions and imposing their own software without anybody stopping them from doing so? What if we did the same and started installing Chrome and disabling Internet Explorer in all our users’ machines citing “security reasons” for the change?

WindowsLive-Update-0

WindowsLive-Update-1

WindowsLive-Update-2

WindowsLive-Update-3

WindowsLive-Update-4

WindowsLive-Update-5

Related News

25 Responses

Leave a Reply
  1. zYan1de
    Oct 23, 2010 - 06:13 PM

    eh.. why not just right click > hide?

    Reply
  2. Bill Digiglio
    Oct 23, 2010 - 11:05 PM

    I have to agree, I did the update , promptly uninstalled the toolbar and I don’t like the messenger companion at all.

    Reply
  3. lohhw3
    Oct 23, 2010 - 11:24 PM

    on the list of offerred updates, right-click it and HIDE it from future notifications.

    Reply
  4. Pedro Bustamante
    Oct 24, 2010 - 12:03 AM

    @zYan1de & @lohhw3 yes I know you can do that, but the point is that the majority of users who are not as paranoid nor computer saavy won’t get that far because they’ll have the software installed before they know it.

    Reply
  5. Ringman
    Oct 24, 2010 - 02:27 AM

    I’m using Windows Vista. I’ve got this update too.
    I don’t like WLE 2011 very much because MSN Messenger should be basic IM program.

    Reply
  6. Amit
    Oct 24, 2010 - 11:49 AM

    you need a break man!

    Looks like 50+ old pal

    Reply
  7. zYan1de
    Oct 24, 2010 - 12:48 PM

    Actually it won’t just install everything, After the update is “finished” the windows live essentials installer will open up and you can choose what you (don’t) want to install.
    But still I agree, It shouldn’t be in windows update, even less an important update.

    Reply
  8. Kelly Crabbé
    Oct 24, 2010 - 12:59 PM

    I installed it out of curiosity, uninstalled it again — and am happily using Pidgin for further contact.

    Reply
  9. Thurston Moore
    Oct 25, 2010 - 05:06 AM

    I couldn’t agree more. I had HUNDREDS of contacts stored locally and have lost all of them. Microsoft is now saying I can’t go back to the old version without a system restore, which they of course, don’t recommend. Of course, I’ll find a torrent for WL 2009, but that’s not the point. As a former software developer, I guess I should have known better, but since it was conveniently labeled as “Important” vs. “Optional”, I made an assumption that they might have taken the time to actually test the updates they call “critical” or “important”. How wrong I was! The bravado and blatant disrespect for their customers is just perplexing to me. Is it any wonder their stock price hasn’t moved in a decade.
    To your original point, yes, it is completely unethical for them to use WU as a means of pushing out adware, and make no mistake, that’s exactly what Live Essentials 2011 is. Didn’t they lose an antitrust case because of these kinds of tactics? I would love for someone to start a class action against them for this.
    I know this is off topic, but can someone name me one thing Steve Balmer has done to improve Microsoft in his time there? It’s time for him to go.

    Reply
  10. Sam Spade
    Oct 25, 2010 - 05:27 AM

    1) Do you have any of the listed software installed on the computer in question. 2) Did you have to install all listed software or were you given the option to simply update what was already installed? If the answer to 1) is yes and the answer to 2) is “I was given the option to simply update what was already there… then what’s the problem? From what I understand only computers which have any of the listed software installed will see the update.

    Reply
  11. Mr D
    Oct 25, 2010 - 10:12 AM

    I installed this by accident, HATED it so had to uninstall and go back to Live 2010. But now its REALLY annoying cos it still keeps trying to redownload and install!! Been searching the internet now for ages to try and find a solution. I am now just hoping the hide works and stops it from installing

    Reply
  12. peter
    Oct 25, 2010 - 01:40 PM

    i don´t get that update or the notification.

    don´ß know what your talking about.

    Reply
  13. Angry Pup
    Oct 26, 2010 - 02:36 AM

    Whatever you do… DO NOT INSTALL MS SECURITY ESSENTIALS!!! Once installed, it will download a program to HIJACK your browser away from Windows Update altogether! It redirects your browser instead to Microsoft Update AND installs the activeX to use it – All without your knowlege or consent, and in my case, directly against my will! I have been screaming at MS-Support for over a month now. I even reformatted, reinstalled my OS to get rid of the hijack. Just wanted to get an answer of how to prevent a reoccurance, but they wouldn’t answer my question. Now the hijack is back and I figured out it’s the MSSE program doing it. Am looking for alternate AV program – that’s why I’m on this site now. Burn-in-H Microsoft. Thinking Linux now.

    Reply
  14. Legion
    Oct 26, 2010 - 05:27 AM

    [quote]This is suspiciously close to how adware and spyware behaves.[/quote]

    Well it’s more like how a trojan downloader perhaps if M$ keep this up AV software should start treating windows update as malware.

    Reply
  15. kane
    Oct 26, 2010 - 06:56 PM

    I reside in the infamious European Union and live essentionals does not show up in the WU list, I guess the EU won’t allow it?

    Reply
  16. joipjømkl
    Oct 27, 2010 - 07:24 PM

    For me it’s listed as an “optional update” but then I’ve unchecked “Give me recommended updates the same way as I receive important updates” in “Windows update -> Change settings”

    Reply
  17. JMJsquared
    Oct 28, 2010 - 10:37 PM

    @Thurston Moore – Microsoft is a company operating in a “free” market for its own and its shareholders’ benefits. As much as so many –including knee-jerk MS-bashers– profess to want, we do not live in an “open source” world mainly because that model does not work absent a profit-driven counterbalance. I submit two examples as proof: 1. The Soviet Union collapsed circa 1989; and, 2. You got paid for developing your (your company’s) software.

    Do you feel as outraged when you buy your Sunday paper and find loads of commercial inserts? Or, do you refuse to buy your favorite magazines because they include those annoying subscription offers? Of course you don’t. So, why flame at poor, ol’ Microsoft? As a developer, you, better than I and most other posters here, are able to discern what is being offered you and under what terms. So, next time, R-E-A-D !

    Finally, Microsoft is a mature company and its stock price’s stability is a reflection of that. One does not buy it hoping for a windfall as may happen with an IPO from a young firm; rather, you include it in your portfolio for income. And, they won their anti-trust case on appeal. And, IMHO, they deserved to win. Gates had the money and the ego to go toe-to-toe with the Justice Department where others, less well funded and less passionate, would have folded. ‘ Sides, they/he GAVE 37, 000, 000, 000.00 USD to make this a better World.

    So, my dear colleague: Flame off!

    Reply
  18. tomfin
    Nov 01, 2010 - 10:33 PM

    @JMJsquared You are wrong all night long. I feel compelled to follow Mark Twain’s advice on certain arguments; therefore I bid you good day, sir.

    Reply
  19. jiang
    Nov 01, 2010 - 10:58 PM

    the last post seems to have miss the part of the endless updates and why?
    a less than perfect product should be updated

    Reply
  20. shay
    Nov 01, 2010 - 11:07 PM

    jiang you must understand that updates should not be look at as correcting bugs,
    rather you must look at it as a option to make somthing good- great
    stop thinking on your on and return to thr fold.

    Reply
  21. shay
    Nov 01, 2010 - 11:08 PM

    money

    Reply
  22. JMJsquared
    Nov 03, 2010 - 02:36 PM

    @tomfin – As I offered my opinion in the full light of this forum’s “day”, I welcome informed, cogent comments and debate. I also briefly listen to imperious sounding ones like yours.

    P.S.: Let’s leave beloved Samuel Clemens out of this. Nice one, tho’.

    Reply
  23. Sarah
    Nov 05, 2010 - 09:19 PM

    I agree this is a horrible tactic. I updated MSN Messenger recently and hated it (you couldn’t change your screen name for one thing), so I thought I’d delete it and returned to the original 2010 version. When I had a pop-up telling me I had “important” updates, I didn’t realise what Windows Live Essentials 2011 really was and went to download…

    Lo and behold, inside was the new Messenger. I promptly stopped the installation when it asked me what I wanted to either install or update and my computer instantly started bitching at me, so thanks for mentioning how to turn them off. However now I have the little red shield with an X inside it saying “amg you should check for updates!” … :|

    Reply
  24. George Birbilis
    Nov 11, 2010 - 12:08 PM

    if user had MSN messenger (not Windows Messenger) it’s logical to see this in critical updates

    Reply
  25. glaee
    Nov 24, 2010 - 10:08 PM

    the last post seems to have miss the part of the endless updates and why?
    a less than perfect product should be updated
    hxxp://www.glaee.com/vb/index.php

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

COPYRIGHT 2014 PANDA SECURITY