Microsoft: We didn't change Automatic Updates

Microsoft denied Wednesday that its software had arbitrarily changed Windows Vista's update settings, saying that users were responsible for the modifications that generated claims of unauthorized patch installs.

Reacting to reports that first surfaced last Friday, a program manager for Windows Update said today that an investigation had turned up no evidence the Oct. 9 security fixes had switched settings in Vista's AU (Automatic Updates).

"From the customer logs that we received, we found that none of the updates released as part of the October security release have made any changes to users' AU settings," said Nate Clinton in a post to a company blog. "In fact, in the logs we reviewed, AU in all cases was set to 'install updates automatically' prior to the October security release."

Vista allows users to turn off AU entirely, tell the operating system to check for but neither download or install any fixes, instruct the mechanism to download files but not install them; or accept all patches without any additional approval.

The claims that AU settings had mysteriously reverted to the "install automatically" setting began to trickle into a message forum on the AeroXperience Web site soon after the release last Tuesday of six security updates. Several users said that AU downloaded and installed patches even though they had specifically instructed Vista not to do so.

But unlike last month, when a Windows newsletter revealed that Microsoft had updated users' PCs contrary to their instructions, the newest charges were limited to AeroXperience members. No similar reports, for example, were posted to the Windows Update support newsgroup hosted by Microsoft. During September's brouhaha, that newsgroup was thick with messages about the stealth updating.

Certain that AU had not run amok and changed its own settings, Clinton fingered users for the altered state of AU. "I want to stress that the Windows Update client does not change AU settings without users' consent. However, AU settings can be set or changed in the following scenarios," he said, and then listed five; all require the user to take action or accept one option from several offered.

"During the installation of Windows Vista, the user chooses one of the first two recommended options in the 'Out of Box Experience' and elects to get updates automatically from Windows," Clinton said was one possibility. Another: "The user chooses to opt in to Microsoft Update during the installation or the first run experience of another Microsoft application such as Office 2007."

Earlier, a Microsoft spokeswoman had been more blunt. "It may be more a case of someone clicking to change their AU settings but not realizing /remembering doing so," she said Tuesday.

Users on AeroXperience writing to the forum after Microsoft wrapped up its investigation accepted Clinton's explanation. "The disparity between the Windows Update control panel applet and the OOBE (Out of Box Experience) update settings page (when first running Windows Vista) seems to be what's causing the confusion," said a member identified as Bryant.

Computerworld is an InfoWorld affiliate