| By Virginia Culler |
The Sept. 13 issue of Windows Secrets reported that Windows Update sometimes installs files without notice, even ifauto-install has supposedly been disabled.
Many readers are dismayed to learn that their control over their computers is compromised and are asking how they can prevent this in the future.
Stability issues raised in update’s wake
The Sept. 13 issue of Windows Secrets revealed that Windows Update has been installing some files silently, despite the fact that users have selected a “do not install” option in the Automatic Updates control panel. Many readers wondered why their firewalls did not bar Microsoft’s activity. The answer is that the Windows Update Agent initiated the contact to Microsoft’s servers. The resulting file download, therefore, appeared to be an expected response.
Other readers asked if they could — or should — configure their firewalls to reject Microsoft downloads. A reader named Scott W. writes:
- “Would you be able to publish a list of DNS names and IP addresses that Microsoft uses for Windows Update? I want to block the IP addresses in my router firewall, and I want to disable the DNS names (just in case they change the IP addresses of Windows Update) in my DNS server.”
First, there would always be new IP servers that would need to be added to the blockade. An extensive list of entries recently provided in the KezNews forum can give you an idea of how long your table might become — unless you want to use wildcards to block anything originating from the Microsoft domain.
Second, the burden would fall squarely on the end user to determine what needed to be blocked and what didn’t. This is far too labor-intensive a solution for most companies, and it may cause unforeseen problems.