[ISN] Patch service shuts after Microsoft request

From: InfoSec News (alerts@private)
Date: Wed Aug 29 2007 - 23:26:27 PDT


http://news.com.com/Patch+service+shuts+after+Microsoft+request/2100-7350_3-6205191.html

By Stephen Shankland
Staff Writer, CNET News.com
August 29, 2007

update - AutoPatcher, a 4-year-old project to distribute Microsoft 
patches and other updates to software that runs on Windows, has shut 
down because of a Microsoft request.

"Today we received an e-mail from Microsoft, requesting the immediate 
takedown of the download page, which of course means that AutoPatcher is 
probably history," said project manager Antonis Kaladis in a post 
Wednesday. "As much as we disagree, we can do very little, and...we took 
the download page down."

AutoPatcher had a variety of uses. For example, people with limited 
bandwidth could download patches once and install them on multiple 
computers, or people setting up new machines could apply security 
updates without having to expose the computer to network security risks. 
AutoPatcher could handle updates from Microsoft as well as third-party 
software such as Sun Microsystems' Java.

Microsoft said it "discourages" others from distributing supplemental 
software such as hot fixes, security patches and service packs and that 
doing so infringes the company's copyright. "This policy is in place due 
to concern for the safety and security of our customers, as we can only 
guarantee the download's contents when it comes from a Microsoft Web 
site," the company said in a statement. "We contacted AutoPatcher 
earlier today to request that they stop redistributing our Microsoft 
intellectual property."

According to a post on the Neowin news and discussion site, which hosted 
the official AutoPatcher forum, the company wants to be the sole 
distributor of its own software updates. Microsoft's legal department 
notified Neowin co-founder Steven Parker of the company's objections and 
had requested Neowin cut a tie it had to AutoPatcher.

"I had a call from Microsoft Legal this morning and they have told me 
that we are no longer allowed to endorse AutoPatcher on Neowin. 
Microsoft will only allow updates to be downloaded from its own 
servers," Parker said in the post.

Microsoft indicated it acted now because it just found out about the 
site. "Microsoft tries to contact anyone who is in violation of our 
policy as soon as we can once we are aware of what they're doing," the 
company said.

However, the company has had plenty of time.

AutoPatcher and its network of download "mirror" sites have been 
operating for four years, and the project's frequently-asked-questions 
page describes it as legal. "The AutoPatcher project has been going 
strong since 2003 and never had a sniff of trouble from Microsoft," the 
page says. "Kaladis once spoke to a Microsoft employee and apparently 
they know about us but don't care what we do," the page also says.

Parker reported that Windows Genuine Advantage, a Microsoft antipiracy 
program that checks legitimacy of a version of Windows, apparently isn't 
involved. WGA certification is required to install some software 
updates.

"I asked the representative if Windows Genuine Advantage had anything to 
do with it, and he categorically told me this was not the case," Parker 
said. "The concern at Microsoft had more to do with the possible 
malicious code that could be redistributed with certified Microsoft 
updates."

The representative also told Parker that Firefox, an open-source Web 
browser rival to Microsoft's Internet Explorer, now can be used to 
access Microsoft's Windows Update service for versions of Windows 
predating Vista. However, some forum posters said they were unable to do 
so.


____________________________________
Attend HITBSecConf2007 - Malaysia 
Taking place September 3-6 2007 featuring seven tracks of technical 
training and a dual-track security conference with keynote speakers 
Lance Spitzner and Mikko Hypponen!  -  Book your seats today! 
http://conference.hitb.org/hitbsecconf2007kl/



This archive was generated by hypermail 2.1.3 : Wed Aug 29 2007 - 23:51:39 PDT