Mirrored from http://www.radsoft.net/news/20020905,00.html :

Consumer Alert - Microsoft

September 5, 2002

Anything beyond 2KSP2 is taking your life into your hands.

It has come to Radsoft's attention, and all too many times now, that people are not reading their 2KSP3 EULAs and installing without understanding the dangers. This next sentence is therefore an unqualified warning.

ANYONE USING ANY MS OS LATER THAN 2KSP2, OR WITH ANY 'FIXES' LATER THAN 2KSP2, DOES SO AT THEIR OWN RISK - AND UNDER EXTREME JEOPARDY.

• This includes any security patches, hotfixes, etc. past SP2.

• The EULA for those gives Microsoft the right to hack your machine.

• That huge post-SP2 roll-up package to fix the holes bigger than an oil tanker? DO NOT INSTALL IT.

• The critical update to fix the gaping hole in Windows Media Player? DO NOT INSTALL IT.

• You are screwed if you install anything past SP2 - ANYTHING.

If you have a machine in the above categories, you should proceed at once to the following URL.

http://microsoft.com/WindowsXP/pro/techinfo/administration/manageautoupdate

You should thereafter 'backtrack' to no later than Windows 2000 Service Pack 2. The best way of doing this is to wipe your disk and reinstall your operating system. You should not attempt a new install over any of the above products.

After all the talk in the media, the reason for this warning should be apparent; but in case it's not, here it is one last time.

• Microsoft XP products, both the operating system Windows XP and the office suite Office XP, as well as other later products, ship with "stealth" software that is installed on your system without your knowledge.

• Coupling your computer to Windows Update will initiate an egress from your system to the Microsoft server with details of what you are running - your third party software, your hardware, and so on. This is done without your direct knowledge, at a point in realtime when you think you're still coupling up.

• After the above phase is completed, the Microsoft server will download DRM-oriented (RM adds: digital restrictions management) "codecs" to your computer to further limit your use of media files and programs. This is also done without your direct knowledge.

• Only after the above two operations are completed will the Microsoft server act as if you are connected and begin the update dialogue.

• Windows Update has several times been traced as the cause of severe interruptions in network capability because of the shoddy way these packages are prepared by Microsoft.

• Your EULA (End User License Agreement) gives Microsoft the legal right to do all the above to you.

• Microsoft are the major proponent of "UCITA", a policy by which the Redmond company can exercise "self-help" on your computer.

• In other words, if Microsoft decide at some time of their choosing that your computer seems to be in violation of your EULA, they reserve the right to damage your computer hardware in retaliation without risk for indemnity.

• As you have already let Microsoft install this "stealth software" on your system, they can trigger its activation at any time.

Radsoft have consistently advocated avoiding anything after 98SE and NT4 - but not because of malicious intentions on the part of Microsoft, only because of the deplorable quality of programming at Microsoft. The XP initiative changes all of this.

It's no longer a question of quality; it's a question of leaving your system, after all the work you've done to protect yourself with anti-virus software, firewalls, intrusion detection systems - and the Extreme Power Tools of course - wide open. Once you have any of the above products installed, no anti-virus software, no firewall, and no intrusion detection system can help you - Microsoft, in control of the operating system itself, can override anything.

Clear now?