Not entirely sure where i should post this, i figure i should start here and a moderator can downgrade if required
It relates to Microsoft Security Essentials (MSE) on my Windows 7 x64 pc, i have no idea if other OS's or other MS anti-virus/malware products also display the same characteristics.
That out the way, after reading the following article and not having Windows set to automatically check for updates i thought it a good idea to run a manual scan for this "out-of-band security update":
http://www.theregister.co.uk/2017/12/07 ... rotection/cf.
https://portal.msrc.microsoft.com/en-US ... 2017-11937To my surprise the only update i was presented with was a definition update for MSE... on checking the MSE settings/help/about (it's not actually on the help button, select the down arrow to the side) apparently my "Engine Version" had already been updated to a version post the 'fix' being released.
Quote:
For affected software, verify that the Microsoft Malware Protection Engine version is 1.1.14405.2 or later.
As fate would have it i had to initiate a System Restore tonight after trying to look for updated AMD Chipset Drivers for my Gigabyte motherboard... not much of a story there other than the AMD software reported i already had the latest drivers installed but i couldn't an uninstall option anywhere so reached for System Restore to remove their software...
After i restored (my choice limited by the phantom Windows Update issue many suffered earlier this week because i deleted my Software Distribution folder that contains the history of all updates as part of the process i used to get WU working again) i thought it would be a good opportunity to roll back to the earliest point i could, 07/12/2017 20:52:12.
That was last night and i know i didn't manually install anything because i spent most of yesterday in hospital having a tooth removed under general anaesthetic and i only booted my pc to check emails and see what was happening in a few Forums.
Anyway, after restoring i immediately checked my MSE engine version number and it was 1.1.14306.0, a version susceptible to the attack MS are warning about... i ran Windows Update and the only option was an "Optional" Definition Update for MSE, i installed it, checked the MSE engine number again and it had been updated to 1.1.14405.2
The only conclusion can be that not only are MS releasing definition updates for MSE as "optional", i knew and know they've always installed automatically, but it now appears that Critical Updates are getting installed behind the scenes as well... it raises the question about when did they started automatically installing Critical Updates for MSE (*1)... and what else are they potentially installing that I've explicitly said "not yet, or no" to??
(1). System Restore listed yesterdays update as a Critical Update, and after i installed todays "optional update" that changed the MSE engine number it too was listed as a Critical Update in System Restore... in Windows Update/View Update History the only updates are MSE definition Update and they are ALL listed as optional.
Make of all that what you will, i don't necessarily view it as a bad thing if the danger to my PC is that real but even as a common courtesy i would expect MS to tell me that's what they plan to do... that they haven't and didn't, well, lets just say behaviour like this is not going to get me onto anything like Win10 any time soon.