Microsoft accused of bundling new Windows 10 nagware into latest Patch Tuesday updates
More Windows 10 nagware being sneaked into Microsoft updates
Microsoft has been accused of sneaking new Windows 10 nagware into its latest slew of Patch Tuesday updates.
First discovered by Woody Leonhard at InfoWorld, this month's KB3139929 security fix issued as part of Patch Tuesday has an unexpected surprise inside - KB3146449 - under the rather vague explanation of "several non-security-related fixes for Internet Explorer".
It is the lastest in a growing number of updates from Microsoft masquerading as security patches, but which in reality amount to little more than nagware intended to badger users into upgrading to Windows 10.
The latest Windows-10-related update makes Microsoft's Internet Explorer web browser display a blue banner on the new tab page, which says: 'Microsoft recommends upgrading to Windows 10'.
What makes it even more worrying, especially from a security point of view, is that it is not separated from a genuine Internet Explorer security patch - users have no choice except to uninstall the security patch or keep the ad-generating payload.
Furthermore, KB3146449 doesn't appear in users' update history. The only way users can tell if they have got it is the banner appearing on IE and the only way of preventing it is not to install the security patch.
However, only home users are affected. Corporate licences are exempt from the latest Windows 10 nagware.
When Windows 10 was launched, with the offer of a free upgrade to users of existing Microsoft operating systems from Windows 7 and later, some commentators questioned the business model. Indeed, they labelled it "unsettling and Orwellian".
In addition to bundling Windows 10 software and nagware into updates for Windows 7, 8 and 8.1, the company has also increasingly failed to disclose to users the nature of its patches and updates. Instead, it has provided only vague and, often, inaccurate summaries.
Windows 10 itself also sends back vastly more telemetry data on users' PCs back to Microsoft. The company claims that it is anonymised, used purely for technical purposes and that no personal data is disclosed. However, many suspect that it is part of the business model for Windows 10.
Computing has asked Microsoft for comment and will update the story accordingly when we get a response.
Computing's Enterprise Security & Risk Management Summit 2016 will be on 24 November 2016 in Central London. It is free to attend for qualified end users.