Microsoft Stomps on Free Patch Utility

Why Microsoft is crying foul now, after AutoPatcher has been available for nearly four years, is a mystery.

Microsoft lawyers have shut down a free, popular patch download utility thats been dispensing patches to its systems users for four years now.

"I had a call from Microsoft Legal this morning and they have told me that we are no longer allowed to endorse AutoPatcher on Neowin," said Steven Parker in a posting to on Aug. 29.

Parker started the Neowin news site as a hobby with Marcel Klum in 2000. Neowin was where AutoPatcher, created by Antonis Kaladis as an alternative to Microsofts Windows Update, was born.

According to Parker, Microsoft will only allow updates to be fed to users from its own servers. An e-mail demanding immediate takedown cited the fact that the AutoPatcher domain was "offering unlicensed copies of, or is engaged in other unauthorized activities relating to copyrighted works published by Microsoft."

Why Microsoft is only crying foul now, after the tool has been available for nearly four years, is a mystery.

However, according to Parker, the legal representative for Microsoft told him that the company is concerned with possible malicious code that could be redistributed with certified Microsoft updates—"something the AutoPatcher team has never done," Parker said in an update posted on Aug. 30.


Read more here about the nine most recent Microsoft patches.

Since an initial cease-and-desist phone call made to Parkers home, a Microsoft Featured Communities representative and the original "Internet Investigator" handling the case have "pledged to look into the situation to find out exactly what prompted this sudden move," Parker wrote in a posting today.

As Parker noted, over its lifetime, AutoPatcher has graced the covers of computer magazines in CD/DVD form. "I have no explanation for why Microsoft allowed it to continue unchecked for 4 years before making this decision," he said.

No one on the AutoPatcher team were available online for Parker to thank for their work, a circumstance possibly caused by the fact that theyd all been contacted by Microsoft with similar cease-and-desist demands, he said. AutoPatcher forums on Neowin have been turned off as well.

Suspicions are running high that Microsofts action has something to do with Windows Genuine Advantage, although Microsofts legal representative flatly denied it.

"I asked the representative if Windows Genuine Advantage had anything to do with it and he categorically told me this was not the case, he added that Windows Update for pre-Vista versions of Windows can now be accessed using Firefox and that the concern at Microsoft had more to do with the possible malicious code that could be redistributed with certified Microsoft updates," Parker said.

An unnamed source at Microsoft prior to the AutoPatcher shutdown told a Neowin member who asked about the implications of distributing hotfixes that WGA is "first and foremost an educational tool."

In a reply on Aug. 15, the Microsoft representative told the Neowin member that "A lot (probably a majority) of people using an illegal copy of Windows dont know that they are doing so. WGA flags the copy as illegal and directs the user to upgrade, helping Microsoft recover sales they would have lost otherwise. WGA also creates an irritant that should prod a lot of casual pirates to eventually pay for a legitimate copy. WGA was never intended be a 100% solution. Therefore, redistribution of hotfixes doesnt constitute a flaw."

Neowin posters arent buying it.

"I think its about the WGA although they didnt admit it," wrote "Jugalator" in an Aug. 30 reply to the news. "That goes well with this new era of Vistas further tightened grip of that. That its able to spread malicious software disguised as Windows patches is true, but I mean, anyone can do that by uploading an appropriately named file somewhere. Surely the AutoPatcher team distinguish themselves from common lowly spammers that try to mislead users via phishing scams?"


To read more about why we click on spam, click here.

A Microsoft spokesperson told eWEEK that the company doesnt think "supplemental code" such as hotfixes, security updates or service packs is a good idea, given Microsofts "concern for the safety and security of our customers."

"We can only guarantee the downloads contents when it comes from a Microsoft Web site," he said in an e-mail exchange. "Distribution of these materials without permission is also an infringement of our copyright."

The spokesperson said that Microsoft contacts companies in violation of its policy as it becomes aware of the activity, "recognizing that we also need to prioritize issues and resources. In this instance, we were alerted to AutoPatchers activity and contacted them through our normal process," he said.

He also said that Microsoft doesnt know of AutoPatcher having ever been the source of malicious code. However, he said, "We believe that the best source for security and other updates is from Microsoft so that customers can be sure they are getting the actual updates and not malware."

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.