none
WSUS suddenly installed Skype on 06/27/12

    Question

  • I have what I'd consider a very typical setup, for patch management/monitoring reasons only we run a WSUS server in a default auto approval configuration, (critical, security, update rollups only). New computers are auto added to the update group.
    The Update Files and Languages is set to "Do not store update files locally; computers install from Microsoft Update"

    The workstations are set on the default scheduled, 3 AM daily.

    Suddenly at 3 AM on 06/27/12 all the workstations in this network installed Skype 5.9

    I've googled this to death and can find no one with a similar issue, I have not approved Skype, these users never had Skype before, all I can think is something in the logic for updates goofed and approved this, so I'm mainly throwing this out to see if I hear any "me too" also I'm curious if there is any logging I can analyze to find out what criteria caused this to trigger?

    Edit:
    I've declined the update so hopefully it will uninstall but if not there is always psexec, I found that the update was this: http://support.microsoft.com/kb/2692954

    Since I've got all products selected under products and classifications skype got auto selected once MS purchased them. So for the time being I've de-selected skype from products and declined the update, I guess there is no install logic to the skype update it just installs it if you don't have it. It's not even the latest version which is even more confounding.

    • Edited by PhilFCS1 Wednesday, June 27, 2012 2:28 PM Update
    Wednesday, June 27, 2012 2:09 PM

Answers

  • Thanks Susan, if anyone else experiences this a quick way to remove it from workstations is like so:

    psexec \\computername -h -s MsiExec.exe /X{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8} /qn
    

    This worked for me at least, just got all the computers in a text file and ran:

    psexec @C:\pclist.txt -h -s MsiExec.exe /X{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8} /qn
    WSUS showed 50% deployment so some of them failed but the ones that exit with Code 0 seemed to be OK.
    And of course decline the update on WSUS and remove the skype product until they get this resolved.

    Just be sure that no one uses Skype or you'll get calls from people who now are missing Skype.

    • Marked as answer by PhilFCS1 Wednesday, June 27, 2012 8:22 PM
    Wednesday, June 27, 2012 3:00 PM
  • Thanks to those who sent me their logs, we've identified the issue and have expired the update.

    For those admins who still have this update, you may want to decline (not approve) this update.  I'll defer to Phil's steps above in case you want to push an uninstall.


    Doug Neal - Microsoft Update and MBSA

    Wednesday, June 27, 2012 7:03 PM

All replies

  • Don't approve Skype update published to WSUS - THE OFFICIAL BLOG OF THE SBS "DIVA":
    http://msmvps.com/blogs/bradley/archive/2012/06/27/don-t-approve-skype-update-published-to-wsus.aspx

    It's hitting the Patchmanagment.org list

    Wednesday, June 27, 2012 2:24 PM
  • Phil - this is not the expected behavior for the Skype update.  It should only be installed to PCs where an earlier version of Skype is already present.

    Would you consider sending a ZIP version of a WindowsUpdate.LOG file from an affected PC directly to me at "dugn" at microsoft.com


    Doug Neal - Microsoft Update and MBSA

    Wednesday, June 27, 2012 2:52 PM
  • Thanks Susan, if anyone else experiences this a quick way to remove it from workstations is like so:

    psexec \\computername -h -s MsiExec.exe /X{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8} /qn
    

    This worked for me at least, just got all the computers in a text file and ran:

    psexec @C:\pclist.txt -h -s MsiExec.exe /X{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8} /qn
    WSUS showed 50% deployment so some of them failed but the ones that exit with Code 0 seemed to be OK.
    And of course decline the update on WSUS and remove the skype product until they get this resolved.

    Just be sure that no one uses Skype or you'll get calls from people who now are missing Skype.

    • Marked as answer by PhilFCS1 Wednesday, June 27, 2012 8:22 PM
    Wednesday, June 27, 2012 3:00 PM
  • Wow, good thing we don't use auto approval on those classifications.
    Thanks for posting this.

    Wednesday, June 27, 2012 3:04 PM
  • Phil - I want to reaffirm that this update cannot install on PCs unless a previous version of Skype is present on the PC.  If you could provide a WindowsUpdate.LOG from an affected PC, I'd be glad to look into this.

    But to confirm: There is no way the update can be installed on PCs that don't have a previous version of Skype.

    ADDED 6/27: Thanks to those who sent me their logs, we've identified the issue and have expired the update.

    For those admins who still have this update, you may want to decline (not approve) this update.  I'll defer to Phil's steps above in case you want to push an uninstall.


    Doug Neal - Microsoft Update and MBSA


    Wednesday, June 27, 2012 3:19 PM
  • Phil - I want to reaffirm that this update cannot install on PCs unless a previous version of Skype is present on the PC.  If you could provide a WindowsUpdate.LOG from an affected PC, I'd be glad to look into this.

    But to confirm: There is no way the update can be installed on PCs that don't have a previous version of Skype.


    Doug Neal - Microsoft Update and MBSA

    Doug, I'm afraid you are incorrect. I manage a large group of computers and most users do not have install rights, yet Skype is coming in as part of a "bundle" through SUS. To put it politely, this behavior is very unwelcome in our environment.
    Wednesday, June 27, 2012 3:33 PM
  • Doug - I've had the same thing happen to me at a national laboratory. Skype installed to many if not all WSUS clients, the vast majority of which did not previously have it installed. Now I have to deal with a lot of irate users and find a way to remove it en mass.
    Wednesday, June 27, 2012 3:35 PM
  • If anyone affected could send me a WindowsUpdate.LOG from an affected PC, I can investigate.  Please ZIP the file and send it directly to me at "dugn" at Microsoft.com.

    I convinced a previous (perhaps even ancient) version of Skype was already installed on these PCs.


    Doug Neal - Microsoft Update and MBSA

    Wednesday, June 27, 2012 3:39 PM
  • Phil - this is not the expected behavior for the Skype update.  It should only be installed to PCs where an earlier version of Skype is already present.

    Would you consider sending a ZIP version of a WindowsUpdate.LOG file from an affected PC directly to me at "dugn" at microsoft.com


    Doug Neal - Microsoft Update and MBSA

    Sent you two logs, one for XP workstation and another for W7 workstation.
    Wednesday, June 27, 2012 3:45 PM
  • Doug,

    Please stop writing that "There is no way the update can be installed on PCs that don't have a previous version of Skype".  I have hundreds of computers this morning with Skype 5.9 installed becuase WSUS pushed the update to the clients.  WSUS will install Skype 5.9 on clinets that have never had Skype installed if install Important Updates is enabled on the client.

    Please note the following:  Micorsoft added Skype to the Products and Classifications tab in WSUS Options and automatically checked the Skype boxes without letting WSUS administrators know about the change.  When Skype 5.9 was released, WSUS did exactly what was configured on this tab. 

    What we need now is a way to quickly remove from a central location an update that has the uninstall option grayed out in Updates section of SCE.

    Skype 5.9 for Windows

    Installation date: ‎6/‎27/‎2012 05:11

    Installation status: Successful

    Update type: Important

    Skype 5.9 for Windows is now available. Updates include various performance improvements and bugfixes.

    More information:
    http://support.microsoft.com/kb/2692954

    Help and Support:
    http://skype.com/go/support

    Wednesday, June 27, 2012 3:46 PM
  • I'm getting e-mails from multiple customers with this happening. All of them use WSUS and none of them used Skype previously. What update category is this supposed to be under? 
    Wednesday, June 27, 2012 3:53 PM
  • "Update rollups"
    Wednesday, June 27, 2012 4:00 PM
  • Got the same thing. None of these computers had Skype previously installed and now they do. We have a SBS 2011 Server. I did have WSUS setup with all MS products that included Skype (now unchecked) however why did it install Skype on all the computers? If you need more logs just ask.
    Wednesday, June 27, 2012 5:31 PM
  • I have disabled Automatic approval of Update Rollups for the time being.
    Wednesday, June 27, 2012 6:11 PM
  • I also had the same issue. I administer several banks that belong to a holding company. I had to dispatch techs immediately to remove the software from appx 25 machines first thing this morning because they are in the middle of an IT audit and Skype is definitely not going to pass.
    Wednesday, June 27, 2012 6:47 PM
  • Thanks to those who sent me their logs, we've identified the issue and have expired the update.

    For those admins who still have this update, you may want to decline (not approve) this update.  I'll defer to Phil's steps above in case you want to push an uninstall.


    Doug Neal - Microsoft Update and MBSA

    Wednesday, June 27, 2012 7:03 PM
  • To uninstall remotely to the entire domain, check out this link: http://community.spiceworks.com/how_to/show/179 there is an option to do a list of computers, it works using the verison=5.9.119
    Wednesday, June 27, 2012 7:49 PM
  • Rael_Auto can you email me at susan-at-msmvps.com as I need to get a few more log files from you to determine why SBS 2011 approved it.  Also in order to keep the SBS integration you'll have to recheck that Skype category.
    Thursday, June 28, 2012 4:51 AM
  • Such updates for APPs (not only Skype) should be always exists twice in WSUS
    e.g

    - "Skype 5.9 (Installer)"
    - "Skype 5.9 (Updater)" (update only existing Skype)

    (e.g Silverlight already do it this way)


    So than WSUS Admin could choose if they want to update existing apps only or install if not installed yet.

    BR,
    a127

    Thursday, June 28, 2012 7:40 AM
  • Hi Susan,

    Thanks for your help.

    I will send the logs as soon as I can. What do you mean by keeping SBS integration; are you talking
    about Skype? We do not use Skype and do not want to integrate it... please
    explain. Thanks again.<o:p></o:p>


    Thursday, June 28, 2012 11:44 AM
  • On SBS if you untick a product category so it's no longer selecting "all products" it will not integrate into the console.

    Microsoft had bad deployment detection on this patch.  It will get fixed.

    Thursday, June 28, 2012 2:08 PM
  • Are there any SCCM/SQL gurus who could share how SCCM might target this particular app and narrow it down to being installed between certain dates?
    Thursday, June 28, 2012 2:13 PM
  • Worked perfectly for me. Thanks!

    Thursday, June 28, 2012 4:07 PM
  • Flame records Skype conversations... Maybe this problem is a result of the exploit described at

    http://www.f-secure.com/weblog/archives/00002383.html

    which, in part, states that

    Flame creates a local proxy which it uses to intercept traffic to Microsoft Update. This is used to spread Flame to other machines in a local area network.
    The fake update was signed with a certificate linking up to Microsoft root, as the attackers found a way to repurpose Microsoft Terminal Server license certificates. Even this wasn't enough to spoof newer Windows versions, so they did some cutting-edge cryptographic research and came up with a completely new way to create hash collisions, enabling them to spoof the certificate. They still needed a supercomputer though. And they've been doing this silently since 2010.


    I believe that I may have been a political target of the Flame virus. I realize that Flame is a weapon of war designed by Western and Israeli intelligence to be used against the Islamic Republic of Iran and other enemies of the Rothschild banking empire. Yesterday morning I rebooted my Windows 7 PC to find a suspicious windows update being installed during the boot sequence despite the fact I disabled automatic updates. I immediately checked the WindowsUpdate.log to see what was installed, and I came across several suspicious warnings and errors that suggest I may have been infected by a variant of Flame or similar malware that spoofs the windows update feature. Others have been reporting similar problems in the last 2-3 weeks.  This was found in my WindowsUpdate.log:

    2012-06-25 21:04:29:829 812 510 Setup Determining whether a new setup handler needs to be downloaded
    2012-06-25 21:04:29:836 812 510 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe:
    2012-06-25 21:04:29:842 812 510 Misc Microsoft signed: Yes
    2012-06-25 21:04:29:842 812 510 Misc WARNING: Digital Signatures on file C:\Windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe are not trusted: Error 0x800b0001
    2012-06-25 21:04:29:842 812 510 Setup WARNING: Trust verification failed for WuSetupV.exe. It will be deleted and downloaded, error = 0x800B0001
    2012-06-25 21:04:29:842 812 510 Setup SelfUpdate handler update required: Current version: 7.6.7600.256, required version: 7.6.7600.256
    2012-06-25 21:04:30:741 812 510 Setup SelfUpdate check completed. SelfUpdate is required.
    2012-06-25 21:04:30:741 812 510 Setup Downloading binaries required for SelfUpdate
    2012-06-25 21:04:30:741 812 510 Setup Downloading SelfUpdate handler WuSetupHandler.cab from http://download.windowsupdate.com/v9/1/windowsupdate/b/selfupdate/WSUS3/x64/Vista
    2012-06-25 21:04:30:752 812 510 Misc Validating signature for :\Windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupHandler.cab:
    2012-06-25 21:04:30:765 812 510 Misc Microsoft signed: Yes
    2012-06-25 21:04:31:084 812 510 Setup Successfully downloaded SelfUpdate handler
    2012-06-25 21:04:31:084 812 510 Setup Download of SelfUpdate binaries succeeded
    2012-06-25 21:04:31:084 812 510 Setup Starting agent SelfUpdate
    2012-06-25 21:04:31:084 812 510 Setup Skipping installation because no critical packages are ready to install.

    On reboot Windows 7 installed the so called 'update.'

    Here is my entire WindowsUpdate.log http://www.filedropper.com/windowsupdatelogtar

    "The full mechanism isn't yet completely analyzed, but Flame has a module which appears to attempt to do a man-in-the-middle attack on the Microsoft Update or Windows Server Update Services (WSUS) system. If successful, the attack drops a file called WUSETUPV.EXE to the target computer. This file is signed by Microsoft with a certificate that is chained up to Microsoft root.
    Except it isn't signed really by Microsoft."

    Source: http://www.f-secure.com/weblog/archives/00002377.html

    "We have confirmed that Flame uses a yet unknown MD5 chosen-prefix collision attack," Marc Stevens and B.M.M. de Weger wrote in an e-mail posted to a cryptography discussion group earlier this week. "The collision attack itself is very interesting from a scientific viewpoint, and there are already some practical implications." 

    Source: http://arstechnica.com/security/2012/06/flame-crypto-breakthrough/

    "New research has shown that it can be run at a rate close to 1 million checks per second on COTS GPU hardware, which means that it is as prone to brute-force attacks as the DES based UNIX crypt was back in 1995: Any 8 character password can be found in a couple of days." 

    Source: http://phk.freebsd.dk/sagas/md5crypt_eol.html

    While my computer was exhibiting symptoms of the Flame variant, my Gigabyte GV-R485-512H-B, ATI 4850 video card P/N: 113-B5012-105 (Bios Revision 011.004.000.000.029193) was overheating (flaming hot if you prefer) and the fan was out of control,  speeding up and down... my computer crashed half a dozen times. I had to flash the bios to fix the problem.   Can variants of Flame use the GPU of infected machines to crack encryption?

    Friday, June 29, 2012 6:18 AM
  • 

    Looks like Microsoft and the US/Israeli government are testing out their new cyber warfare campaign.  

    Could US cyberspies have moles inside Microsoft? (Source)

    Microsoft
     

    By Stewart Mitchell

    Posted on 15 Jun 2012 at 09:00

    US government officials could be working under cover at Microsoft to help the country's cyber-espionage programme, according to one leading security expert.

    The warning comes in the wake of the Flame virus that targeted key computers in the Middle East, and in part used confidential Microsoft certificates in order to access machines.

    According to Mikko Hypponen, chief research officer at security firm F-Secure, the claim is a logical conclusion to a series of recent discoveries and disclosures linking the US government to 2010's Stuxnet attack on Iran and ties between Stuxnet and the recent Flame attack.

    “The announcement that links Flame to Stuxnet and the conclusive proof that Stuxnet was a US tool means that Flame is also linked to the US government,” Hypponen said.

    It's plausible that if there is an operation under way and being run by a US intelligence agency it would make perfect sense for them to plant moles inside Microsoft

    “This makes you think that this breach of Microsoft's update system was done by the Americans and most likely a US agency, someone like the NSA,” Hypponen said. “That must make Microsoft mad as hell that its most critical system, used by 900 million of its customers, was breached by fellow Americans.”

    



    

    Obama-FBI-Microsoft collusion: warrantless snooping on the Internet.

    (Source)

    At a gathering of the American Constitution Society for Law and Policy, Homeland Security’s Janet Napolitano said,

    The First Amendment protects radical opinions, but we need the legal tools to do things like monitor the recruitment of terrorists via the Internet."

    The fact is both the administration and Microsoft are already betraying the public.

    Back in 2008, Microsoft provided the U.S. government a technical “backdoor” to its browser, which serves the majority of users (over 60%). Backdoor access is undetectable by security software—it bypasses normal authentication (passwords, etc.), firewalls and other computer security devices. In other terms, the Department of Justice, Homeland Security, the FBI and other security agencies can already eavesdrop on anyone using Microsoft’s Internet Explorer browser.

    In its infinite greed and fierce competitiveness, Microsoft opts for advertising dollars over providing customers easy access to privacy tools--a de facto, covert compromise of our constitutional rights. Although the computer giant has an effective tool (“InPrivate Filtering”), you have to know about it and then turn it on every time you start up the Explorer browser.

    Essentially, Microsoft gives snoops, hackers, advertisers, usage trackers and terrorists the upper hand over oblivious users. In its usual self-serving interests, Microsoft claims the company tried to "synthesize" both points of view about privacy,

    



    Microsoft installs Skype without consent (source)

    Skype logo

    Apparently by mistake, Microsoft's Windows Server Update Services (WSUS) last night deployed a Skype update to Windows clients that had never had the telephony and messaging software installed. This resulted in Skype being installed on these computers.

    The issue affects all computers that automatically receive Microsoft's updates via WSUS without explicit administrator approval. After the blunder surfaced publicly, Microsoft marked the update as expired. It is now no longer being deployed by WSUS servers.

    Updates via WSUS are becoming increasingly popular in networks where multiple Windows systems need updating. With a WSUS server, administrators can minimise network loads and control which updates will be installed. In this case, the Skype update was deployed as a non-security update.

    Friday, June 29, 2012 7:12 AM
  • http://www.zdnet.com/blog/btl/microsoft-certificate-used-to-sign-flame-malware-issues-warning/78980

    The cyberweapon, jointly developed by the US and Israel, with the full knowledge and complicity of the Obama administration, uses the Microsoft Windows Update mechanism, and simulated signing by the Microsoft Corp. Root Certificate, to authenticate the spread of wiretapping software on the computers of any citizen unfortunate enough to be targeted. Flame is designed to record Skype conversations

    This is, of course, a gross violation of the principle that US government agencies my not tap US citizens at random. 

    I'm sure Microsoft Corp. appreciates colluding with the governments of the United States and Israel, and of course President Obama, and implicated in Civil Rights and other violations of US constitutional guarantees against indiscriminate home invasion (not to mention quartering troops....)




    • Edited by ravenise Friday, June 29, 2012 7:40 AM
    Friday, June 29, 2012 7:17 AM
  • Suddenly at 3 AM on 06/27/12 all the workstations in this network installed Skype 5.9

    And thus is the inherent problem in running WSUS in an auto-approve-all-updates mode, or leaving clients to simply update from Automatic Updates. You have no control over what is installed -- right or wrong.

    This is now a confirmed issue, and since remediated by expiring the Skype update. In short, the Skype team screwed up the package. The really sad part is that apparently nobody actually tested the package against a machine that did not already have Skype installed.

    Declining an update will not uninstall it. You will need to uninstall Skype, individually, from each system where it was erroneously installed.


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Product Manager, SolarWinds
    Microsoft MVP - Software Distribution (2005-2012)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin

    • Proposed as answer by ravenise Tuesday, July 03, 2012 5:39 PM
    Sunday, July 01, 2012 11:06 PM
  • psexec @C:\pclist.txt -h -s MsiExec.exe /X{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8} /qn
    Didn't realize that you had to download psexec first. Thanks for this!
    • Edited by Bulbous Thursday, July 12, 2012 1:17 AM
    Wednesday, July 11, 2012 7:29 PM
  • there was a skype 5.10 update today AGAIN

    via WU on my xp machine .................

    unbelievable shit!



    • Edited by amir_sn Friday, August 24, 2012 5:28 AM info
    Friday, August 24, 2012 5:27 AM
  • Yes.  It's even public: http://support.microsoft.com/kb/2727727

    But not yet on WSUS.


    Doug Neal - Microsoft Update

    Friday, August 24, 2012 5:40 AM
  • Yes.  It's even public: http://support.microsoft.com/kb/2727727

    But not yet on WSUS.


    Doug Neal - Microsoft Update

    you are right Doug,

    BUT my update settings include MU as well so the update was included.

    I always choose the option "notify but do not install " so i can choose what to install....

    Friday, August 24, 2012 6:05 AM
  • And again ...

    Yesterday (12.09.04) Windows Update pushed Skype 5.1 updates to my Win7/Home-Premium system, despite the fact that Skype was not previously installed.

    I called MS tech support (twice), and they seemed largely unconcerned with the whole scenario.

    On the off-chance that MS monitors this forum -- please, please tighten up your QC processes for validating Windows Update packages.  Never patch an application without verifying it's installed, and never covertly push application installs.  Never.

    Wednesday, September 05, 2012 3:40 PM
  • Can you pop your windowsupdate.log to susan-at-msmvps.com (change the -at- to @

    I'm not seeing it being pushed here.  Is it possible that skype has been on this machine and dlls were left behind?

    Wednesday, September 05, 2012 3:52 PM
  • I'd be interested in any results gleaned from Susan's review.

    While there is very little chance Skype 5.10 was installed on a PC that didn't already have a previous version of Skype (Skype 3.2 - 5.9) present on the PC, I'd be interested to see if there is, indeed, a case. Not only was this tested extensively (even more so since the original release that had an issue), but so far it has deployed to numerous PCs with no support calls suggesting it's being provided only to PCs with an older version of Skype.



    Doug Neal - Microsoft Update


    Wednesday, September 05, 2012 4:42 PM
  • I had a similar issue today...

    Skype auto-installed on a Win 7 PC, in which skype was not installed prior to the update. 

    It is possible that skype was previously installed and uninstalled leaving behind .dlls or other files... but that should not matter.

    Regardless, this is ridiculous. Time to turn off auto-updates.

    Thursday, September 06, 2012 12:30 AM
  • Please can you send me a copy of your windowsupdate.log files?

    I cannot repro this, I am not seeing others reporting this.

    Email to susan-at-msmvps.com please!

    Thursday, September 06, 2012 12:49 AM
  • Hi, also encountered same issues as Oly_Lifter, skype installed by itself through windows update. Sending you the windows update log.
    Thursday, September 06, 2012 3:05 AM
  • I have NEVER had Skype on my computer, came into work this morning, and there is a Skype 5.10 window up on my desktop. It was not there when I left last night. If the controls are so "rigorous" since the last episode, then how did this happen? And here's an interesting point for you, my boss' computer has version 4.2 of Skype and DID NOT receive the update to 5.10. Go figure that one out.
    Wednesday, September 12, 2012 1:11 PM
  • Are all of you experiencing this have OEM installed Windows and are Windows 7?

    If so what OEM vendor built your machines?

    Wednesday, September 12, 2012 8:37 PM
  • Are all of you experiencing this have OEM installed Windows and are Windows 7?

    If so what OEM vendor built your machines?

    Skype was installed on my laptop today (13 Sept) around 3 AM CET, seemingly via Windows Update. I have a HP laptop that shipped with Win 7. It's a home computer, not business. Skype was not previously installed. I am the only one who uses this computer, and it was bought new, so I am sure.

    Note to Microsoft: I have uninstalled Skype and would prefer to reinstall it myself if and when I want to use it.

    Thursday, September 13, 2012 6:29 AM
  • Given that OEM machines can and do ship skype on it, are you absolutely -positive- it was not installed?  Seriously Skype is an OEM bundled software and is already on many an OEM machine, just not enabled.

    For example:

    http://h30434.www3.hp.com/t5/Notebook-Operating-Systems-and/how-to-download-skype/m-p/1765473/highlight/true#M106952

    If it is not being reoffered to you now that you've removed it, it's not being shoved out by Microsoft update.

    Thursday, September 13, 2012 6:45 AM
  • Here's another example:

    Maximum PC | Lenovo Will Bundle Skype with its New Laptop and Desktop PCs:
    http://www.maximumpc.com/article/news/lenovo_will_bundle_skype_its_new_laptop_and_desktop_pcs

    Thursday, September 13, 2012 6:46 AM
  • And another as an example.

    HP ProBook 4520s Notebook PC -  Skype Software - HP Business Support Center:
    http://bizsupport1.austin.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&prodTypeId=321957&prodSeriesId=4145198&swItem=ob-80777-1&prodNameId=4145326&swEnvOID=2103&swLang=13&taskId=135&mode=4&idx=3

    What exact HP model and make do you have?

    Thursday, September 13, 2012 6:51 AM
  • Given that OEM machines can and do ship skype on it, are you absolutely -positive- it was not installed?  Seriously Skype is an OEM bundled software and is already on many an OEM machine, just not enabled.

    For example:

    http://h30434.www3.hp.com/t5/Notebook-Operating-Systems-and/how-to-download-skype/m-p/1765473/highlight/true#M106952

    If it is not being reoffered to you now that you've removed it, it's not being shoved out by Microsoft update.

    Skype suddenly opened after a Windows Update at 3 AM. This has not happened before. Windows Update was set to run automatically at this time, and I was at the computer, so I know the events (Skype installation, Win Update) coincided. I looked in the Windows start-menu and Skype was marked with orange/yellow, which all newly installed programs are, so that you can easily find them. After making a couple of Google searches I concluded that Windows Update must have installed the program, since Win Update had just been running when the programmed opened. If it was just an update I don't think it should have been marked orange.

    Friday, September 14, 2012 3:09 AM
  • And another as an example.

    HP ProBook 4520s Notebook PC -  Skype Software - HP Business Support Center:
    http://bizsupport1.austin.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&prodTypeId=321957&prodSeriesId=4145198&swItem=ob-80777-1&prodNameId=4145326&swEnvOID=2103&swLang=13&taskId=135&mode=4&idx=3

    What exact HP model and make do you have?


    HP Compaq 635
    Friday, September 14, 2012 3:13 AM
  • Can you look under Program Files (or Program Files (x86) and see if there's a Skype folder and what's the date of the folder?

    In the meantime I'll see if I can find some info from HP as to which specific machines get Skype bundled in them.

    Friday, September 14, 2012 4:08 AM
  • The same has happened to me.  I thought maybe I had malware so decided to google before removing Skype.  Windows did an update last night and this morning Skype has appeared.  I know for a fact it was not on my machine previously.  While it was offered as a pre-install when I purchased my laptop, I declined it and even checked for it when the laptop arrived.  My mother's laptop (which does have Skype, though never been launched as she doesn't use it) also updated to a newer version of the program yesterday when she did her Windows update.  

    I check the program files (x86) folder and it does have a Skype folder with a date of 9/14/12 8:13am which is about the time I turned on my machine.

    Friday, September 14, 2012 12:29 PM
  • What brand/model of PC?  And when you say it was offered as a preinstall - what do you mean?

    It's still my strong (obviously) opinion that OEMs have put on these machines skype installer bundles that the MU is seeing and reacting to.  You may not have fully activated it, but the bits are on the system.

    MU only does what it's told to do.  It's told to patch if it sees Skype.

    Uninstall it on your PC and then manually go to MU and it won't offer it up again.

    I'm still trying to track down an authoritative source of OEM machines that shipped with Skype bits on it, so hang loose.

    Friday, September 14, 2012 5:27 PM
  • Mine is a Dell Inspiron (sp).  I don't have all the info with me as I'm at work, but it's about a year and a half old.  By offered as a pre-install I mean there was a radio button you could select if you wanted it installed at a cost.  It was also listed on my Windows update history as:  

    Skype 5.10 for Windows (KB2727727)

    Installation date: ‎9/‎14/‎2012 8:14 AM

    Installation status: Successful

    Update type: Important

    Friday, September 14, 2012 6:06 PM
  • Can you look under Program Files (or Program Files (x86) and see if there's a Skype folder and what's the date of the folder?

    In the meantime I'll see if I can find some info from HP as to which specific machines get Skype bundled in them.

    I found a Skype folder:

    C:\Program Files (x86)\Online Services\Skype

    Oldest file in the folder is an installation file (SkypeSetup.exe) last changed in 2011-01-18. (The computer was bought more than a year later.)

    There is a Skype icon under online services in the start menu as well, but this shortcut leads to a non-existant file: "C:\Program Files (x86)\Skype\Phone\Skype.exe" (No independent Skype folder currently exists under C:\Program Files (x86).)

    BUT...

    I also found this:

    C:\Users\Jiiimbooh\Favorites\HP

    Two internet shortcuts:

    *HP Games
    *Get Skype - download for free [Translated from Swedish "Skaffa Skype - Ladda ner grattis"]

    Both last changed 2012-05-02. Note that this date is much closer in time than the last changed date on the Skype setup file in the folder mentioned above. I think it's also the date I first used the computer.

    It seems strange to offer a free download of a program that is already installed anyway, so my conclusion (but I'm no expert) is the same as yours that the program was not fully installed, but some components were there, and this caused Win Update to try to update a program that wasn't completely installed, resulting in a program marked "new"/orange in the start menu.

    In case Microsoft is reading: maybe Windows Update can be changed to detect whether the program is actually fully installed or not.
    • Edited by Jiiimbooh Saturday, September 15, 2012 5:05 AM
    Saturday, September 15, 2012 5:02 AM
  • maybe Windows Update can be changed to detect whether the program is actually fully installed or not.

    Update packages are not generally coded to update =products= but rather are coded to update one or more =files=. It really matters not to the WU infrastructure why a file is present on a machine, only that the file(s) that are out of date are physically present and need to be replaced.

    I submit that your gripe is not with Windows Update - which properly detected that you had an out-of-date file on a computer system that needed to be updated -- but rather with your hardware vendor who put a partially installed product on the machine to start with, or your desktop deployment entity who failed to vet the machine for having the proper software -- or not -- installed on the machine before delivery to the end-user.


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Product Manager, SolarWinds
    Microsoft MVP - Software Distribution (2005-2012)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin

    Saturday, September 15, 2012 8:06 PM
  • 1. Update packages are not generally coded to update =products= but rather are coded to update one or more =files=. It really matters not to the WU infrastructure why a file is present on a machine, only that the file(s) that are out of date are physically present and need to be replaced.

    2. I submit that your gripe is not with Windows Update - which properly detected that you had an out-of-date file on a computer system that needed to be updated -- but rather with your hardware vendor who put a partially installed product on the machine to start with, or your desktop deployment entity who failed to vet the machine for having the proper software -- or not -- installed on the machine before delivery to the end-user.


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Product Manager, SolarWinds
    Microsoft MVP - Software Distribution (2005-2012)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin

    1. But now you make it sound like it only updates individual files, when it in fact installed a full program. The difference is that if it had only updated individual files it would have still only been a partial install, the program would not automatically run after the update, and it would not be marked as a new program in the start menu.

    2. Reading this thread it seems like this issue have affected both HP and DELL computers. It's hard for me to know whether Microsft or HP and DELL are to blame.


    • Edited by Jiiimbooh Saturday, September 15, 2012 10:18 PM
    Saturday, September 15, 2012 10:16 PM
  • I`m glad I found this thread, I have an HP 4525 Probook and suddenly after updates I had skype as well, and my keyboard is all screwed up (I get É for a question mark, can`t figure out where to fix this, I`ll start with uninstalling Skype (geez look at my  ```...) I`m also going to quit these auto uploads, they drive me nuts anyway, any suggestionsÉ
    Sunday, September 16, 2012 1:58 AM
  • But now you make it sound like it only updates individual files, when it in fact installed a full program. The difference is that if it had only updated individual files it would have still only been a partial install, the program would not automatically run after the update, and it would not be marked as a new program in the start menu.

    You have a valid argument. My comment was written from the perspective of an update package targeted at a surgical update of one or more files within an installed product.

    However, an update package should not be doing a full product installation if its purpose is to patch a product. If a product is doing an upgrade of the product, and the package is doing a 'full product installation', then I agree that it ought to be checking to see if that *product* is actually installed on the machine.

    Much of this is, no doubt, a function of the Skype team learning how to properly construct and design update packages for the MU/WSUS infrastructure -- which is not an excuse, but just a fact of the moment. Given the unpredictable behaviors of both of these recent updates, I would suggest that anybody who has selected the 'Skype' product category for synchronization, ought to consider these packages as 'high risk' and apply the appropriate level of testing for that condition.

    It's hard for me to know whether Microsft or HP and DELL are to blame.

    I think there's enough blame to go all the way around in this case. To the PC vendors for installing stuff in the first place, but also to Microsoft/Skype product team for not properly building and testing their update packages in the first place.

    I've commented elsewhere (see SolarWinds Whiteboard Blog) on my thoughts on the recent quality issues in Microsoft update packages.


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Product Manager, SolarWinds
    Microsoft MVP - Software Distribution (2005-2012)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin

    Monday, September 17, 2012 5:20 PM
  • Right now I can't directly point fingers.

    I need an OEM HP/Dell or Lenovo in a pre Skype 5.10 state.  If I had that I could instruct the person to kick up WU logging so we could see exactly what is going on.

    Is it really that the Skype bits are somewhere on the box and not fully installed (point finger at Microsoft/skype for a bad update detection) or is it that you really do have Skype on the box and just havent' activated it yet - in which case vulnerable bits can be called by attackers, so then it's wise to be removing/updating the vulnerable bits.

    I know for sure that machines without Skype are not getting this update 'pushed' so it's only on these OEM bundling ones that we're seeing this on.

    Monday, September 17, 2012 5:46 PM