Windows Update a Keylogging Gateway?

Discussion in 'privacy problems' started by Johnny Snowman, Oct 4, 2013.

Thread Status:
Not open for further replies.
  1. Johnny Snowman

    Johnny Snowman Registered Member

    Oct 4, 2013
    First I apologize in advance for not quite know what forum to post this into.

    I have installed TrueCrypt on two computers and then encrypted an external hd.

    I then disconnected these computers physically from the internet by disabling wireless networking - through the onboard toggle switch on one system and via the disabling of wireless on the other via control panel.

    I used these computers offline typing various things, running programs etc.

    When, however, I mounted the external hd and entered the truecrypt password, windows shortly thereafter indicated that "updates" were available.

    Since I hadn't connected these systems online I am stymied as to why they suddenly wanted to update windows and why the behavior only happened after mounting a true crypt volume.

    So this had me wondering if would be possible to use the windows update engine as a mechanism for transmitting a keylog of activities and possibly being triggered by a true crypt mount.

    I've always assumed a windows update notification would only be triggered by communication to the windows update servers.

    Any ideas on why this coincidence happened only with True Crypt activity and when each system had no connection to the internet?
  2. ComputerSaysNo

    ComputerSaysNo Registered Member

    Aug 9, 2012
    Yes it is possible. They did that with Flame malware, it used windows update to spread it's malware.

    If in doubt format and start again.
  3. Enigm

    Enigm Registered Member

    Dec 11, 2008
    So, networking was available while you installed windows ?
  4. caspian

    caspian Registered Member

    Jun 17, 2007
    Maybe Windows has already downloaded updates and then displayed them at the predetermined time chosen for updates. Like, Windows will update every day at 3PM. I think there is a setting for that. So maybe it was something like that.
Thread Status:
Not open for further replies.