I like Crossover Office for a number of reasons, but this screenshot demonstrates just one of them. ;-)

This gives us a very interesting insight in to how WindowsUpdate actually determines what needs to be installed on the computer and what doesn’t. If I were a malicious virus/malware writer, I’ve just discovered something significant.

Without testing further, I can already say that WindowsUpdate uses at least one of 2 methods (possibly both) to check if a particular update or patch has been installed. The first being that it checks file versions, the second being it checks the registry for installer information. If you look in the “Add/Remove Programs” applet on most Windows machines you should see a list of all hotfixes and patches that have been installed. Often named by their KB number.

Instead of actually testing if a machine is at risk, it just assumes that without the correct file version or the registry entries, that machine is at risk. As you can see in this example, even after successfully installing 2 IE updates, it still thinks there are 17 Critical and 40+ not so critical Windows updates. :-)

Unfortunately for WindowsUpdate, this particular version of IE is being run on a Linux machine with Wine pretending to be Windows 98 :-)

Of course, this is only possible if you pretend to be Win9x/Me because Windows Genuine Advantage does not work on them. However, it is impossible to install DirectX 9.0c on Wine even if you’re pretending to be Win98. This is definitely because of Windows Genuine Advantage. Quite a few of the other applications also fall in to this category. Windows Media Player, all the Anti-spyware tools, and so on.

Still, the fact that WindowsUpdate likes Wine enough to even run is quite surprising to me. Definitely put a smile on my face. :-)