Here goes: my 1000th post :-)
@ Quixote
As MikeyMike mentioned, the update is all done remotely, by Microsoft.
No, I would say the work is about half and half between client and server. When an IE user first goes to the WU site, they get prompted to install ActiveX controls for WU. These do the detection work (registry hits to determine patched status, as well as OS identification). This data gets sent back to the server and a page displayed showing what updates the user can/should install. The local ActiveX control then handles the download/install process.
This, then, is the reason that hackers can gain complete control of your machine remotely: Windows is designed to be controlled remotely.
No, really, it isn't the reason :-) and "those damn hackers" haven't managed to compromise the ActiveX controls used for Windows Update. Yet. Unless there is an extremely easy way to invoke them (which there isn't), a hacker would have to compromise a number of sections (including SSL certificate handling/storage) of the OS, and to do so would require elevation of privs to admin status. Then why would they bother trying to compromise an ActiveX control if they already have full privs. The WU controls provide
no "remote control" capability.
Windows is not designed to be controlled remotely. UNIX and its derivatives are operating systems designed to be controlled properly. Windows has a number of bad implementations for remote control.
An OS that supports locking out the fellow in front of it has merit in an office environment where the company handles sensitive data and theft is a real concern. However, the ability to lock out the end user is inappropriate in an operating system used in the home.
I'm not sure how to reply to this, because I don't get where you're coming from with this comment.
