Why does Nvidia create UpdatusUser account and is this a security issue?

As per the link below, it is used for the NVIDIA Update Service. It has some good screenshots regarding this issue.

http://forums.nvidia.com/index.php?showtopic=198626

Based on the fact that it is a standard user, and it password protected, it is probably not any more of a security risk than any other such user on your system.

That said, what a POOR implementation of an update service. I do not think that any driver or control panel application should be updated in this manner. They REALLY added a user for this?

I am not so sure I would not just uninstall that service, and check for updates manually from time to time, but that is personal preference.


UpdatusUser account is used to somehow acquire information about the hardware. As it's said @ http://www.nvidia.com/object/nvidia-update.html :

What data is sent to NVIDIA?

NVIDIA Update does not collect any personally identifiable information. The scan collects data necessary to recommend the correct driver update such as graphics hardware, operating system, language, and current driver version.

To avoid creating this account, just be careful not to let the checkbox "Nvidia UPDATE" be checked before launching the installation of the driver.

I applied Parental Control to this user, and set the time limits to never be allowed to be logged on. I also applied Program Limits and gave it access to run no programs at all. Finally i denied it the right to play games. If this does not stop the user from doing anything, then the Parental Contril is useless.


What's concerning for me is not knowing what rights this "UpdatusUser" user account has. On the home versions of Window 7, the GPEDIT.MSC and RSOP.MSC tools are not available to research such a question or define limitations.

What if (more like WHEN) the password gets leaked to the public? A virus could then be written to target this VULNERABILITY .. because that's precisely what it is: A foreign account on your system having an unknown set of rights.

The "UpdatusUser" account not listed in the Control Panel User Accounts applet nor does it appear to be hidden using the "SpecialAccount" registry key. The only place, other than thoughout the registry, where it's visible is on the "nvUpdatusService" (NVIDIA Update Service Daemon) Windows Service where the account is assigned to Log On As ".\UpdatusUser"

This is a disastrous approach at patch management and done without the owner's clear understanding / approval.


I used "uninstall a program" from the Windows 7 control panel to remove the Nvidia updater. That also removed the user account.