Slashdot Mirror
Windows XP To Block Use Of "Troublesome" Drivers
The document details how XP will automatically download the latest drivers for your hardware from the windows update site, and more worringly, XP will reguarly update the list of blocked drivers from the site. Quote from the document:
   "On a related note, Windows XP provides the ability for Microsoft to receive crash dump data on specific drivers (i.e. when a user receives a blue screen, we upload that information for further analysis). When Microsoft reporting systems indicate crashes have exceeded a certain threshold, Microsoft will notify the Vendor that the device is being considered for the blocked driver list. If reports pass an even greater threshold, we will then flag that specific version of the driver as needing to be blocked."
Boy, The site that uploads that crash dump data (and whatever else it snags...) better have a lot of bandwidth... ;-) As The Register points out, this brings back memories of how Microsoft killed Caldera DR-DOS by deliberately crashing Windows 3.1 if you were running on DR-DOS -- for no reason other than forcing you to use MS-DOS."
Note: according to this article, the change does not prevent Black Ice or other programs from running per se -- but it does require them to use updated versions tailored for XP.
For those who didn'tt know: the entire PC sector is counting on XP to pull it out of the year long tech wreck. By PC sector I am refering to: INTC, AMD, MU, GTW, DELL, CPQ, etc. XP seems like a huge gamble for MS, either it will be a great success, or an awful failure. Considering MS history, it is hard to believe that anything from MS will be a failure - no matter how bad it sucks. But, I keep hearing people say that they want no part of XP.
Putting all the anti-Microsoft BS aside, this really is a pretty good idea - they just need an opt-out option. I wouldn't mind MS telling me that the driver I'm about to install has crashed 4 trillion machines - but I reserve the right to go ahead and install it anyway.
Yeah, a lot of kiddies and black hats all around the world must have been thinking about that the second they read the article, but you can BET Microsoft will have thought of it: they'll ask for your id key, or worse, your Passport id, before letting you submit crash dumps and download stuff. The former would make sense, since it also contains info about your hardware. Anyway, in both cases, you'll have to auth yourself in a way that will let MS know who you are. :)
This could also be a way for them to check that you didn't crack the product activation key, for what we know... The sad thing is, it is actually a good idea they had, but they're severed their own reputation so badly over the years, that whenever they come up with something new, people all other the world immediately assume they'll use it for Evil Purposes. The SmartTags weren't that bad, in themselves, for example (go see a screenshot of them, they don't really deface sites); we just assumed they'd be put to their worse possible use. I don't know if we were right to do so. It's just not possible to trust Microsoft.
Ah well. I'm sure the aforementionned kiddies will find a way to exploit the update server anyway. I mean, it's such a big entry point for such a variety of data, there has to be a buffer overflow somewhere in there. And God bless XP users once the kiddies fiddle with the central driver database!
-- B.
This sig does in fact not have the property it claims not to have.
you can use HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Driver Signing = 0 or 1 to get around this.
If we trusted them this might not be so bad. They ARE trying to make the end user expereince better. they are trying to say that drivers that are certified to work will be allowed.
The problem is though...we really do not trust them. I like MS and I don't trust them.
On the bright side though, this seems more like a hardware issue. Except for mice/keyboards/joysticks there isn't a wholelot of hardware MS sells. Thats not to say though that they wouldn't blackball a competitor of a favored hardware manufacturer that pays them a little extra cash to get their hardware/driver certified.
It seems to me that if what it takes to pass the test is out in the open, and it really is in MS's best interest to do that, there shouldn't be a p[roblem. I have always said that the reason why MS seemed so unstable was because the device drivers and the devices really didn't play well with Windows despite the Windows certified logo.
I'm still working on a clever footer.
My ISP strictly forbids me from running any kind of server. If this XP 'feature' uses ftp or some other kind of server to download my core dumps, my ISP can cancel my service.
I guess MS is nicely weeding out bad ISPs as well as bad drivers...gee thanks
Are you incapable of thinking long-term? Just because something is voluntary now doens't mean it will always be. New Microsoft features are almost always voluntary - they're usually voluntary only until people have gotten used to the idea. Then either they become involuntary, or the process of opting out is made overly-complicated and obscure, so that most people just give in anyway. Think man.
Software vendors don't "access Windows internals" because programmers want to--it takes a lot of time to do so. They do it because Microsoft's APIs are insufficient and poorly thought out. Microsoft has profited handsomely from this because third parties have managed to figure out how to make that pitiful platform do things Microsoft never had the sense to design APIs for. Without third party vendors doing this, Windows would be nowhere. Now that Microsoft has finally copied enough from other vendors, their system doesn't quite need such enthusiastic third party software vendors anymore.
It's also a question of architecture: except for a very limited set of hardware drivers, there is no reason why the installation of anything should either be prohibited or cause instability. (Linux doesn't get this right either, but it is considerably better than Windows.)
The biggest problem with this is, though, that, whether it is sensible or not, Microsoft is driven by the profit motive, and for them to be able to exclude vendors from the market and force them to submit to certification procedures is a great way of controlling their market and increasing their profits. That is, even if there is some weak justification of this action in terms of profits, it is still highly suspect, and should be.
This isn't about being intrinsically "anti-Microsoft". The company has been found to be a monopolist, and it is rightfully subject to this kind of scrutiny and suspicion. Microsoft needs to tread extra careful in ways other companies don't have to, and instead the company is still giving consumers, software vendors, and regulators the finger.
(Incidentally, your characterization of blocking "only current versions of the drivers" is incorrect. I suggest you take the time and actually read the document at Microsoft's site describing their policies.)
According to the The NIST Reference on Constants, Units, and Uncertainty the correct terminology is derived from the International Electrotechnical Commission (IEC), Prefixes for binary multiples. So as you can see, the correct term would actually be one mebibyte (1 MiB = 220 B = 1 048 576 B). It is suggested that in English, the first syllable of the name of the binary-multiple prefix should be pronounced in the same way as the first syllable of the name of the corresponding SI prefix, and that the second syllable should be pronounced as "bee."
"Going to war without France is like going deer hunting without your accordion." - Jed Babbin
I want to know exactly how people know that "most of the instability I've had with windows was due to bad 3-rd party drivers."
--or--
"Most of the instability I've had with windows was due to windows."
Got friends?
Because- I *AND ONLY FUCKING I* should decide what does or does not get installed on my computer. I DO NOT give a shit about what you *OR* Mickyshaft think will or will not work. Not that I intend to use Xcess Profits anyway, but, still, fuck them, and anybody who would ever say to me or anyone "No, you shouldn't have that". I shall install, upgrade or uninstall any damn thing I want to on my computer. If it dosen't work then I'll fucking troubleshoot it myself; fuck Redmond and their FUDsters.
"Everyone is entitled to their own opinion, but not their own facts."
Something tells me that this is the first step towards creating a 'closed shop', whereby NO software, not even application-level, can be installed or run unless it has M$'s approval.
Goodbye small independent software developers - if you can't afford the hassle and expense of MS$'s Certification Program, or if you don't toe the party line with MS$'s marketing agendas, then you'll find that your software is barred from Lose-dows XP.
Another possibility is that unknown software might be severely restricted in what XP allows it to do - for instance, non-certified programs may be strictly forbidden from all but the most basic access to the Internet.
And it's only a matter of a couple of years before you won't be able to buy a legal copy of Win2k, Win98 etc - it'll be WinXP or nothing.
Don't be surprised to see mandatory updates of XP which include blocked websites, blocked protocols etc.
I hope that the masses migrate to Linux, and that WinXP fails to recoup its development costs.
-- In the beginning was the WORD, and the WORD was UNSIGNED, and the main(){} was without form and void...
Ahh. It would be So Cool if microsoft actually blocked blackice and zonealarm. Preferrably blocked each new version, with each new update of windows.
.. well .. normal people with windows (or newser linux distros) really have their computers pretty damn closed down when they buy'em. If they open things up - they really don't need a firewall to "double-check" everything for them.
/sub7 victims, but only _after_ they've been stupid enough to run the fscking trojan in the first place. NOrmal rules of conduct on computers really says that they SHOULD NOT RUN PROGRAMS THEY DO NOT KNOW.
.. well .. I don't know why they do it -- either they are stupid or they are bought out by the "personal-fw-industry".
The "personal firewall" industry is a full-of-crap industry created by the media. There is absolutely NO NEED for a person to install a 'personal firewall'. There is a small set of rules he should follow to be safe from email-viruses, trojans and "crack attempts".
The firewalls prevents crack attempts, and preventes outgoing connections on non-allowed ports from non-allowed software. The first
The "firewall" may prevent them from becomming netbus/back orifice
The entire 'personal-firewall' industry is a mediahyped hystery that really shouldn't exist. Its an industry that is all about creating 'fear' in the normal citizens, and the SO CALLED "security consultants" that recomends that you should install personal firewalls
Personally I just shake my head when I hear about stupid lusers that has actually INSTALLED such things.
"Rune Kristian Viken" - http://www.nwo.no - arca
All they will do is drive people to dual boot their machines to Linux for those purposes. Anyone using "SMR, DivX ;-), 3ivx, M$MPEG-4" are probably good enough with computers to handle the dual boot. So just keep MS for the MS approved games, and start using Linux for everything else. Eventually the games will follow.
"Beware of he who would deny you access to information, for in his heart, he dreams himself your master."
This is so typical of some Slashdot submitters. Any news about Microsoft is mangled into something bad about the company, regardless whether this really is the case or not.
/dev/ files changed between some version of Linux. Microsoft preventing this software from installing is like having different plugs for 220 V and 9 V devices so you won't plug your shaver directly into a high voltage outlet.
In this case, only CURRENT versions of these programs are blocked, because they access Windows internals which causes instability on XP. They just need to be adjusted to work with XP correctly. Just like some
People who badmounth a company (whether it be Microsoft or another) using information like this as an argument should either shut up or be sued and punished for spreading mis-information.
It's a perfect example of double standards: when Windows crashes this is always the fault of Microsoft, not of bad drivers or programs which access Windows internals, while in fact they often are (especially video drivers). When Microsoft tries to do something about it, it's suddenly only done for promotion of their own firewall software.
Make up your mind. If you are against Microsoft for monopoly reasons or anything else, that's your right. But mangling any piece of information to something negative only hurts the credibility of the anti-Microsoft camp.
The last thing that MS wants is for the user to see a bunch of pop-up warnings each time XP and MS servers talk to each other to validate/snitch registration information.
They stab it with their steely knives,
But they just can't kill the beast.
...because I can't wait to see something like KERNEL32.DLL or NTDLL.DLL getting blocked. Then again it probably has a "if M$ then ignore", if not they'd never get the beta out the door. Disclaimer: Using win2k here, and from my personal experience, next to a crappy ISDN card driver, most BSODs happen because of M$ internal drivers.
Kjella
Live today, because you never know what tomorrow brings
I mean. what is WinXP? it's taking a very good and successful product with good features, and put some "meat" around it to grab more marketshares. For most of us, everything new XP has to offer we know how to install the equivalent on win2k... switching from Win2k to winXP is simply an interface upgrade (which can be done also with windowsblind(?) or similar).
Question is, is there a good reason for a win2k user to upgrade (downgrade I should say) to XP? XP seems so much more restrictive WIHTOUT giving any new features that can't be match with 3rd parties software. It's not an OS for most of us who like to mess around with hardware or software and betas. It's meant for the home user that is running 98/ME and wants to upgrade, THAT guy is gonna see a shitload of improvements.
Yes there's a professionnal version as well... I know... do you really think it's gonna be a major seller? heck they didn't expect win2k to sell that much, why did it sell that much? Games support/directX, Stability, speed, dual processor support, etc... XP offers nothing new in any of these area, so the win2k userbase Won't upgrade unless they have money to burn.
Finally, that product activation thing is gonna be another major pain in the butt for them, most IT people won't tolerate that, and boycott it. (personnally I don't feel like wasting 10hrs a month waiting over the phone because something bad happened to my users and I have to reactivate each one of them one by one or for whatever other reasons).
--- Metamoderating abusive downgraders since my 300th post.
How can Microsoft stop people from sending in spoofed data? What will stop, for example, NVidia from sending in data that makes Matrox drivers look buggy as hell and getting them blocked?
Note: according to this article, the change does not prevent Black Ice or other programs from running per se -- but it does require them to use updated versions tailored for XP.
Hello??? Anybody home? Did it occur to anyone that maybe the reason why Microsoft is considering blocking old versions of ZoneAlarm and BlackIce is because they don't work on the new operating system? I'm sure by the time XP ships, there will be updated versions of ZoneAlarm and BlackIce available, and users will simply be required to upgrade them (for free I'm sure) before installing them on XP. If Microsoft didn't do this, some morons would try to install the same old version they used on Win98, and it would break things, and many of the users would blame XP.
Microsoft did something similar in WinME: the OS ships with a database of known-incompatible software, and if you try to run a known-incompatible program, it gives you a warning, with the option to cancel or run it anyway. An example of this is Enternet 100, a PPPoE client that Mindspring used to distribute for their ADSL service. Guess what? It actually doesn't work on WinME. Runs fine on Win95b, Win98, NT 4 and 2000, and I understand there's a way to hack it to make it work on ME, but according to the company that makes it, it's not compatible - you have to upgrade to a version of Enternet 300, or use a different PPPoE client. I did tech support for Earthlink after the Mindspring merger, and that feature that Microsoft put in actually saved us from some pretty annoyed customers, because it told them it wasn't going to work before they found out for themselves the hard way.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
So...Windows XP figures out when vendors write shitty drivers and call them on it by informing you and the vendor and that's bad? Is it just as bad when a kernel module causes a core dump and it writes a mail message to the admin defining the error? This is ridiculous. So the fuck what if Microsoft fucked over Caldera by making Windows 3.11 crash on it, it's their fucking product. Windows 2000 supports driver certification just like Win XP does, it is a professional class workstation OS and damn well should have some way to verify the integrity of the hardware drivers you're installing. Maybe when a vendor's drivers keep causing a system to core dump they will get on the ball and release what we call "updates" to their drivers. I'm sorry releasing a single driver update over a product's lifetime is a pretty shitty way to treat your customers. Compare for example Creative and nVidia. Creative drivers for their sound cards and modems are over a year old and dispite being shit have not been improved upon at all. On the other end of the spectrum nVidia unified their driver base and continuously updates and refines their drivers. It drives you to buy shitty bargain basement hardware for your systems because at least then you get what you paid for.
I'd like to see alot more talkback features in fucking software so vendors can actually improve their fucking products. The Omni group pretty graciously lets you use their browser for free with no restrictions yet maintains a bug tracking system. Bug report e-mails aren't exactly support for software. Slashdot always finds a reason to bitch just because Microsoft's logo is found somewhere near an article.
I'm a loner Dottie, a Rebel.
This is just another method to determine what things are installed on your computer. They couldn't get away with HD scan uploads, so now they upload what's installed on your computer - but only when it crashes. On windows, that's more than early enough, my win2k box crashed twice today.
Do you have StarOffice installed? Well that's why you crashed.
Any sufficiently advanced technology is indistinguishable from a rigged demo.
Maybe someone can correct me here, but I don't think there are any desktop operating systems that can recover after an unhandler kernel-mode exception.
I would say, yes.
We HAD NT systems here that ran for almost 5 years, with reboots only for service packs and hotfixes.
(As a side note, after receiving nearly 35 letters from the BSA and Microsoft, sent to us because we were developers and resellers and customers, offering us a "truce" and calling us all manner of names, we have removed all Microsoft Server products from our organization, have replaced them with Linux or BSD based systems. MS, F*CK you and your BSA Cronies! I dont care if it was a form letter, we were a bit more than offended.)
----- LoboSoft specializes in Digital Language Lab
"I want to KNOW what internet traffic is coming IN and OUT of my system. ZoneAlarm fulfills that need, for $0, and deserves praise."
Microsoft has a history of creating deliberate incompatibilities for competition, and it's no coincidence that ZoneAlarm and others find their software broken for no good reason in XP. It's happened before and it will happen again, and KEEP happening until developers learn that when they are playing M$'s game, the only winning move is NOT TO PLAY.
In the case of a firewall, or any other kind of security software, I have a LOT more faith in a third party than I do in MS's "security bug a week" laughable record.
I have no doubt that MS's so-called "firewall" in XP with Active Swiss Cheese (tm) technology will prove just as sucessful as their foray into bundling anti-virus software with DOS 6.x (horrible failure).
Bundling a swiss-cheese firewall with the OS is a BAD idea, as it will, like the MS Anti-Virus debacle, it will give a LOT of people a false sense of security, and cause the demise of third party security apps for `Doze (who will cease development because their air supply is cut off). Which will do NOTHING for MS's reputation as the least secure, MOST dangerous OS to let loose on the `net there is.
Aim down, FIRE, where did my foot go today?
=== The price of freedom is eternal vigilance
Moving to a new platform is like retooling a factory for most companies. It's a death sentence because that means no product for months while you trash a whole development group that has been working just fine for you for the past few years, and go find another team that will hopefully gel on this new platform. And no amount of XP certification will help if you're on MS's bad side when they decide to delay you just enough for you to miss the Christmas rush or some other timely deadline. Make no mistake, they're in control.
You know, I really think the average consumer oesn't care a bit about open souce, closed source, or shared source. Sure, maybe most people think that Microsoft shouldn't be such a bully, but that's not going to keep them from wanting to buy computers they can use without reading a book.
Wake up, folks. People don't really care about free software, open source and all the rest. No more than they'd be expected to care about Free Toasters and Open Refrigerators. They don't want choice if the choice means reading howto's and Unix manuals. They don't want to have the freedom to build their own computing environmen because computers are complicated, intimidating and scary.
If Microsoft disappeared tomorrow, Linux and all the other free Unixes still wouldn't be easy enough, simple enough, and attractive enough to fill the void.
So, rather then whining about how the Big Bully is keeping Your Favorite Unix LookAlike from taking over the world, how about getting busy and putting together on OS that is so outrageously good that people will wipe Windows from their PC's and buy it.
-- Slashdot: When Public Access TV Says "No"
If they were fixing the system and unconcerned about old programs doing "tricks" they would switch to NT as the underlying system. XP is not NT. They have promised the NT+DOS merge for TWELVE years now and it has not happened, this is because the upper management (probably in a big fight with the actual poor saps who have to implement this mess) do not want to do obvious steps, like have all programs that make an old call pop up a box that says "This program does not work on Windows XP". The problem is that this may prevent some sales of XP and the continuation of older MicroSoft machines, which are actually their biggest "competitor" (there are about 100 times as many Windows '93 machines than Linux machines, and that is probably an "enemy" they are more worried about!).
This system sounds like it will allow them to actively choose which programs they want to have fail, and they can make them fail with ominous messages about the given program being unsafe and disallowed by MicroSoft.
Serious OS design would cause Black Ice and literally thousands of others to fail at startup, possibly with cryptic messages. And I agree with you that would be a good design decision. But that is not what they seem to be doing.