Slashdot Mirror
Windows XP To Block Use Of "Troublesome" Drivers
The document details how XP will automatically download the latest drivers for your hardware from the windows update site, and more worringly, XP will reguarly update the list of blocked drivers from the site. Quote from the document:
   "On a related note, Windows XP provides the ability for Microsoft to receive crash dump data on specific drivers (i.e. when a user receives a blue screen, we upload that information for further analysis). When Microsoft reporting systems indicate crashes have exceeded a certain threshold, Microsoft will notify the Vendor that the device is being considered for the blocked driver list. If reports pass an even greater threshold, we will then flag that specific version of the driver as needing to be blocked."
Boy, The site that uploads that crash dump data (and whatever else it snags...) better have a lot of bandwidth... ;-) As The Register points out, this brings back memories of how Microsoft killed Caldera DR-DOS by deliberately crashing Windows 3.1 if you were running on DR-DOS -- for no reason other than forcing you to use MS-DOS."
Note: according to this article, the change does not prevent Black Ice or other programs from running per se -- but it does require them to use updated versions tailored for XP.
So realistically, what's to stop a malicious company or individual faking Windows crashes of MY software and getting my program black listed by Microsoft? Anyone with a decent array of tools can much about in memory, change a few values here or there, and crash any program they like. After doing this 'a number of times' my program may pass the undefined limits and get blacklisted for no reason at all.
Nothing I can do will get my program unblacklisted if enough users have a grudge against me, and blacklisting virtually assures my software will cease to be used by the vast majority of normal Windows users.
I hope Microsoft have given this more thought than the decision to include scripting in Outlook.....
My question is how much is microsoft actually comming up with themselves and how much are they hacking away from the opensource community? I heard that Active Directory is just bind with a microsoft twist to it. Is IIS just apache tweeked to hell and back?
Microsoft is combining a firewall with WindowsXP but did they actually write it or is it just ipchains? Is there any way we would ever really know if microsoft is using open source (GPL) code for their commercial purposes?
If you read the article, you'll see that the mechanism
blocks drivers which crash the system frequently
as determined by the crash dump reports sent to MS.
Clearly, if you write your driver so it crashes the
system all the time, it will be blocked. So stop
complaining that you are "denied market share" and
write a better driver. What, do you think you are
entitled to be installed on every Windows machine just
because your software is free?
I am not so sure if it is a good thing for MS to do. I would certainly not like it if I am having a problem with say a crypto card in my PC and XP starts to send debug output to MS. That is a Bad Thing(tm) for MS to do.
I guess it all depends on whether this comes as an opt-in or an opt-out system, and I don't mean just the blocking, but also the automatic driver upgrade etc.
After about the umpteenth million time that I've successfully used ZoneAlarm to block out some adware, or some s'kiddie trying to r00t my winbox, I'm what you'd call satisfied. Sure, That program causes some instability, but that's nothing compared to what would happen if my computer were a zombie. Presumably Microsoft expects me to trust their firewall to block out adware? Or to actually be secure? No thanks. XP is one "upgrade" this user won't be wasting time/money on.
political_news.c: warning: comparison is always true due to limited range of data type
From the document:
One of the valuable prevention features that have been added to Windows XP is the ability to block users from installing a particular version of a driver. Since the release of Windows 2000, Windows has had the ability to block installation of a driver through a Setupapi.dll check of known problem drivers. Windows XP adds the capability to update the list of problem drivers from Windows Update. Windows Update, independent of the access mechanism described above, automatically downloads this information.
Read that...the list of drivers is controlled by a DLL that is updated by Microsoft. The information is automatically updated.
If a user with administrative privileges has the device installed (or plugs an external peripheral into the PC), they will receive a balloon popup in the taskbar indicating that the driver has known problems and will not be loaded. When a user clicks on the balloon or notification icon, Help and Support Services will provide information on where to get an updated driver if information is available. Driver blocking is independent of whether the device is signed or not (i.e. Microsoft will block signed drivers that are known to have problems).
So yes you are correct...it will be possible for 3rd parties to add in their own drivers...the catch being that Microsoft still retains control over them...even if they are signed (which most unofficial drivers aren't). All MS has to do is add the driver (probably DLL information?) to their list of "problem drivers" and they will be blocked.
I don't know bout you...but that sounds like a perfect setup for MS to break practically any application they want at will on millions of PCs in a heartbeat. Brrrr.
- JoeShmoe
-- I wonder which will go down in history as the bigger failure: the War on Drugs or the War on Filesharing
I can't comment on BlackIce, but ZoneAlarm DID work just fine. The new version works just fine, but aparently hooks much higher in the network stack: It can no longer prevent Windows update from calling back to Uncle Bill.
Just another evolved monkey with a keyboard!
I another thing I dunno is how to turn off this "feature" in windows....
Well, the thing is you can't turn this feature on or off... it's automatically running all the time in the back ground. And actually, it looks like it's geard to reducing the number of "unstable" drivers on your system. This may or may not be a good thing(tm), however, they did not mention in their reference document exactly how they are going to validate these "crash dumps" that will be sent back to them. They will need to validate these dumps somehow, or else you'll get a new kinda of DoS attack... one where a bunch of computers are crashed purposefully to generate dumps that seem to indicate that a particular driver is faulty. Then MicroSoft blocks this driver from ALL the installed XP user base and Wammo! Driver DoS :)
BTW, I copyright that idea.... erm, yeah, whatever. ;) Cheers!
-- Humans, because the hardware IS the software.
Don't get so wrapped up in indignation over biased treatment of Microsoft that you forget that Microsoft has done some things that merit harsh criticism. If you read the Register article referenced, you'll notice a reference to how Windows would give bogus error messages to people trying to run it on top of DR-DOS, error messages put into Windows because management didn't want people using a competing product. While the driver-blocking in Windows XP does have a legitimate reason for being implemented in many cases (changes to the TCP/IP implementation would cause problems for firewall software, for instance, so disabling them would prevent the first boot of an XP-upgraded system from crashing due to that conflict), the possibility does exist that Microsoft could pull an old trick. All they would need to do would be to put some competing software in the "banned" list not because it could cause problems, but because it's competing software. The quick rise of IE illustrated that users are more likely to use what they get with the OS than they are to go out of their way to download a competing product, so such a move would certainly encourage people to use whatever's bundled with XP rather than download an updated version of the software. Especially since I'm sure the "blocking" feature doesn't display a download URL for the user to make updating the software easier.
Yes, Microsoft does make some good software (I hate IE for Windows, for instance, but love IE 5 on the Mac). But in case you missed the recent appeals court ruling, Microsoft isn't exactly a saint. If you look beyond blind MS-bashing and blind MS-defending, you'll see a report about a feature that should be closely watched because of its potential for abuse.
Naked.
This is not about making things more stable. This is about squashing the competition by claiming that the product was defective. This is just a more brazen way of being anti-competition.
My guess is with this kind of press, Microsoft is going to make the decision to punish them a lot easier for the government. It's transparent and no one is going to be fooled by it. This cannot be helping their case.
"Beware of he who would deny you access to information, for in his heart, he dreams himself your master."
When Mozilla receives n crash reports from a specific page, they don't block you from looking at the URL that crashed the browser. When Microsoft gets n crash reports from a certain program, they won't allow it to run. Of course, with Microsoft's dubious history, I'm *sure* that a perfectly good 3rd party application that works just fine won't be blocked ... rriiiiggghhttt....
Are you opposed to traditional firewalls as well? While a personal firewall can't compete with a dedicated firewall it will still provide far better protection than a bare connection.
While you can likely keep a machine free from trojans by beeing cautious of who you source your software from, there is still loads of spyware out there, some contained in quite useful apps.
While you can say (/shout) "SHOULD NOT RUN PROGRAMS THEY DO NOT KNOW". In practice noone can know all the software they run, as this entails reading and understanding all source, as well as building from the ground up all software you use. Some trust must be applied, and when you trust you may be mistaken.
A firewall app provedes an extra layer of security against your own erronous judgements (after all noone is perfect) as well an enable you to use and identify some spyware without sacrificing privacy (By blocking the spyware's channel to home)
Microsoft is smoking some serious crack if they think they can become the sole authoritative source for drivers on the Internet.
It is foolish to underestimate your enemy's strength. If there is one company with enough resources to pull this off, it is Microsoft.
In conclusion, be afraid. Be very afraid.
Call me paranoid, but I have a hunch that the new "compliant" versions of this software will have certain microsoft ports opened for various reasons. Not only does this present a security threat, but I am also somewhat worried about the user's privacy.
As for AOL, I think I can guess about that one.
I think this is a good thing.
They are making device developers fall into line.
I sure Microsoft is as tired of the the blue screen jokes as the rest of us are.
If the criteria are not published, though, one may reasonably presume that the criteria are not objective. Even barring malicious intent, subjective criteria would be bent to Microsoft's convenience. This is for the same reason that science uses double-blind experiments when possible. People always are biased in favor of judgements that favor their own interests. In the absence of an objective specification, I believe this no-run list would be a clear violation of monopoly power even if it were not so intended.
mt
Yes, despite what the most vocal MS critics say, NT is quite stable, third party drivers do kill it.
Linux doesn't have this problem because there aren't too many vendors writing kernel modules.
IMHO, it is a harsh solution for a bad problem. But I can't fault them -- I can't think of any other way of doing it... except maybe a "I forfeit support from MS, and accept the risks of running this driver" button.
Remember too that MS has been responding to industry requests for privacy and control over updates. I imagine this will be among those tools with an option to point towards a privately run server. If not, corporate customers would have a fit. Just imagine being an IT manager finding out that Windows XP purged the video drivers from half your users in North America.
On the other hand, the worse MS gets, the more sense Linux makes.
They can remotely cripple any software or hardware that uses a specialized driver. While they use the excuse that it is not XP compliant. What is to stop them from placing drivers from any software or hardware they choose on the list? Imagine if they wanted to block a certain piece of hardware, a specialized sound driver or a Divx codec. What would stop the? This impacts open source because often the software used is in beta when people first download and try it. This would not work if they wished it. Where are the controls to disable this feature? Even then how much do you want to bet that in order to watch or listen to any secure content that you will need to update your list of banned devices? Anyone here use Disk Daemon or VNC? I will bet that packages like these will be banned because they can emulate hardware or provide ways to pull screen content. I would also bet that Microsoft is not about to remove any of its products from the list. Imagine them restricting the latest version of Apache or MySQL while releasing the newest version off IIS. Even if this feature were meant to be used with good intention, it allows them in an underhanded way to control the software and hardware market. Futhermore, it just dawned on me that they could even block software that uses standard Windows drivers by updating a standad driver in way that cripples third party software ability to communicate with it and then blocking the old driver as outdated. All they have to do is make sure that the driver update and the patch for their own software to work with the new driver's FEATURES is released in the same package. I could easily see them doing this with the streaming Media Codecs.
I've seen lots of comments about how Microsoft is evil and is trying to eliminate all their competitors in the personal firewal market and how they are going to spy on what the users have installed and how they will block web sites a programs too, along with the drivers, but nobody seems to have realized the true implications of this modification to Windows, instead of all the paranoid stupidity.
First of all, this provides another revenue stream for Microsoft. In order to get their the drivers marked as Windows XP Compatible (and the digital signature that goes along with this), hardware vendors will undoubtedly have to pay Microsoft some fee, whether it be for the signature itself or perhaps something slightly more useful (and less greedy), like paying Microsoft to do some testing on the drivers and then providing the certification.
This isn't particularly bad (although, Microsoft is once again abusing its monopoly power to gain money, who else are the hardware companies going to make hardware for?).
What does worry me is the fact that this provides an easy way for Microsoft to infulence hardware manufacturers. If they don'y follow Microsoft's "suggestions", the testing and certification could be "accidently" delayed, while all the hardware company's competitors deliver their products to market before them.
What will those suggestions be?
Probably something like "Hey, you know those weird communist hippy freaks who work on that evil anti-American OS called Linux? We want you to stop providing them with technical specifications and hardware drivers. Thanks, and have a nice day!"
Yes, despite what the most vocal MS critics say, NT is quite stable, third party drivers do kill it.
Here's a fix for this problem: MS requires all vendors (except for itself, of course) to open-source their drivers. THAT would be ironic.
1) Virus/worm. ...that randomly corrupts one or two bytes in a pointer table in a .DLL installed by Orifice XP... ...that modifies itself to change which bytes its children will corrupt before attempting to propagate... ...that securely deletes itself after propagating, leaving only the corrupted .DLL files or other internals.
2)
3)
4)
5) Bonus points for doing some RTM-Worm-like cross-platform magic and using r00t exploits to leave a reservoir of Linux boxen from which it can re-emerge after the publicity dies down.
Good thing I'm not running XP. And never will.
There isn't much journalistic integrity on this site is there? "Well, apparently among the casualties are ZoneAlarm and BlackIce... Two popular free personal firewall products for windows. Guess What? XP includes its own firewall ... So you don't really need then anyway, right?"
and at the very end of the article:
"Note: according to this article, the change does not prevent Black Ice or other programs from running per se -- but it does require them to use updated versions tailored for XP. "
Why wasn't the entire summary of that one line posted, instead of so blatantly skewing the truth?
"RC2 refuses to install a host of third party applications including Black Ice, Zone Alarm and AOL. Users will need to upgrade their applications to Windows XP-compliant versions."