Slashdot Mirror


NTBUGTRAQ Bashes Windows Update

BigBadBri writes "Russ Cooper, keeper of the NTBUGTRAQ list, has a few concerns (to put it mildly) with the trustworthiness of Microsoft's Windows Update."

12 of 509 comments (clear)

  1. Then work on an alternative... by Sheetrock · · Score: 3, Interesting
    Why should Microsoft platforms be immune from the progress that the Open Source spirit has given other platforms? Windows Update doesn't have to be the sole source for the common user of updates, patches, etc. -- many of these are third-party, anyway, and could probably be handled similarly to apt-get, rpm, or emerge.

    I've read a number of depressed perspectives on how we've got to accept a broken technology because it is patent-encumbered, closed source, or whatever, and I wonder "Where's your initiative, people?" To use a cooking analogy: the Koreans and the Dutch couldn't be much more different geographically, but at approximately the same time in history they faced a similar crisis involving an abundance of fuel and a pittance of foodstuffs -- the Koreans invented stir-frying, which allowed a maximum amount of heat in a minimum amount of time to sear their food, while the Dutch came up with the Dutch Oven, which is an ancient European equivalent of the Crock-Pot where food was cooked in its own vapors in a covered environment at a low temperature over an extended period of time.

    This is only one of a number of similar examples throughout history of almost-parallel development. People have constantly had to reinvent the wheel for any number of reasons, but most importantly the process was influenced by cultural and social factors that ultimately lead to different approaches towards the same problem. Thus we can choose from the solutions the one that is most efficient or most effective... the strength of Open Source.

    I guess the point is that there is almost always more than one way to solve a problem, and generally it's the optimists that get to it. I see too many good ideas sunk by naysayers that won't give a concept a fair shake; irregardless, who could have predicted the computer, air travel, or the mysteries of the atom a mere century ago? Hope for even the best of the future and it will yet exceed your expectations.

    --

    Try not. Do or do not, there is no try.
    -- Dr. Spock, stardate 2822-3.




  2. Trustworthy Computing? by DaPhoenix · · Score: 4, Interesting

    Man it seems like every day we find out how to define the 'trustworthy' in "trustworthy computing"

    First Windows, then the Outlook bugs, then the Hotmail bugs, now the Windows Update security issues - not to mention the Shatter Exploit (fundamental unfixable Win API flaws)

    Mmm I love days like today. :)

    --
    -- -=innocent ramblings from the mind of an insomniatic programmer=-
  3. strange timing... by drummerboy714 · · Score: 4, Interesting

    Last week I spent all day downloading patches for an XP laptop that we are evaluating. Today we (my notoriously adorable assistant) received a notification that there are (surprise!) more patches to download. When I looked at the list, some of them were going back to Feb of 2002. We looked at what patches and Q#'s show as installed, and several of these are the same ones WUS show as needed. Needless to say, we are yanking the XP OS and going back to W2K. Oh, that we could use Linux in our production environment!!!!

  4. Re:Trust? by dre80 · · Score: 4, Interesting

    If anything, messages like that are a late attempt to catch up. Netscape/Mozilla have had the Quality Feedback Agent at least since the Netscape 4 era, and it was hailed as an example to follow. Well, like it or not, the example has been followed. MS may well not treat the information the same way, but tracking bugs has become increasingly important as applications get increasingly larger and more complex.

    I don't trust Microsoft in general, but in this case they've yet to prove that their intentions are any other than making quality software.

  5. Re:hmmm... by Justin205 · · Score: 3, Interesting

    Red Hat updates are usually fairly on time, especially for security stuff. Feature updates usually only come in the next version, but since it's free, no big problem. Windows Update seems to get updates late, from when they are first available, if you know where to look, and isn't very reliable. When I use Windows, I've had the SP1 install on XP screw up at least twice from Windows Update, so I go download the installer manually.

    --
    "Your effort to remain what you are is what limits you."
  6. Re:Why Do They Always Rip Off Unix? by the-dude-man · · Score: 4, Interesting

    AS for WU - remember most of its audience is the home user. It tries to do a worthwhile job, but from experience unless you've got a fat pipe it takes ages (10MB isn't unusual) and it craps over your settings, it DOES scan and return info on what's on your machine .......

    This is very true, and if anyone doubts it, grab yourself a copy of vmware for linux systems (ironicly, thats the ad at the top of this page) and fire up windows XP, then, do a tcpdump on the interface that vmware is using, run strings on the data inside the packets....its quite interesting what you see when you reassemble all the packets going to v4.windowsupdate.microsoft.com.

    This is also true when win98 is run within VMware, and windows update sends that nice message box saying "this is done without sending data to microsft"

    Windows, its whats for dinner

  7. Re:it's better than nothing by jkrise · · Score: 4, Interesting

    "people don't patch their systems by hand. "
    I've never seen anybody do that, I agree :->

    "I can only imagine the outcry if M$ DIDN'T have a Windows Update. It would be an evil scheme or something."

    Tell me something. Why is it that MS refuses to deal directly with it's own customers? Why should it sell thru OEMs etc. and support thru the web? Why can't MS offer support services directly thru their various offices and provide a CD that does the Update Services? A day's delay in couriering the CD? The CD media would cost about 20c. Even 50
    CDs a year (we're talking MS here) would cost about $10 for the CDs and a maximum of $100 for postage.

    MS support services cost much more than $150 per year, but still the customers are denied the convenience of a CD and no intrusion on their systems. Why?

    --
    If you keep throwing chairs, one day you'll break windows....
  8. Re:I like Windows Update by digitalgiblet · · Score: 3, Interesting
    A few weeks ago I ran update... (cue ominous music).

    It applied Service Pack 3 to Win 2K and rebooted. When it came back up (or actually failed to), it could no longer see the ATA100 hard drive on which it was installed...

    I tinkered around for about an hour before I decided it would be quicker to re-install than to try to fix it...

    Until then I had had good experiences with update for the most part. It is a good concept (like Red Hat Network), but given the wide range of hardware/software configurations out there, I'm not sure it will ever get to the point that a large update doesn't fry someone...

  9. Re:I don't trust Microsoft... by jtrascap · · Score: 3, Interesting

    ""More often than not"? Really? That hasn't been my experience. In fact, I haven't experienced a single problem due to a Windows update."

    You want examples? Try using Win2K and WebTrends Web Analyzer (and don't change the subject by suggesting a different log analysis tool - this is required by the company).

    Somewhere, after a raft of updates last winter, the damn system kept locking-up in the middle of analysis. So we rip it down, build it back up fresh and remove anything that could cause issues. Same problem. The machine's a Dell Optiplex PIII 450, with 384MB of RAM and 40GBs of drive space - and it can't reliably run a logfile of 2MB without locking-up hard. And so we do it again. And again. Feh!

    We're all baffled. Anything else can run, and WebTrends says they'e compatible but quietly acknowledges (via a help person) that Win2K people have been having update issues. I've spoken to others so this bit of anecdotal information strikes a nerve.

    WinXP has given me issues with media player codec problems, window redraws, explorer.exe running wild (climbing to 99% of processor time) after servicepak 1.

    Windows sucks. Period. We all know it. We're the smart ones, but the other 90% of the user base is either too frightened/lazy to change to something that works, or too cynical to even consider change. The damn system is mystery to most users - they just pray it works, and when it doesn't, all they can do is rip it out and start over.

    This is not the way it's supposed to be.

  10. Re:I don't trust Microsoft... by Cromac · · Score: 3, Interesting
    "More often than not"? Really? That hasn't been my experience. In fact, I haven't experienced a single problem due to a Windows update.

    Please give your basis for that statement. How many updates have you installed and how many things have broken because of those updates?

    In my case almost certainly more than you have since I worked on the Windows Update team at MS. I know how well they tested the updates, what kind of things were bugged and not fixed and in general their level of quality control.

    More often than not patchs installed via WU will work fine, but I've seen them cause BSOD that require a reinstall to fix often enough that I don't use it.

  11. FreeBSD by TheLink · · Score: 3, Interesting

    Actually I found getting my FreeBSD system up to date easier than Windows Update.

    At one time, it seemed the Windows Update site was having problems - but the messages I got and the apparently relevant MS knowledgebase docs weren't helpful, so I thought the problem was with my system and wasted many hours because of that.

    And as Russ points out, even if you run Windows Update successfully, you shouldn't be surprised if your system isn't really up to date.

    With FreeBSD once I synchronized sources and rebuilt, I could be pretty certain what I had sitting on my HDD, AND so could others. If I have a problem, I can state the release I synced to, and the devs will know what I'm talking about. That makes support easier.

    But with MS, the process is such that you can't really be sure esp when there are problems. Even if you can it may take so much time to be sure that you might as well wipe and reinstall everything.

    Trustworthy? Not. Convenient? Yes.

    --
  12. Re:In case of slashdotting, by walt-sjc · · Score: 4, Interesting

    Um, arn't MS Windows users paying MICROSOFT to figure this out? MS does have the in-house talent to come up with a solution for this, they just choose not to address the problem. They just go on pretending that everything is fine.

    What Russ is attepting to do is tell MS to wake the hell up and fix it, and that if you are a Windows user that you should know that Windows Update is basically a pile of shit and that you can't trust it.

    So I guess don't quite understand you beef. Is MS paying Russ to solve Windows Update problems and he isn't doing the job or something?

    As an end-user to commercial software, your job when it comes to bugs is to report them. Not fix them.