Slashdot Mirror


NTBUGTRAQ Bashes Windows Update

BigBadBri writes "Russ Cooper, keeper of the NTBUGTRAQ list, has a few concerns (to put it mildly) with the trustworthiness of Microsoft's Windows Update."

6 of 509 comments (clear)

  1. Trustworthy Computing? by DaPhoenix · · Score: 4, Interesting

    Man it seems like every day we find out how to define the 'trustworthy' in "trustworthy computing"

    First Windows, then the Outlook bugs, then the Hotmail bugs, now the Windows Update security issues - not to mention the Shatter Exploit (fundamental unfixable Win API flaws)

    Mmm I love days like today. :)

    --
    -- -=innocent ramblings from the mind of an insomniatic programmer=-
  2. strange timing... by drummerboy714 · · Score: 4, Interesting

    Last week I spent all day downloading patches for an XP laptop that we are evaluating. Today we (my notoriously adorable assistant) received a notification that there are (surprise!) more patches to download. When I looked at the list, some of them were going back to Feb of 2002. We looked at what patches and Q#'s show as installed, and several of these are the same ones WUS show as needed. Needless to say, we are yanking the XP OS and going back to W2K. Oh, that we could use Linux in our production environment!!!!

  3. Re:Trust? by dre80 · · Score: 4, Interesting

    If anything, messages like that are a late attempt to catch up. Netscape/Mozilla have had the Quality Feedback Agent at least since the Netscape 4 era, and it was hailed as an example to follow. Well, like it or not, the example has been followed. MS may well not treat the information the same way, but tracking bugs has become increasingly important as applications get increasingly larger and more complex.

    I don't trust Microsoft in general, but in this case they've yet to prove that their intentions are any other than making quality software.

  4. Re:Why Do They Always Rip Off Unix? by the-dude-man · · Score: 4, Interesting

    AS for WU - remember most of its audience is the home user. It tries to do a worthwhile job, but from experience unless you've got a fat pipe it takes ages (10MB isn't unusual) and it craps over your settings, it DOES scan and return info on what's on your machine .......

    This is very true, and if anyone doubts it, grab yourself a copy of vmware for linux systems (ironicly, thats the ad at the top of this page) and fire up windows XP, then, do a tcpdump on the interface that vmware is using, run strings on the data inside the packets....its quite interesting what you see when you reassemble all the packets going to v4.windowsupdate.microsoft.com.

    This is also true when win98 is run within VMware, and windows update sends that nice message box saying "this is done without sending data to microsft"

    Windows, its whats for dinner

  5. Re:it's better than nothing by jkrise · · Score: 4, Interesting

    "people don't patch their systems by hand. "
    I've never seen anybody do that, I agree :->

    "I can only imagine the outcry if M$ DIDN'T have a Windows Update. It would be an evil scheme or something."

    Tell me something. Why is it that MS refuses to deal directly with it's own customers? Why should it sell thru OEMs etc. and support thru the web? Why can't MS offer support services directly thru their various offices and provide a CD that does the Update Services? A day's delay in couriering the CD? The CD media would cost about 20c. Even 50
    CDs a year (we're talking MS here) would cost about $10 for the CDs and a maximum of $100 for postage.

    MS support services cost much more than $150 per year, but still the customers are denied the convenience of a CD and no intrusion on their systems. Why?

    --
    If you keep throwing chairs, one day you'll break windows....
  6. Re:In case of slashdotting, by walt-sjc · · Score: 4, Interesting

    Um, arn't MS Windows users paying MICROSOFT to figure this out? MS does have the in-house talent to come up with a solution for this, they just choose not to address the problem. They just go on pretending that everything is fine.

    What Russ is attepting to do is tell MS to wake the hell up and fix it, and that if you are a Windows user that you should know that Windows Update is basically a pile of shit and that you can't trust it.

    So I guess don't quite understand you beef. Is MS paying Russ to solve Windows Update problems and he isn't doing the job or something?

    As an end-user to commercial software, your job when it comes to bugs is to report them. Not fix them.