Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Pulls Broken XP Update

Posted by michael on from the repatch-and-sin-no-more dept.

Cally writes "Yahoo! reports that Microsoft have pulled a Windows XP update from the Windows Update servers after it killed network access for some users of the claimed 600,000 who installed it. (Does this mean only 600,000 XP users trust Windows Update?) The story hints that the problem was something to do with VPN or IPSec drivers clashing with Symantec software - however I haven't found anything about this on the Microsoft KnowledgeBase (the link Yahoo provide goes to the generic support home page.) Anyone got more info?"

12 of 478 comments (clear)

  1. That's the problem with automatic patching by Tsu+Dho+Nimh · · Score: 5, Insightful

    If XP is allowed to go find its master and patch itself, any problem with a patch will spread widely to the people least able to deal with it.

    At least this patch made it perfectly obvious that it had a bug.

  2. Hmmm....I wonder why... by Howard+Beale · · Score: 5, Insightful
    "Most systems didn't crash; they simply lost network connectivity," said Michael Surkan, a Microsoft program manager for its networking communications group. "There were hundreds of thousands of people who downloaded this, and we know of only a handful of people who had the problem."

    Maybe because they couldn't get online to report the problem???

  3. Old news by rjch · · Score: 5, Insightful

    Unfortunately, it's something we've all heard before. I'm a recent entrant to the world of tech support, and the company I work for (much like many other large companies) refuse to touch a new Microsoft OS until it's been through at *least* one, preferably two service packs. Likewise, updates that Microsoft class as "critical" are not to be installed for at least a fortnight, unless they are for serious security holes with known exploits. Whilst I think this is probably a rather conservative approach, it sure as hell is better than having the network crash down around you. I believe this company was bitten badly by such a problem with a patch a couple of years ago, hence their policy on updates.

  4. More Slashdot Sensationalism by Anonymous Coward · · Score: 5, Insightful

    Does this mean only 600,000 XP users trust Windows Update

    What do you think is more likely: "only" 600,000 people trust Windows Update or everyone else just hasn't patched for checked for patches yet? I personally don't use the little auto-notification thingie, I just check every once in a while.

    Also, how is this different from any automated Linux update method? Software has bugs. Patches may have bugs. Regardless of vendor, patches are not perfect and may induce problems.

    Agree or disagree with me, when you think about it without bias it's true.

    1. Re:More Slashdot Sensationalism by PetiePooo · · Score: 4, Insightful

      I think the reason most people here are bitter is the way MS is micro-controlling their patch distribution.

      If (insert your favorite distro here) releases a bug fix, its generally well documented, you get the source if you really care, and you can know exactly whats going into your system.

      If MS releases a bug fix, the only way to retrieve it is through Windows Update, you don't know what else they slipped in, you often must have all the other service packs/hotfixes installed first, and (this is the really irritating part) it may change your EULA if you choose to install it. If you don't accept the new EULA, you don't get the exploit-fixing critical update you must have to keep your server clean.

      I like and use both MS products and Linux, but severly dislike MS's tendency to grab as much control as they can get away with. They grab until there's a user backlash and either ignore it or back off just enough so it looks to the press like they're the good guys for making a concession.

    2. Re:More Slashdot Sensationalism by lpret · · Score: 4, Insightful
      But there is a difference between Microsoft and where with Windows Update, you have paid for the update service, and you should expect at least a minimum of Q&A done to a patch.

      I assume your speaking of paying for Windows XP when you say that you've paid for the update service, or else someone really ripped you off. If that is indeed what you are referring to, then I have an issue with Mandrake, Red Hat, and SuSe because I did pay for them (support the cause and all) and although you say "I can remember some packages I installed in which they gave you a very explicit warranty : This might screw you up, we're not responsible if it does. " -- this is exactly what Windows Update says in it's EULA.

      So, I would say that Microsoft does a better job in this aspect. Also, you're going to knock Microsoft because they are pro-actively getting people security updates? Wow, this seems to me like a better way, because we all know that many exploits have actually been patched, it's the sysadmins who don't patch their systems that get hacked.

      I know we're supposed to be Anti-MS here and all, and I generally am, but please, don't throw out logic and reasoning when attacking the giant.

      --
      This is my digital signature. 10011011001
  5. Re:Microsoft Security by AndroidCat · · Score: 4, Insightful

    If those people lost network access, how would Microsoft know? ;^)

    --
    One line blog. I hear that they're called Twitters now.
  6. Geez by Quill_28 · · Score: 5, Insightful

    >Does this mean only 600,000 XP users trust Windows Update?

    Umm... NO. It doesn't.

    And stop taking cheap shots at MS, it just make you look like a whiny school kid.

    There is plenty of reasons to bash MS policies and software, but the signal-to-noise ratio is getting silly.

  7. Software Update Services... by jamesh · · Score: 5, Insightful

    ... allows an admin to release patches to users when they have tested them. SUS retrieves patches from Microsoft. An Admin approves them. Client PC's (with an appropriate Group Policy) retrieve and install approved updates from the SUS server. Easy.

    If you're paranoid^H^H^H^H^H^H^H^Hsensible, wait a week or more to give the rest of the world time to find bugs, test the patch thoroughly in a test environment, and of course ask yourself if you actually need it.

    ps. how many of todays slashdot readers know what ^H means?

  8. Unfortunate by Davak · · Score: 5, Insightful

    This is not good for the average consumer.

    Bugs like this keep the common microsoft user from installing the latest and greatest updates. They might not understand that their security is troubled until they recent damage; however, they understand this:

    "I finally ran windows update... and now I can no longer get on the internet. Crap, I'm never doing that again."

    Methinks it's a Microsoft-is-too-huge-syndrome. Microsoft can't test its fixes on every possible configuration; therefore, problems like this will occur. Episodes like this have previously occurred and will occur again.

    It's the nature of the beast.

    btw, thanks Slashdot. I could have installed that this morning!

    Davak

  9. Lots More Slashdot Sensationalism by gad_zuki! · · Score: 5, Insightful

    >Also, how is this different from any automated Linux update method?

    Its not. Well, this wasn't automated, it had to be downloaded from the windowsupdate.com site, but I think we're just seeing something of a double standard here.

    Okay /. has an anti-MS bias. So do a lot of people, but losing network connectivity is pretty serious, especially on the world's monopoly OS.

    What really gets me is that whenever there's an MS problem the /. crowd complains about ignorant users who don't patch. Now the patchers are the problem?

    MS's automated patching system isn't bad, it keeps Joe User updated and there simply will be x amount of problems over y amount of time, as you said just like with any other vendor.

    Enjoy the schadenfreude guys, it'll just make real MS complaints sound all the less convincing. Optional supplemental reading: the boy who cried wolf.

    Crying wolf is a big problem when criticizing MS to the uninitiated. I have the displeasure of taking a 3 hour class with a rabid anti-MS type and at this point no one takes him seriously because of his zeal, even though 2/3 of the stuff he says are actually excellent points.

    Engaging in simple-minded schadenfreude simply makes people look less credible. Seems like a tough lesson to learn for the loud-mouth anti-MS types.

  10. Come On Now... by tomakaan · · Score: 4, Insightful

    Many of us here on /. are developers. Are you going to honestly say that you've never screwed up in one of your releases and had a security or other bug slip through testing? You tell me that and I've got two words for you...bull ****. Yeah, Microsoft is on a much bigger scale than most of us, and they make a lot more money in sales, but everyone screws up still. Everyone screws up, even the "big-bad-money-hungry" Microsoft everyone loves to complain about!