Slashdot Mirror
Microsoft Pulls Broken XP Update
Cally writes "Yahoo! reports that
Microsoft have pulled a Windows XP update from the Windows Update servers after it killed network access for some users of the claimed 600,000 who installed it. (Does this mean only 600,000 XP users trust Windows Update?) The story hints that the problem was something to do with VPN or IPSec drivers clashing with Symantec software - however I haven't found anything about this on the Microsoft KnowledgeBase (the link Yahoo provide goes to the generic support home page.) Anyone got more info?"
try http://support.microsoft.com/default.aspx?scid=kb; en-us;818043
windows mustive been getting too stable. .
Do they have any sort of quality control?=)
How Now Brown Cow
I am currently porting apt-get to Windows. This will mean that these types of embarassing security breaches never happen again. apt-get is the answer to all of today's problems.
Not sure but I think this is the link. Does not mention that it is pulled though.
k b; en-us;818043
http://support.microsoft.com/default.aspx?scid=
Slashdot, home of supporters of free software, free music, and free speech.Except for Moderators that disagree with you.
If XP is allowed to go find its master and patch itself, any problem with a patch will spread widely to the people least able to deal with it.
At least this patch made it perfectly obvious that it had a bug.
Has a Linux, or FreeBSD patch ever been pulled because it was broken? *yawn*
I'd say it was a slow news day, but it ain't even daytime yet.
Maybe because they couldn't get online to report the problem???
Unfortunately, it's something we've all heard before. I'm a recent entrant to the world of tech support, and the company I work for (much like many other large companies) refuse to touch a new Microsoft OS until it's been through at *least* one, preferably two service packs. Likewise, updates that Microsoft class as "critical" are not to be installed for at least a fortnight, unless they are for serious security holes with known exploits. Whilst I think this is probably a rather conservative approach, it sure as hell is better than having the network crash down around you. I believe this company was bitten badly by such a problem with a patch a couple of years ago, hence their policy on updates.
In real life, people don't trust MS patches until they've tested them on their own systems with their own application mixes.
Until MS raises their quality assurance and testing to a higher level than it is now, knowledgeable system admins, responsible for managing lots of Windows systems in their environments, will continue not to trust Windows Update.
"Provided by the management for your protection."
Does this mean only 600,000 XP users trust Windows Update
What do you think is more likely: "only" 600,000 people trust Windows Update or everyone else just hasn't patched for checked for patches yet? I personally don't use the little auto-notification thingie, I just check every once in a while.
Also, how is this different from any automated Linux update method? Software has bugs. Patches may have bugs. Regardless of vendor, patches are not perfect and may induce problems.
Agree or disagree with me, when you think about it without bias it's true.
Part of the pro-Palladium spin is that it will stop people infecting M$ machines with worms.
But that would leave a major gap which, according to this story, has been admirably filled.
Trusted computing - only trust the worms written and distributed by MS itself.
-- In the beginning was the WORD, and the WORD was UNSIGNED, and the main(){} was without form and void...
A new worm has begun infecting XP systems that didn't install the latest patch. "It's their own fault, they should have kept up to date" said BG.
One line blog. I hear that they're called Twitters now.
""There were hundreds of thousands of people who downloaded this, and we know of only a handful of people who had the problem."
Mother is the best bet and don't let Satan draw you too fast.
The article says that since this wasn't a critical patch, just an 'improvement', auto update doesn't install it.
If those people lost network access, how would Microsoft know? ;^)
One line blog. I hear that they're called Twitters now.
All I know is that, having decided to pull down some of the critical updates (not on auto, you understand) I can no longer get the properties window to appear for a directory in Explorer, except in safe mode. Kind of makes it difficult to administer security that does; oh and the performance went down a heap too. Even tried backing them all out too, but the system restore was disabled - too little disk space apparently, nice of it to tell me in time(!).
Only four hours ago, I was on the phone to MS support. If the p.c. is started with only MS services enabled (there's only Norton or MS ones on this machine) via the msconfig utility, everything is fine. If I disable all the non-MS services in the services window though and do a normal restart, everything is broken again - duh!
I'm going to try unloading/reloading all the Norton stuff again but don't hold out much hope. Oh well, looks like I'm up for another rebuild, the sixth in five months... and no, I won't be using the updates in future
Go permanent? In your dreams and my worst nightmares.
>Does this mean only 600,000 XP users trust Windows Update?
Umm... NO. It doesn't.
And stop taking cheap shots at MS, it just make you look like a whiny school kid.
There is plenty of reasons to bash MS policies and software, but the signal-to-noise ratio is getting silly.
... allows an admin to release patches to users when they have tested them. SUS retrieves patches from Microsoft. An Admin approves them. Client PC's (with an appropriate Group Policy) retrieve and install approved updates from the SUS server. Easy.
If you're paranoid^H^H^H^H^H^H^H^Hsensible, wait a week or more to give the rest of the world time to find bugs, test the patch thoroughly in a test environment, and of course ask yourself if you actually need it.
ps. how many of todays slashdot readers know what ^H means?
Story submitter here - I forgot the attribution (my bad); I picked this up from the Full Disclosure mailing list, specifically, this post by Richard M. Smith.
"None are more hopelessly enslaved than those who falsely believe they are free." -- Goethe
(Does this mean only 600,000 XP users trust Windows Update?)
Or does it mean that after a hundred thousand complaints they pulled it from the site?
*SLAP*
Windows Update is flawed. I did a search the other week to find out more information on why some of our Windows 2000 workstations were suggesting old patches needed to be applied.
For example, I've downloaded, installed, and rebooted as required for the security update from Feb 13 for MSXML 4.0 and the bloody thing still keeps coming back!
Now I've got ones from April and later that keep returning like zombies to haunt me. You'd *think* that it would be simple... but noooo.
Yet another example of MS trying toi pass the buck and dodge the bullet...
I had NO symantec s/ware on my system, (I use Mcafee) and I lost all networking / internet access.
Also, the Yahoo article says that the update had to be removed which is bull$hit, the update could NOT be removed, and the only way to fix my system was to re-install and re-update Windoze.
MS said only a small number complained, well, I did, and a couple of days later the update was pulled, no reply to my email though, not even a thank you or aknowlegment - typical MS =O(
fLaMePr0oF
This is not good for the average consumer.
Bugs like this keep the common microsoft user from installing the latest and greatest updates. They might not understand that their security is troubled until they recent damage; however, they understand this:
"I finally ran windows update... and now I can no longer get on the internet. Crap, I'm never doing that again."
Methinks it's a Microsoft-is-too-huge-syndrome. Microsoft can't test its fixes on every possible configuration; therefore, problems like this will occur. Episodes like this have previously occurred and will occur again.
It's the nature of the beast.
btw, thanks Slashdot. I could have installed that this morning!
Davak
Nearly... it was 600,000 downloads, not 600,000 broken internet connections. According to the article only 'a handful' of the 600,000 who downloaded the patch had problems.
It's moments like this that prove that the phrase "Microsoft KnowledgeBase" may in fact be the ultimate oxymoron.
Every software update is a risk. Especially OS updates. With software, I always fear that beside enhancements, also restrictions will be built in (happend with quicktime once years ago). Therefore, I usually
keep a copy of the old software or to make full backups before upgrading the OS. Updating software is not trivial because it X + A + B is not equal X + B + A : the update A can and will in general change something of the modification B. After a few such operations it becomes very difficult to keep track about all possible
states the users can have on their machine.
My experiences from updates:
- even for modern Linux distributions, it is a good idea
to make full new installs rather then upgrading. I personally
always had problems with upgrades and almost never had problems
with full reinstalls.
- the OS X updates went all smooth so far. Still, I always upgrade
first one machine, wait to see if everything works fine before
updating the others.
- XP updates. No problem with vmware. Just keep an copy of the
old virtual machine around. If something screws up or one of
the software has decided to "upgrade" itself:
rm -rf winXPHome
mv old.winXPHome winXPHome
Virtual machines can also easily be copied from one machine to
an other.
Bollocks. First of all, MS outsources customer support in most countries, so you are likely never to have talked to a MS helpdesk. Second, and most important, I have had to talk to MS helpdesks in three different EU countries and, trust me, it has been VERY easy to get someone to register my problem. NOT ONCE have I been told to send them an e-mail. YMMV, of course, but "always", does not hold true.
Mother is the best bet and don't let Satan draw you too fast.
Thankfully, I uh.. well, lets just say that windows update would cause information about my machine *caugh*cd key*caugh* profile to be 'exposed'. So, like any self respecting geek, I killed update at the machine level. Now your thinking...insecure? No bug fixes? C'mon, its windows for gods sake! RAID couldnt kill THAT bug.
Speaking at Defcon 12 - Credit Card Networks Revisted: Pen
It's not a bug, it's digital rights management preventing illegal file sharing!
For most people, it is the only way they're ever going to install updates on their computer. However, I've found production Windows 2000 servers with this feature enabled! This is at least the 2nd or 3rd time that I've read a story on /. about a Windows XP/2000 patch that was no good.
If you want to disable automatic updates on your computer, go to Control Panel->System->Automatic Updates tab and click the buttons to turn it off. You'll be better off picking what you want to update manually.
Never hit your grandmother with a shovel, for it leaves a bad impression on her mind...
http://support.microsoft.com/default.aspx?scid=kb; en-us;818043 ...
What good is a Knowledge Base article, Mr Anderson? If you're unable to surf?
When I am king, you will be first against the wall.
The patch has been out some time now (more then a week). I have indeed installed it and have been figuring out for a day why my network card did not work anymore :(
After deinstalling the update (luckily that was possible, there are updates where there is no rollback) everything worked fine.
I checked again with windows update and the patch wasn't avaialble anymore (this was last saterday), so I reckoned it had nothing to do with my setup, or at least was not the only one.
Disclaimer: This opinion was created without the use of any facts
If you're running XP SP1, you definitely do not want this fix. It will bring your system to a crawl. See this for more info.
See, there's this new technology called "the telephone".... :)
Sig ?
http://www.threedegrees.com/MessageBoards/ShowPos
What is going on is that Symantec's AntiVirus software is clashing with Microsoft's attempt to update some critical files, and when only half of the files are updated and the other half is denied, the result is a broken machine.
The fault can't entirely be blamed on Microsoft in this case.
(Does this mean only 600,000 XP users trust Windows Update?)
:P
Not everbuddy checks their windowsupdate every fifth minute
"If you loved me, you`d all kill yourselves today"
Spider Jerusalem
What was the liability when linux kernel version 2.4.12 or whatever it was that would nuke a partition if unmounted? None. And this was a stock kernel in the stable branch... oops.
Everyone fscks up, not just Microsoft!
>Also, how is this different from any automated Linux update method?
/. has an anti-MS bias. So do a lot of people, but losing network connectivity is pretty serious, especially on the world's monopoly OS.
/. crowd complains about ignorant users who don't patch. Now the patchers are the problem?
Its not. Well, this wasn't automated, it had to be downloaded from the windowsupdate.com site, but I think we're just seeing something of a double standard here.
Okay
What really gets me is that whenever there's an MS problem the
MS's automated patching system isn't bad, it keeps Joe User updated and there simply will be x amount of problems over y amount of time, as you said just like with any other vendor.
Enjoy the schadenfreude guys, it'll just make real MS complaints sound all the less convincing. Optional supplemental reading: the boy who cried wolf.
Crying wolf is a big problem when criticizing MS to the uninitiated. I have the displeasure of taking a 3 hour class with a rabid anti-MS type and at this point no one takes him seriously because of his zeal, even though 2/3 of the stuff he says are actually excellent points.
Engaging in simple-minded schadenfreude simply makes people look less credible. Seems like a tough lesson to learn for the loud-mouth anti-MS types.
For whatever reason, though, I never use Windows Update, and I don't know that I've ever patched my Windows XP, outside of SP1. Maybe it's because I really only want to use Windows for gaming and not bother with much else, but I think it's also because, when I get something working, it's sometimes through some steps that elicit black magic from Windows, and I'd like the feature to stay working. The most recent example is the Windows XP VPN service, which for whatever reason will issue me an IP I want, and will work with other users' routers, only occaisionally. Windows allows so little control over its features (compared to Linux and others), and VPN is no exception: A set of wizards, so when it works, yea I'd like it to stay working, and this patch warning that VPN may be affected, is certainly only redoubling my avoidance of Windows Update.
We all know the history of Microsoft and patches, so I'm certain that is a sort of "subconcsious" reaction when I see that awful tooltip in the corner. My Windows patching tendencies are highlighted by my almost religious running and adherence to OS X's Software Update panel (alright, I haven't installed the latest iTunes update
"Does this mean only 600,000 XP users trust Windows Update?"
No, that's not what it means. Users who are savvy enough to know about the 'issues' with Windows Update probably don't use Windows XP, for the most part.
Actually, what this means is that you found a story about Microsoft, and needed a way to trash them, so you came up with a lame rhetorical question.
Honestly, what would you have them do? Not retract the broken update? Around here Microsoft is "damned if they do, damned if they don't". They just can't do right by many Slashdot posters.
Sure Microsoft does a lot of bad things, but certainly retracting a broken is not one of them.
Call them on their bad business practices, sure. But snide remarks like yours only make anti Microsoft people look childish, foolish, and generally make you look like you're really struggling to find something wrong with them.
Anti Microsoft Slashdot Goldmine
1. Find non-news story about Microsoft rightly retracting a broken update.
2. Insert witty, yet trollish rhetorical question.
3. Post to Slashdot.
4. Wait for the Karma to roll in.
5. Profit!
"A terrorist is someone who has a bomb but doesn't have an air force." -William Blum
You're right -- the expectation that a product should work as intended is entirely unfounded. Thank you for freeing me from the ignorant cave in which I have been hiding all these years.
"The evil of the world is made possible by nothing but the sanction you give it." -- Ayn Rand
Only 2nd or 3rd? Don't visit /. much, do ya?
"The evil of the world is made possible by nothing but the sanction you give it." -- Ayn Rand
I think the biggest problem is how the Windows Automatic Update feature is turned on by default on everyone's machines.
Note that the Automatic Updates feature has three possible configurations.
1) Notify before downloading, notify before installing. This is the most conservative as user intervention is required twice along the way.
2) Download updates automatically, notify before installing. This is probably the best of the three options as it will trickle all updates down to your computer using unused bandwidth and then prompt you to install when everything is there. User still has FULL control over which patches get installed. This, by the way, is the default setting for Windows 2000 and Windows XP.
3) Download updates automatically, install them automatically on a preset schedule. For complete hands-off system administration, let Microsoft have full control over your machine. Not recommended but available anyway.
Of course it can be turned off completely or never installed in case you never want to deal with automatic patching.
I guess I was not the only one who got hosed downloading this update recommended to me by MS thru the update site. It ruined my DSL connection and could not be uninstalled. I wound up fdisking and formatting, which of course required the nice little phone call to Microsoft to get this number and that number. When they asked me why I was calling, I told them I downloaded an update from the update site that killed my internet connection - they were very polite after that.....wonder why? :)
When Apple comes out with their new PPC 970 systems I will be first in line to buy one. I dont like what I see coming down the Microsoft trail re DRM and all the spying going on. I liked my G4 when I had it but it was so slow compared to my windows box I sold it. Seems like Mac maight make a comeback, I'm sure I'm not the only one thinking this way. But there's no way I'm buying a G4 unit.
2.4.15 I believe. Released on thanksgiving day so it was called "Greased Turkey". I remember reading about it on a machine that was using it. There was a way to unmount the drives without them being corrupted, luckily, so I was able to reboot into a different kernel. But it was pretty dicey.
Hmmm... while tempted to launch into the whole PC vs Apple debate, currently I don't have the time...
I've got to get down to the pro-choice rally before I go lobby for my right-to-bear arms. After lunch I am attending the pro-captital punishment rally. Then hopefully tonight we can attend the fund raiser for the statue of Al "i invented the internet" Gore.
Here are the flame war rules. Please print them out for later reference.
Davak (in asbestos underwear)
First things first - I love open source software. I prefer Linux. But let's be realistic:
Microsoft is a software vendor - a software vendor has employees that know, love, and baby their source code to produce a software product. Windows XP is one of their software products. These software developers know their particular piece of the puzzle well - while they may know jack and doodle about another piece of the puzzle within the same product. Nevermind they have no clue on how another piece of software is written from a completely different vendor!
If Microsoft were to release a patch to Windows XP - do you honestly want them to test the patch against the fifty three million software products that are available to run under their operating system? Let's not forget all the legacy versions that are still floating out there.
C'mon - that's ridiculous. It's an unfair argument to state that Microsoft should test against software not written by them. I would expect Microsoft's testing strategy is to make sure that the software does not adversely affect the performance of their own operating system and the software that came with it.
Since we do not have sufficient information about all the software that was affected by the patch, we do not know the whole scope of the problem. All we know is that Symantec's software product conflicts with the latest update.
If five software products out of fifty three million are broken while the remainder has absolutely no problem - would it not be safe to say that the problem does not lie within the patch, but perhaps the coding practices of the five software products that have the conflicts?
Unlike what I would have expected from Microsoft, pulling the patch was the right idea. I imagine their quality department immediately dispatched a request to Symantec to evaluate the possible conflict and to work a resolution as a fast as possible.
Ayup
When the update occurs, XP makes a new restore point.
If you are ever having problems after an update... just roll the system back. Easy.
Restore Point Link
DavaK
According to the story the main (although not the only?) problem is with systems that have anti-virus software installed. I'm not surprised. Anti-virus software is written by people who don't fully understand MS's incomplete and incomprehensible documentation, who have often had to reverse-engineer something that MS might change at any moment... and the AV suppliers do not, themselves, bother to document the ways in which their product subtly buggers up a Windows system... so that we can't even tell whether a particular eccentric behaviour might be the fault of the AV.
Whenever a really mysterious bug in a Windows program appears, I always ask users to try running it on Windows (rather than Windows-as-modified-by-an-AV). More often than not, the bug goes away.
Give me a break. Let's all start the Micro$oft bashing, right? Because it couldn't possibly be another vendor's fault, like *cough*Symantec's*cough*?
I had a similar problem to this about a year ago, under Windows 2000. I was using a piece of firewall/intrusion detection software called BlackIce. They released a new version of BlackIce, I installed it. Then I installed a network/security update from Windows Update.. rebooted, and what do you know, my internet doesn't work anymore. I contact BlackIce's tech support (who was very helpful) and they admitted they were aware of an issue with that particular security update and their software not working together, and that they would be releasing a patch soon for BlackIce. Microsoft wasn't at fault for it, BlackIce was, and they admitted it.
Not All Who Wander Are Lost
So, I read Slashdot and find the answer to my Windows support problem! That's certainly different :)
BTW, to those who said the only way to solve is to reinstall Windows, have you tried rollin gback to the last system checkpoint before the upgrade? (worked for me on XP)
Many of us here on /. are developers. Are you going to honestly say that you've never screwed up in one of your releases and had a security or other bug slip through testing? You tell me that and I've got two words for you...bull ****. Yeah, Microsoft is on a much bigger scale than most of us, and they make a lot more money in sales, but everyone screws up still.
Everyone screws up, even the "big-bad-money-hungry" Microsoft everyone loves to complain about!
Quoting from the site:
"This problem occurs because of a regression error in the Windows XP SP1 versions of the kernel files (Ntoskrnl.exe, Ntkrnlmp.exe, Ntkrnlpa.exe, and Ntkrpamp.exe) that were included in the original 811493 security update. On May 28, 2003, Microsoft released a revised version of the 811493 security update for Windows XP SP1 to address this problem."
It's fixed and is a non-issue. Moderators were had.
"Sufferin' succotash."