Slashdot Mirror
Microsoft Code at Fault for Half of all Windows Crashes
Flamester writes "In a ZDNet Australia story, Microsoft is claiming that half of all MS Windows crashes are the fault of third party code, not their own. That is, according to Dr. Watson.
The article also goes into the 'rigor in which MS tests their products before release'. "
So 50% of all system crashes are caused by 3rd party drivers and the other 50% are caused by Microsoft code.
Sounds bad, but compared to the number of application crashes, the number of actual OS crashes is infinitesimal.
Or really just One Ring to rule them all? An application in a protected-mode OS (running in Ring 3 of the x86 chip) can't touch kernel space (Ring 0). Now, if an OS vendor does things like put its GUI subsystem in Ring 3 (cough, NT, cough), and you let 3rd party people write drivers that 5uXX0r5, then yes, you can have a case where 3rd party code causes crashes. BUT YOU (MS) PUT THE GDI SUBSYSTEM IN USER SPACE!
If the OS design is so poor, or hacks and compromises are made for gaming performance at the expense of stability, then you can't really complain when the system goes unstable.
I want to delete my account but Slashdot doesn't allow it.
What kind of third-party code are they talking about here?
Userland applications or device drivers?
As so many others undoubtedly already have remarked, an application, however shoddily written,
should not bring down the whole OS.
If they're talking device drivers.. well, that's a different issue entirely.
On the other hand, if this is the case, what the heck is that MS certification process for?
Also, it is likely that MORE than half of the applications run on a Windows box are non-microsoft applications, that would mean that statistically MS apps crash more often than third party apps.
Not that I really care to defend MS, but playing devil's advocate, MS apps would be more likely to crash than other apps because they're used more. Your average user of a Windows machine will use Outlook, IE, Word, Excel, and Powerpoint. What non-MS apps will the average user want to use? AOL/AIM, WinAmp, and Kazaa. There may be a few others, but none that will be used as often as the MS-created applications. If you never use the app, it can't crash the system.
Ceci n'est pas une sig.
The problem is that you have to give third-party device drivers access to the ring-0 "core" of the OS in order for many of them to function properly. One bad device driver can indeed take down the OS, and given the number of poorly written device drivers out there, MS's claim may be valid.
"Can't you see that everyone is buying station wagons?"
There is no advantage to either. Remember the filesystem-corrupting Linux kernel release? That was a pretty big blunder...
"Sufferin' succotash."
Not QNX! QNX drivers run in protected mode. Hell yeah, Microkernel biznatches!
<Amanda`> I just went out to the parking lot in my bathrobe to exchange warez CDs.
Try this (as root) on your Linux box: /sbin/hdparm -Y /dev/hda > /dev/null /sbin/cfdisk
Down goes the OS. Granted we're doing something as root, but all we're doing is putting a drive to sleep and then running cfdisk on it.
This actually may be true, but the Microsoft OS products permit sloppy coding, and a buggy and poorly standardized API make it this way. Microsoft has 3.0, 3.1, 3.11, 95, 98, me, nt, w2k, xp and variants like home, pro and servers that make it difficult to have a stable release.
Since the 286 cpu, memory protection has been available but still today on P4's and AMD 64 cpus, memory protection in windows is weak.
Now, Microsoft is saddled with it's OS design mistakes and heading into the future and it is going to get tough for M$.
Or M$ will come out with Microsoft Linux and tell us it is derived from NT.
If MS should learn anything from Linux development, it's that free, on-line and open collaboration breeds better drivers and a more stable OS.
Yeah because we all know Linux has the best drivers for all the hardware out there. I've got a sound card that goes crazy for no reason because the drivers are just that good!
What you say might make sense if all the hardware vendors would release the specs for their hardware, but that's simply not the case. And it's not going to change any time soon.
Even with Linux there are some binary only drivers that can lead to the exact same problems that Windows exhibits. So the real problem isn't with Microsoft at all, it's with hardware vendors.
Here's another stupid quote from the article:
Consider this: Microsoft has been ordered not to use the term MSCE in both the United States and Canada because Microsoft does not have the legal right to "certify" people as engineers. This playing fast and loose with terms now extends to:- MCSE == an illegal appropriation of the term Engineer to fool the consumer and anyone stupid enough to pay for it
- Security == a fucking joke that isn't funny anymore
- Best practices == "we don't know how to fix it", as in "We're following best practices."
- Enhanced user experience == Fisher-Price interface
- Where do you want to go today == "Where the fuck did my data go!"
The problem wan't driver crases - their "Dr. Watson" wouldn't get a chance to report back to the mother ship in most of those instances.I disagree, who are you to say that every driver ever written for Windows was 100% compliant, written exactly to Microsoft's DDK recommendations, and free of all semantic blunders? At best, that's naivete, at worst, unwitting zealotry.
I'm not suggesting that Windows infrastructure isn't to blame for many system failures, but making blanket statements is far beyond that.
--- What
Amen, brother.
And here I was worried that I was the only one to receive things that could never have even been tried.
help me i've cloned myself and can't remember which one I am
which is still sad, especially for an os whose zealous followers claim it is derived from VMS...
VMS had a major advantage in that almost every device attached to the system was also manufactured by DEC. With Windows there are a gazillion vendors of every component you can imagine.
There is no way commodity intel boxes are going to match the reliability of the DEC hardware built to run VMS. The build quality is just not the same - apart from the junk like the Multia that DEC built when it was on its way under.
One of my pet peves about reviews of the latest video hardware is that the quality of the drivers seems to receive only scant attention. I have video cards by nvidia and ATI, the performance of the two cards is indistinguishable but I have had far more hassle with the ATI drivers.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
How can you claim MS's testing dept tests code more thoroughly than the open source guys? Perhaps you mean the programmers who wrote the code specifically. That I could belive. However, there are tons of people who enjoy fixing or finding bugs, and provide hundreds of man hours of testing a day. That's one of OpenSource's primary strengths.
As a general aside:
I have had multiple programs consistently crash Win2K. Certain old DOS progs, but also win32 programs have done it. Some of these worked in 9x, and some crashed both. Not drivers: apps.
This discourse should not devolve into mindless Microsoft bashing. (it's going to, I fear)Especially not when careful argument can do so much more. However,
MS die-hards need to admit that some of this criticism is deserved. Heck, MS just did... "50% Aren't OUR fault, we swear!"
maybe we should ignore precisely half of all complaints from here out?
-THE Nate
-THE One True Nate
That's just ignorant. Any device driver running on the system has complete control of the system. To architect an OS otherwise would take such a huge performance hit to make the OS unusable. Any device driver can blue screen a Windows machine. It's the nature of the beast. And it is in no way Microsoft's fault if a third party device driver does something that is clearly illegal according to the DDK. Read the other posts about the same thing being true of Linux kernel modules and PDP systems.
I dunno about MS specifically being penalized, but in Texas you can't claim to be an Engineer unless you really are one (and MCSE doesn't count.) I seem to remember hearing something about some computer firms in Tx being pissed about not being able to call their programmers "software engineers."
Anyone else notice how the article talks about headline of the article blames third-parties for half, and how slashdot headlines blame M$ for half? Interesting... ;-)
I hate to admit it, but my nvidia drivers have been wreaking havok on my Linux laptop. I'm doing better now since I know to never close the lid or allow the screen to blank when running on batteries. The frequent crashes when starting and stopping X have been eliminated by not using VESA-fb anymore. But for a while my Linux system was crashing (complete system lockup) more often than a mid-90's Macintosh!! I can't think of a worse insult than that.
I'm now testing out the more recent Nvidia drivers (4496) and it's good so far, but I haven't been using it for long and haven't tried anything "dangerous" yet. Earlier drivers (=2960) were MUCH more stable but I can't seem to revert back.
I know this doesn't refute your argument. The nvidia drivers are proprietary with an open source wrapper. And with Linux machines running 100% open source drivers, I've seen uptimes that rivaled VMS systems. Genuine Linux kernel crashes on a stable system are so rare I've only seen two or three in 8 years of working with Linux on dozens of computers.
But Linux is no better than Windows in that "3rd-party" (in this case proprietary) drivers are still allowed, are often necessary, and are most likely responsible for system crashes. Well, actually I see a Windows NT BSOD every couple of weeks, and if half of these are due to Windows code, then the Linux kernel is more stable by a couple orders of magnitude.
The article's headline (both on /. and ZDnet so no blame to /.) says "Windows Crashes", which implies that the OS actually crashes. However the quote in the article says "Crashes in Windows" which implies that some application running under Windows crashes, not necessarily the OS itself.
Which is it? I am confused. The latter isn't the fault of MS. But no application failing should be able to crash Windows, it's the OS's job to make sure it can handle failing programs.
TROY
I'm wondering why the news:
Microsoft is claiming that half of all MS Windows crashes are the fault of third party code, not their own.
turned up side down..
Microsoft Code at Fault for Half of all Windows Crashes
Actually I always send the info, because then IE pops up with current tracking information on the bug, and things like "this problem is fixed with x patch. would you like to download x patch now?" It's really a nice system, to tell you the truth.
Let's see... umm... A MS basher is someone who believes that half the bugs belong to MS. A MS apologist is someone who believes half the bugs belong to somebody else.
Of course if you want to avoid emotional implications when describing the glass, you say "it's 50% water and 50% air". Likewise for this, except...
If half the *code* in your system is written by somebody else, and they are responsable for half the bugs, then that tells you that you and the other guy are equally competent.
Of course, you can spin those statistics anyway you like to suit your needs. Some programs are historicly more difficult to write than others. You could evaluate binary bytes, LOC, or number of binary files to get the spin you want.
I'm willing to wager that MS and its partners are equally competent, since they draw on similar pools of talent. If there is any significant differential, things will tend to regress to the mean of proportional bugginess. For example, if a given vendor always writes buggy code they will eventually be replaced. If MS can't write something, they will eventually buy a company that can.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
There is no way commodity intel boxes are going to match the reliability of the DEC hardware built to run VMS.
Can't this same thing be said about MACs? Apple designs them, builds them, and codes the OS for that said machine.
Don't get me wrong, I'm trying to say that this is not only a good thing, but something that I have the feeling this exact thought is kicking around BillyG's and Monkey Boy's heads.
Prepare for a Win* exclusive machine to be released.
I'm not a prophet or a stone-age man,
I'm just a mortal with potential of a super man.
That's ridiculous. It's the operating system's fault for 99.9% of the crashes. The other .1% being reserved for hardware mishaps which may cause crashes. Any processes running on top of the operating system should not be able to do anything which would cause the operating system to quit unexpectedly. That's in "Writing Operating Systems For Dummies" I'm sure of it. I don't know why I'm still amazed every time Microsoft says stupid things like this publicly. They push the blame on their 3rd party developers, and I'm sure most people will read it and believe it. Pathetic.
Third-party code that could reasonably take the blame for "crashing Windows" would almost certainly be limited to drivers or other in-kernel code. Since 99% of third-party kernel code tends to be drivers, most people just round up and say "drivers". :-)
120 character sigs suck. Make it 250.
At least theoretically, shouldn't WHQL-certified drivers alleviate the "driver-related crash" problems? Granted, most of the latest drivers are not certified prior to release.
:)).
But I would guess that application crashes are the result of Microsoft not discouraging users from running as Administrator, or too many programs installing as system services or running as NTAUTHORITY\SYSTEM. Without elevated priveleges, a "user-level" crash might knock out Explorer.exe, but a crash of an app with elevated priveleges would be more likely to take out a neighboring process (like RPC
Ug, sorry, posted this in the wrong place. (@set me=Newb_Slashdot_poster) The Peo Website cites the term Professional Engineer. Not just Engineer. As well, what about all the CNE's? Or CCIE's? Slam them all down if that's the case? Oh, and what about Train Engineers? Those guys that drive the trains? From Dictionary.com *One who is trained or professionally engaged in a branch of engineering. *One who operates an engine. *One who skillfully or shrewdly manages an enterprise. What about Genetic Engieers? According to the PEO site you will be CRUSHED for the impudence! Now, that said, I'm not saying that MCSE's should use the term Professional Engineer. But then should the PEO (and other bodies) call up websters and say to them, 'Oh! You need to change your definition of the word to include this?' I'm an MCSE, and worked my ass off for it. Spent a year in class TCP/IP DNS (protocol list up the wazzo) fundamentals and then working specifically with the OS to earn my Cert. I didn't braindump and hate all the buggers who do so. But the fact is, Until I get a letter from the PEO or M$ saying that I can't put on my resume that I am a Microsoft Certified Systems Engineer, I will continue to do so. Then if the PEO decides to take me to court, then perhaps we'll see if M$ is going to stick by the people who worked for their Certs. This is my first post on Slashdot, (long time Reader) and I know that I'll probably be flamed by those who know better than I. But this was something that I Felt strongly enough about to say something about.
Depends on the vintage. During the Amelio era Apple had serious quality problems. When I was at the AI lab about 6 years ago the Apples in use would crash about twice a day but the way they were going down was completely unlike Windows which tend to crash when provoked - indicating a likely software cause. These machines would just freeze up at random.
Since Jobs has been on board Apple do seem to have a major commitment to build quality. The problems they have been having have tended to be caused by pushing the envelope too far rather than shoddy components.
I don't think that Microsoft will go into the same market as Dell. Building PCs is a very low margin business.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
- Post your ad
- Rat yourself out to the local board
- You WILL get your cease-and-desist letter
I did better. To prove this (that Microsoft was breaking the law) to an engineering friend of mine, I went a step further - threatened to start handing out certifications same as microsoft, by a specific date, unless they took action against M$.Surprise, surprise, got a visit, nut just a letter. Also got a copy of the actins they've taken against Microsoft, and the on-going negotiations re the use of the term "engineer".
They're ready to hand out fines of $600 to $6000 per day per incident, but most people change their ad real quick when they get a copy of the law along with the list of fines.
The funny thing is that in this case I agree with the governing bodies, and I'm usually not in agreement with "government-think".
If you don't want to sign an NDA, you can always take M$ to small-claims court for a refund. You have the law backing you up, and you could probably get the local engineering board on-side.
Microsoft actually contacted us about one of our applications that was occasionally crashing, and talked to one of our developers about where the problem was (what api functions were being called incorrectly).
If MS doesn't open the source, they can say whatever they like. It's up to the users to believe or not believe them as proof doesn't exist.
A crash can be caused because MS's update causes existing things not to be API compatible any more or MS's documentation is not up-to-date causing the third party not to be able to write good software.
Both would be MS to blame even though DrWatson (whatever) tells the third party software isn't good.
just like with any os, badly behaved kernel drivers can trash your system totally..
for example, reading from a null pointer is enough to blue screen nt,xp,... when it's ran at ring-0 level (kernel)
I've had kernel panics occur a lot because of a bad NIC kernel module.. just like I have had tons of blue screens caused by ATI & nvidia display drivers.
At some point or another, the code has to be bug-free, no matter how many exception handlers the OS provides to trap errors, when your display adapter has a bug, there's very little the OS kernel can do about it.
One of my pet peves about reviews of the latest video hardware is that the quality of the drivers seems to receive only scant attention.
Not in my experience. Maybe my exposure to video card reviews is limited, but in the last few Radeon 9*00 vs. GeForce FX 5*00 rounds, a good deal of attention was paid to drivers. The most recent review I read on Tom's Hardware actually compared the FX cards to two versions of the Radeon's Catalyst driver, since ATI was billing the 3.5 version with significant performance improvements. They also spent at least a couple of paragraphs talking about the quality improvements with the 44.03 Detonator driver, since the previous major issue with the FX cards was the hideous quality of the ansiotropic filtering (which turned out to be a driver problem, not a hardware problem).
IMHO, anyone who isn't paying attention to drivers in comparing video cards is missing 75% of the picture. It's like comparing CPUs and completely ignoring the motherboard chipset. (Oh, wait, people do that too, huh?)
Don't you wish your girlfriend was a geek like me?
Mathematically, of course, if one half the problems are not my fault, that leaves the other half firmly in my court.
You're right. But you've misclassified this particular case. It's not an example of the above math. Half the problems are third party code. Some portion of the other half will be MS code, no doubt. And some portion of the other half may be hardware faults, entirely unrelated to anything that could be addressed in code. Crappy motherboard timings (unreleated to BIOS), for one thing. The world is not as black and white as you paint it.
1. "Engineering" is anything that requires knowledge of physics or mathematics to do, and which poses even the slightest possiblity of causing harm. Example: You decide to add a patio to your house and choose a concrete slab that is X inches thick. What happens if you choose X to be too thin? The patio will crack, which might cause someone to trip and skin their knee, which means you need a PE to design a frickin patio! Ditto for furniture, hot rodding your car, etc. There is no sense of proportionality, no room for common sense.
2. Everyone who teaches a technical course in an engineering program has to have a PE. Advanced Power Distribution EE5013? Has to be taught by a PE. Differential equations? Has to be taught by a PE. Technical writing? PE. Ethics? PE. If your relevant professors didn't all have PEs, in the eyes of the law you got your sheepskin from a meaningless diploma mill.
3. A lot of jurisdictions didn't properly write the exception for engineers in training, with the result that their work cannot actually be used. To be legal, they have to hire a PE to redo everything for them for the entire four year training period. (Well, usually an eight year period, because the aformentioned problem that means their degree doesn't count.) Guess how many young engineers can afford a couple of million dollars to hire a full time babysitter.
4. PEs are prohibited by law from accepting anything less than market rates for their work. Want to design a new audio system for a church as a gift? Too fucking bad. The church has to cough up $75/hour for your time.
5. Naturally everybody ignores the laws, and the PE organizations get to fine anybody they want, anytime they want. Outside of civil engineering, hardly anybody bothers to get a PE, thus creating a tremendous shortage of EE PEs (among others). But to become an EE PE, you have to essentially apprentice to one, so the problem is getting even worse over time. I would actually like to get my PE, but I don't even *know* one, let alone have worked under them for four years. It's a ridiculous situation, like being a medical student but there not being any hospitals to be a resident at.
6. In my jurisdiction (and probably many others), your four year apprenticeship has to be *continuous*. If there is a break--you get sick, lose your job, have a baby, go back for a master's degree, whatever--the clock starts over from zero.
7. Almost everything is defined as engineering, including software engineering. However, they only license a few professions (civil, mechanical, electrical, etc.) So to legally design software, you have to obtain an irrelevant PE and then change careers in your late twenties.
8. Absurd continuing education requirements. If a PE masters a major topic, like switched power converters or power-efficient CDMA detection, he is considered to have received almost no continuing education. If he does a bunch of make-work papers, seminars, etc., he is considered to have substantially advanced his continuing education. Somebody apparently visited a college of education and smoked some of the really good crack that the teachers' unions get.
It *really* is a Ponzi scheme. It barely scrapes by for civil engineering, and then only because the customer's lawyers actually insist on quality, government license be damned.
yet all over the world there are many windows systems affected by the latest virus and windows is failing maybe they missed a few things in the rigerous testing
With the help of Intel and the "trusted computing initiative" only MS certified objects will be alowed to run on your computer. The fritz chip extentions are already in place for this in the p4 and up, so when you install Longhorn you will effectively surrender control of your computer to MS, the RIAA, Hollywood and the Government. But don't worry the trade off is you will not have to worry about worms and viruses anymore sucker! Unix systems are not attacked because to install an executable you need to be root, and any user that knows squat uses a decent pass word mine was dos_booty until just a few minuites from now when I will change it again.
OH THE SHAME I fell off the wagon and use sigs again!
Comment removed based on user account deletion
Honestly, I'd say 'military' has more ability to kill 'the most people in the least amount of time through incompetence'. That's why there's a lot of redundancy in the military. And in engineering, too.
Mech Eng people don't need to get a PE. We honestly can't kill a lot of people with our stuff (worst that'll happen is someone might break a leg if I screw up a design and one of my instruments falls on someone). Civil Engineers are pretty much required to, for the reasons you mention above.
I'm not shy, I'm stalking my prey
I have seen software crash both Windows and Linux, MySQL has eaten any and all available memory on Linux
/tmp or /var/). Not to mention that root apps get that last 5-15% of disk space all to themselves, and don't even discuss running a service as root anymore (including mail).
Dude, use ulimit. Out of memory is not an excuse on a unix platform. Likewise with forking-to-death or disk space.
mysql, postgres, httpd, etc all have provisions to limit the number of connections and in some instances memory foot-print (postgres). But all of that can be backed by ulimit.
Disk space a problem? Use disk quotas, or simply sym-link to a separate partition to prevent one overzellous application from hogging too much disk space (killing either
The key to UNIX is building apon trusted concepts instead of re-inventing the wheel every 3 years.
I will say in both Linux and MS's defense, however, that making a server robust is a lot easier than making a front-end robust. Servers typically don't require interrupts (disk and network can often be offloaded for most of their activity), and usually don't require any hard-to-protect application-spaces. The services have well defined interfaces which are relatively easy to detect (especially with over-flow exploits).
The trouble is when you're writing interactive applications, or computer-interfacing devices: USB/serial/parallel/video/sound, all with really creative/ambitious drivers that need kernel access. Hell, the fact that a GUI can be hardware accelerated makes this limitation as well. However, using a client-server model allows that the data be kept safe even in the event of a front-tear-down. If you application-space and your GUI space are separate (a la X), then a GUI-lock can still allow a back-end access to gracefully kill the server-applications (word processor, checkbook, code-editors, databases, etc). I love the fact that I can almost ALWAYS go to an mgetty'd text-prompt or ssh in from a remote machine to recover from a GUI crash.. And I almost never lose my data (except in non-persistable data like HTML-forms; mozilla RFC anyone?). X is not necessarily part of the OS; it's just a regular application (barring optional hardware acceleration). Likewise X-apps don't have to crash when X crashes.
This is the model that I'd like to see facilitated, not the COM/DCOM-like CORBA/GNORBA/RMI/KDE-distributed-computing, where each application is dependent on ALL peer applications behaving well. So what if you can embed a spread-sheet in a word processor.. Just freaking directly link to the source code. I don't buy that the benifits of such peer-computing warrent the TREMENDOUS loss of robustness it afford (I run KDE apps under a gnome interface so that WHEN the KDE backend crashes, my GUI is still alive).
It's this complete lack of robust-design principles which have made MS a laughing stock when compared to stability, even though they invest millions/billions(?) of dollars into code-review/quality-control.
-Michael
In an Irony of ironies, I finally convinced my wife to let me ditch our XP partition by installing Win4lin under Linux. She loves it. Though she confesses that she spends a lot of time in the Windows session. She does say it runs better than when it was purely Linux. And she is getting pretty good at tweaking KDE.
I'll admit that on my work laptop I have found myself using the XP partition more now that I have Cygwin installed. I have a copy of MySQL, a decent SSH client, and automake.
I'm envisioning a day when a Windows user won't know he is in Linux, or a Linux user know he is in Windows.
"Learning is not compulsory... neither is survival."
--Dr.W.Edwards Deming
Jesus! The clumsyness of some 3rd party programs is amazing. You _have_ to run _everything_ as administor, which is one of the things that really upsets me. Grrrrr.
No, imagine it more like this: the boat itself is not the kernel. None of the stuff that runs it is the kernel.
The kernel is, in fact,just a life vest. It's going to float no matter what.
Unfortunately, if you lose all of the parts of the boat, you're not going anywhere anyway...
Mod me down and I will become more powerful than you can possibly imagine!
What about the software that tells the weapons where to go?
You can write user-mode drivers in Linux (and most other OS's?) for most things and if they crashed they shouldn't take down the system. Obviously running code in such a way will reduce the performance somewhat but it's possible. For many things (those 101 devices that don't release specs or Linux drivers) I'd think that'd be the ideal way to write the drivers.. only rewriting them for the kernel when you have them well debugged.
At what price learning? At what cost wisdom? The price is a man's peace of mind, and the cost is his life.
Let me refresh you memory, that happened *multiple* times the released stable 2.4 kernel, and not just the early ones.
2.4.11 Symlink issue
2.4.15 unmounting the filesystem would cause it to be corrupted.
2.4.20 ext3 data corruption bug
Not sure when the Reiser one I ran into got fixed (it's still not for Redhat Advanced Server, RH says reiser's not supported and closed it from bugzilla) that I ran into, create a file >2gig system CPU goes through the roof, the file disappears but you can't get back the space from 2gig file even using the Reiser tools. Sucks to know you have 2gig there but you can't get to it anymore.