Slashdot Mirror
Microsoft Code at Fault for Half of all Windows Crashes
Flamester writes "In a ZDNet Australia story, Microsoft is claiming that half of all MS Windows crashes are the fault of third party code, not their own. That is, according to Dr. Watson.
The article also goes into the 'rigor in which MS tests their products before release'. "
So they're saying that a poorly designed application can take down the entire operating system? The OS should be resilient enough to handle application crashes and keep on running, who cares who causes the crash? It's the OS's responsibility to handle it.
Also I would like to see where they got these numbers? If they are using the new 'feature' that notifies microsoft of application crashes then I'd be skeptical... If the OS crashes then the notices won't be sent to Microsoft.
Also, it is likely that MORE than half of the applications run on a Windows box are non-microsoft applications, that would mean that statistically MS apps crash more often than third party apps.
Visualize the world of wine
Microsoft emphasised that products such as Yukon and Exchange Server were undergoing thorough testing -- both internally and via independent third parties -- prior to their release to the market.
Hey, they're TESTING! Wow, they really are taking this trustworthy computing thing seriously. Mr. Chase may have said a similar thing if he hadn't been comped, as reported in the diclaimer at the bottom of the article:
Brendon Chase travelled to Tech Ed as a guest of Microsoft.
Hardhitting journalism.
I'm much funnier now that I'm a subscriber.
Memory protection is a good thing.
Microsoft has laid the blame for half of all Windows crashes on third-party code.
Scott Charney, chief security strategist at Microsoft, told developers at the TechEd 2003 conference in Brisbane, that information collected by Dr Watson, the company's reporting tool, revealed that "half of all crashes in Windows are caused not by Microsoft code, but third-party code".
Charney's comments come as the company highlights the rigour with which it tests its own products before release. Microsoft emphasised that products such as Yukon and Exchange Server were undergoing thorough testing -- both internally and via independent third parties -- prior to their release to the market.
The company is employing root cause analysis and event sequence analysis procedures to scrub out the creation of sloppy code. The result is that individual developers have a high degree of accountability for the code they produce, while the systems and processes associated with code development are rigorously monitored.
Root cause analysis enables the company to check closely the work of individual developers. "If a developer has written vulnerable code, then we look at what else that developer has written and check it," Charney said
Event sequence analysis takes this further, analysing the reasons why the vulnerable code was written. Charney said it was not necessarily so they can sack whoever is writing vulnerable code, but find out the reasons why and how Microsoft improve their staff with training or more efficient processes.
As Charney made his remarks, Charles Sturt University announced they would be offering a Master of Information Systems Security degree including MCSE:Security industry certification.
Charney's also reinforced Microsoft's message to developers and network administrators that they needed to build secure applications and networks "from the ground up".
The chief security strategist's remarks have come at an unfortunate time, as mainstream and niche media outlets produce heavy coverage of the impact of the MSBlast worm, which has infiltrated corporate and enterprise networks worldwide.
That sure is encouraging. What a wonderful operating system you have when half the time it crashes, the crash is caused by third party code. A properly designed OS shouldn't allow third party software to crash it. No OS is perfect, but half the time is just silly.
sPh
I guess MSBLASTER, Code Red, Nimda, SQL Slammer, etc. could be considered 'third-party code'. ;>
Assuming this is true, wouldn't this be an example of how closed source can contribute to programming mistakes? If developers had more access to the OS source could wouldn't they be less likely to affect it adversly with bad code?
UNIX/Linux Consulting
So 50% of all system crashes are caused by 3rd party drivers and the other 50% are caused by Microsoft code.
Sounds bad, but compared to the number of application crashes, the number of actual OS crashes is infinitesimal.
His conclusions are suspect, and so are his motives. It's elementary, really. Bill G should get Magnum P.I. or Simon and Simon to do this investigation.
SCO is responsible for the other half of crappy windows code. This is why Microsoft was so eager to buy a license.
Or really just One Ring to rule them all? An application in a protected-mode OS (running in Ring 3 of the x86 chip) can't touch kernel space (Ring 0). Now, if an OS vendor does things like put its GUI subsystem in Ring 3 (cough, NT, cough), and you let 3rd party people write drivers that 5uXX0r5, then yes, you can have a case where 3rd party code causes crashes. BUT YOU (MS) PUT THE GDI SUBSYSTEM IN USER SPACE!
If the OS design is so poor, or hacks and compromises are made for gaming performance at the expense of stability, then you can't really complain when the system goes unstable.
I want to delete my account but Slashdot doesn't allow it.
What kind of third-party code are they talking about here?
Userland applications or device drivers?
As so many others undoubtedly already have remarked, an application, however shoddily written,
should not bring down the whole OS.
If they're talking device drivers.. well, that's a different issue entirely.
On the other hand, if this is the case, what the heck is that MS certification process for?
...Slashdot poll: Is the cup half full or half empty?
What he just admitted is that HALF of ALL crashes are Microsoft OS related. Every application that runs on a account for more than let's say 5% or 6% of total crashes, but Microsoft still has their full 50% share. That's STUPID-speak on his part. Way to instill company pride by shooting yourself in the foot, and then putting it in your mouth.
-Christopher Wu
http://www.christopherwu.net/
There is only one way 3rd party software can crash an OS: If the OS is so hopelessly broken that it gives that much control to applications.
Microsoft's bad coding is responsible for 50% of their crashes, by their own admission. Their inherently flawed OS structure is responsible for allowing the other 50% to happen.
(This of course doesn't address hardware related issues--all I can say is that MS software is VERY sensitive to borderline hardware)
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
I was googling for the 4 lines of C code that use to crash windows but came across this
Rus
Cheap UK and US VPS
"Empathise with stupidity, and you're halfway to thinking like an idiot." - Iain M. Banks
Hmm... What kind of 'rigor' is that, again? Rigor mortis?
So I guess all of the crashes that I have experienced with Inernet Explorer can be blamed on the the third party software they stole from the University of California and Eolas Technologies Inc.
I'm currently using Linux, which also gives drivers such low-level access that a bad driver can crash the whole machine. I was under the impression that this was a design decision which couldn't be changed without sacrificing performance.
I think in the last day, the number of crashes due to Microsoft code has risen to 75%.
In other news, the sky is blue.
Prevent email address forgery. Publish SPF records for y
... your posting. When a 3rd party driver crashes, it probably will take down the system as well, since it runs in ring 0, and can walk over kernel resources (and probably did).
When Windows gets read-only mempages (IIRC win2k3 has them) for kernel processes, this will be ended, until then: the 3rd party drivers are mostly at fault.
Never underestimate the relief of true separation of Religion and State.
Scene: Microsoft HQ
Present: Emporer Gates, DBallmer
Emporer Gates: Darth Ballmer, it has come to my attention that we do not possess 90% market share in certain aspects of our operation. Your performance diappoints me...
Darth Balmer: Ook.(1)(2)(3) [Hooo...haaa...hooo...haaa](4)
Emporer Gates: Our code causes only 50% of crashes, yet we control 95% of desktop computers...can you explain the ineffectiveness of our operation? Why are we lagging in this area?!?!?
Darth Balmer: Ook. [Hoooo...haaaaa...hoooo...haaaa]
Emporer Gates: Please put your army of flying monkey dark Jedi to work on this problem immediately. I expect results, Ballmer. You will not fail me in this, or you will be looking for bananas in the sodomy pits of the Hutts!
Darth Balmer: Ook! [Hoooo...haaaaa...hoooo...haaaa]
GF.
(1) Monkeyboy
(2) Librarian
(3) I'm aware that it should be "Ape-boy" if the Librarian is an Orangutan, but if you don't tell the Librarian, I won't.
(4) Darth Vader breathing sound
Lots of petrified grits
"And a voice was screaming: 'Holy Jesus! What are these goddamn animals?'" - HST
The article's headline (both on /. and ZDnet so no blame to /.) says "Windows Crashes", which implies that the OS actually crashes. However the quote in the article says "Crashes in Windows" which implies that some application running under Windows crashes, not necessarily the OS itself.
Which is it? I am confused. The latter isn't the fault of MS. But no application failing should be able to crash Windows, it's the OS's job to make sure it can handle failing programs.
TROY
Because only "weenies" make excuses for their vendor. I've only ever seen the excuse as a response to somebody complaining about Windows instability - whether it's Microsoft's fault or not is irrelevent if it's stopping you from getting your work done.
I dare say it is, but what does Linux have to do with it?
I'm wondering why the news:
Microsoft is claiming that half of all MS Windows crashes are the fault of third party code, not their own.
turned up side down..
Microsoft Code at Fault for Half of all Windows Crashes
I'll probably be modded off-topic, since a story like this on Slashdot is nothing more than MS-bashing flamebait, but I'll try anyone.
First of all, the article says "crashes in Windows," not "crashes of Windows." So it's not entirely clear to me if they are counting application crashes which don't impact the whole system or just the ones that bring down the OS (as most of the bashers in this thread seem to think).
Second, if this is based on error reports, it's skewed by a lot of things. For example, I send the reports when I suspect it's MS code at fault, and I don't send them when I suspect a third party app. I figure MS can't do anything about the third parties, so why bother. The point is, lots of things can skew these numbers.
But most importantly, the bulk of the article, which most Slashdotters seem to be ignoring, is about tracking root causes of bugs. There is no silver bullet in software quality, but this approach is a good place to start. It's something that should be taught in CS courses, and it's something we experienced programmers should be training our juniors to pay attention to.
When you fix a bug, do you ask yourself how it got in there? Where else in your code a similar bug may appear? How can you avoid making the same mistake in the future. How you could have detected the bug sooner? How did the test cases miss it? These are powerful questions if you take them seriously.
It's a mindset all programmers should have. Ironically, I learned it from a Microsoft book, Writing Solid Code by Steven Maguire. Buy it, read it. Pass a copy onto your peers.
Let's see... umm... A MS basher is someone who believes that half the bugs belong to MS. A MS apologist is someone who believes half the bugs belong to somebody else.
Of course if you want to avoid emotional implications when describing the glass, you say "it's 50% water and 50% air". Likewise for this, except...
If half the *code* in your system is written by somebody else, and they are responsable for half the bugs, then that tells you that you and the other guy are equally competent.
Of course, you can spin those statistics anyway you like to suit your needs. Some programs are historicly more difficult to write than others. You could evaluate binary bytes, LOC, or number of binary files to get the spin you want.
I'm willing to wager that MS and its partners are equally competent, since they draw on similar pools of talent. If there is any significant differential, things will tend to regress to the mean of proportional bugginess. For example, if a given vendor always writes buggy code they will eventually be replaced. If MS can't write something, they will eventually buy a company that can.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
Um... where in the article does it say 3rd party code brings down the WHOLE O/S? In my experience the robustness of Windows has improved dramatically with every version (nevermind ME :-) I see individual applications crashing -- about 2 or 3 times a month. In fact, I typically go weeks and months between reboots (generally only when applying patches). There are plenty of things not to like about Windows, but the bad days of blue screens is a fading memory. Of course there are exceptions for odd hardware configurations and out-of-date drivers, but I've seen the same or worse problems with Linux support for oddball hardware.
BTW -- you may have noticed that sometimes when an app "hangs", and displays a "not responding" message in Task Manager, it is actually still running just fine (though chewing up a ton of CPU). Depending on the problem I may wait it out until the process finishes or simply kill it. One of my gripes with MS is that sometimes I have to use a third-party tool (sysinternals.com) tool to kill runaway processes -- Task Manager is not always able to kill it. Not perfect, but it works.
I think all of this applies to Windows server configurations also. I run IIS/ASP servers with dozens of users and applications. When configured so each account runs in its own memory space, with CPU utilization limits, NOBODY is able to bring down the whole web server with bad code -- just their own site.
The fact is, most of us are so bigoted about our O/S of choice, we are unwilling to learn enough about the "enemy" to use it properly.
Is this sig nificant?
The standard Microsoft weenie excuse for instability in the past has been "it's the drivers!", blaming the video drivers is a favourite.
Unless it's an ATI product, in which case you can be 100% assured that it *is* the video drivers.
In my experience, you can bring any Windows 2000 or XP machine with any model of All in Wonder to a screeching blue HALT by simply doing such outlandish and unreasonable things as
And for those who really like fun, try an ATI All In Wonder Pro on Windows 2000. A couple of years ago, I deployed a couple of hundred of them at a Toronto TV station. A year later, they asked me to upgrade all their systems to Windows 2000. Constant random lockups of the whole system, requiring not just a reboot but a power cycle. Needless to say, they were not very pleased - you spend $300 on a video card, and you kind of expect that they'll provide drivers for at least a couple of years. ("They've been around forever. Besides, they're a good hometown company! Their headquarters are just 5 minutes from here, up the 404 in Markham."). Their news department almost did a story on crappy software but it was vetoed because news is supposed to be impartial.
As for ATI, I will never buy another ATI product ever again, for myself or for anyone else.
Fire and Meat. Yummy.
It's a weenie excuse either way, for sure. Who cares about excuses, we don't want excuses, we want the damn thing to work.
And it's perfectly true you can run into the same problem with Linux if you use proprietary drivers so in that case there's something you can do. Don't use those drivers. Don't buy hardware that requires them. Fund development of open drivers. You have lots of options to make the damn thing work. I don't use proprietary drivers in Linux, and I've never seen it crash except when hardware failed.
With windows you don't have those options. Even if you're picky about your hardware it will still crash. And, btw, the crashes the article was talking about were not limited to, and quite possibly didn't even include, those caused by drivers.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
At Microsoft we were going to tell you who was responsible for the other 50% of the crashes but then our sql server database crashed on us.
Computers are so comparatively powerful now, we can afford to trade time performance for stability.
Drivers should be moved out of kernel space where possible. Even then, with some effort it could be up to the admin whether drivers run at kernel level or at user level.
.sigs are for post^Hers.
A poll at CNN here here shows how sometimes no matter what MS does a huge amount of people will be leaving themselves open to problems.
" How are you planning to protect your PC from the LoveSan Internet 'worm' affecting Windows-based PCs?
Going to load a patch from Microsoft 19%
Have already loaded a patch from Microsoft 39%
Doing nothing 41% "
Laptop Reviews
If any non-kernel, non-driver code causes the OS to crash, then that *IS* the fault of the OS. Hands Down. A good OS should be able to survive accidentally bad (or even maliciously bad) application code.
Don't label something "offtopic" unless you know the topic well enough to tell what's on topic.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
With the help of Intel and the "trusted computing initiative" only MS certified objects will be alowed to run on your computer. The fritz chip extentions are already in place for this in the p4 and up, so when you install Longhorn you will effectively surrender control of your computer to MS, the RIAA, Hollywood and the Government. But don't worry the trade off is you will not have to worry about worms and viruses anymore sucker! Unix systems are not attacked because to install an executable you need to be root, and any user that knows squat uses a decent pass word mine was dos_booty until just a few minuites from now when I will change it again.
OH THE SHAME I fell off the wagon and use sigs again!
Comment removed based on user account deletion