Slashdot Mirror
Stealthy Windows Update Raises Serious Concerns
UniversalVM writes "What is the single biggest issue that bothers open source advocates about proprietary software? It is probably the ability of the vendor to pull stunts like Microsoft's recent stealth software update and subsequent downplaying of any concerns. Their weak explanation seems to be a great exercise in circular logic: 'Had we failed to update the service automatically, users would not have been able to successfully check for updates and, in turn, users would not have had updates installed automatically or received expected notifications.' News.com is reporting that all of the updated files on both XP and Vista appears to be in windows update itself. This is information that was independently uncovered by users and still not released by Microsoft."
I wonder why this capability doesn't this kind of thing cause more of an outrage or show up in the "real" media. Microsoft may not be doing anything blatantly wrong _in this case_, but what about when they start auto-installing updates that nuke installs suspected to be pirated? You know it's coming...
This game will waste your life. Don't clicky!
My understanding is that this update arived even if automatic update was turned off.
In this case Microsoft was illegaly entering the custumer owned computer, using the customer paid connection, hardware, in order to achive something that is beneficial for Microsoft.
Just try to do the same for a Microsoft owned computer: the full power of legal prosecusion will fall on your neck for countless charges, with likely jail term panishment if convicted.
Who is going to press charges for the same act against Microsoft? And if Microsoft is found guilty, who is going to jail from Microsoft?
Sometimes I think all updates should be FORCED whether you want them or not... at least for the 'home' versions of software. This might put some kind of dent in these bots.
Some systems and applications are so mission-critical sensitive that the systems have to be certified in their configurations -- medical systems, traffic control, pharmaceutical manufacturing, banking and financial systems -- too many to be subject to this outrageous behavior.
The most secure setting provided (that I am aware of) is "do not install updates". If a system's certification can be sabotaged by Microsoft covert behavior, who's going to pay when a system fails and the system is demonstrated to have been subverted with tripwire-like checksum failures? Microsoft? The applications vendor?
-- Gary Goldberg KA3ZYW 301/249-6501 AIM:OgGreeb Digital Marketing Inc., Bowie, MD
Also, did anyone besides me flinch when reading from MS that "we have turned on [reduced functionality mode] for pirated copies of Vista"..?? What else are they able to turn on and turn off with their new master control panel? Who likes being a node on their network!?
If SP3 for WinXP does what I believe it will, it will cement new access routes for MS into your machine to (mis)determine whether they like your key or not. Who wants to bet on whether there will be more false positives about "pirated" keys as time wears on and MS *really* wants to retire XP?
Frankly, it was the "we have turned on [....]" press release that finally broke the straw on this camel's back. It took me about twenty hours to set it up, but I now have a Debian Etch system that does everything I want it to (except work with ATI's Linux driver for 3-D). I don't know why I waited so long. (Well, sure I do. I was lazy.)
Anyone know of a good 3D video card supported by Debian for 3-D out of the box? I do miss running Google Earth (and I haven't found a good replacement for Adobe Premiere yet), but the video driver issue will be easy to resolve even if it means buying a new video card. Worth it.
Microsoft have finally turned my stomach and I'll bet I'm not the only one.
Posted from a system running Debian Etch.
Those are my principles, and if you don't like them... well, I have others.
I agree that the summary should have inked to the original slashdot story. However, since this has MS's response, it warranted AT LEAST a slashback.
I don't know if your description is accurate--it updated windows update when users had it set to "check for" (but not to download/install) updaw They DID NOT manually visit the WU site.
"Just a bunch of people bitching for no reason"
It's called a neighborhood watch. Neighborhood watches are effective if 1. people watch for suspicious activity 2. when suspicious activity is noted, authorities are called to take care of business.
My computer, my property. I give you limited permission to put your platform on it. That's my choice. I can limit as much or as little as I want on my own property. That's it. No argument. I can even like Windows and still limit it as much as I want. Mine. Mine. Mine. Possession is 9/10 of the law. The more we give other entities the right to walk on our property, the more they'll call it theirs by custom.
http://cincyboys.blogspot.com/ Everything Cincinnati. Including the word 'Finnih'
whats your point? windows has too many updates?
i just 'updated' my fedora 7 machine a few days ago, around 97MB. lets see what is left..
You ALL seem to complain about microsoft and the patches, but honestly, after running both LINUX and WINDOWS for some 10 years, i can honestly say LINUX tends to have more updates, and they are MUCH larger.
I will spare you all the annoying 'details' of all files as the original poster did.
177 additional MB of 'updates' which i haven't installed yet, not bad for a OS which was released how long ago??
Transaction Summary
Install 3 Package(s)
Update 79 Package(s)
Remove 2 Package(s)
Total download size: 177 M
Of course, I don't use Windows, so this doesn't really affect me. Still, I think this should be a heads up that it is time to consider other systems.
Palm trees and 8
Hey, I like Linux too, but there's nothing about open source software that prevents a software distributor from being able to do this exact same thing. Microsoft could have released their source code prior to this update and still been just as able to install this upgrade on computers worldwide without user consent.
If the people who maintain the apt-get repositories wanted to install a program on practically every Ubuntu computer in the world, they could do it too.
This is not an issue which concerns the antipathy between free/open source and proprietary/profit oriented software. It's an issue with a networked repository software version control system.
If I suppose this sentence true :
Had we failed to update the service automatically, users would not have been able to successfully check for updates and, in turn, users would not have had updates installed automatically or received expected notifications.
What append when someone install XP (OR Vista) from zero and get the OldAndBad Windows Update ? He will never be able to get update ?
Someone have feet in his mouth.
Ceci n'est pas une Signature !
Some drink at the fountain of knowledge. Others just gargle.
Wine Is Not an Emulator.
The overhead of using Wine is very small. It is a thin layer on top of native Linux, and Windows itself isn't emulated. The difference between Linux and Windows is much more important with regard to performance. As it turns out, sometimes the Windows drivers are faster and sometimes the Linux drivers are faster. I've seen games run faster under Wine than under native Windows.
(Disclaimer: I've never used Wine and have no idea what I'm talking about.) For some people, upgrading or buying a new PC simply so they can use Linux instead of Windows isn't an option. If I was going to shell out that much money, I'd go get another copy of Windows XP that has the current SP2 streamlined into the install to greatly reduce install and patch time. If I didn't play PC games that needed Windows, I might consider running Linux cause pretty much everything else I use can be used on Linux (Firefox, IRC, mp3 player, VLC, etc). Actually, many people switch to Linux because they have older hardware, because Linux tends to run on older hardware better than Windows does. As for getting a copy of Windows XP with all the current patches slipstreamed in, you'll have to pirate that - as another poster complained, there are a ton of patches you have to install, even if you start with an SP2 CD. They're releasing SP3 next year, but who knows whether it will even be possible to buy an XP SP3 CD anywhere; remember that they'd rather you switched to Vista.
Anyway, not trying to argue; Linux probably isn't a good option for you right now. But try the Ubuntu live CD, and the next time you reinstall XP, consider repartitioning and setting up a Windows/Linux dual-boot. That way you can use Windows to get your work done and play your games, and fiddle with Linux in your spare time to see if you can get your games to run there. You said your main problem is that you don't know much about Linux; this would be a good way to do something about that.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
MS claims that the stealth update to the Windows Update system itself was required so that it could still check for new updates.
Even if that was true, that's not proper behavior. Under the circumstances, I might see a level 3 being upgraded to a level 2 (download), and after download it should simply prompt and notify that further update checks may fail and that additional patches may be available after this update. That's the whole point of those settings, to not having anything installed without permission. If you know that that upgrade *is* pending and that others *may* be pending, it should be sufficient for everyone and without secretly installing anything. That said, not exactly a big issue IMO.
Live today, because you never know what tomorrow brings
Install the latest Ubuntu or Fedora only a few months after release, or especially something like CentOS 4.5 or Ubuntu 6.06, in either case even with a minimum installation, and you're going to have a large list of downloads ranging from a few dozen to possibly over a hundred patches. There are some different mechanisms that can be used to download the archives for a Linux or BSD distribution and install them from local sources, but it's still a large download and it still takes a fair amount of time.
This is just a fact of life for modern software. There are so many parts that get updated that given a few months the patch list is going to be lengthy. It would be nice if Microsoft created quarterly or biannual roll-up packages, since many of the files updated are covered by multiple patches, but the roll-ups can still get relatively large (more than 30MB for the Windows 2000 roll-up pack released after SP4).
You can never go home again... but I guess you can shop there.
Well another reason not to use anything but windows is the fact that I have $1200 worth of video cards in my PC for gaming, and none of the games I play work anywhere but windows... and I have two Nvidia 8800's running in SLI which also is windows only. I don't use my home PC for work, we have PXE linux at work, and I tend to leave work AT work. I would LOVE to dump windows, but unfortunately I will not be able to especially since, when the new directx 10 games come out in the fall they will only run (in directx 10) under Vista. Now people try to tell me, why don't you just sell the video cards and get a 360, but honestly the 360 can't hold a candle to the two 8800's and don't currently support a mouse and keyboard or the mods for my multiplayer games (moslty Battlefield 2 mods) If Linux ever DOES support my gaming I will gladly switch, but currently the only next gen game on linux is Id software stuff and ETQW is a piece of crap.
Sadly, a typical response from the OSS community. It's the user's fault, not the software, of course! Let's give 'im a snarky comment, instead of making him feel welcomed to the community.
When will Ubuntu (which I use every day at work, and love, btw) displace windows? When its evangelists and developers decide that fixing the rough edges and making it work well is truly important, and scorning the users who they want to convert is no longer a good idea.
It doesn't matter why it didn't work for him, the point remains it didn't work, and now he feels like crap for it, too.
How about next time, you post the second paragraph, and not the first? Douche.