Slashdot Mirror
Stealthy Windows Update Raises Serious Concerns
UniversalVM writes "What is the single biggest issue that bothers open source advocates about proprietary software? It is probably the ability of the vendor to pull stunts like Microsoft's recent stealth software update and subsequent downplaying of any concerns. Their weak explanation seems to be a great exercise in circular logic: 'Had we failed to update the service automatically, users would not have been able to successfully check for updates and, in turn, users would not have had updates installed automatically or received expected notifications.' News.com is reporting that all of the updated files on both XP and Vista appears to be in windows update itself. This is information that was independently uncovered by users and still not released by Microsoft."
The last update they did was stealthy enough that I didn't realize it was happening, and my XP system lost power during the middle. End result, XP is now acting erratically, proclaiming update is invalid at bootup, sometimes not booting at all. Forced me to re-evaluate Linux for my 1 game machine, and trying out Cedega to get my last real Windows game (City of Heroes) to run.
Karma Whoring for Fun and Profit.
The update only updated the Windows Update software itself, nothing in Windows.
...and I'm suppose to trust a company like that ?
The Windows Update software is at least as much a part of Windows as Internet Explorer.
It did not update if you have automatic updates turned off.
...and why didn't it just tell you that it needed an update ?
It did update if you had "Notify me" turned on. This is a point of contention, but MS says they needed to do the update to continue to notify users of actual updates.
So basically what I do know now is that Microsoft is unable to develop a backward compatible update service ?
Finally, this doesn't apply to any networks running a WSUS (or whatever it's called now) server.
...and that is the majority of Microsofts customers ?
I have disabled, then removed completely the windows update service from all my computers. I will manually install updates from now on, when and if I want them.
I hadn't known there were so many idiots in the world until I started using the Internet -Stanislaw Lem
Yes it did update with updates turned off. Did it to my machine. I used AutoPatcher till M$ decided to unceremoniously kill them off.
So now that hackers know there exists a backdoor to the windows update which will let them update a stealth patch to anything they want in the system because it runs with admin rights, this isn't a big deal to you?
We were all warned a long time ago that MS products sucked, remember the Magic 8 Ball said, "Outlook not so good"
I can't switch to Linux for several reasons. While my knowledge of Windows kernel is very little (actual code knowledge that is, I know nothing), I know even less about Linux. So while modern day Linux distros are all very GUI friendly and look similar to Windows, what if something went drastically wrong with it? I don't know nearly enough about Linux's command line system or anything. While I know a decent bit about DOS I've seen a small touch of Linux when I ran a Half Life 1 server on a Linux box for a mod. Using PuTTy into it was a pain cause all these strange Linux command line commands were no where near what I was used to.
Now the real kicker reason why I can't switch; I have no guarantee for my PC being able to use it. While I'm sure I could find a distro that has decent drivers for my hardware, what am I to do about the PC games I play that do not have Linux ports? I could use some Linux emulation software like Wine right? I mean that's the easiest solution. Emulate Windows to run those must-have Windows applications. Well my PC is rather old. You figure in running Linux, plus emulating Windows, plus running a Windows based MMORPG where I normally got 20 fps on a PC, I doubt I'd get anywhere a playable state. While I'm sure some Linux distros themselves run faster, use less memory etc than Windows XP, having to run that and emulate Windows + Game probably negates any resources I had freed up from running Linux itself, if not making the game run even worse.
For some people, upgrading or buying a new PC simply so they can use Linux instead of Windows isn't an option. If I was going to shell out that much money, I'd go get another copy of Windows XP that has the current SP2 streamlined into the install to greatly reduce install and patch time. If I didn't play PC games that needed Windows, I might consider running Linux cause pretty much everything else I use can be used on Linux (Firefox, IRC, mp3 player, VLC, etc).
Aw Frell this
One more thing - you mentioned what if something went drastically wrong. In Windows, your option is pretty much limited to reinstalling from scratch. So if you had to reinstall Linux from scratch, how much of a difference is that really?
But the fact is that under Linux you don't have so many programs hooking themselves into the OS to even cause the same kinds of problems as under Windows. Also, it's a more advanced topic, but under Linux, you can separate out your personal files (your home directory) from the OS. That way, if you did have to reinstall the OS, the next time you log in, your experience is like you never left. This also makes backing up easier.
The reality, though, is that you reinstall Linux rarely. Windows you have to reinstall much more frequently.
And the last thing - Linux is FREE. Windows is not. And you can install it on as many computers as you want. No phoning home. No stealth installs. No crap.
Do you know what I tell people before I put linux to dual boot on their computer? I say "it will be just like vindows. you read the messages and click OK or Cancel." So far, out of 13 installs, no one worried after I said that. LOL. And dude, just download ubuntu and stick it in, and make your bios boot to cd and try it out.
It's been confirmed.
http://blogs.zdnet.com/hardware/?p=779
I don't see why you'd be suspicious. Microsoft has a history of ignoring user preferences when it comes to privacy choices.
http://www.theregister.co.uk/2007/03/09/ms_wga_phones_home/
"I've got more toys than Teruhisa Kitahara."
Let's look at this from a logical perspective for a moment:
According to This_Is_My_Happening, there are four settings for Automatic Updates:
Now if I understand correctly, those who selected the second or third option above were surprised by an update that was downloaded and installed, contrary to their selected setting. I don't know if I understand correctly, but if I do, then this is what I have to say about it:
If it is possible for Microsoft to install updates contrary to your selected setting, then this means that Windows Update code basically had a backdoor installed in it from the beginning. This backdoor was, then, designed so that if a certain "install anyway" bit was set in an update, the update would install regardless of your setting.
I am mentioning this because I haven't noticed anyone else mentioning it.
If the above is the case, then I leave it to the Slashdot community to determine whether the presence of such code is an ethical business decision or not.
Now, I would like to offer the solution to problems like this. Please bear with me while I tell a long story, to properly set the stage.
My .sig says that Microsoft released Windows Vista, so I got a Mac. Truth is, I didn't use Windows before (I used some flavor of Linux, BSD, and the Mac, except for the Windoze computers I administer at work and it's not my fault that those were chosen) but one day, a friend of mine brought over a machine he just bought with Windows Vista on it. He said he couldn't get it to do anything so we made a deal that if I fix his computer, he'll fix my busted bicycle. I turned on the machine, and within minutes, I was practically rolling on the floor, my stomach hurting from laughter.
Windows Vista is a joke.
Everything is so slow, obfuscated, and complicated that I don't know how anyone with less than a Ph. D. in Windows Vista can figure out how to move a file from one place to another. At least there are fancy shmancy time- and resource-wasting graphics all over the system, speaking of which, everything is so slow that after every button you push, you should lean back in your chair and relax for a minute or two before the computer is ready to accept the next keystroke or mouse click. Not to mention that every other click of the mouse causes the screen to turn black and a window pops up to ask, "Did you really just click the mouse over there?"
Solution? I did two things: I installed Ubuntu 6.06-LTS (Long-Term Support) on his machine, and I went to one of Apple's retail stores and bought another Mac for myself. Did I mention that Apple also has fancy shmancy graphics all over the system? Just that on a Mac, these graphics make the system easier to use, not harder like in Windows. They fit in to the computing environment and serve to show you what is going on, rather than to waste your time with annoying and slow eye candy. And on a Mac, the graphics and animation don't slow anything down!
I don't understand why Microsoft, a company with probably 500 times the resources available to Apple, can't do 1/500th of what Apple can do on a computer with 500 times the resources available to a Mac. Oh, by the way, I was at one of Apple's stores today. The iPod section was completely crowded, with entire families cramming around the iPod display table to play with the new models. The iPhone section was also completely crowded, again with entire families squeezing in. And the laptop and desktop computer sections were, you guessed it, also crowded as are the other two sections.
So, as I've been trying to say for a few paragraphs, the solution to avoiding the extremely problematic Windows software is to move away from the Microsoft platform. Either get a Mac, or learn Linux or *BSD. Especially now when so many people are doing it and these platforms (especially the Mac) are gaining some really, really serious acceptance.
http://www.informationweek.com/830/hacker.htm
"City hall" in German is "Rathaus" Kinda explains a few things......
"Some days you just can't get rid of a bomb."
I know a few people have replied to your comment about switching. But I think I could probably lend my experience to this by stating that I had exactly the same questions about the switch that you have listed. I've been a windows developer for many years, and I had very little understanding of unix, X, linux or anything to do with this type of kernel. I had fiddled around for a while with various live CD's without being convinced. Then I realised that the reason I didn't switch is because I actually invested no real time in switching. The live CD's were really a 'get a look and feel' but there was no real usage because my data was not there for me to do anything with.
./configure|make|make intall, and also my foray into looking for missing dependencies! Reading up, figuring it out and eventually getting a compile and install and a working kshowmail! Actually, before doing that, I was using poptray under WINE and it worked, but when you take a look at the amount of virtual memory it used (the system monitor was reporting 2.6Gb for the single tiny application) it inspired me to look around!
OK, saying that, my specs were a Socket 1 P3 550Mhz, 3/4 of a gig of RAM, TNT2 video card (I treat this like a vintage car), and an ancient awe64 sound card. I was thinking that there would be some problems switching, which there were with the sound card (found out about modprobe), but overall, everything works as advertised. Switching data over was something I had been running through in my head prior, I knew there was some NTFS support in Linux but I didn't know to what extent. I chose Ubuntu as the distro, and there are packages which support NTFS fully. I had installed a new primary drive as the candidate to install the OS on (this was going to be a total switch, no dual booting, dive in a the deep end so to speak) And installed the base OS on that with the intention of transferring data off each drive then converting from NTFS to something more Linuxy like EXTsomething or other.
My real concern was e-mail, stacks of it had to work. But fortunately I had been using Thunderbird for quite some time, so simply copying the files over to the right directory and pointing TB to it restored all my e-mail like magic. Then for some reason, at that exact point, I felt as if I had switched over.
Transferring all the other data over, code, images, audio, was far easier. Then my next concern kicked in, and this turned out to be something that a lot of converts find, expectations of software - or the minor missing stuff. There are a lot of freely available applications which do the same as what you had in windows, but finding the one which does what you expect is tricky, but not impossible. For example, I started using GAIM for my IM, it was ok. There's no video conferencing, which kinda bugs me, then I find out that the supplied GAIM was surpassed by Pidgin, which still has no video conferencing, but it's quite polished and works fine as an IM client, in fact I quite like it, very simple, no bells and whistles, gets on with the job. There's a plug in called gaimvv or something which is supposed to add video in but I haven't tried it yet.
Next was a pop mailbox checker. I was a big fan of poptray, a Delphi based application. And after a little searching, I read a little history about biff, then xbiff and I'm on the track to finding something that matches. Eventually I find kshowmail, an application for KDE which did the one thing I need: delete mail from the pop server directly. I had mail nofication installed before, but you could see loads of mail available on the pop server, but you could see all the junk, with no way of removing it before firing up my mail client. Kshowmail was outside of the package manager, so this was my first
My torrent program before was uTorrent, turns out there's a KTorrent which does the same deal. Installed, working great.
OK, tax software. I'm Australian, and the tax office allow you to lodge online using their own application. I have found instructions to r
Task Mangler
I have, multiple times. When you install and old version of OSX (and you can consider OS 10.1 old nowadays) it takes a while to upgrade.
/. is infested with clueless Apple fanboys these days. I lost a lot of karma just for pointing out flaws in Apple's hard- and software.
The following doesn't apply to you clang_jangle but I have to get it off my chest:
It's a pity that
-- Cheers!
It doesn't do that if it is turned off, since it isn't running. Likewise, printers don't say they need paper if they are turned off. ;-)
Obviously it is running since it updated itself.
The Windows Update website, as you know, is a frequently accessed server - to a degree where a byte saved per connection causes significant savings in both access time and bandwidth usage.
I'm fully aware of that but it really can't be the customers problem to fix MS bandwidth issues.
a hacker without prior access will get the machine to go to their server instead of the MS server,
DNS poisoning
present the correct authenication,
Using "genuine" certificates from Verisign will get you much of the way to where you want to be, I suppose.
If you're a zombie and you know it, bite your friend!
I use and like both Kubuntu and OS X.
You may consider buying a pre-installed Ubuntu system (or something that claims Linux compatibility). Less costly than a Mac, though IMO both types of systems are really worth it!
Some Linux system vendors:
Dell
HP
System76
Emperor Linux
Dumbass troll.
Thats why the latest debian has over 20 CDs of software that is OFFICIALLY SUPPORTED.
</trollfood>