Slashdot Mirror
Stealthy Windows Update Raises Serious Concerns
UniversalVM writes "What is the single biggest issue that bothers open source advocates about proprietary software? It is probably the ability of the vendor to pull stunts like Microsoft's recent stealth software update and subsequent downplaying of any concerns. Their weak explanation seems to be a great exercise in circular logic: 'Had we failed to update the service automatically, users would not have been able to successfully check for updates and, in turn, users would not have had updates installed automatically or received expected notifications.' News.com is reporting that all of the updated files on both XP and Vista appears to be in windows update itself. This is information that was independently uncovered by users and still not released by Microsoft."
The last update they did was stealthy enough that I didn't realize it was happening, and my XP system lost power during the middle. End result, XP is now acting erratically, proclaiming update is invalid at bootup, sometimes not booting at all. Forced me to re-evaluate Linux for my 1 game machine, and trying out Cedega to get my last real Windows game (City of Heroes) to run.
Karma Whoring for Fun and Profit.
The update only updated the Windows Update software itself, nothing in Windows.
...and I'm suppose to trust a company like that ?
The Windows Update software is at least as much a part of Windows as Internet Explorer.
It did not update if you have automatic updates turned off.
...and why didn't it just tell you that it needed an update ?
It did update if you had "Notify me" turned on. This is a point of contention, but MS says they needed to do the update to continue to notify users of actual updates.
So basically what I do know now is that Microsoft is unable to develop a backward compatible update service ?
Finally, this doesn't apply to any networks running a WSUS (or whatever it's called now) server.
...and that is the majority of Microsofts customers ?
I have disabled, then removed completely the windows update service from all my computers. I will manually install updates from now on, when and if I want them.
I hadn't known there were so many idiots in the world until I started using the Internet -Stanislaw Lem
So now that hackers know there exists a backdoor to the windows update which will let them update a stealth patch to anything they want in the system because it runs with admin rights, this isn't a big deal to you?
We were all warned a long time ago that MS products sucked, remember the Magic 8 Ball said, "Outlook not so good"
I can't switch to Linux for several reasons. While my knowledge of Windows kernel is very little (actual code knowledge that is, I know nothing), I know even less about Linux. So while modern day Linux distros are all very GUI friendly and look similar to Windows, what if something went drastically wrong with it? I don't know nearly enough about Linux's command line system or anything. While I know a decent bit about DOS I've seen a small touch of Linux when I ran a Half Life 1 server on a Linux box for a mod. Using PuTTy into it was a pain cause all these strange Linux command line commands were no where near what I was used to.
Now the real kicker reason why I can't switch; I have no guarantee for my PC being able to use it. While I'm sure I could find a distro that has decent drivers for my hardware, what am I to do about the PC games I play that do not have Linux ports? I could use some Linux emulation software like Wine right? I mean that's the easiest solution. Emulate Windows to run those must-have Windows applications. Well my PC is rather old. You figure in running Linux, plus emulating Windows, plus running a Windows based MMORPG where I normally got 20 fps on a PC, I doubt I'd get anywhere a playable state. While I'm sure some Linux distros themselves run faster, use less memory etc than Windows XP, having to run that and emulate Windows + Game probably negates any resources I had freed up from running Linux itself, if not making the game run even worse.
For some people, upgrading or buying a new PC simply so they can use Linux instead of Windows isn't an option. If I was going to shell out that much money, I'd go get another copy of Windows XP that has the current SP2 streamlined into the install to greatly reduce install and patch time. If I didn't play PC games that needed Windows, I might consider running Linux cause pretty much everything else I use can be used on Linux (Firefox, IRC, mp3 player, VLC, etc).
Aw Frell this
One more thing - you mentioned what if something went drastically wrong. In Windows, your option is pretty much limited to reinstalling from scratch. So if you had to reinstall Linux from scratch, how much of a difference is that really?
But the fact is that under Linux you don't have so many programs hooking themselves into the OS to even cause the same kinds of problems as under Windows. Also, it's a more advanced topic, but under Linux, you can separate out your personal files (your home directory) from the OS. That way, if you did have to reinstall the OS, the next time you log in, your experience is like you never left. This also makes backing up easier.
The reality, though, is that you reinstall Linux rarely. Windows you have to reinstall much more frequently.
And the last thing - Linux is FREE. Windows is not. And you can install it on as many computers as you want. No phoning home. No stealth installs. No crap.
Do you know what I tell people before I put linux to dual boot on their computer? I say "it will be just like vindows. you read the messages and click OK or Cancel." So far, out of 13 installs, no one worried after I said that. LOL. And dude, just download ubuntu and stick it in, and make your bios boot to cd and try it out.
It's been confirmed.
http://blogs.zdnet.com/hardware/?p=779
I don't see why you'd be suspicious. Microsoft has a history of ignoring user preferences when it comes to privacy choices.
http://www.theregister.co.uk/2007/03/09/ms_wga_phones_home/
"I've got more toys than Teruhisa Kitahara."
http://www.informationweek.com/830/hacker.htm
"City hall" in German is "Rathaus" Kinda explains a few things......
"Some days you just can't get rid of a bomb."
I know a few people have replied to your comment about switching. But I think I could probably lend my experience to this by stating that I had exactly the same questions about the switch that you have listed. I've been a windows developer for many years, and I had very little understanding of unix, X, linux or anything to do with this type of kernel. I had fiddled around for a while with various live CD's without being convinced. Then I realised that the reason I didn't switch is because I actually invested no real time in switching. The live CD's were really a 'get a look and feel' but there was no real usage because my data was not there for me to do anything with.
./configure|make|make intall, and also my foray into looking for missing dependencies! Reading up, figuring it out and eventually getting a compile and install and a working kshowmail! Actually, before doing that, I was using poptray under WINE and it worked, but when you take a look at the amount of virtual memory it used (the system monitor was reporting 2.6Gb for the single tiny application) it inspired me to look around!
OK, saying that, my specs were a Socket 1 P3 550Mhz, 3/4 of a gig of RAM, TNT2 video card (I treat this like a vintage car), and an ancient awe64 sound card. I was thinking that there would be some problems switching, which there were with the sound card (found out about modprobe), but overall, everything works as advertised. Switching data over was something I had been running through in my head prior, I knew there was some NTFS support in Linux but I didn't know to what extent. I chose Ubuntu as the distro, and there are packages which support NTFS fully. I had installed a new primary drive as the candidate to install the OS on (this was going to be a total switch, no dual booting, dive in a the deep end so to speak) And installed the base OS on that with the intention of transferring data off each drive then converting from NTFS to something more Linuxy like EXTsomething or other.
My real concern was e-mail, stacks of it had to work. But fortunately I had been using Thunderbird for quite some time, so simply copying the files over to the right directory and pointing TB to it restored all my e-mail like magic. Then for some reason, at that exact point, I felt as if I had switched over.
Transferring all the other data over, code, images, audio, was far easier. Then my next concern kicked in, and this turned out to be something that a lot of converts find, expectations of software - or the minor missing stuff. There are a lot of freely available applications which do the same as what you had in windows, but finding the one which does what you expect is tricky, but not impossible. For example, I started using GAIM for my IM, it was ok. There's no video conferencing, which kinda bugs me, then I find out that the supplied GAIM was surpassed by Pidgin, which still has no video conferencing, but it's quite polished and works fine as an IM client, in fact I quite like it, very simple, no bells and whistles, gets on with the job. There's a plug in called gaimvv or something which is supposed to add video in but I haven't tried it yet.
Next was a pop mailbox checker. I was a big fan of poptray, a Delphi based application. And after a little searching, I read a little history about biff, then xbiff and I'm on the track to finding something that matches. Eventually I find kshowmail, an application for KDE which did the one thing I need: delete mail from the pop server directly. I had mail nofication installed before, but you could see loads of mail available on the pop server, but you could see all the junk, with no way of removing it before firing up my mail client. Kshowmail was outside of the package manager, so this was my first
My torrent program before was uTorrent, turns out there's a KTorrent which does the same deal. Installed, working great.
OK, tax software. I'm Australian, and the tax office allow you to lodge online using their own application. I have found instructions to r
Task Mangler
I have, multiple times. When you install and old version of OSX (and you can consider OS 10.1 old nowadays) it takes a while to upgrade.
/. is infested with clueless Apple fanboys these days. I lost a lot of karma just for pointing out flaws in Apple's hard- and software.
The following doesn't apply to you clang_jangle but I have to get it off my chest:
It's a pity that
-- Cheers!
It doesn't do that if it is turned off, since it isn't running. Likewise, printers don't say they need paper if they are turned off. ;-)
Obviously it is running since it updated itself.
The Windows Update website, as you know, is a frequently accessed server - to a degree where a byte saved per connection causes significant savings in both access time and bandwidth usage.
I'm fully aware of that but it really can't be the customers problem to fix MS bandwidth issues.
a hacker without prior access will get the machine to go to their server instead of the MS server,
DNS poisoning
present the correct authenication,
Using "genuine" certificates from Verisign will get you much of the way to where you want to be, I suppose.
If you're a zombie and you know it, bite your friend!
I use and like both Kubuntu and OS X.
You may consider buying a pre-installed Ubuntu system (or something that claims Linux compatibility). Less costly than a Mac, though IMO both types of systems are really worth it!
Some Linux system vendors:
Dell
HP
System76
Emperor Linux