Microsoft 'Stealth Update' Proving Problematic

DaMan writes "According to the site WindowsSecrets, the stealth Update that Microsoft released back in August isn't quite as harmless as the company claims. The site's research has shown that when users try to do a repair to XP subsequent to the update, bad things happen. 'After using the repair option from an XP CD-ROM, Windows Update now downloads and installs the new 7.0.600.381 executable files. Some WU executables aren't registered with the operating system, preventing Windows Update from working as intended. This, in turn, prevents Microsoft's 80 latest patches from installing -- even if the patches successfully downloaded to the PC.' ZDNet's Hardware 2.0 has independently confirmed that this update adversely affects repaired XP installations: 'This issue highlights why it is vitally important that Microsoft doesn't release undocumented updates on the sly. Even the best tested update can have unpleasant side-effects, but if patches are documented properly and released in such a way that users (especially IT professionals) know they exist, it offers a necessary starting point for troubleshooting.'"

Just let us patch the systems

[192939495969798999]

Why not just let everyone patch their systems, and shut off the "non genuine" check or whatever is blocking this? Why wouldn't you want people to patch the systems? Doesn't an unpatched and infected system equate more directly to lost revenue than a "non-genuine" flagged system?

WTF

[Ariastis]

Wasn't it for windows update to "work properly" that those patches were released? Way to go MS, foot in mouth, lather, rinse, repeat...

Re:Subconscious or stealth push to Vista?

[Frosty+Piss]

True. They have a tough road ahead to make Vista live up to Win98. But seriously, I suspect that there are many great code advances in Vista, and that if it where not encombered by paranoid we-must-control-the-consumer DRM security model, it might actually be better than XP. As long as the consumer (vs corporate) is not Microsoft's actual customer, they will continue to offer the opertunity for user friendly Linux distros like Ubuntu to gain market share.

Are They Serious?

[ThinkFr33ly]

Do these people realize that the ENTIRE POINT of Microsoft forcing the Windows Update patch was to make sure that future updates would trigger whatever policies the user had selected for the machine?

In other words, if Microsoft had not updated Windows Update automatically, and a user had chosen to be notified of future updates, these notifications would not work. The only way to ensure that the user's settings were properly respected was to update Windows Update.

So now this article says that the silent update wasn't harmless because Windows Update was broken after they did a restore. Do they realize that without this update, Windows Update *definitely* wouldn't work, and that the fact that this update may have a bug in it regarding restoration is completely besides the point?

Should Microsoft have made it more clear that they were doing an update? Yes. Is this update proof of Microsoft's desire to ignore user preferences and do whatever the hell they want? Obviously not.

Re:The problem with MicroSoft

[apparently]

at a minimum, if any given end-user doesn't have the time or ability to look at the source of each piece of code, there is a worldwide community of individuals who can pool their time and ability to dive into the source, and if anything suspicious or odd is going on, there's a good chance (at least compared to closed-source) that it will be found and reported. So even the Linux newbs who don't know source code from morse code still benefit. (disclaimer: naturally, it's not completely so rosy. Any given grandma isn't going to be looking up this information, but I think the point is still valid)

They already have a solution to this.

[InfinityWpi]

And it should be obvious to anyone who knows the company... upgrade to Vista, and you won't have to worry about repairing your XP installation anymore!

Who says this is an -unintended- side effect?

Re:Why did no antivirus s/w pick this up?

[Etrias]

Monitoring system accounts and special accounts is the first job of any antivirus software. Viruses, worms and trojans run with full system access, not restricted user access.
If a virus or trojan has that access already, you're screwed anyway. Might as well wipe the box and start over. However, to get that access, they usually need an exploit or to run an executable to grant them that access.

I don't think you have a very good understanding of what a virus program is expected to do. If a system account isn't allowed the power to update system files, then why have it in the first place?

95 to 98 compared to XP to Vista

[CritterNYC]

I believe the reference is to how well Windows 98 (and 98 SE) was received by Windows 95 users (98 offered lots of good fixes and new features over 95) as opposed to how poorly Windows Vista is being received by Windows XP users (since it doesn't really offer any must-have features or bug fixes).

Re:The real problem is ...

[jvkjvk]

. Memo to organizations that do that. If your QA -- who are overworked, underpaid, and probably need a vacation -- screws up at the wrong time and you put an important business sector offline for days or weeks, you are looking at a major league class action suit. Don't expect the shrinkwrap EULA to protect you. And why not? How many times have there already been problems that put important business sectors offline for days or weeks and not one software vendor has suffered a class action suit, or even any repercussions beyond ultimately (and most times not even then) having to say "Oops! My bad!" ?

I have no idea what is "protecting" these software vendors other than the halo that we are dealing with software and everyone expects things to go very bad once and a while in the field but the threat of lawsuits at this point is laughable.

Note: I am merely reporting on the actual state of things, this does not mean I agree with it.

enterprise ready operating system

[number6x]

You have zeroed in on the heart of this problem with laser like precision. I couldn't agree more.

If you run a business on an OS you need to know the details of upgrades. You need to test all upgrades against your production machines before applying the upgrade.

I am not talking about a home desktop, or even a corporate desktop system here. Think about computers used to control water or fuel delivery. Maybe a system that reconciles ATM transactions at a bank, or adjusts inventory databases from sales at retail locations, or the automated system that routes calls to a city's 911 emergency center.

Businesses and Governments depend on many customized pieces of software day in and day out. All software changes must be tested and shown to have no ill effects before thay are applied to enterprise production systems.

Any OS that does not allow the user to control the application of patches and updates, and instead updates systems by stealth, is not ready for the enterprise.

Think about the problems that could result if people use an OS like Windows in misssion critical applications that involve lives.

Even if lives are not involved businesses cannot tolerate amateur stunts like stealth patches from an OS vendor. They could lose billions of dollars trying to find out the cause of a problem.

This highlights how out of touch Microsoft is with the needs of enterprise level customers.