Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft 'Stealth Update' Proving Problematic

Posted by Zonk on from the we're-all-learning-together dept.

DaMan writes "According to the site WindowsSecrets, the stealth Update that Microsoft released back in August isn't quite as harmless as the company claims. The site's research has shown that when users try to do a repair to XP subsequent to the update, bad things happen. 'After using the repair option from an XP CD-ROM, Windows Update now downloads and installs the new 7.0.600.381 executable files. Some WU executables aren't registered with the operating system, preventing Windows Update from working as intended. This, in turn, prevents Microsoft's 80 latest patches from installing -- even if the patches successfully downloaded to the PC.' ZDNet's Hardware 2.0 has independently confirmed that this update adversely affects repaired XP installations: 'This issue highlights why it is vitally important that Microsoft doesn't release undocumented updates on the sly. Even the best tested update can have unpleasant side-effects, but if patches are documented properly and released in such a way that users (especially IT professionals) know they exist, it offers a necessary starting point for troubleshooting.'"

4 of 257 comments (clear)

  1. WTF by Ariastis · · Score: 5, Insightful

    Wasn't it for windows update to "work properly" that those patches were released? Way to go MS, foot in mouth, lather, rinse, repeat...

  2. Re:Why did no antivirus s/w pick this up? by Etrias · · Score: 5, Insightful

    Monitoring system accounts and special accounts is the first job of any antivirus software. Viruses, worms and trojans run with full system access, not restricted user access.
    If a virus or trojan has that access already, you're screwed anyway. Might as well wipe the box and start over. However, to get that access, they usually need an exploit or to run an executable to grant them that access.

    I don't think you have a very good understanding of what a virus program is expected to do. If a system account isn't allowed the power to update system files, then why have it in the first place?
  3. Re:The real problem is ... by jvkjvk · · Score: 5, Insightful

    . Memo to organizations that do that. If your QA -- who are overworked, underpaid, and probably need a vacation -- screws up at the wrong time and you put an important business sector offline for days or weeks, you are looking at a major league class action suit. Don't expect the shrinkwrap EULA to protect you. And why not? How many times have there already been problems that put important business sectors offline for days or weeks and not one software vendor has suffered a class action suit, or even any repercussions beyond ultimately (and most times not even then) having to say "Oops! My bad!" ?

    I have no idea what is "protecting" these software vendors other than the halo that we are dealing with software and everyone expects things to go very bad once and a while in the field but the threat of lawsuits at this point is laughable.

    Note: I am merely reporting on the actual state of things, this does not mean I agree with it.

  4. enterprise ready operating system by number6x · · Score: 5, Insightful

    You have zeroed in on the heart of this problem with laser like precision. I couldn't agree more.

    If you run a business on an OS you need to know the details of upgrades. You need to test all upgrades against your production machines before applying the upgrade.

    I am not talking about a home desktop, or even a corporate desktop system here. Think about computers used to control water or fuel delivery. Maybe a system that reconciles ATM transactions at a bank, or adjusts inventory databases from sales at retail locations, or the automated system that routes calls to a city's 911 emergency center.

    Businesses and Governments depend on many customized pieces of software day in and day out. All software changes must be tested and shown to have no ill effects before thay are applied to enterprise production systems.

    Any OS that does not allow the user to control the application of patches and updates, and instead updates systems by stealth, is not ready for the enterprise.

    Think about the problems that could result if people use an OS like Windows in misssion critical applications that involve lives.

    Even if lives are not involved businesses cannot tolerate amateur stunts like stealth patches from an OS vendor. They could lose billions of dollars trying to find out the cause of a problem.

    This highlights how out of touch Microsoft is with the needs of enterprise level customers.