Microsoft 'Stealth Update' Proving Problematic

DaMan writes "According to the site WindowsSecrets, the stealth Update that Microsoft released back in August isn't quite as harmless as the company claims. The site's research has shown that when users try to do a repair to XP subsequent to the update, bad things happen. 'After using the repair option from an XP CD-ROM, Windows Update now downloads and installs the new 7.0.600.381 executable files. Some WU executables aren't registered with the operating system, preventing Windows Update from working as intended. This, in turn, prevents Microsoft's 80 latest patches from installing -- even if the patches successfully downloaded to the PC.' ZDNet's Hardware 2.0 has independently confirmed that this update adversely affects repaired XP installations: 'This issue highlights why it is vitally important that Microsoft doesn't release undocumented updates on the sly. Even the best tested update can have unpleasant side-effects, but if patches are documented properly and released in such a way that users (especially IT professionals) know they exist, it offers a necessary starting point for troubleshooting.'"

Subconscious or stealth push to Vista?

[Bearhouse]

I guess their focus & therefore resources will switch more and more to Vista, so this kind of thing will probably happen with increasing frequency.

The problem with MicroSoft

[phoenixwade]

This is the reason I support and use Linux. It started as a hobby, something to do with old equipment. But, now it's because of disclosure. I know what is being installed, and can choose when to update, what to update, and, If I've the time and inclination, I can take the update apart, see what it's doing, and even modify part of it.

Microsoft doesn't allow me this, and continues to fail to predict the negative consequences resulting from these choices. Apple at least gives me the option of installing an update, even though they have a bad record on the full disclosure thing too.

Why did no antivirus s/w pick this up?

[jkrise]

A dozen system files have been updated as part of this undocumented stealth update... and yet not a single antivirus software reported this. Why?

How do these antivirus programs know for sure that these updates were 'harmless' and 'normal behaviour'.

In light of this revelation, I think corporates must now take action against these antivirus firms for not preventing this breach. Let's see what Microsoft has to say to this 'harmless' update that allows users to 'know and be informed of further updates'. A Media Defender style expose' of internal communications on this issue would be very interesting indeed.

Re:Why did no antivirus s/w pick this up?

[jkrise]

Updates are run under the system user process. If you had ever been a Windows admin, you'd know that there are all sorts of ways to hide updates and the like from users

So, does an antivirus program run as a normal user process or system user process? If it is the latter, then how is it that the stealth update managed to escape attention??

And if antivirus s/w firms do not know systems programming, why do they exist at all? Looks like most anti-virus programs have been configured / patched NOT TO REPORT this particular stealth update... I cannot see any other logical explanation for this lapse.

Re:Why did no antivirus s/w pick this up?

[Etrias]

Ah yes, good point. But still moot as Windows Update would end up being on the trusted list almost immediately.

However, turning that around, Windows Update isn't on the blacklist. Why should it be logged as changing the files? Even AV programs that do heuristic scanning aren't really going to notice WU doing it's job.

Have to get away from the "patch" concept

[dpbsmith]

I'm not sure what the answer is, but someone has got to work out better technology for designing and updating operating systems. For thirty years now, we've had operating systems that only work as perfect integrated wholes, and operations called "installation" and "uninstallation" and "updates" and "patches" which are basically ad-hoc processes for which the operating system offers relatively little support.

Everything depends on everything else. After a few years of updates and software installation, whether on Windows or Mac OS X (no, I can't speak to Linux so if Linux solves all these problems I plead ignorance), almost every system is in a slightly broken state, and you just hope it isn't intolerably broken. Talk to any average mom 'n dad and they'll say "Things that used to work fine on our computer aren't working any more, I guess it's just time to buy a new computer."

Some new way of building operating systems is needed that reduces the interdependence of its components.

Re:Have to get away from the "patch" concept

[MobyDisk]

IMHO, this is what package managers solve, and Microsoft still hasn't gotten the idea right. In the Windows world, applications just drop files wherever they want and that's an install. In Linux using rpm or deb packages, every file on the system is part of a master database that indicates what package it is a part of, and what the interdependencies are. So long as everyone creates proper packages, these problems go away.

The down side is that many packages aren't created properly, which results in rpm hell like as-in dll hell. But done properly, it is utopia. (Properly -- No source code packages, no packages with incorrect version numbering like "2.0alpha" comes before "2.0", no "this package depends on a dozen files in some absurd directory that only appears in my distro")

Re:Have to get away from the "patch" concept

[mollymoo]

Package managers do not solve the problem, they just handle most of the hassle for you. If anything, they exacerbate the problem by encouraging the very interdependencies they are necessary to handle. I'm not much of a fan of the shared library concept for anything other than "system" files (for a fairly broad definition of "system") because of the installation and "maintenance" hassles they create. You may have a dozen programs which use a particular library, but do you ever run them all at once? Probably not. So just keep a dozen copies on disk; that way they can all be different versions if needs be. Occasionally you'll get two copies of essentially the same code in RAM, but library code generally isn't usually the bulk of your RAM usage. Once you get rid of the idea of sharing files between programs your software installation worries cease to exist, because installation ceases to exist. You just have one executable blob which you can copy anywhere. A good proportion of Mac applications work this way and trust me, it beats the shit out of apt, portage or any other package manager I've tried. It takes almost zero user effort. Zero maintenance. It is hugely reliable.

Re:Have to get away from the "patch" concept

[MobyDisk]

This is interesting - I've wanted to have this discussion with someone. While I agree with your reasoning on shared -vs- static libraries, I don't agree your estimation of the impact of static libraries.

because of the installation and "maintenance" hassles they create. One big savings of shared libraries is that if a vulnerability is fixed in libpng, you don't have to update 25 apps. And the authors of those apps don't have to repackage their app. And old projects that aren't in active development can still take advantage of the security fixes. Same with performance improvements and bug fixes. It saves a lot of redundant updating.

This is also why I preface the discussion with "proper" packaging. I encounter lots of packages that have incorrectly stated dependencies. If I recall, every rpm/apt problem I ever had could be traced down to some package that stated a dependency incorrectly. Like it requires an exact version of a particular library when it really didn't. Or a library was made incompatible in an update, but the version number was not incremented by a whole number (Ex: version 1.02 is not compatible with 1.01 so all apps saying they need 1.0 or above break).

You may have a dozen programs which use a particular library, but do you ever run them all at once? Probably not. My guess is "most of the time" -- I'm using Windows right now, but let' see what I'm running: Firefox, Mozilla, Trillian, Notepad, Skype, Virtual PC, Zone-Alarm, a VPN client, a volume meter, an anti-virus program, Visual Studio, RapidSVN, Photoshop, a SQL server... My guess is that all of those share at least the C/C++ runtimes. Probably also share 2 dozen Windows API DLLs. COM libraries are common. Half of them use libpng, libjpg, etc. There's a lot of re-used libraries there.

So just keep a dozen copies on disk; that way they can all be different versions if needs be. I agree that disk space isn' t really a big deal. Graphics and icons usually take more space than code. But the packaging solutions we are discussing allow you to have multiple different versions in place at once. In Windows with DLLs, this is hard, but on Linux it is very easy since the library version is in the file name and symlinks + intelligence in ld can make things bind to whatever version they need.

Overall, I think you underestimate the number of shared libraries each application uses. That measurement is really what would make the tipping point on this point. If the memory savings is minimal, and I didn't require updating too many apps when a bug was fixed, and if old apps could somehow be magically updated... then yeah, static libraries would be better.

I got bitten by this

[arkhan_jg]

I'm actually in the process of upgrading a windows 2000 image to XP Pro (no, it can't be a clean install, it's a long and dull story), and got bit by this bug. When I searched for the error number associated with the windows update failure on technet, I did come up with technet article explaining how to register the windows update dll's to fix it (as also listed in the linked article). I just assumed it was an odd bug because of all the cruft in the windows 2000 install.

Now I find out it's because of a broken secret mandatory update to the DRM that breaks windows update altogether. Nice one Microsoft!

I had another bug after that windows update, http://support.microsoft.com/kb/883821
That took a lot longer to fix, as none of those listed fixed it. Perhaps that was also related? Lovely.

Microsoft XP updates....same old story.

[CodeShark]

We remember how the Win9X upgrade fiascoes resulted in so many new breakages that ultimately MS pulled the plug and went completely with the NT code base for Windows. So I am very cautious using MS supplied updates at all.

But earlier this year I had to allow a client's machine to use an XP service patch or be have to tell the user that the machine would be out of warranty both from the OEM and Microsoft.

The patch (SP2) froze the computer completely after an aborted install that the screen recorded as having been successfully uninstalled. It took nearly 20 hours of non-stop attempts plus two service calls to avoid having to wipe the disk -- which was not an option -- and afterwards the "Genuine Advantage" program still wants more updates.

Not surprisingly, I won't be recommending Microsoft on their next desktops. Ubuntu will be fine.

My experience

[bogaboga]

In addition to Kubuntu, I am using WIndows XP professional and was not really sure my woes with the system were because of these stealth updates. But I can say that sound would automatically mute itself whether Windows Media Player or any other media player was playing or not.

I thought this was because of Skype, Windows Media Player, VLC Player or Real Player. I installed new versions of all of these apps but this did not help. I struggled with this problem and found little help, even from Microsoft itself. The good thing is that Windows XP has a [neat] feature that rolls the system back to its previous configuration. This is what I used and had this problem solved.

But I then wondered whether we in the Linux world have anything comparable to the feature that helped me roll back my settings in Windows XP Professional. I haven't found one! Have I looked hard enough of am I looking in the wrong places?

Re:Are They Serious?

[sqlrob]

So it warns that Windows Update is the one needing update. They've done it before.

No one saw this coming...

[Loosifur]

The thing about this "stealth update" that riles me up is that it's indicative of the patronizing, "we know better than you" attitude that Microsoft has towards its customers. They just decided that anyone running Windows would get this update and that's that. Now, wonder of wonders, it's causing problems. Does anyone really think that they'll address this problem in a reasonable, responsible way? Or will they just release ANOTHER patch at 3:00 in the morning to fix the first one?

Following your train of thought

[laing]

Then wouldn't it be in Microsoft's best interest to ship all installable releases with deliberately deficient code? This way they virtually guarantee that the end user will connect for an update. In a way they are already doing this with manditory activation (some features turn off if Windows is never "activated").

Re:I've run into this and the fix isn't hard.

[Ephemeriis]

"But at least Windows doesn't require you to go to the terminal and type cryptic and scary commands just to fix little problems..."
- oft-heard criticism of Linux

Yeah... At least with Linux you know you're probably going to be messing around at the command prompt. I don't know how many times I've had a Windows machine do something odd, gone looking through the GUI for the magic checkbox that will fix things, only to eventually discover (through technical support or a KB article) that there's a command-line fix that isn't documented anywhere.

Frankly... These days I'm using the command prompt on my Windows machine just as often as I do on my Linux machine.

The real problem is ...

[vtcodger]

***Duh. Undocumented updates cause problems.***

Whereas documented updates are magically OK?

OK, OK, that's not really what you meant, and it's not your point

=====

If you ask me, the real problem is updates. Let's say that one update in 50 is significantly defective -- which is, IMHO, quite optimistic. Let us further guess that 50% of the defective updates introduce new unexpected problems rather than failing to (fully) fix the existing problem -- they do test these things. At least I hope they do. What is likely to get past testing is errors in areas that no one thought would be affected. Lets assume that there are 10 updates a week on average, and that the average time from first report to fix is four weeks.

If you just uncritically load updates, you'll download new grief every 10 weeks or so and take four weeks to get it fixed. that means that five times a year, you'll unwittingly install a significant new problem and that about 40% of the time you'll be living with one or more of these things.

IMO, the best strategy -- at least for larger operations -- is to evaluate each and every patch, and to load only those which seem absolutely necessary. Even that is not going to work all the time.

As for updates that you aren't asked about... A truly bad idea. Hopefully Microsoft and other operations that believe in automatic updates will learn their lesson from this relatively modest (we hope) fiasco and will never ever do THAT again. Memo to organizations that do that. If your QA -- who are overworked, underpaid, and probably need a vacation -- screws up at the wrong time and you put an important business sector offline for days or weeks, you are looking at a major league class action suit. Don't expect the shrinkwrap EULA to protect you.

Re:Let me be the first to say...

[YojimboJango]

This is kinda funny to me, because I had to do a recovery on my windows box last week. I eventually got so pissed off at it that I finally switched to Ubuntu. I'm finally a statistic of the people that have been burned by windows on their shady practices and switched my OS.