Microsoft 'Stealth Update' Proving Problematic

DaMan writes "According to the site WindowsSecrets, the stealth Update that Microsoft released back in August isn't quite as harmless as the company claims. The site's research has shown that when users try to do a repair to XP subsequent to the update, bad things happen. 'After using the repair option from an XP CD-ROM, Windows Update now downloads and installs the new 7.0.600.381 executable files. Some WU executables aren't registered with the operating system, preventing Windows Update from working as intended. This, in turn, prevents Microsoft's 80 latest patches from installing -- even if the patches successfully downloaded to the PC.' ZDNet's Hardware 2.0 has independently confirmed that this update adversely affects repaired XP installations: 'This issue highlights why it is vitally important that Microsoft doesn't release undocumented updates on the sly. Even the best tested update can have unpleasant side-effects, but if patches are documented properly and released in such a way that users (especially IT professionals) know they exist, it offers a necessary starting point for troubleshooting.'"

Let me be the first to say...

[morgan_greywolf]

Duh. Undocumented updates cause problems. In related news, failure to check for a buffer overflow causes software bugs.

Re:Let me be the first to say...

[igny]

That is why I have a clean reinstall for all Winboxes every Tuesday.

Re:Let me be the first to say...

[YojimboJango]

This is kinda funny to me, because I had to do a recovery on my windows box last week. I eventually got so pissed off at it that I finally switched to Ubuntu. I'm finally a statistic of the people that have been burned by windows on their shady practices and switched my OS.

Just let us patch the systems

[192939495969798999]

Why not just let everyone patch their systems, and shut off the "non genuine" check or whatever is blocking this? Why wouldn't you want people to patch the systems? Doesn't an unpatched and infected system equate more directly to lost revenue than a "non-genuine" flagged system?

Re:Just let us patch the systems

[musikit]

to me it seems that MS is charging for updates (or wanting to move toward charging for updates) to windows now instead of for windows itself. since if i warez windows i have a perfectly good machine with an OS it is only for updates that i am forced to actually pay for windows.

to me it seems that a large majority of issues with windows can be solved in 3 ways
1. dont use the OS "Add ons" (ie outlook msn messager etc)
2. use a properly configured firewall
3. dont be an idiot.

i have no problem following these 3 rules to save $300 on my OS.

Microflaccid strikes again

[jollyreaper]

"I will gladly patch you Tuesday for something I broke today."

Subconscious or stealth push to Vista?

[Bearhouse]

I guess their focus & therefore resources will switch more and more to Vista, so this kind of thing will probably happen with increasing frequency.

Re:Subconscious or stealth push to Vista?

[Rob+T+Firefly]

"Nice PC you have here. Shame if something were to happen to it..."

Re:Subconscious or stealth push to Vista?

[Frosty+Piss]

True. They have a tough road ahead to make Vista live up to Win98. But seriously, I suspect that there are many great code advances in Vista, and that if it where not encombered by paranoid we-must-control-the-consumer DRM security model, it might actually be better than XP. As long as the consumer (vs corporate) is not Microsoft's actual customer, they will continue to offer the opertunity for user friendly Linux distros like Ubuntu to gain market share.

Re:Subconscious or stealth push to Vista?

[Frosty+Piss]

It was a "joke". I can't think of much worse than Win98...

The problem with MicroSoft

[phoenixwade]

This is the reason I support and use Linux. It started as a hobby, something to do with old equipment. But, now it's because of disclosure. I know what is being installed, and can choose when to update, what to update, and, If I've the time and inclination, I can take the update apart, see what it's doing, and even modify part of it.

Microsoft doesn't allow me this, and continues to fail to predict the negative consequences resulting from these choices. Apple at least gives me the option of installing an update, even though they have a bad record on the full disclosure thing too.

Re:The problem with MicroSoft

I know what is being installed

You know whats installed, eh? So you go through and check the source of all code that is being installed on your Linux box? I understand the idea that because it is open source, there must be no problems with what you are installing, but don't make the false assumption of this, because as Linux becomes more and more popular the chance of something getting on your system that you were unaware of will most likely grow. Everything might not always be so hunkydory.

Re:The problem with MicroSoft

[apparently]

at a minimum, if any given end-user doesn't have the time or ability to look at the source of each piece of code, there is a worldwide community of individuals who can pool their time and ability to dive into the source, and if anything suspicious or odd is going on, there's a good chance (at least compared to closed-source) that it will be found and reported. So even the Linux newbs who don't know source code from morse code still benefit. (disclaimer: naturally, it's not completely so rosy. Any given grandma isn't going to be looking up this information, but I think the point is still valid)

WTF

[Ariastis]

Wasn't it for windows update to "work properly" that those patches were released? Way to go MS, foot in mouth, lather, rinse, repeat...

Why did no antivirus s/w pick this up?

[jkrise]

A dozen system files have been updated as part of this undocumented stealth update... and yet not a single antivirus software reported this. Why?

How do these antivirus programs know for sure that these updates were 'harmless' and 'normal behaviour'.

In light of this revelation, I think corporates must now take action against these antivirus firms for not preventing this breach. Let's see what Microsoft has to say to this 'harmless' update that allows users to 'know and be informed of further updates'. A Media Defender style expose' of internal communications on this issue would be very interesting indeed.

Re:Why did no antivirus s/w pick this up?

[Etrias]

A dozen system files have been updated as part of this undocumented stealth update... and yet not a single antivirus software reported this. Why?
How do these antivirus programs know for sure that these updates were 'harmless' and 'normal behaviour'.
In light of this revelation, I think corporates must now take action against these antivirus firms for not preventing this breach. Let's see what Microsoft has to say to this 'harmless' update that allows users to 'know and be informed of further updates'. A Media Defender style expose' of internal communications on this issue would be very interesting indeed.
Updates are run under the system user process. If you had ever been a Windows admin, you'd know that there are all sorts of ways to hide updates and the like from users...which means that there's something in the process that MS can enable to hide it from their users. The reason no AV caught it is because it was using an update service already approved by the AV program and was running it under the already accepted system user.

I'm not saying that I approve of their actions, I don't. But just because an AV program didn't pick it up isn't surprising, nor should they have.

Re:Why did no antivirus s/w pick this up?

[alexhs]

A dozen system files have been updated as part of this undocumented stealth update... and yet not a single antivirus software reported this. Why? 1) Most antivirus software can only detect known viruses. They do not detect viral activity, only a numeric signature. Won't detect stealth updates, if that update doesn't match a signature.

2) For the few behavioral antivirus software, my guess is that they're monitoring activity under some user accounts, and that they're not able to monitor activity of the "System" accounts and other special accounts.

Re:Why did no antivirus s/w pick this up?

[jkrise]

Updates are run under the system user process. If you had ever been a Windows admin, you'd know that there are all sorts of ways to hide updates and the like from users

So, does an antivirus program run as a normal user process or system user process? If it is the latter, then how is it that the stealth update managed to escape attention??

And if antivirus s/w firms do not know systems programming, why do they exist at all? Looks like most anti-virus programs have been configured / patched NOT TO REPORT this particular stealth update... I cannot see any other logical explanation for this lapse.

Re:Why did no antivirus s/w pick this up?

[Etrias]

So, does an antivirus program run as a normal user process or system user process? If it is the latter, then how is it that the stealth update managed to escape attention??

And if antivirus s/w firms do not know systems programming, why do they exist at all? Looks like most anti-virus programs have been configured / patched NOT TO REPORT this particular stealth update... I cannot see any other logical explanation for this lapse
Like I mentioned, it seems that you have not ever been a Windows admin, nor have ever dealt with a large roll-out of a system patch.

Whether or not the AV program runs under a user process (highly unlikely) or a system process, it doesn't matter. You're ignoring what AV programs are looking for anyway. If a trusted process and service (windows update) run by a trusted user (SYSTEM), the chances that the AV program is even going to log such activity is doubtful. As far as the AV program is concerned, the service (Windows Update) is doing it's job...which in a way, it is. Windows Update has the control to change system files. No big secret there.

You seem to think that every time a system file gets updated by whatever process, that should be flagged and prevented. It's not some rogue program that is being run to update the files, it's the WU service that's on every single XP (and other MS OS's) machine out there.

Like I said, I'm not defending MS on this...no one I bitch about more. But to say that the AV companies have culpability on this, that's off the mark. A trusted Windows service did what it was built to do. Nothing to see here. Move along.

Re:Why did no antivirus s/w pick this up?

[Etrias]

Monitoring system accounts and special accounts is the first job of any antivirus software. Viruses, worms and trojans run with full system access, not restricted user access.
If a virus or trojan has that access already, you're screwed anyway. Might as well wipe the box and start over. However, to get that access, they usually need an exploit or to run an executable to grant them that access.

I don't think you have a very good understanding of what a virus program is expected to do. If a system account isn't allowed the power to update system files, then why have it in the first place?

Re:Why did no antivirus s/w pick this up?

[Etrias]

Ah yes, good point. But still moot as Windows Update would end up being on the trusted list almost immediately.

However, turning that around, Windows Update isn't on the blacklist. Why should it be logged as changing the files? Even AV programs that do heuristic scanning aren't really going to notice WU doing it's job.

Re:Why did no antivirus s/w pick this up?

[DrgnDancer]

You're asking for a nightmare... Can you imagine trying to do a big update (say a service pack) with your AV flagging every single file? You'd spend days clicking "Yes, install the File"The AV assumes that WU is updating Windows... It's what Windows Update does, the alternative would be to never get anything done as your AV tries valiantly to block every update MS puts out.

Have to get away from the "patch" concept

[dpbsmith]

I'm not sure what the answer is, but someone has got to work out better technology for designing and updating operating systems. For thirty years now, we've had operating systems that only work as perfect integrated wholes, and operations called "installation" and "uninstallation" and "updates" and "patches" which are basically ad-hoc processes for which the operating system offers relatively little support.

Everything depends on everything else. After a few years of updates and software installation, whether on Windows or Mac OS X (no, I can't speak to Linux so if Linux solves all these problems I plead ignorance), almost every system is in a slightly broken state, and you just hope it isn't intolerably broken. Talk to any average mom 'n dad and they'll say "Things that used to work fine on our computer aren't working any more, I guess it's just time to buy a new computer."

Some new way of building operating systems is needed that reduces the interdependence of its components.

Re:Have to get away from the "patch" concept

[MobyDisk]

IMHO, this is what package managers solve, and Microsoft still hasn't gotten the idea right. In the Windows world, applications just drop files wherever they want and that's an install. In Linux using rpm or deb packages, every file on the system is part of a master database that indicates what package it is a part of, and what the interdependencies are. So long as everyone creates proper packages, these problems go away.

The down side is that many packages aren't created properly, which results in rpm hell like as-in dll hell. But done properly, it is utopia. (Properly -- No source code packages, no packages with incorrect version numbering like "2.0alpha" comes before "2.0", no "this package depends on a dozen files in some absurd directory that only appears in my distro")

Re:Have to get away from the "patch" concept

[mollymoo]

Package managers do not solve the problem, they just handle most of the hassle for you. If anything, they exacerbate the problem by encouraging the very interdependencies they are necessary to handle. I'm not much of a fan of the shared library concept for anything other than "system" files (for a fairly broad definition of "system") because of the installation and "maintenance" hassles they create. You may have a dozen programs which use a particular library, but do you ever run them all at once? Probably not. So just keep a dozen copies on disk; that way they can all be different versions if needs be. Occasionally you'll get two copies of essentially the same code in RAM, but library code generally isn't usually the bulk of your RAM usage. Once you get rid of the idea of sharing files between programs your software installation worries cease to exist, because installation ceases to exist. You just have one executable blob which you can copy anywhere. A good proportion of Mac applications work this way and trust me, it beats the shit out of apt, portage or any other package manager I've tried. It takes almost zero user effort. Zero maintenance. It is hugely reliable.

Re:Have to get away from the "patch" concept

[MobyDisk]

This is interesting - I've wanted to have this discussion with someone. While I agree with your reasoning on shared -vs- static libraries, I don't agree your estimation of the impact of static libraries.

because of the installation and "maintenance" hassles they create. One big savings of shared libraries is that if a vulnerability is fixed in libpng, you don't have to update 25 apps. And the authors of those apps don't have to repackage their app. And old projects that aren't in active development can still take advantage of the security fixes. Same with performance improvements and bug fixes. It saves a lot of redundant updating.

This is also why I preface the discussion with "proper" packaging. I encounter lots of packages that have incorrectly stated dependencies. If I recall, every rpm/apt problem I ever had could be traced down to some package that stated a dependency incorrectly. Like it requires an exact version of a particular library when it really didn't. Or a library was made incompatible in an update, but the version number was not incremented by a whole number (Ex: version 1.02 is not compatible with 1.01 so all apps saying they need 1.0 or above break).

You may have a dozen programs which use a particular library, but do you ever run them all at once? Probably not. My guess is "most of the time" -- I'm using Windows right now, but let' see what I'm running: Firefox, Mozilla, Trillian, Notepad, Skype, Virtual PC, Zone-Alarm, a VPN client, a volume meter, an anti-virus program, Visual Studio, RapidSVN, Photoshop, a SQL server... My guess is that all of those share at least the C/C++ runtimes. Probably also share 2 dozen Windows API DLLs. COM libraries are common. Half of them use libpng, libjpg, etc. There's a lot of re-used libraries there.

So just keep a dozen copies on disk; that way they can all be different versions if needs be. I agree that disk space isn' t really a big deal. Graphics and icons usually take more space than code. But the packaging solutions we are discussing allow you to have multiple different versions in place at once. In Windows with DLLs, this is hard, but on Linux it is very easy since the library version is in the file name and symlinks + intelligence in ld can make things bind to whatever version they need.

Overall, I think you underestimate the number of shared libraries each application uses. That measurement is really what would make the tipping point on this point. If the memory savings is minimal, and I didn't require updating too many apps when a bug was fixed, and if old apps could somehow be magically updated... then yeah, static libraries would be better.

I've run into this and the fix isn't hard.

[domatic]

I ran into this a couple of weeks ago. When the attempt to use update.microsoft.com fails, the "troubleshooter" will direct you to a Knowledge Base article that advises you to do the following:

At the command prompt, type the following commands, press ENTER after each command, and then click OK every time that you receive a verification message: regsvr32 wuapi.dll
regsvr32 wuaueng1.dll
regsvr32 wuaueng.dll
regsvr32 wucltui.dll
regsvr32 wups2.dll
regsvr32 wups.dll
regsvr32 wuweb.dll


Once that is done, you'll be able to use Microsoft Update again.

Re:I've run into this and the fix isn't hard.

[ColdWetDog]

Oh good and thanks. I'll call up my mom and tell her to do just that to her machine.

Re:I've run into this and the fix isn't hard.

[radarsat1]

"But at least Windows doesn't require you to go to the terminal and type cryptic and scary commands just to fix little problems..."
- oft-heard criticism of Linux

Re:I've run into this and the fix isn't hard.

[mcmonkey]

I ran into this a couple of weeks ago. When the attempt to use update.microsoft.com fails, the "troubleshooter" will direct you to a Knowledge Base article [microsoft.com] that advises you to do the following:

Go to http://windizupdate.com/ with a supported (non-IE) browser.

Once that is done, you'll never have to use Microsoft Update again.

That's something you can tell your grandmother over the phone.

Re:I've run into this and the fix isn't hard.

[berashith]

wow, what a great idea. I think I am going to find a way to create list of commands that can be run instead of having users type the commands themselves. I will call this scripting. You windows people think of everything.

Re:I've run into this and the fix isn't hard.

[z0idberg]

reminds em of this little ditty:

from here: http://bash.org/?464385
 

@insomnia >>it only takes three commands to install Gentoo

@insomnia >>cfdisk /dev/hda && mkfs.xfs /dev/hda1 && mount /dev/hda1 /mnt/gentoo/ && chroot /mnt/gentoo/ && env-update && . /etc/profile && emerge sync && cd /usr/portage && scripts/bootsrap.sh && emerge system && emerge vim && vi /etc/fstab && emerge gentoo-dev-sources && cd /usr/src/linux && make menuconfig && make install modules_install && emerge gnome mozilla-firefox openoffice && emerge grub && cp /boot/grub/grub.conf.sample /boot/grub/grub.conf && vi /boot/grub/grub.conf && grub && init 6

@insomnia >>that's the first one

Re:I've run into this and the fix isn't hard.

[Ephemeriis]

"But at least Windows doesn't require you to go to the terminal and type cryptic and scary commands just to fix little problems..."
- oft-heard criticism of Linux

Yeah... At least with Linux you know you're probably going to be messing around at the command prompt. I don't know how many times I've had a Windows machine do something odd, gone looking through the GUI for the magic checkbox that will fix things, only to eventually discover (through technical support or a KB article) that there's a command-line fix that isn't documented anywhere.

Frankly... These days I'm using the command prompt on my Windows machine just as often as I do on my Linux machine.

Re: Broken Process

[TaoPhoenix]

Maybe they forgot to rinse.

The lather-repeat caused a buffer overflow.

I got bitten by this

[arkhan_jg]

I'm actually in the process of upgrading a windows 2000 image to XP Pro (no, it can't be a clean install, it's a long and dull story), and got bit by this bug. When I searched for the error number associated with the windows update failure on technet, I did come up with technet article explaining how to register the windows update dll's to fix it (as also listed in the linked article). I just assumed it was an odd bug because of all the cruft in the windows 2000 install.

Now I find out it's because of a broken secret mandatory update to the DRM that breaks windows update altogether. Nice one Microsoft!

I had another bug after that windows update, http://support.microsoft.com/kb/883821
That took a lot longer to fix, as none of those listed fixed it. Perhaps that was also related? Lovely.

Microsoft XP updates....same old story.

[CodeShark]

We remember how the Win9X upgrade fiascoes resulted in so many new breakages that ultimately MS pulled the plug and went completely with the NT code base for Windows. So I am very cautious using MS supplied updates at all.

But earlier this year I had to allow a client's machine to use an XP service patch or be have to tell the user that the machine would be out of warranty both from the OEM and Microsoft.

The patch (SP2) froze the computer completely after an aborted install that the screen recorded as having been successfully uninstalled. It took nearly 20 hours of non-stop attempts plus two service calls to avoid having to wipe the disk -- which was not an option -- and afterwards the "Genuine Advantage" program still wants more updates.

Not surprisingly, I won't be recommending Microsoft on their next desktops. Ubuntu will be fine.

My experience

[bogaboga]

In addition to Kubuntu, I am using WIndows XP professional and was not really sure my woes with the system were because of these stealth updates. But I can say that sound would automatically mute itself whether Windows Media Player or any other media player was playing or not.

I thought this was because of Skype, Windows Media Player, VLC Player or Real Player. I installed new versions of all of these apps but this did not help. I struggled with this problem and found little help, even from Microsoft itself. The good thing is that Windows XP has a [neat] feature that rolls the system back to its previous configuration. This is what I used and had this problem solved.

But I then wondered whether we in the Linux world have anything comparable to the feature that helped me roll back my settings in Windows XP Professional. I haven't found one! Have I looked hard enough of am I looking in the wrong places?

Re:My experience

[pintpusher]

I'm not trolling, seriously.

I can't speak to the internal reasons behind windows decision to include that feature (though I have a couple good guesses), but based on the number of people I know who think a backup is when the white lights come on at the back of the car, its a much needed feature. This is what backups are for people. No matter what OS. a proper backup scenario would allow recovery from any problem like this. In the linux world, due to plaintext config files and the modular nature of the system, you can even restore selective parts of the system and get back to a usable state pretty easily.

SO to answer your question about system restore in linux, just keep good backups of /etc, multiple kernels installed, and if you're really worried, or don't understand how to manually tweak your update system to allow rollbacks, then back up /[s]bin, and /usr/[s]bin and you're probably good. Its not that hard.

Are They Serious?

[ThinkFr33ly]

Do these people realize that the ENTIRE POINT of Microsoft forcing the Windows Update patch was to make sure that future updates would trigger whatever policies the user had selected for the machine?

In other words, if Microsoft had not updated Windows Update automatically, and a user had chosen to be notified of future updates, these notifications would not work. The only way to ensure that the user's settings were properly respected was to update Windows Update.

So now this article says that the silent update wasn't harmless because Windows Update was broken after they did a restore. Do they realize that without this update, Windows Update *definitely* wouldn't work, and that the fact that this update may have a bug in it regarding restoration is completely besides the point?

Should Microsoft have made it more clear that they were doing an update? Yes. Is this update proof of Microsoft's desire to ignore user preferences and do whatever the hell they want? Obviously not.

Re:Are They Serious?

[sqlrob]

So it warns that Windows Update is the one needing update. They've done it before.

Leave Microsoft alone.

How fucking dare anyone out there make fun of Microsoft after all it has been through?

Its stock price has stagnated. Google made Steve Ballmer mad. He threw two fucking chairs.

Ray Ozzie turned out to be a blogger, and now he's posting a bunch of comments. All you people care about is readers and making money off of them.

It's a corporation! What you don't realize is that Microsoft is making you all this money and all you do is write a bunch of crap about it.

It hasn't made a good OS in years. Its spreadsheet is called "excel" for a reason because all you people want is EXCELLENCE! EXCELLENCE! EXCELLENCE!

LEAVE IT ALONE! You are lucky it even makes products for you bastards! LEAVE MICROSOFT ALONE!

Please!

CmdrTaco talked about professionalism and said if Steve Ballmer was a professional he would've monkey danced no matter what.

Speaking of professionalism, when is it professional to publicly bash a company who is going through a hard time?

Leave Microsoft alone, please.

LEAVE MICROSOFT ALONE RIGHT NOW. I MEAN IT.

Anyone that has a problem with it you deal with me, because it is not well right now.

LEAVE IT ALONE!

No one saw this coming...

[Loosifur]

The thing about this "stealth update" that riles me up is that it's indicative of the patronizing, "we know better than you" attitude that Microsoft has towards its customers. They just decided that anyone running Windows would get this update and that's that. Now, wonder of wonders, it's causing problems. Does anyone really think that they'll address this problem in a reasonable, responsible way? Or will they just release ANOTHER patch at 3:00 in the morning to fix the first one?

Re: No one saw this coming...

[blueZhift]

Sadly, for the vast majority of Windows users, the patronizing attitude is probably the least painful approach. Like most here on /., I don't take too kindly to MS slipping unauthorized patches onto my systems. But for mom, pop, and grandma, well what they don't know might be good for them. Telling them too much would just confuse them and result in expensive tech support calls. So MS rolls the dice that most won't have a problem with the update and won't care to know the details anyway.

I'm not saying people should be like this, but it is often the case.

Following your train of thought

[laing]

Then wouldn't it be in Microsoft's best interest to ship all installable releases with deliberately deficient code? This way they virtually guarantee that the end user will connect for an update. In a way they are already doing this with manditory activation (some features turn off if Windows is never "activated").

Re:Following your train of thought

[Pharmboy]

Then wouldn't it be in Microsoft's best interest to ship all installable releases with deliberately deficient code?

Are you saying they aren't?

Re:Following your train of thought

[sg_oneill]

Well it wouldn't be the first time. See the (early) Windows deliberately crashing on DR-Dos fiasco.

That explains the trouble I had!

[TheRealBurKaZoiD]

FTFA:

"This, in turn, prevents Microsoft's 80 latest patches from installing -- even if the patches successfully downloaded to the PC."

That the trouble I had recently! A few weeks ago, a friend asked me to clean up three of her family computers that were crawling with spyware/adware, and trojans, as well as upgrade them from WinXP Home to WinXP Pro. I got them cleaned up fine, and did the upgrade. After booting to the desktop the first time, I ran Windows Update to grab the latest patches. On all three machines, WU would install some needed components, reboot, download all outstanding patches (approximately 80+), and then fail on the install on every single update.

Windows Update would NOT run without erroring out. It took me a few hours to realize I had to manually re-register all of the components for windows update, after which I also had to delete ALL of the downloaded patches, as well as all of the $NTUninstallKBXXXXX stuff.

Then again, maybe I just did the update wrong three times in a row?

They already have a solution to this.

[InfinityWpi]

And it should be obvious to anyone who knows the company... upgrade to Vista, and you won't have to worry about repairing your XP installation anymore!

Who says this is an -unintended- side effect?

This will spur the Vista sales

[140Mandak262Jamuna]

The stealth "upgrade" will make XP quite unstable. And MS will just say, XP has been end-of-lifed and Vista upgrade will fix the problems. Then Wall Street will get comfortable numbers about Vista sales. Things will continue as normal.

Re:Are They Serious? Nope.

[canuck57]

What a long winded way to say the Windows update is such a horrible mess it isn't funny.

Me, I like rolled up file based updates. Download it and save it off. When the beta testers say it is OK, I apply. I have earned with over 20 OSes behind me that you patch to point in time from proven groups of patches. This idea of "auto" update is so fundamentally flawed...

The real problem is ...

[vtcodger]

***Duh. Undocumented updates cause problems.***

Whereas documented updates are magically OK?

OK, OK, that's not really what you meant, and it's not your point

=====

If you ask me, the real problem is updates. Let's say that one update in 50 is significantly defective -- which is, IMHO, quite optimistic. Let us further guess that 50% of the defective updates introduce new unexpected problems rather than failing to (fully) fix the existing problem -- they do test these things. At least I hope they do. What is likely to get past testing is errors in areas that no one thought would be affected. Lets assume that there are 10 updates a week on average, and that the average time from first report to fix is four weeks.

If you just uncritically load updates, you'll download new grief every 10 weeks or so and take four weeks to get it fixed. that means that five times a year, you'll unwittingly install a significant new problem and that about 40% of the time you'll be living with one or more of these things.

IMO, the best strategy -- at least for larger operations -- is to evaluate each and every patch, and to load only those which seem absolutely necessary. Even that is not going to work all the time.

As for updates that you aren't asked about... A truly bad idea. Hopefully Microsoft and other operations that believe in automatic updates will learn their lesson from this relatively modest (we hope) fiasco and will never ever do THAT again. Memo to organizations that do that. If your QA -- who are overworked, underpaid, and probably need a vacation -- screws up at the wrong time and you put an important business sector offline for days or weeks, you are looking at a major league class action suit. Don't expect the shrinkwrap EULA to protect you.

Re:The real problem is ...

[jvkjvk]

. Memo to organizations that do that. If your QA -- who are overworked, underpaid, and probably need a vacation -- screws up at the wrong time and you put an important business sector offline for days or weeks, you are looking at a major league class action suit. Don't expect the shrinkwrap EULA to protect you. And why not? How many times have there already been problems that put important business sectors offline for days or weeks and not one software vendor has suffered a class action suit, or even any repercussions beyond ultimately (and most times not even then) having to say "Oops! My bad!" ?

I have no idea what is "protecting" these software vendors other than the halo that we are dealing with software and everyone expects things to go very bad once and a while in the field but the threat of lawsuits at this point is laughable.

Note: I am merely reporting on the actual state of things, this does not mean I agree with it.

95 to 98 compared to XP to Vista

[CritterNYC]

I believe the reference is to how well Windows 98 (and 98 SE) was received by Windows 95 users (98 offered lots of good fixes and new features over 95) as opposed to how poorly Windows Vista is being received by Windows XP users (since it doesn't really offer any must-have features or bug fixes).

Re: windows and linux problems

[Medievalist]

I've set it to default to Windows, because windows boots over and over, sometimes for hours, before it finally relents and comes to life. I've suspected a BIOS setting it doesn't like, or that Windows wants its own FAT instead of LILO, but could it be that Windows is trying to phone home, even though my internet access has been shut off for a couple of months? Even though it's a fresh install and the PC hasn't been connected to the internet since before the install? Sounds like a hardware problem, to be honest. Like a bad bit or two in low memory, for example... do you have memory testing turned on in your BIOS? If it's set to "fast boot" it will skip nearly all useful testing, fast boot is just a way to generate money for PC repair shops. :)

And do thay have any idea what a pain in the ass it is to "register" that God damned OS without internet access? Don't remember if I've tried it with Windows, but for most windows programs that nag for registration you just tell it you'll register by snail mail, when it asks for a printer tell it to print the registration page to a file, and delete the file at your leisure.

If I could get the S-Video out to work with Linux, XP would be history on my PC. If you've got a Hauppage card, ivtv will probably do the job for you. If not, post your card type (preferably including video output chipset information, if you can figure out how to get that... sometimes it's in dmesg) in a MythTV forum. The myth guys are generally pretty helpful, if you are even minimally polite.

enterprise ready operating system

[number6x]

You have zeroed in on the heart of this problem with laser like precision. I couldn't agree more.

If you run a business on an OS you need to know the details of upgrades. You need to test all upgrades against your production machines before applying the upgrade.

I am not talking about a home desktop, or even a corporate desktop system here. Think about computers used to control water or fuel delivery. Maybe a system that reconciles ATM transactions at a bank, or adjusts inventory databases from sales at retail locations, or the automated system that routes calls to a city's 911 emergency center.

Businesses and Governments depend on many customized pieces of software day in and day out. All software changes must be tested and shown to have no ill effects before thay are applied to enterprise production systems.

Any OS that does not allow the user to control the application of patches and updates, and instead updates systems by stealth, is not ready for the enterprise.

Think about the problems that could result if people use an OS like Windows in misssion critical applications that involve lives.

Even if lives are not involved businesses cannot tolerate amateur stunts like stealth patches from an OS vendor. They could lose billions of dollars trying to find out the cause of a problem.

This highlights how out of touch Microsoft is with the needs of enterprise level customers.

Re:enterprise ready operating system

[smellsofbikes]

It seems like there's an obvious way of doing this, already organized with Windows distribution: Windows Beginner, Windows Home Edition, Windows Water Wings And Training Wheels edition, Windows For Dummies, and Windows-Cheapo-Walmart-Box come with updates enabled; Windows Ultimate, Windows Business, Windows Corporate, and Windows Damn I Paid A Lot For This License come with updates disabled but a little pop-up informs users that new updates are available, and Windows Yes I Do Actually Know What I'm Doing lets users update the patches themselves.