Microsoft 'Stealth Update' Proving Problematic

DaMan writes "According to the site WindowsSecrets, the stealth Update that Microsoft released back in August isn't quite as harmless as the company claims. The site's research has shown that when users try to do a repair to XP subsequent to the update, bad things happen. 'After using the repair option from an XP CD-ROM, Windows Update now downloads and installs the new 7.0.600.381 executable files. Some WU executables aren't registered with the operating system, preventing Windows Update from working as intended. This, in turn, prevents Microsoft's 80 latest patches from installing -- even if the patches successfully downloaded to the PC.' ZDNet's Hardware 2.0 has independently confirmed that this update adversely affects repaired XP installations: 'This issue highlights why it is vitally important that Microsoft doesn't release undocumented updates on the sly. Even the best tested update can have unpleasant side-effects, but if patches are documented properly and released in such a way that users (especially IT professionals) know they exist, it offers a necessary starting point for troubleshooting.'"

Let me be the first to say...

[morgan_greywolf]

Duh. Undocumented updates cause problems. In related news, failure to check for a buffer overflow causes software bugs.

Microflaccid strikes again

[jollyreaper]

"I will gladly patch you Tuesday for something I broke today."

Re:Subconscious or stealth push to Vista?

[Rob+T+Firefly]

"Nice PC you have here. Shame if something were to happen to it..."

The problem with MicroSoft

[phoenixwade]

This is the reason I support and use Linux. It started as a hobby, something to do with old equipment. But, now it's because of disclosure. I know what is being installed, and can choose when to update, what to update, and, If I've the time and inclination, I can take the update apart, see what it's doing, and even modify part of it.

Microsoft doesn't allow me this, and continues to fail to predict the negative consequences resulting from these choices. Apple at least gives me the option of installing an update, even though they have a bad record on the full disclosure thing too.

WTF

[Ariastis]

Wasn't it for windows update to "work properly" that those patches were released? Way to go MS, foot in mouth, lather, rinse, repeat...

Why did no antivirus s/w pick this up?

[jkrise]

A dozen system files have been updated as part of this undocumented stealth update... and yet not a single antivirus software reported this. Why?

How do these antivirus programs know for sure that these updates were 'harmless' and 'normal behaviour'.

In light of this revelation, I think corporates must now take action against these antivirus firms for not preventing this breach. Let's see what Microsoft has to say to this 'harmless' update that allows users to 'know and be informed of further updates'. A Media Defender style expose' of internal communications on this issue would be very interesting indeed.

Re:Why did no antivirus s/w pick this up?

[Etrias]

So, does an antivirus program run as a normal user process or system user process? If it is the latter, then how is it that the stealth update managed to escape attention??

And if antivirus s/w firms do not know systems programming, why do they exist at all? Looks like most anti-virus programs have been configured / patched NOT TO REPORT this particular stealth update... I cannot see any other logical explanation for this lapse
Like I mentioned, it seems that you have not ever been a Windows admin, nor have ever dealt with a large roll-out of a system patch.

Whether or not the AV program runs under a user process (highly unlikely) or a system process, it doesn't matter. You're ignoring what AV programs are looking for anyway. If a trusted process and service (windows update) run by a trusted user (SYSTEM), the chances that the AV program is even going to log such activity is doubtful. As far as the AV program is concerned, the service (Windows Update) is doing it's job...which in a way, it is. Windows Update has the control to change system files. No big secret there.

You seem to think that every time a system file gets updated by whatever process, that should be flagged and prevented. It's not some rogue program that is being run to update the files, it's the WU service that's on every single XP (and other MS OS's) machine out there.

Like I said, I'm not defending MS on this...no one I bitch about more. But to say that the AV companies have culpability on this, that's off the mark. A trusted Windows service did what it was built to do. Nothing to see here. Move along.

Re:Why did no antivirus s/w pick this up?

[Etrias]

Monitoring system accounts and special accounts is the first job of any antivirus software. Viruses, worms and trojans run with full system access, not restricted user access.
If a virus or trojan has that access already, you're screwed anyway. Might as well wipe the box and start over. However, to get that access, they usually need an exploit or to run an executable to grant them that access.

I don't think you have a very good understanding of what a virus program is expected to do. If a system account isn't allowed the power to update system files, then why have it in the first place?

Re: Broken Process

[TaoPhoenix]

Maybe they forgot to rinse.

The lather-repeat caused a buffer overflow.

Re:I've run into this and the fix isn't hard.

[radarsat1]

"But at least Windows doesn't require you to go to the terminal and type cryptic and scary commands just to fix little problems..."
- oft-heard criticism of Linux

Leave Microsoft alone.

How fucking dare anyone out there make fun of Microsoft after all it has been through?

Its stock price has stagnated. Google made Steve Ballmer mad. He threw two fucking chairs.

Ray Ozzie turned out to be a blogger, and now he's posting a bunch of comments. All you people care about is readers and making money off of them.

It's a corporation! What you don't realize is that Microsoft is making you all this money and all you do is write a bunch of crap about it.

It hasn't made a good OS in years. Its spreadsheet is called "excel" for a reason because all you people want is EXCELLENCE! EXCELLENCE! EXCELLENCE!

LEAVE IT ALONE! You are lucky it even makes products for you bastards! LEAVE MICROSOFT ALONE!

Please!

CmdrTaco talked about professionalism and said if Steve Ballmer was a professional he would've monkey danced no matter what.

Speaking of professionalism, when is it professional to publicly bash a company who is going through a hard time?

Leave Microsoft alone, please.

LEAVE MICROSOFT ALONE RIGHT NOW. I MEAN IT.

Anyone that has a problem with it you deal with me, because it is not well right now.

LEAVE IT ALONE!

Re:I've run into this and the fix isn't hard.

[z0idberg]

reminds em of this little ditty:

from here: http://bash.org/?464385
 

@insomnia >>it only takes three commands to install Gentoo

@insomnia >>cfdisk /dev/hda && mkfs.xfs /dev/hda1 && mount /dev/hda1 /mnt/gentoo/ && chroot /mnt/gentoo/ && env-update && . /etc/profile && emerge sync && cd /usr/portage && scripts/bootsrap.sh && emerge system && emerge vim && vi /etc/fstab && emerge gentoo-dev-sources && cd /usr/src/linux && make menuconfig && make install modules_install && emerge gnome mozilla-firefox openoffice && emerge grub && cp /boot/grub/grub.conf.sample /boot/grub/grub.conf && vi /boot/grub/grub.conf && grub && init 6

@insomnia >>that's the first one

The real problem is ...

[vtcodger]

***Duh. Undocumented updates cause problems.***

Whereas documented updates are magically OK?

OK, OK, that's not really what you meant, and it's not your point

=====

If you ask me, the real problem is updates. Let's say that one update in 50 is significantly defective -- which is, IMHO, quite optimistic. Let us further guess that 50% of the defective updates introduce new unexpected problems rather than failing to (fully) fix the existing problem -- they do test these things. At least I hope they do. What is likely to get past testing is errors in areas that no one thought would be affected. Lets assume that there are 10 updates a week on average, and that the average time from first report to fix is four weeks.

If you just uncritically load updates, you'll download new grief every 10 weeks or so and take four weeks to get it fixed. that means that five times a year, you'll unwittingly install a significant new problem and that about 40% of the time you'll be living with one or more of these things.

IMO, the best strategy -- at least for larger operations -- is to evaluate each and every patch, and to load only those which seem absolutely necessary. Even that is not going to work all the time.

As for updates that you aren't asked about... A truly bad idea. Hopefully Microsoft and other operations that believe in automatic updates will learn their lesson from this relatively modest (we hope) fiasco and will never ever do THAT again. Memo to organizations that do that. If your QA -- who are overworked, underpaid, and probably need a vacation -- screws up at the wrong time and you put an important business sector offline for days or weeks, you are looking at a major league class action suit. Don't expect the shrinkwrap EULA to protect you.

Re:The real problem is ...

[jvkjvk]

. Memo to organizations that do that. If your QA -- who are overworked, underpaid, and probably need a vacation -- screws up at the wrong time and you put an important business sector offline for days or weeks, you are looking at a major league class action suit. Don't expect the shrinkwrap EULA to protect you. And why not? How many times have there already been problems that put important business sectors offline for days or weeks and not one software vendor has suffered a class action suit, or even any repercussions beyond ultimately (and most times not even then) having to say "Oops! My bad!" ?

I have no idea what is "protecting" these software vendors other than the halo that we are dealing with software and everyone expects things to go very bad once and a while in the field but the threat of lawsuits at this point is laughable.

Note: I am merely reporting on the actual state of things, this does not mean I agree with it.

enterprise ready operating system

[number6x]

You have zeroed in on the heart of this problem with laser like precision. I couldn't agree more.

If you run a business on an OS you need to know the details of upgrades. You need to test all upgrades against your production machines before applying the upgrade.

I am not talking about a home desktop, or even a corporate desktop system here. Think about computers used to control water or fuel delivery. Maybe a system that reconciles ATM transactions at a bank, or adjusts inventory databases from sales at retail locations, or the automated system that routes calls to a city's 911 emergency center.

Businesses and Governments depend on many customized pieces of software day in and day out. All software changes must be tested and shown to have no ill effects before thay are applied to enterprise production systems.

Any OS that does not allow the user to control the application of patches and updates, and instead updates systems by stealth, is not ready for the enterprise.

Think about the problems that could result if people use an OS like Windows in misssion critical applications that involve lives.

Even if lives are not involved businesses cannot tolerate amateur stunts like stealth patches from an OS vendor. They could lose billions of dollars trying to find out the cause of a problem.

This highlights how out of touch Microsoft is with the needs of enterprise level customers.