Slashdot Mirror
What's Really Broken with Windows Update - Trust
Be Cool writes "According to ZDNet, Microsoft has steered itself into a real trust tarpit with Windows Update: 'See, here's the problem. To feel comfortable with having an open channel that allows your OS to be updated at the whim of a third party (even/especially* Microsoft ... * delete as applicable) requires that the user trusts the third party not to screw around with the system in question. This means no fiddling on the sly, being clear about what the updates do and trying not to release updates that hose systems. While any and all updates have the potential to hose a system, there's no excuse for hiding the true nature of updates and absolutely no excuse for pushing sneaky updates down the tubes. Over the months vigilant Windows users have caught Microsoft betraying user trust on several separate occasions and this behavior is eroding customer confidence in the entire update mechanism.'"
This may have been a bad move, but Microsoft knows that in actuality there's nothing the users (corporate and private alike) are really going to do about this. They may complain a bit; write some unpleasant articles in some online sites/blogs, but at the end of the day you're still going to be using their stuff. Effectively saying "just suck it down and shut up". And in reality, this is what 99.999999% of Windows users are going to do.
If you have an effective monopoly, trust really doesn't matter.
-USR1
Anyone who trusts Microsoft after the past two decades of dirty behavior is a fool.
"I've got more toys than Teruhisa Kitahara."
Even without TPM, even without CPU serial numbers, if the update software has to change my computer without telling me, it is operating out of bounds. I can't trust it in enterprise; I can't trust it at home; I can't trust it as an install or development environment.
kris_lang
How about full disclosure about what's changing on YOUR PC? There's no reason why MS can't provide that in a timely, good, cheap manner. The real problem is that MS is a monopoly, and they can do whatever they want, and there's no other product that users can easily switch to.
I totally agree with the tag that reads "editorsdontgetit". The problem with having this stealth update capability in the first place is that it's a clear and obvious vector for attack and p0wn4g3.
If somebody figures out how to hack these stealth updates (and now that people know the capability exists they will definitely try), then we can all look forward to the time when a rootkit or other exploit is pushed down to machines and installed with the blessing of the OS and the complete ignorance of the person whose machine just got screwed. And it'll look like a legitimate update as far as all parties are concerned after the fact.
The author claims that it's a "Bad Thing(tm)" when people eventually decide to pull the plug on Windows Update, and I agree given all the legitimate patches that have been made available this way. But on the other hand, what choice do we have? Do we leave a door open that has been proven to be used in an untrustworthy fashion by the very people that are telling us to trust them and that they're making our machines better/safer/++?
Will somebody please start writing games for Linux so I can be free of this nonsense?
C
The Sun is proof that we can't even do fire properly.
That has nothing to do with it... the problem with Windows Update recently is not that they aren't pushing out updates in a timely matter or that they are pushing out buggy updates too quickly, it's that they are being sneaky about updates. There's no reason that they couldn't be up front in disclosing everything about what components of your system will be changed with any given update. It's when they say an update fixes a specific problem, and then also install windows genuine advantage behind the scenes that we have a problem.
Blindly trusting a third party, especially one with a track record like Microsoft, with updating your production systems may be an unwise move.
Oh, they DID have trust. Back in the MS-DOS days. Then all started, and they became too powerful for anyone (even the government) to do anything about it.
I wonder what would have happened if Digital Research had sued Microsoft (and succeeded) for crippling Windows 3.x if the underlying OS wasn't MS-DOS.
But you know what really screwed everything up? The exclusivity contracts with hardware manufacturers. You know, bundling and all that. Those things must go away, since they keep ruining competition (how can it be possible for a machine with Windows being cheaper than one without it?) Don't you hate hidden taxes?
I call bullshit on this alarmist blog. 99% of the world's Windows users don't give a shit about the updates, and will click anything that pops up on their PC. Most of them likely have no clue what "Windows update" is. The 1% that know what their doing have likely never trusted Windows/Microsoft for anything in the first place. To say that "Trust in windows update is eroding" is just a bit fud-dish.
You have one company holding every networked Windows PC on the internet at the capability of doing whatever they want the PC to do: update, spy, DRM, etc.
If they do not begin to communicate and be more open, I'm afraid the consumer base is going to feel it is more and more like "1984."
Microsoft is in a unique position and yet they cannot do any of it right.
Yes i have.
"What do you mean you don't use Apache as your webserver?!?!?! Doesn't everybody?!?!?! What else would you POSSIBLY USE?????"
The monopoly is part of it, but the other part of it is the whole notion of software licensing, which convinces companies like Microsoft that not only do they own the software you're running, but the computer it's running on.
The world's burning. Moped Jesus spotted on I50. Details at 11.
It may be obvious to us, but not to the general population. Remember that this is a ZDNet article. People reading ZDNet are in the majority, Windows users who don't know Microsoft's evil tricks as much as we do. I'm glad that columnists write these articles once in a while, to make people realize Microsoft is not the "quality assured" company they pretend to be.
If we want to evangelize about open source/gnu linux, articles from "relatively neutral" parties such as this one are a very good resource.
1) Didn't even think about rebooting my box by itself, regardless of configuration
2) Installed updates when I turned my computer on, not off - if I'm turning it off, then any second I'm going to be slinging the machine in my backpack, and jumping on my motorbike. Last I heard, Microsoft didn't possess the magical mystical powers required to ensure a hard drive works perfectly in these conditions.
3) Fucked off when I press the "I don't want to reboot now" button, instead of pestering me every 30 seconds like a bloody 4 year old.
None of these should require registry tweaks or policy hacks - they should all be *defaults*.
Two points...
/.
First, most people don't really trust their computers anyway, because they don't understand them. So the "trust degradation" of giving Microsoft free rein is minimal, maybe even negative, because "At least Microsoft understands my computer, and if anyone can keep it running, they can." Basically it's responsibility transferral for something they don't understand.
Second, there are cases where trust is absolutely required. A few I can think of are medical/HIPPA, military, and media. In a way, the first 2 embody opposite requirements from the 3rd. The first 2 absolutely require data integrity and system control, and the machine owner is central, in control, and responsible. There seems to be quite a difference between medical and military usages, and IMHO it's because medical usage grew out of IT departments, where such things were understood. It appears that military usage grew out of command/control and procurement, where they weren't. As a result, there's no shortage of people waiting to see the fireworks between Microsoft an HIPPA for the former, and the Win-Yorktown and all of our current cyber-security fears for the latter.
As for the 3rd example of trust mentioned above, you can find DRM arguments all over on
The living have better things to do than to continue hating the dead.
I think they were talking about how you do not have to pay for the patch.
I don't have to pay for my Linux patches. Where is that going on? I'd like to see that scam in action.
Microsoft has a company to run.
They offer the least possible features that the market allows for the highest possible price they can fetch. Indeed, Microsoft is a Marketing company that employs a legion of developers. The product, for the most part, is testament to that. No innovation to speak of and more license restrictions in the next product.
Let's unwind the propaganda a bit.
1. The average useful OSS project is not a headless zombie with a bunch of peace-loving anarchists running around it. There's somebody that has FULL control of the project. In fact they all have better organization than all of the big companies I've ever worked for.
I know that Microsoft in particular has quite a bit invested in spreading the headless-zombie-anarchy idea around but it's just not true.
You are paying too much for what Microsoft offers and have been for over a decade. Please take a step back and examine the situation with a little more rationality. You'll be much better off without Microsoft.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
"and I have no doubt they will, I trust them."
So, which patch for XP puts a 'MyWorks' folder on the partition with the most space? And what is is for? Where did the 'DRM' folder in your profile come from? Which updates say they will do these things?
I don't trust them in the slightest - and the 'stealth' patch for IE7 shows I was right, because IE7 opens up holes that weren't previously there.
"History doesn't repeat itself, but it does rhyme." Mark Twain
An article on that subject by someone above the blithering blogger level would be useful. This subject needs coverage in the Wall Street Journal or Business Week. There are some real issues here. If you're a bank, what do bank examiners think of Microsoft having a backdoor into your systems? If you're a health care provider, is there a HIPPA compliance issue? If you're a law firm and some of your clients are adverse to Microsoft, is it a breach of your duty to your clients to let Microsoft control your systems? If you're a defense contractor, is that back door permissible?
Many such companies run background checks on anyone who potentially has access to their data, and audits of what's happening within their own business. Who's auditing Microsoft for security? Who actually has access to the master keys that allow pushing an update? How many people have access to those keys? Are they US citizens? Do they have security clearances? Are they bonded?
Now those are the questions to be asking.
I've noticed that very very few hardware updates from Microsoft work properly. Certainly, any of the mainstream graphics, audio, or modem/NIC cards that are listed should NOT be installed. Actually, I'm trying to remember a time when I used the hardware update which I didn't have to go and look up the manufacturer's website for a working driver.
Surprise, surprise.
As Bruce Schneier points out, the problem is not that Microsoft can install updates on your computer without asking, but as soon as it gets cracked, then soon every script kiddy on the planet will also be able to do so.
Then you're really going to be screwed.
-mike
-- "So, what's the deal with Auntie Gerschwitz et all?"
I don't think you understand the issue here. The issue is that MS users who chose not to get automatic updates got an automatic update anyway. This is a matter of trust. I don't know why you are talking about NDAs. Companies that didn't want automatic updates from MS had an automatic update installed. NDAs are neither here nor there. I also don't understand the relevance of Linux to this. It's not a matter of what was in the update. It's the fact that it was installed automatically despite the fact that users had expressed a preference not to install it automatically.
Reality is defined by the maddest person in the room
Ummm - OSX is not based on BSD the way KDE is based on linux. There is still a ton of custom Mach kernel code, browser code, app code, desktop code, etc that was added/updated/done by Apple.
This is like saying that CP/M and IBM did all the hard work for MS. Just because it was there in the past as a starting point, that does not mean that 100% of the foundation of OSX or Vista is from some other code base.
And, you know, even some geeks like having things that just work. There was a time when I'd build my own computer and spend every waking hour monkeying with the thing to make it perform 0.5% better in a specific task. Maybe I'm just getting too old for that, or maybe my interests have just shifted, but this Macbook I have, which doesn't really require anything of me to perform properly every day, is a needed breath of fresh air.
I think the big shift for me was during college, when my Frankenstein computer failed during the one particularly hectic spring essay rush. I bought a Dell laptop because it was cheap and could be at my door in three days. Since then, I've never built a "main" computer again. I still have my HTPC project and a few other things, but it's really, really nice to know that I have one computer that will always work when I need to actually, you know, DO something that matters. No driver headaches, no dodgy hardware, no constant configuration. I open the lid, do my thing, then close the lid. Although I have become a real Mac fan, this isn't a pro-Mac post at all... it's a post in strong favour of things that don't require me to screw around. If I WANT to screw around, I will, but at least the choice is mine now. I've put that same principle into play in what I drive, too. I have a 2000 Mazda Protege, which never fails, as my daily driver. Then, I have a 1988 Nissan Pathfinder with 31" tires, a lift, etc for those days where I feel like tinkering. That truck sits apart for weeks if I don't feel like getting my hands dirty, and you know why? Because it can -- I don't need it to get me to work. It's beautiful. If you can afford it, life really is better when you don't have to drive the project (both literally and as a metaphor for computers).
Frankly, even if it costs me my Geek Card, I'm never going back to the "old way."
-
Inventor of the term 'pardon my French'.
Synaptic downloads a list of all updates to the user and the user's computer determines what updates are applicable.
Microsoft uploads a list of 'everything' on the user's PC to Microsoft and Microsoft determines what updates are applicable and then stores that uploaded list, associated with your registration information, for an undisclosed period of time.
When information is power, privacy is freedom.
Not only that, but the grandparent post deliberately, I suppose, obscured the issue. The issue is trust, not honest mistakes.
Microsoft's recent sneaky update has caused severe problems: Microsoft Stealth Update and Windows XP repair don't mix. If Microsoft weren't sneaky, at least customers could deal with the mistakes more easily.
Quote from the ZDNet article: "The overall impression that I get as someone who deals directly with the company is that Microsoft believes that it is right and anyone making a fuss is ultimately wrong". It's not surprising to me that billionaire virtual monopolists would have developed arrogance.
However, that's not the REAL problem, in my opinion. The real problem is that people think that Microsoft is a software company that is routinely abusive. But it isn't. Actually, Microsoft is an abuse company that uses software as a means of delivering abuse. I think a lot of people agree that, if you look at it that way, Microsoft is excellent at what it does.
I've often wondered with the slow Vista uptake whether MS would torpedo XP via updates that actually degrade performance or break things deliberately. It's weird, I have a number of XP boxes with very good reliablity, but in the last 3 months I have had a number of software related failures on nearly all of them - most requiring re-installs. The drivers haven't changed, usage hasn't changed, the only thing that has changed is the MS updates. No hard evidence, but many fellow admins I know have seen similar oddities occur (esp after the stealth update)...
It could just be coincidence as it would be a very dangerous move by MS, yet I wouldn't put it past them. Users who are having to fuck around are surely more likely to consider switching OS. For the bulk of desktop users that would be Vista.
The best fastest way to get people out a building is to set it on fire...
I think the difference is that in FOSS community, the senior developpers are the ones that get to fix the code, and quite often it's the person who committed the error in the first place (and is, therefore, most intimate with the issue at hand). In large companies - vast majority of them - the code is fixed by juniors; people with no experience (maintenance is handed as *the* activity to get experience), little expertise and quite often short lifespan (and the resulting "I might not be around in 6 months, so why should I care what happens" attitude).
While most end-users get their software from their distro, where do you think the distros get it from?
The vast majority of packages are maintained separate from any distro, and they're pulled into each distro by the distro maintainers. The real reason why the the linux updates are more reliable is that the developers can _talk to each other_. Most packages have mailing lists, newsgroups, forums, etc. and solutions can be developed in cooperation with the other developers.
As for the buck-passing thing...it happens with linux too. The application team blames the platform team which blames the distro which blames glibc, and they in turn say that the distro needs to upgrade to the latest version, which isn't compatible with the distro's compiler....and so it goes.
My experience for several years has been that Linux is light years beyond Windows in terms of detecting hardware and installing appropriate drivers (the big exception bing wifi drivers, of course). They used to tell you to make sure you copied all of the info out of Device Manager before attempting a Linux install so you could hunt down the drivers you would need to get your hardware working. Now, it's more like pop in a Ubuntu CD to identify all of your hardware before doing an XP install. And I'm not talking about weird, esoteric stuff that you could understand. This is basic things like NICs and sound cards. Even the various HP Laserjets we have scattered around the office stump Windows' hardware detection tool, while simply plugging the printer in to a Linux box often results in a working printer with no further user intervention.
I don't care why you're posting AC
Nope, that's not the problem. The problem is with transparency.
I can accept that not all code is perfect and that in a beast of an OS like Windows it is entirely possible that an update will break something. That's fine. That's OK. And when I decide to install an update I am aware that I may need to fix something after the fact. I don't have a problem with this.
What I do have a problem with is Microsoft not telling me what their updates are doing. Yes, generally speaking, there is some indication of what the update is supposed to address. The patch notes will reference a hotfix or KB number or something like that. A lot of the time you can tell what is likely to be affected. But not always. Microsoft has repeatedly released updates with incredibly vague or downright misleading patch notes. And then there was the recent stealth update.
I've got Automatic Updates disabled on just about all of our production systems. I can't have some update showing up in the middle of the night and hosing a server or a couple dozen workstations. I always read through the patch notes before applying updates and, to the best of my ability, check with software support to make sure nothing is going to break.
But if an update claims the only thing it does is fix a bug in IE when in fact it messes around half a dozen low-level network components then I have little if any ability to predict what is going to be broken by that update.
"Work is the curse of the drinking classes." -Oscar Wilde
Familiarty? You said you use Linux all the time, so you're equally familiar with both. right? Something sounds untrue there.
Support? Do you really mean MS phone support? Really?
Ease of use? That's tied closely to familiarity. Maybe you mean the ease of use of most Windows programs, which generally are easier.
Maybe there was a driver you needed that wasn't available, which is where your source code argument came from, but it's a bit dishonest to suggest that a willingness to alter source code is a requirement of a good Linux experience. Strange hardware either works or it doesn't.
I've had Linux on my laptop for over a year. Everything just works, there's nothing to babysit, and I have the same level of support that I ever got with Windows - none.
Those are my principles. If you don't like them I have others. -Groucho Marx
I knew Windows Update was dodgy, but this is far beyond the so-called red hand of guilt -- MS would have to be some kind of anti-Pict with its whole body dyed red for this expression to apply in this instance. Got me thinking more and more about simply sucking up the hit in productivity from missing *nix software and making the jump, regardless of required apps that I can't get to run under Wine. Part of smart business is reducing your exposure to risks, and MS is looming ever larger...
Cheers,
"What in the name of Fats Waller is that?"
"A four-foot prune."
Well, I did read the linked article. They claim that Windows Update (WU) uploads a complete list of installed hardware to the MS server; and the server then sends WU a list of applicable updates for that hardware. They also claim (with less certainty) that the product identification key and a signed hash of that key are sent to Microsoft as a way of potentially denying updates to pirated copies of Windows.
These are possibly reasons for concern, but just to be clear they are a far cry from the upload everything!!!oneoneone!!! approach claimed by the grandparent post. Keep in mind that at the end of the day, any automatic update server (Windows, Ubuntu, insert your OS) can learn a lot about what's installed in the system being updated, if only by analyzing what gets downloaded. Or would we all be better served by an automatic update system which always downloaded every available update whether it was needed or not?
Of course, there are folks that say, "If they would have designed it properly the first time..." But, you know what, a project the size of an OS, kernal, Office app is very hard to weed out all the problems.
No, if you had designed it properly the first time, it would have been easier in the long run to weed out all of the problems. The fact that MS has such a difficult time producing secure and stable software is itself evidence of a design failure. It's not that the programmers make mistakes - it's that the designers and architects didn't account for this fact in their original design.
At this point, Microsoft does not have the option of producing secure software. They either go with a new, secure design which breaks backward compatibility (and cedes much of their marketshare to Linux), or they patch the old one at a rate just fast enough to keep users from switching to a Mac or Linux.
Microsoft Windows is, I suppose, an example of a classic computer science axiom: design your software as if it will be used forever, because it just might. The things which computer programmers underestimate the most is the frequency with which quickly, poorly-written code becomes the baseline for a company's new product, promises of a rewrite notwithstanding. Suddenly, some shoddy code becomes a standard, and the rest of the world has to suffer billions of dollars in lost productivity and endless hours of frustration attempting to get their computers to work as they should.
The society for a thought-free internet welcomes you.
Actually I've had similar issues as yours, but none in the past few years. I run Fedora at home (Fedora 7 if you're curious) and haven't had an issue with breakage in the past three Fedora versions. I administer a *lot* of RHEL5 boxes at work and haven't had a single issue with updates or breakages.
Now, some distributions (like Fedora) are considered to be "fast-moving" distributions and therefore there are a *lot* of updates that become available very regularly. Doesn't mean they're untested, just that there is likely to be a lot of them. On the other hand there are more "stable" distributions like Debian stable, Slackware, or CentOS that focus mainly on necessary security updates and not much else.
There's also the issue of 3rd party repositories. Some are better than others, but if you enable non-supported repositories or just randomly install a lot of junk that isn't made available in the official repositories then you must accept the inherent risk of running unsupported software. The updates that come from upstream (Fedora, in this example) are designed to work with and are tested on Fedora systems. Not Fedora+atrpms+livna+freshrpms, and not Fedora+"some 30 odd programs I compiled and installed using `make install`". I'm not saying you're guilty of this, but a lot of broken installations are broken because of people doing exactly these things.
Each distribution is a little different as well, and if you use Debian you should learn to use Debian-specific tools. If you learn Fedora you should learn to use Fedora-specific tools. Hacking about things on a Fedora box using some guide on the Gentoo wiki isn't the proper way to go about things.
I highly doubt that if you take any modern well-supported distribution (Fedora, Debian, Slackware, CentOS, etc), install the latest version, and keep up on updates that you're going to have any breakages. At least I haven't seen it happen.
*I didn't mention *buntu in this post because I *have* had issues that distribution in the several versions that I've tried, and therefore (contrary to the vast majority) when I discuss linux or GNU/Linux I'm referring to just about any distribution other than *buntu or its many derivatives.
I may have to share this planet with animals, but I'm doing my damn best to eat every last one of them.
True, but that assumes a great number of things about the integrity of the computer. In order to verify the download, the correct certificate authority keys must exist, and the computer must already have the correct microsoft keys. It would be much more technically feasible to have an attack vector that lacks the ability to run arbitrary code, but has access to modify non-executable memory, and thus can change the microsoft public key in memory to the microshaft public key immediately prior to issuing the update command. It's still not easy, but digital signatures are only as secure as the memory they're stored in.
Mirror servers download the debs and you can pick a server location from a list to get your automatic updates from. So you're most likely getting your debs from a server not even owned by canonical. For example I was in Thailand last year and picked to download my automatic updates off a Thai mirror site. Now I'm back in England I picked a UK mirror.
You're trying to make it sound like it's no greener on the other side but it just comes off as a FUD attack. You're wrong on this matter and Microsoft is in the bad for stealing Windows Users data.
Microsoft betraying user trust on several separate occasions and this behavior is eroding customer confidence in the entire update mechanism.'
I think there are probably a lot of people on Slashdot that got burned early by WindowsUpdate, and never trusted it again. I've been burned a few times, and now I leave automatic updates off unless I have a good reason to leave it on. Nevertheless, I really believe that Microsoft is making a mistaking screwing around with this particular sacred cow, although I'm sure the temptation to abuse it was just irresistible. As Wally from Dilbert put it, "What would be the other reasons for having power?"
Still, if our good friends Joe Average and Joe Sixpack get it into their heads that WindowsUpdate has a significant chance of blowing away their systems, they're going to just turn it off and to Hell with patches and fixes. And you know what? They'd be right to do so. This is a stupid, dangerous game that Microsoft is playing.
The higher the technology, the sharper that two-edged sword.