What's Really Broken with Windows Update - Trust

Be Cool writes "According to ZDNet, Microsoft has steered itself into a real trust tarpit with Windows Update: 'See, here's the problem. To feel comfortable with having an open channel that allows your OS to be updated at the whim of a third party (even/especially* Microsoft ... * delete as applicable) requires that the user trusts the third party not to screw around with the system in question. This means no fiddling on the sly, being clear about what the updates do and trying not to release updates that hose systems. While any and all updates have the potential to hose a system, there's no excuse for hiding the true nature of updates and absolutely no excuse for pushing sneaky updates down the tubes. Over the months vigilant Windows users have caught Microsoft betraying user trust on several separate occasions and this behavior is eroding customer confidence in the entire update mechanism.'"

This reminds me of an incident....

[AxemRed]

I was working as as PC tech for a university at one point, and it was policy to install all critical Windows updates on the university-owned computers. On one computer, I accidentally checked the hardware updates as well as the critical updates. For some reason, Windows update decided that the video card (an Nvidia TNT2-based card) needed to be updated with the old, Microsoft-provided, French-language video drivers. This computer was using English Windows XP, and there were no language packs installed or anything. Anyway, Windows blue-screened when coming back up. I had to start it in safe-mode and remove the drivers to get it to work again. I remember thinking that if a "normal" user had installed that update, they would have been screwed into having to pay $100 for a "professional" to fix Windows. After that, I started paying attention to the hardware updates. And I noticed that on approximately 5/100 of their computers, Microsoft listed the French-language Nvidia driver as an appropriate hardware update.

Re:Release Too Soon...

[mrsbrisby]

The problem is that MS is under the gun. Sometimes they release too soon, and blam it bites them in the butt.

You really think that the reason Linux updates are so reliable and stable is that they can do more testing?

Linux sites have a far wider array of configuration differences than Windows systems do: Not the least of which being multiple cpus and generations of systems, Windows in the enterprise is kept solely single-use because Windows admins know maintainability is hard, but Linux in the enterprise tends to have a larger number of functions because the Linux admins know maintainability is a solved problem.

The reason both is true is a social effect of getting software from "third parties"- that is, a cloud of developers that do not communicate with eachother. Whenever one of them does something "tricky" or "wrong", generally speaking nobody else in the cloud knows that they are doing it (When they do, it's called a "known incompatibility").

Linux distributions don't have "third parties"- most Linux admins get all of their software from the distribution itself. That means there's no cloud where "that's a problem with your other vendor", or "that's a problem with running Microsoft Exchange on the same server as IIS", and so on. The buck stops immediately, it gets resolved and everyone benefits.

Historically, other unix suppliers have had the same problem, and a lot of people just assumed it was (practically) unsolvable until groups like Debian and Red Hat- looking to solve a particular technical problem (of managing the necessary modularity of a GNUish system) also built up the social framework necessary to solve this very social problem.

Microsoft simply cannot do this. It's not a matter of "just making better patches", they need to be the sole supplier of software in order to solve this problem, and their users need to be able to patch and redistribute that software. Not just legally, but actually encouraged to do so.

It doesn't help on the trust...

[Hymer]

...that developers from MS Gold partners are telling you to shut down automatic updates because they can/may/will ruin the $1 mill. .NET based project they are developing for you.
I have heard this from several different MS partners in the past years.

Re:Hacked access is only a matter of time

[plague3106]

I totally agree with the tag that reads "editorsdontgetit". The problem with having this stealth update capability in the first place is that it's a clear and obvious vector for attack and p0wn4g3.

Exactly! All they need are the private keys MS uses to sign the updates.. oh wait.

Trust and a cult of apathy

[mlwmohawk]

This is a problem that the western world has. I'm 45 these days and I believe society is changing, while I can't be 100% sure, as I am getting older and changing as well, but apathy and disregard for our rights and freedom is growing at such an alarming rate.

We have rights, we do, but we need to fight for them or people, politicians, and corporations will simply assume we will be lazy fucks and taunt "nah nah nah nah nah" and take them away.

We have the right to own our machine. We have the right to tell companies "I won't open a word document, send it to me in ISO ODF or PDF or text." We have the right to remove Windows from our system. We have the right to sell our OEM Windows licenses.

Without even getting into politics or the growing U.S. police state, corporate america needs a dope slap. We, ALL OF US! have to stand up to corporate shit. We do not stand against it in great numbers, then nothing will ever get done.

Call tech support when shit happens, keep them on the phone for a long time, it costs them money. Send products back, it costs them money. Tell people to avoid products that suck, it costs them money. When the shit that comes from China has lead in it, sue them, it costs them money. The government isn't going to do anything for you, the politicians represent the corporations. It is only when bad corporate policy costs them money, will they change and not one minute sooner.

Start RETURNING computers, WHOLE COMPUTERS, because vista sucks. If Windows is part (as OEM's claim) of the computer, the the WHOLE COMPUTER is defective. That will make the Dells and HPs start to offer new options. Seriously, if 10% of the slash dot readers went out and bought new computers at the big retails stores tomorrow and returned them the next day siting that Vista does not work and is not reliable. It would make a HUGE impact on the industry. No one could ignore it.

But, no, no one will do that because they ARE to fucking lazy.

Microsoft might not be the only player

[HangingChad]

I'll admit this may be a little tinfoil-hattish but it makes me wonder if MSFT is the only player in this saga. Just supposed in the wake of 9-11 hysteria that someone in the administration had the brainy idea to slip a traceable...something...in PC's to track terror suspects. Not something that reported to a third party...too easy to spot the traffic. Something that relayed the data through MSFT so the destination would remain hidden. Now the forced updates are wiping out whatever it was.

Probably out there but a few years ago suspecting the phone companies of listening in on the phone calls of millions of Americans without a warrant would have been really out there.

And before that was the revelation that printers were spitting out identifiable information in the background.

It's a sad testimony that wholesale spying on PC users is not out of the realm of the plausible for the current administration to attempt or Microsoft to cooperate.

It may be years from now before we find out the whole truth. What we know today should send a shudder through every freedom loving person in this country. I'm mildly surprised so many hard-core right wingers are okay with the government spying on them.