Slashdot Mirror
Microsoft Forces Desktop Search On Windows Update
An anonymous reader writes "The Register is reporting that the blogosphere is alight with accusations of Microsoft forcing Windows Desktop Search on networks via the 'automatic install' feature of Windows Update — even if they had configured their systems not to use the program. Once installed, the search program began diligently indexing C drives and entire networks slowed to a crawl."
This only happens on Windows XP, when you have either Office 2007 or Windows Live Photo gallery installed.
Not saying it's OK, just mentioning the facts.
8 of 13 people found this answer helpful. Did you?
However to say that by default it was indexing the entire C: drive is erroneous. The default behavior is to index user files in "doc and settings" and then your outlook files after you open that program.
Yes, this has happened to one of my colleagues where I work. All his workstations are under control of a WSUS server and so should not install any MS updates that he doesn't approve. Yet his workstations all installed the latest Windows Desktop Search client.
there are a few misleading points in the article.
1. it doesnt AUTOMATICALY install with auto updates, or windows updates, it is in the optional software section of windows updates, thus does not come via automatic updates at all, and in windows updates you have to manualy select it.
2. you are prompted before install
3. once installed, it does not automaticaly start indexing everything in C, it promts you and asks what you would like to be indexed, and when/how.
portfolio
Unfortunately, this one apparently affects admins who were doing what they were supposed to and using WSUS. Commenters on the Register article were complaining that they'd set up WSUS to require them to approve patches, but it had taken it upon itself to auto-approve Windows Search to be installed on all systems anyway...
This applies to WSUS only, not the consumer Windows Update as everyone has mistaken it for. WSUS is the corporate, large-network version of managing and deploying product patches & upgrades to Windows machines (even if it's useful networks of any size really).
What I find bizarre is that this system, not Windows Update (which I stress again, is different) has been subjected to a patch that seems to auto-approve itself!
Under normal circumstances, each patch has to be approved (if set this way) by a network-admin before it will trickle out to workstations. This is the first time it would appear an update has approved itself.
throw new NoSignatureException();
Which is why every IT Department which maintains "hundreds of [those] PCs" should be running their own WSUS server, which is free, easy to do, and saves your company an assload of bandwidth whenever patches get deployed. YOU control what gets pushed out to the clients.
The problem here is in fact that the search has come as an update for Windows, rather than a separate product. Looks like the people that are affected are auto-approving updates as they come, which more or less half the reason you'd use WSUS in the first place - to test patch deployments before releasing onto the network at large.
http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=2315860&SiteID=1
throw new NoSignatureException();
Well on my computer the update downloaded and installed itself - even though I made a point NOT to click on the install updates button. The good news is that all you need to do is go to Add/Remove programs to get rid of the thing: http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=301681&SiteID=1
I declined this for my network via WSUS. It never set itself to "auto-install" as some of the comments I'm reading say it did, at least not in my network environment.
Saw it in WSUS, declined it, end of issue.
End of lesson. You may press the button.
If you have your PC set to notify before downloading updates, you can simply uncheck it when the yellow shield pops up. When you close the window a box will pop up asking if you want to install it later. Just uncheck the box again and it will never ask again.. Worked for me!
Same here... last night I ran windows update (advanced mode) and did not select to download the search upgrade and guess what... it didnt install... funny thing about that.. windows isnt perfect but that does not make it ok to spread FUD about it. Aaron Z
"Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote
If the update was mandatory, then it would be listed under "critical" updates instead of "optional" updates at the Microsoft Update site. It's not, because it isn't.
Who has wsus configured to install every microsoft update? Have the wsus thing download the updates but not push them to clients until someone approves them. Yes it means that some admin will have to actually click on the update and approve it but shouldn't that be part of their job?
I thought the desktop search used a service called "search". Disable that service and the desktop search doesn't run.
Doesn't having WSUS download and automatically install every update kind of make WSUS pointless to begin with?
WSUS exists so admins can pick and choose which updates go out. Just having it let everything go through with out testing it is, well... I cannot come up with a single reason as to why anyone would want to configure it that way.
You know, it's a lot easier to simply turn off the tray program in the QT preferences. No need to hack your registry.
I manage my companies WSUS server and this update also came in as Not Approved. Except when I looked at the details in the status report it is approved for a fuckload of computers. It doesn't show up as being approved when you look anywhere except in the detailed report. The weirdest thing is that it isn't approved for all computers, if you sort by approval status there are still a few hundred computers which have it marked as Not Approved. It seems like it just randomly chose a bunch of groups or something, no way to really tell though since it doesn't show up as being approved for any groups. It really makes no sense, I've been running WSUS3 since the beta and I have never seen anything like this. At this point it is really too late, especially since this stupid update doesn't support removal. Microsoft has fucked us good and they still haven't even said anything public, it's absurd.
It's not about you, it's about companies. They have to leave the automatic updates on for security updates.
WRONG. mod parent down.
My wsus downloaded and marked them as INSTALL tuesday night, they were rolled out at 3am just as any update I would have approved. EXCEPT I DID NOT APPROVE IT. Why the fuck would I 1) approve a patch the same day it was released with NO testing and 2) EVER APPROVE WINDOWS DESKTOP SEARCH.
People like you piss me the fuck off. I run a tight ship. WSUS has NEVER done this before. EVER. It was 100% their fucking fault. Just because it didnt happen to you doesnt mean it didnt happen.
I'll just use my special getting high powers one more time...
That's because MP3 isn't a free codec. You're supposed to pay the patent holder for the right to use it - since most Linux distros are free-as-in-beer, you can see why this would be a problem.
to be fair to the parent you think should be modded down, my experience is the same as his. windows 2003 server, WSUS 3.0, i show them marked as "updates". Should people like YOU piss me off?
You can pick your nodes, and you can pick your friends, but you can't pick your friend's nodes
Fact. I have WDS 2.x installed. It works with Kerio. 3.x doesn.t
/q /norestart
Fact. Months ago I approved WDS 3.01 update in Automatic Updates WSUS (install.) For months, this update has only updated WDS 3.x to 3.01 update. It has not updated 2.x nor has it installed on machines without WDS.
Fact. Microsoft re-released this same update to WSUS. Re-released meaning it is the same patch in WSUS. Meaning that because I have WSUS set to retain approve/disapproved settings when patches are re-released, the new WDS 3.01 retained it's approved status. They also re-released Windows 2003 SP3, for example. Same patch, just a few minor changes.
Fact. When I came in yesterday, WDS 3.01 was automatically installed on 50+ of my machines, and I didn't want that. It was slated to install on all 500+.
This update to existing WDS 3.01 patch should have been released as a new patch in WSUS so that it adopted my default approval settings, not as a minor change & re-release to adopt existing approval settings.
To uninstall WDS you run
C:\WINNT\$NtUninstallKB917013$\spuninst\spuninst.exe
Perhaps your "Automatic Approval" options settings caused it to be approved for install? For me, I have nothing set to be automatically installed (my only automatic approval is "Detect Only"), and the Windows desktop updates all came in as "Declined". But, SP2 for Windows Server 2003 came in as "Install", when is should have been "Detect Only".
Something is definitely weird about this group of updates.
I had the same problem. As it turns out, I had an auto-approval setup for updates that supersede previous updates. I look, and, sure enough, there was an update in there for "Windows Desktop Search 2.6.5 (KB911993)" and "Windows Desktop Search 2.6.6 (KB926356)". So when the new version came down the pipe, it was automatically approved, and sent out to all my workstations. What confuses me is that the previous versions never installed and came up on my taskbar. I have installed all the updates on my workstation (sans WDS 3.0.1) and I don't see any trace of WDS.
What really gets me is that that isn't truly an "update" as I think of it, it's new software. Perhaps an "upgrade", but not an "update".
"That which does not kill us makes us stranger." -Trevor Goodchild
Don't be ignorant. IE is made up of many components such as HTML parsers, HTML renderers, XML parsers, network protocol handlers, GUI management. Only an absolute idiot would suggest reinventing the wheel every time that functionality was needed. It is absolutely true that "Internet Explorer" (all the code that actually implements the web browser functionality) is integrated into the OS (OS in the sense that the majority of people understand it) and there are very sound and smart reasons for it to be the way it is. From a design perspective it's pretty much in line with best practices for abstraction and code reuse. What? You are the ignorant one if you think that what you said makes any sense. There is absolutely NO reason for IE to be fully integrated into the OS. It is perfectly reasonable to have the libraries you mentioned separately bundled with the OS without the IE GUI even existing. Thats how most operating systems work: they may have a browser, but it can be removed without destroying the OS web libraries and other essential functionality.
You spoke about code reuse, but what you say doesn't make sense. The whole point of code reuse is that you can take pieces of one app's code and use it in another potentially unrelated app. With the IE model you can only reuse everything by way of integration with IE, not just the parts you want.
No... Contrary to what you believe, the Windows web model sure isn't an example of a good design that facilitates code reuse.
There are 10 types of people in the world. Those who understand binary and those who do not.
Not sure why you were modded 'funny' - after testing, both for myself and others, I think that what you said is (partially) true.
I've had some *interesting* experiences wih strange M$ 'imcompatibilities' with GDS - see below.
My experience with both GDS and M$ so far:
GDS
1. Need to turn off 'advanced' features in Google, plus do not let it search your web cache, your web mail and deleted items, for obvious (security & usability) reasons.
2. If you let it index Thunderbird mail, it sometimes deletes / lost / corrupted the Thunderbird mailbox if you de-installed.
Clearly, not a trivial problem.
3. Integration with M$ products - notably Outlook - quite good.
4. Can have problems 'losing' files from index - don't get reindexed, even if force-reindex (sometimes).
5. Search results interface OK, but rather sparse and configuration options limited.
6. Gadgets are a pain, for most people. Turn 'em off, (easy).
M$ search.
1. Earlier versions much poorer and slower than GDS. Later ones better.
2. You *have* to install with latest version of Outlook in order to get rid of annoying 'click here to enble instant search' bar in your toolbar. GDS does not seem to work so well with later versions of M$ Office.
3. M$ search - once installed - works OK, although user interface is more cluttered, through attempting to offer more advanced search options...
4. Yippee! GDS then is de-selected as 'default', and Google as search engine in browser, and starts to crash...
More 'cookcoo wear' from M$?
I just noticed the exact same thing happened to me as Arterion. I guess that I'd approved the older Windows Desktop Search when I just automatically approved everything when we first set WSUS up. That makes me a bit nervous, especially since I don't see anything resembling a WDS 2.6 installed on any of the desktops. I know that the latest revisions install a search bar in the task bar. What exactly does WDS 3.01 do? Does it keep searches separate for each user? Does it move the index with a roaming profile?