Slashdot Mirror
Microsoft Forces Desktop Search On Windows Update
An anonymous reader writes "The Register is reporting that the blogosphere is alight with accusations of Microsoft forcing Windows Desktop Search on networks via the 'automatic install' feature of Windows Update — even if they had configured their systems not to use the program. Once installed, the search program began diligently indexing C drives and entire networks slowed to a crawl."
Is it still isn't very good compared to Google desktop indexing.
Since when did Microsoft care about pissing off its users? What realistic alternative do they have?
This only happens on Windows XP, when you have either Office 2007 or Windows Live Photo gallery installed.
Not saying it's OK, just mentioning the facts.
8 of 13 people found this answer helpful. Did you?
However to say that by default it was indexing the entire C: drive is erroneous. The default behavior is to index user files in "doc and settings" and then your outlook files after you open that program.
Welcome to Live Search, NSA Edition
[_______________] [search]
( ) the web
(o) all computers running Windows
[X] force update
[X] slow down computers
[ ] obey law / constitution
[X] forward trade secrets to us corps
No they are merely testing, how far they can push their flock. One has periodically test these things to know how much you can get away with. Without precise knowledge of how much the users will put up with, they might be a little conservative and lose money they would have otherwise made. Further this will also raise the pain threshold of the users, once they get used to this level of pain, they will not see anything wrong with Vista.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Windows Update, you're the whore
Who makes my computing such a chore
I can't take this shit anymore
Woo woo be doo
Windows Update, you make me sore,
When I disable you, you ignore!
Windows Update, you're the bane of my existence, it's true!
Doo doo doo doo, doo doo
Every day when I
Make my way to the workstation
I find a little fella who's
downloaded some new MS aberration
Chunk-a-lunk-a-bluescreen!
Windows Update, you're a cunt
And I'm not sure I could be more blunt
Windows Update, I'm awfully cross at you.
Every day when I
Make my way to the workstation
I find a little fella who's
downloaded some new MS aberration
Windows Update, you're a cunt
And I'm not sure I could be more blunt
Windows Update, I'm awfully sick of -
Windows Update, I'd like stick a brick in -
Windows Update, I'm gonna download Ubuntu!
Doo doo, be doo
Kwisatz Haderach
Sell the spice to CHOAM
This Mahdi took Shaddam's Throne
But they benefit from deliberately installing stuff on the computers of users who don't get pissed off.
Don't want people to download Firefox or Opera? Push IE7 as a critical update.
Don't want people to download Google Desktop? Push Windows Desktop Search as a critical update.
Probably the balance between pissed-off users and non-pissed-off users makes it worthwhile in the end.
I think you'll find that the Desktop Search is completely inseparable from the desktop and that the latter would be rendered completely useless if it is uninstalled. Just like IE is.
Using openSUSE instead of Windows since 9th of October, 2007 and liking it.
Fabulous - my first Troll mod :) I actually felt I was making a serious point, although I guess I put it rather briefly.
People don't have a realistic alternative to Windows yet. It's not just a technology issue either. Microsoft only improve products when they face competition, and ensuring they don't have to do that is one of their principal business strategies.
Since Microsoft is (a) in the game of making money, (b) has a monopoly position in the market place and (c) continues to shut out competitors, then I contend that Microsoft don't care whether they piss off their users or not, and never really did care, except in those areas in which they are yet to dominate.
Pleasing users is not Microsoft's game. That's what their competitors have to do.
QA of patches is very difficult. Lots of time pressure. Lots of things to check. Easy to overlook things. It's not like Windows and other modern Megasoftware have any coherent set of specifications that can be tested against. Or that test procedures would be perfect if there were specificiations. Or that a thorough test could be run in a realistic amount of time. This looks like yet another QA screwup.
Better to defer installing updates for a few days I think and let others Beta test the fixes. There's some risk to that also of course. But not as much. At least not in my estimation.
You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
There is a fix for the "Windows Update" problem. If universally applied, it will also fix the Storm Worm.
You know what it is.
Ya, I'm gonna go ahead and call bullshit. Our company has a WSUS server that I manage, and the update came in as Not Approved. So either he approved it, or set the server to auto-approve anything, which would be his doing as well. Or maybe he doesn't realize that its not an Installed % that it shows, its an Installed / NOT APPLICABLE % that the column indicates. In other words, I have 39% in that column, because the update doesn't apply at all to 39% of computers in our company. No computers to which the update applies have it installed.
This applies to WSUS only, not the consumer Windows Update as everyone has mistaken it for. WSUS is the corporate, large-network version of managing and deploying product patches & upgrades to Windows machines (even if it's useful networks of any size really).
What I find bizarre is that this system, not Windows Update (which I stress again, is different) has been subjected to a patch that seems to auto-approve itself!
Under normal circumstances, each patch has to be approved (if set this way) by a network-admin before it will trickle out to workstations. This is the first time it would appear an update has approved itself.
throw new NoSignatureException();
Automatic Updates is the quickest way of deploying patches to a computer, especially if an IT department has to maintain hundreds of those PCs.
:-)
You must not be an admin.
Fortunately, this just adds to the number of reasons to switch to Linux.
Again, you must not be an admin. It's a job, not a hobby. When the powers that be tell you that they want certain software and that software isn't available on Linux that's the only reason you need not to switch. We serve the customers needs, not our own whims.
Dedicated Cthulhu Cultist since 4523 BC.
The problem here is in fact that the search has come as an update for Windows, rather than a separate product. Looks like the people that are affected are auto-approving updates as they come, which more or less half the reason you'd use WSUS in the first place - to test patch deployments before releasing onto the network at large.
http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=2315860&SiteID=1
throw new NoSignatureException();
This sounds like a dumb mistake
Assuming that this is just a dumb mistake, I don't know what's worse:
Oh, but to err is human!, I hear you saying.
Bollocks. When it comes to the operating system that runs the vaaaaaaast majority of desktops worldwide, quality counts. Or should.
I'm here EdgeKeep Inc.
Gah, it will index my porn! I don't want it to do that, it will make it easier for my wife to find it. Please god, don't let it index my porn.
Note: This post was only partially tongue in cheek. I don't really care if my wife finds my porn.
Actually, TFA is not misleading at all.
I am one of the Systems Admin for a company with 2000+ users. We use WSUS for updating our clients, and our WSUS settings are set to not install any updates of any kind what so ever unless we explicitly approved of them.
Yesterday ALL of our users suddenly got the Windows Desktop Search app. We double checked our WSUS settings, confirmed that updates only install with approval, and also explicitly "Declined" the Windows Desktop Search. It still continued to roll out, even though we said we didn't want it!
We use Lotus Notes for our corperate e-mail, and so Outlook is not installed on any computers, and so of course since Windows Desktop Search indexes your Outlook e-mail, and since we didn't have it, everytime a user logs on now, they get two error messages about that it can't find Outlook and can't index your e-mail. Ridiculus!!!!!
Called Microsoft for support (we have an enterprise license) and said they would "look into it" and "get back to us". No matter that our users are calling like crazy and wondering what is going on...
I *hate* Microsoft now.
Rename all your Porn to "How to build a deck." "How to fix an engine."
That will guarantee she doesn't look at it.
Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.
I declined this for my network via WSUS. It never set itself to "auto-install" as some of the comments I'm reading say it did, at least not in my network environment.
Saw it in WSUS, declined it, end of issue.
End of lesson. You may press the button.
"How to fix the cable"
"How to clean a pool"
"How to deliver pizza"
Companies that can't afford to send a fleet of tech monkeys running around to all of the desktops (in other words, most of them).
I manage the WSUS at my company. No updates are EVER to be passed through without my direct approval, even new revisions of previously approved updates. We've had far too many updates go through and break things to allow any kind of auto approval. So, imagine my surprise when I sit down to a cup of coffee and my morning log review, and the first thing I see when I log in is the Windows Update icon telling me to install Windows Desktop Search - something I never approved.
It went straight through, completely ignoring all of our security policies in the process. I was a little irritated at the Windows Update self-update passing through but I let that one slide since it was a MUCH needed bugfix and MS got a suitable backlash from it (silly me, thinking it was a one-time thing). Now we have the same behavior again months later. This is not acceptable. Luckily I'm in a bit earlier than most people so I was able to recall it with a few ninja edits to our group policy, and a company wide email apologizing for allowing it to be published, and warning people to avoid installing it if it somehow still got through to their systems.
I made a few changes. Our WSUS servers now no longer have internet access and are not scheduled to download. I must manually turn on their internet access in our firewall and activate the pull interactively. That way I will see the updates as they arrive, and not have to put up with this stealth update bullshit in the future. I clearly cannot trust them to just sit there and acquire updates on their own any longer.
I'm now developing a security policy for our corporate security software that will forcibly kill any applications on a blacklist I am creating. I will be adding Google Desktop, Windows Desktop Search, Plaxo, AIM, and any other programs I find that have a habit of sending data back home to outside companies. I'll happily find people alternatives that don't phone home - it's not the apps that bother me, it's the potential for leakage of our corporate data to third parties. I don't particularly care if the feature can be turned off, since I'm not the one installing it. If a program has potential to phone home, it's banned.
Hell is being intelligent in a world full of idiots.
If you have your PC set to notify before downloading updates, you can simply uncheck it when the yellow shield pops up. When you close the window a box will pop up asking if you want to install it later. Just uncheck the box again and it will never ask again.. Worked for me!
I don't get it. I am sure millions of slashdotters are scratching their head too. If you have porn, why do you need a wife?
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
It was released as an revision update. WSUS automatically approves those by default, even if you've got every other type of update set to manual approval. Its a separate tab (Advanced) in the Automatic Approvals dialog, so its basically a hidden setting unless you're looking for it.
The way that you have setup Windows update is different than most large corporate environments. YOU have configured the update service to prompt you when updates are available and allow you to choose which to install. In most multi thousand PC Windows networks you do not want to give users that power, you configure the service to install patches for security issues and ONLY those applications already installed. The ONLY those applications currently installed part is the problem. MS is forcing the installation of a NEW program which WAS NOT already installed. They are ignoring the choice made by the sys admins and installing the search application whether they wanted it or not.
WRONG. mod parent down.
My wsus downloaded and marked them as INSTALL tuesday night, they were rolled out at 3am just as any update I would have approved. EXCEPT I DID NOT APPROVE IT. Why the fuck would I 1) approve a patch the same day it was released with NO testing and 2) EVER APPROVE WINDOWS DESKTOP SEARCH.
People like you piss me the fuck off. I run a tight ship. WSUS has NEVER done this before. EVER. It was 100% their fucking fault. Just because it didnt happen to you doesnt mean it didnt happen.
I'll just use my special getting high powers one more time...
I'm not sure. If I had to guess, I'd guess that it has something to do with the age of our WSUS servers. We started on 1.0 early on, upgraded to 2.0, then to 3.0 recently along with SP2 for 2003. The server itself started life as a Windows 2000 system so that upgrade process was run as well. The server has also had a complete hardware change three times over the last seven years. Microsoft's products are never so buggy on a fresh build as they are when part of a lengthy upgrade tree where the potential to fall down a rabbit hole of untested codepaths is much greater. Unfortunately we can't afford to just scrub every Microsoft service when we move to a new version. I also have a script running once a week to run the recommended cleanup using wsusutil on the WSUS database (and yes I've fixed it to run with the latest version). ;)
.reg push in a GPO). Essentially I took my 10+ years of experience un-fucking windows default configurations and turned it into a GPO so I didn't have to keep doing it the hard way. I've got custom MSI files assigned to workstations to install apps like the entire sysinternals suite, VLC media player (beats having users install real/quicktime/divx), and so forth. It's a rather mature, customized environment aimed at getting Windows out of the user's way so they can get work done. (And play - we don't ban games.)
Other than this strange auto-approval, we've had no problems whatsoever with WSUS 3.0. It's been great actually. The improved reporting and granularity is a welcome addition that we have yet to truly take advantage of. WDS3 was successfully retracted from the approved list after I revoked it, and I've backed out the GPO changes without any trouble. It's no longer showing up on the clients. Also, BDD2007 and our repository of published software (both in a DFS root) resides on the same WSUS server. I've also grafted Linux PXE and Solaris Jumpstart into RIS/BDD2007 so it's something of a custom build. I don't really think those apps should be interacting with WSUS3 in any way though. Totally different services and disk partitions. There are some user home directories there as well.
As to some of the other posters, I don't know that WDS phones home, yet. I haven't taken the time to do a thorough analysis, but I tend to err on the side of paranoia (after all, security is part of my job). I get very suspicious of any programs collecting data about a computer or user activities in the name of making the user experience better. I also don't see the use of an indexing system that kills the performance of one's operating system. I don't trust MS as far as I can shot-put the planet either.
Our GPO already disables all file indexing, NTFS short filename creation, system restore, unnecessary services like UPnP and messenger, and sets sane, non-annoying defaults for apps like MSN messenger, the language toolbar, media center, etc. It even restores the XP search to the better, more basic 2000 version (it's amazing what you can do with a
And yes, my users have local admin on their desktops. Windows isn't really designed to operate any other way (and I don't have a Fortune 500 budget to fix it like some others do). Our solution to the constant risk of IE was to recommend people use firefox whenever possible (with noscript, adblock, etc) and to get IE, firefox, and other internet-touching apps to run under an unprivileged, local user account that was created to share the exact same desktop/docs/favorites etc as the real user. We also took some time to educate them on safe surfing habits.
What worries me is the trend lately for, say, apps like Sun's Java to ask (default is yes) to install apps like Google Desktop during their normal upgrade cycle. Frankly most users have better things on their minds than wondering if the apps they are clicking upgrade for are about to trojan their boxes with 3rd party bundled software. That's why I'm eyeing an app-killing security policy for the more egregious offenders.
Hell is being intelligent in a world full of idiots.