Slashdot Mirror

← Back to Stories (view on slashdot.org)

Black Screen of Death Not Microsoft's Fault

Posted by CmdrTaco on from the well-not-directly-anyway dept.

Barence follows up to the ongoing Black Screen of Death Saga by saying "Microsoft says reports of 'Black Screen of Death' errors aren't caused by Windows Updates, as claimed by a British security firm. The software giant claims November's Windows Updates didn't alter registry keys in the way described by Prevx, which said that the Microsoft Patches caused PCs to boot with just a black screen and a Windows Explorer window. Microsoft is now blaming the problem on malware. Prevx has issued a grovelling apology on its own blog."

35 of 583 comments (clear)

  1. Is that any better excuse? by tekrat · · Score: 2, Insightful

    So, Windows 7 is much more susceptible to malware than previously claimed? This is the big win for Microsoft? Sorry, but if that large enough of a percentage of folks are experiencing the problem, then it's a real issue that MS needs to address. It sounds like they are just saying "not my problem", and forgetting about it. Meantime Windows 7 will be completely destroyed by the time it gets decent marketshare.

    Maybe MS turned their attention to Windows 8 a little sooner than claimed.

    --
    If telephones are outlawed, then only outlaws will have telephones.
    1. Re:Is that any better excuse? by anthonyfk · · Score: 4, Insightful

      You assume that accepting blame and fixing the problem aren't mutually exclusive. Just because Microsoft said "that's not our fault" doesn't mean they won't fix it.

    2. Re:Is that any better excuse? by shutdown+-p+now · · Score: 4, Insightful

      Any OS is susceptible to malware. Malware is what users explicitly run, and then it does bad things to their system. You can't secure against that, and no OS on the market today does that. You can pop up tons of prompts, but then it's the "dancing bunnies" problem - depending on how enticing the malware author can make it sound, the user can be convinced to click "Yes" on each and every prompt.

    3. Re:Is that any better excuse? by ShieldW0lf · · Score: 4, Insightful

      Any OS is susceptible to malware. Malware is what users explicitly run, and then it does bad things to their system. You can't secure against that, and no OS on the market today does that.

      Since switching to Ubuntu, I have had no need to install weird things off the internet. I just go to Ubuntu's software repositories, and I can download thousands and thousands of pieces of software that have been tested just for my operating system. No malware, no viruses, no attention seeking software that wants to embed a brand in my brain, no nagging to buy additional products, nothing.

      I consider it to be the case that my free OS does indeed protect me against malware, where proprietary offerings that cost hundreds of dollars more do not.

      --
      -1 Uncomfortable Truth
    4. Re:Is that any better excuse? by I_have_a_life · · Score: 3, Insightful

      This is a completely bullshi** statement. How does the article in any way suggest that Windows 7 is more susceptible to malware? And more susceptible compared to what? And where exactly are you getting the data that suggests a large percentage is suffering from this? I know this is Slashdot but could you at least make an effort to provide some evidence of statements you are making.

    5. Re:Is that any better excuse? by h2oliu · · Score: 4, Insightful

      Just out of curiosity, shouldn't Microsoft be responsible for ensuring that only valid data makes it into the registry? If this is the core information source for the system, it would seem that there should be checks in place, at the OS level, that prevent changes to core items.

      --
      Ok, I give up, why you?
    6. Re:Is that any better excuse? by AlfredZhang · · Score: 2, Insightful

      You are right. There is almost no malware on Ubuntu. But again it does not need a malware to be rendered completely unusable. A mindless update to a buggy version of anything from the repositories will do.

    7. Re:Is that any better excuse? by zullnero · · Score: 4, Insightful

      The real question there is really a matter of user freedom vs. turning your choice over to whomever manages those repositories as a gatekeeper. It's an easier choice to make on a smartphone since people are going to generally use it for the same major reasons, but on a laptop or desktop, it depends more on what you want to get out of it.

      Some folks don't mind being given the freedom to determine what is going to be bad for them and what is going to be good for them...and some folks want their hands held for them. Linux does give you both options, it just makes it a PITA for "ordinary folks" to do it one way and thus, guides them into the repos.

      Microsoft announcing that they'd be the absolute gatekeeper for software installs would probably be like dropping an atom bomb on a lot of legitimate software companies along with a lot of illegitimate companies that produce badware. They had a little experience with this already, what with Palladium and Trustworthy Computing. Didn't go over too well, did it?

  2. Groveling? by PCM2 · · Score: 4, Insightful

    Since when does apologizing to someone for your own baseless accusations amount to "groveling"?

    From the post in question:

    Having narrowed down a specific trigger for this condition we've done quite a bit of testing and re-testing on the recent Windows patches including KB976098 and KB915597 as referred to in our previous blog. Since more specifically narrowing down the cause we have been able to exonerate these patches from being a contributory factor
    . . .
    We apologize to Microsoft for any inconvenience our blog may have caused.

    Wow. Way to kiss ass.

    You know what would be even more pathetic and embarrassing than this kind of "groveling"? Standing behind claims that you know to be false.

    --
    Breakfast served all day!
    1. Re:Groveling? by PCM2 · · Score: 4, Insightful

      So what's your point? Mine is that apologizing != "groveling." If more IT types could learn how to admit they're wrong gracefully, the world would be a better place IMHO.

      --
      Breakfast served all day!
  3. Do we have to be nasty? by Eevee · · Score: 5, Insightful

    Prevx has issued a grovelling apology on its own blog.

    Grovelling? How sad it is that an honest apology gets an insult. If you find "We apologize to Microsoft for any inconvenience our blog may have caused." as grovelling, then I feel very sad for you and your vision of how people should relate to each other.

    1. Re:Do we have to be nasty? by natehoy · · Score: 3, Insightful

      And my automobile (sorry, obligatory automotive analogy) has a steering wheel that allows me to turn the car toward pedestrians and kill people. This happens far more frequently, and has been happening since before the computer was even invented.

      The PC was invented because people wanted to have a computer under their control that they could load anything they wanted to. Trick someone into thinking that the cute little fluffy sheep walking around on their screen is something they want, and they'll install it, and they'll answer the "Do you want this program to have access to core system functions?" and they'll have no clue what a core is except they don't own an Apple, and they'll say "sure, whatever it takes to just stop bothering the piss out of me and show me the fuzzy sheep".

      The only way to really solve the problem is to prevent the computer from executing anything until it's been signed by a local administrator. And then the average "computer is appliance" user is going to click the "allow everything forever" button because they just want the poppy things to get out of the way of loading their new fancy cursor or BonziBuddy.

      The user can control the computer, or they can't. If you give them control, they can and frequently will load things that will cause problems. If you don't give them control, they'll take it back to Wal-Mart because it can't do what they bought it for.

      I intend no insult to inexperienced users here. It would be nice if computers were designed to slowly unlock functions as people get more experienced and knowledgeable with the operating system, but that just ain't gonna happen. Like ladders, chainsaws, hammers, and lathes - there's only so much safety you can design into something and still allow someone to get the work done they want with it.

      --
      "This post contains words, known to the State of California to cause thought. Wash brain thoroughly after reading."
  4. Re:Really? by maxume · · Score: 5, Insightful

    When users are happy to type "sudo rm ...", it doesn't really matter how impervious the system is.

    --
    Nerd rage is the funniest rage.
  5. Re:Really? by thisnamestoolong · · Score: 3, Insightful

    Yes. I agree. Microsoft Windows should be 100% secure from malware. Not like it is ever the user's fault or anything...

    --
    To the haters: You can't win. If you mod me down, I shall become more powerful than you could possibly imagine
  6. System Registry by C_Kode · · Score: 5, Insightful

    Maybe one day Microsoft will get rid of the Windows Registry. It's like putting port holes on the bottom of your boat. Sure, they let you see the fish, but sooner or later one is going to break and sink your ship.

    The Windows registry has always been a bane of Windows use since it's inception.

    1. Re:System Registry by BradleyUffner · · Score: 5, Insightful

      What do you want them to replace it with? hundreds of .conf files scattered randomly about the filesystem, with no standard format? That will be much easier for the user than a centralized, standardized configuration system.

    2. Re:System Registry by geekoid · · Score: 2, Insightful

      Agreed. I have been saying this since it was announced.

      Yes, they need a place to put shared data, but nothing that is critical to the operation of an OS or application should ever be put there.

      --
      The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
    3. Re:System Registry by HerculesMO · · Score: 3, Insightful

      Not to rain on your hate parade, but in addition to the comments about the CONF files, the registry also makes Windows much easier to manage on an enterprise scale.

      I can create an application, put its settings in the registry, and boom -- I can manage it through an MMC for thousands of computers with only the creation of a policy template to change settings.

      The misunderstanding of the registry's use is always what people hated about it, sadly.

      --
      The price is always right if someone else is paying.
    4. Re:System Registry by DaveV1.0 · · Score: 3, Insightful

      Yes! Because that is the *nix way! It has been around for 30+ years so we know it is the best way evar! /sarcasm

      --
      There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
    5. Re:System Registry by klui · · Score: 2, Insightful

      Yes. Instead of relying on a hidden file system where all the configurations are stored, rewrite the API so those calls write values on the file system as a bunch of folders and files. This alone should mitigate the case where a single byte written incorrectly into the registry file will cause the entire contents to be unavailable.

  7. Re:Last I checked... by furby076 · · Score: 2, Insightful

    Malware is user error. Don't click yes to the prompt asking you to install a 32kb app that will give you unlimitted porn. You can't fix stupid, and neither can Microsoft.

    --

    I do not support "The Man". I also do not support your irrational stupidity
  8. Re:Really? by athakur999 · · Score: 4, Insightful

    Does the sudo part really matter anyway? The most important files on my system are those in my home directory and they're owned by my own user account, thus no privilege escalation is required to touch them.

    Having great security around the base OS is a good thing but if you don't also provide good security for the users' files, it's kind of like getting a bunch of guards to protect a bank but leaving the vault in an unprotected building next door.

    On the other hand, I really don't want to have to deal with UAC/sudo/etc. every time I edit one of my own documents, so it's kind of an unwinable situation that only good backups can protect against.

    --
    "People that quote themselves in their signatures bother me" - athakur999
  9. Re:Malware, still? by Jawn98685 · · Score: 4, Insightful

    In other words, this problem will never be solved until people finally get over the baseless notion that they need administrator rights to check their email and read the news online.

    Not quite...
    Were those the only applications required, the notion would indeed be baseless, but...
    There is still a huge raft of Windows software that will not perform properly without admin rights. Until that is fixed, the problem will never be solved.

  10. Re:Its the users, not the OS by Enderandrew · · Score: 3, Insightful

    There are several linux distros that won't let you log into gdm/kdm as root. Windows was designed for users to login as administrators.

    Microsoft is trying to change that mentality with Vista and 7, except too many applications are having issues with UAC. What Microsoft should have done is said, "you're not allowed to claim your application works with Vista and 7 unless it behaves nicely with UAC."

    Even better, it should be following a proper UNIX-esque security model. It could create users/groups for specific escalation. Apps shouldn't ask to escalte to administrator level. They should ask only to escalate the rights they specifically need, such as writing to C:\Program Files\Foo\.

    Microsoft is happy to blame the users, but it is Microsoft who established the industry standards. They set the table. They tell the users how to use their OS, and they tell developers how to develop for their OS. If Microsoft shipped a more secure design from the get-go, we wouldn't have as many issues. I'm sure malware authors would still target the market-share king and eventually find chinks in the armor, but right now it is so easy to target Windows that every script-kiddie on the planet pulls it off with ease.

    --
    http://blindscribblings.com - Tasty pop-culture in conceptual fashion.
  11. Same difference by SuperKendall · · Score: 3, Insightful

    I can create an application, put its settings in the registry, and boom -- I can manage it through an MMC for thousands of computers...

    If you can control one file, you can control many. Which is why a separate preference file per app would work just as well. Only moreseo because a user HAS to be able to write to the registry, where you can totally lock down a single file. Yes I know you can theoretically lock down sections of the registry but that to me seems like a weaker system, not to mention the danger of registry merges corrupting something.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
    1. Re:Same difference by StuartHankins · · Score: 2, Insightful

      This functionality is also possible on Linux or OS X using config files, in fact all the other features of using files apply (ability to replicate only certain changes, no boot delays waiting for group policy to be applied, ability to use compressed tools such as rsync to send not only configs but entire subtrees & application installs as well as settings). The registry's only pluses are that it's graphical -- which increases the number of low-skilled workers to use it -- and it's integrated into Windows. Group policy is just an implementation of registry data.

      Have you ever tried to look at a user's registry through a WAN connection? You know, in the event that you need to investigate something but you can't knock the user off or assume control of their machine? It's like the Windows Event Log -- absolutely ridiculously huge and terribly slow to navigate. I can run a single ssh command to query 8 Linux servers at once and show all their results on a single screen -- almost as fast as I can type it.

      But even tools that access the WMI interface are painfully slow -- try using Sysinternals' psinfo on a computer over a WAN connection. Takes over a minute to run in some cases!

      I prefer simple, small and fast, thank you very much. The Windows Registry is none of these.

  12. Re:Easy fix, or fixed easily? by plague3106 · · Score: 2, Insightful

    How would this be any different if the configuration settings were stored in a flat file?

  13. Re:Sure it does by shutdown+-p+now · · Score: 4, Insightful

    Actually you can, to some extent. Anything the user runs on OS X for the first time after download issues a warning, and then you need an administrator password beyond that to modify the kinds of system level files we are talking about here.

    Vista/7 do both things (warning about launching of binaries that originate from the Net, and requiring a confirmation to elevate to admin) as well. This doesn't solve the "dancing bunnies" problem, however, which is the source of vast majority of infections out there. Why bother with security vulnerabilities at all, if you can trivially convince the user to run the payload himself, and click through all the prompts?

    The base issue is that in Windows 7 Microsoft weakened UAC, so even if you have it disabled a program can do some system level things without warning if you are logged in as administrator.

    The "weakened" UAC in 7 doesn't let any random programs do any system level things without warnings. The only thing that's weakened is that certain (effectively whitelisted) programs that come with OS can change system settings without elevation - most notably, built-in screens in Control Panel.

  14. Re:System Registry - how it ought to work by Animats · · Score: 3, Insightful

    Actually, the Registry is a good concept. The Registry is just a file system for little data items. The trouble is that any application can write to any part of it. It lacks a security model. (Yes, you can attach security restrictions to registry keys, but nobody does this, because Windows 95 didn't have that, and applications didn't have support for it.)

    The big problem with Windows security is Microsoft never put a security model in place under the concept of program installation. The way this ought to work is that there should be several classes of things one can install. Call them "applications", "plugins", "middleware", and "system modifications".

    Installers of "applications" should be limited to writing to the application's subtrees in Program Files, Documents and Settings, and the Registry. Uninstalling an application consists of removing those subtrees. Applications cannot install anything that runs at startup or runs periodically. Most programs (especially games and entertainment apps) should be applications. Under these restrictions, installation of applications is relatively safe, and should be allowed with Power User privileges.

    "Plugins" are sub-applications which affect one application. They go in their own subtree under the appropriate application. The application controls their installation, and they can't do anything the application can't do. Browser plug-ins fall in this category if the browser is an "application". If the browser is "middleware" (IE is, but Firefox is not), more privileges are required.

    "Middleware" is programs run by other programs, like Java. Changing middleware can affect multiple applications, so that requires more privileges. Code signing is appropriate.

    "System modifications", which modify the OS itself and may require a reboot, should require both code signing by a clearly identified party and administrator privileges to install.

    Of course, if we had something like that, app developers would bitch that they couldn't load their "phone home for update" service or "prelauncher". Tough. You don't really need to know if ZowieApp needs an update until you run ZowieApp again. And if your app needs to be "prelaunched" because it loads slowly, maybe the problem is that it loads slowly.

  15. Re:Please, Stop Defending Microsoft by AP31R0N · · Score: 2, Insightful

    "Please, Stop Defending Microsoft"

    i'm defending objectivity and reason.

    "Linux distros do this. In fact, much of the same code runs multiple processor platforms with great success."

    By what measure of success? Effectiveness, sure. But what is the market share of all the Linux distros put together? What is the ratio of Windows to Linux boxes globally or in the US?

    "This is not a valid reason to forgive Microsoft."

    Says you. You're omitting how many devices don't work on Linux due to a lack of drivers or simple inoperability with Linux. It's improving, but there's a long way to go.

    "As are most Linux distros, the Linux kernel, the BSD teams have schedules too."

    How many customers and stockholders do they have to worry about? For every machine running Ubuntu, how many Win7 boxes will there be?

    "Lack of resources is not an excuse."

    This works because you omitted part of my post. You ignored the whole tall poppy thing.

    I could go on, but the point here is you are clearly married to Linux and are senselessly defending it. That's okay. I hope it works out for you.

    How does that look to you? Looks about right to me.

    "I could go on"

    Could you go on without cherry picking and the childish tone?

    "but the point here is you are clearly married to Microsoft"

    Not at all. i can defend something without being personally involved. Or is anyone who defends gay marriage gay? Do i have to be a woman to defend her right to choose? If MS went belly up before i post this, i wouldn't care a bit. They make a tool/toy. If a better thing comes along i'll be glad to use it. When Ubuntu can run everything as well as my XP rig i'd be glad to switch. It does not, so i haven't. Wine isn't there either. i use as much FOSS as i can.

    i do find it offensive when people attack MS without seeing the big picture. On Fark i defend artists i don't like when people attack them without objectivity. MS is easy target. Big, clumsy and slow moving. But it's flaw is its success (ubiquity). The main flaw i find in Linux is the opposite. It's small because it's small. Developers don't want to double their efforts to sell to a handful of neck beards.

    "and are senselessly defending it."

    Same could be said of everyone participating in an OS holy war thread (or thread tangent;). Give me a Linux vs. Mac thread and it will be all manner of senseless defense. Whatever $otherSide says is senseless nonsense, posted by the clearly impaired.

    "That's okay. I hope it works out for you."

    This sounds condescending after the tone of the rest of the post. Why did you use double the letters to type OK?

    "Please, understand your thinking around Microsoft versus other OS's is clearly impaired."

    This comes across as very arrogant. Some day someone will say this about you or something you care about and you'll get why its so annoying. My thinking around OSes is just fine, i just defended something you dislike. It's also a bit internet tough guy.

    i said the band you hate isn't so bad/or has problems someone else didn't take into account, so you have to either adjust your thinking to accept that maybe it's not so bad (world shattering!)... or you have to attack me and be dismissive of my claims.

    Hell, i didn't even say Windows was perfect, or even good. People tend to latch onto the thing that offends their eye and ignore the rest.

    --
    Utilizing the synergization of benchmark e-solutions to pre-workaround action items!
  16. Re:malware... by Omestes · · Score: 2, Insightful

    Except, of course, when the roots of the problem can be traced back further than the year he's been in office.

    --
    A patriot must always be ready to defend his country against his government. -edward abbey
  17. Re:malware... by david_craig · · Score: 2, Insightful

    It's really easy in the UK to get someone to publicly say sorry due to the lible laws. If you are sued for lible you have to prove that your statements are true. It's much cheaper to just apologise than go to court even if the truth is on your side.

    I would not be the lease surprised if the apology was the result of a legal threat.

    Google McLibel for an interesting case where someone refused to apologise for statements that a reasonable person would consider true.

  18. Re:Its the users, not the OS by TheRealSlimShady · · Score: 2, Insightful

    You are confusing designed by default with default behaviour. They are two different things. Default behaviour in the Win2k/XP timeframe was poor - Vista & Win7 change this.

    I also suggest that you read the Windows 7 logo program requirements: http://go.microsoft.com/?linkid=9668061. One of the guidelines is around proper behaviour with UAC, and another is around programs putting data in the right place.

  19. Re:When you think "what's the difference" ... by drsmithy · · Score: 2, Insightful

    You are forgetting that Linux is multi-user. When you do stupid things, like run a trojan because it will give you free midget pr0n, I don't want my files, or the OS upon which I am running molested by your new midget friend.

    Newsflash (well, more accurately, "Oldsflash"). The world is no longer filled with green-screen trminals connected back to a central, professionally managed mainframe. The vast majority of computers in the world are single user, even though they are running multiuser OSes.

    Also, we all know you have good backups, right? So you obviously would rather just restore your backed up user data than re-install the whole fscking OS after learning your valuable lesson, right?

    No, I'd *much* rather reinstall the OS that a) have to go through the hassle of digging up backups and b) losing any data that's changed since the last one. The OS files are trivially available and essentially static - why would I be concerned about losing any of them ?

  20. Re:When you think "what's the difference" ... by Zero__Kelvin · · Score: 2, Insightful

    "The OS files are trivially available and essentially static - why would I be concerned about losing any of them ?"

    So what you are saying then is that you've never actually used an OS beyond just installing it and leaving it in the out of box configuration then. That pretty much explains your complete cluelessness in a nutshell.

    --
    Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun