Slashdot Mirror
Exponential Algorithm In Windows Update Slowing XP Machines
jones_supa writes "An interesting bug regarding update dependency calculation has been found in Windows XP. By design, machines using Windows Update retrieve patch information from Microsoft's update servers (or possibly WSUS in a company setting). That patch information contains information about each patch: what software it applies to and, critically, what historic patch or patches the current patch supersedes. Unfortunately, the Windows Update client components used an algorithm with exponential scaling when processing these lists. Each additional superseded patch would double the time taken to process the list. With the operating system now very old, those lists have grown long, sometimes to 40 or more items. On a new machine, that processing appeared to be almost instantaneous. It is now very slow. After starting the system, svchost.exe is chewing up the entire processor, sometimes for an hour or more at a time. Wait long enough after booting and the machine will eventually return to normalcy. Microsoft thought that it had this problem fixed in November's Patch Tuesday update after it culled the supersedence lists. That update didn't appear to fix the problem. The company thought that its December update would also provide a solution, with even more aggressive culling. That didn't seem to help either. For one reason or another, Microsoft's test scenarios for the patches didn't reflect the experience of real Windows XP machines."
This is clearly the right time for Microsoft to completely rewamp the update system in XP; and what could possibly be better than to just remove the whole thing and import an already working package system from Debian?
That's the best way to force users to upgrade that I can think of. They're already planning to end-of-life it. After EOL, they can simply start adding empty patches to the update system until it drives left-over XP users to upgrade. ;-)
They should have been off Windows XP long ago.
Indeed. But it will stay for very very long I'm afraid. Lot's of systems still runs on XP with no available migration path. They just recently upgraded the security system where I work to XP. I don't want to think about what it ran before that.
I saw this during video playback, checked to see why the video was barfing and saw the svchost.exe chewing up 100% just like they say. It didn't happen on boot. I think it can happen whenever Windows Update scans for updates.
However, when I killed the svchost just to watch my video, I lost sound which made me think it had to be Media Player.
Well, maybe it was; but eventually I found out about this bug and realized I had to just sit through it.
The questions for me are "WTF does it do?", "Why does it have to walk this tree, and what is so bloody CPU intensive about it?" followed by, "Why does an update have to care what patches are superseded? As long as you're up to the latest patch level, it should be all good".
I think the whole thing is fundamentally broken. You have your current version of $Thing, it depends on N other things which must be of a given version. When you upgrade $Thing you just check to make sure the things it depends on are there and if they aren't, then you get them. The old stuff? You just check to see what depends on it, and if there is no longer anything depending on it you can quarantine it. If anything tries to access a quarantined dependancy, then your dependencies are broken and you need to patch the app that tried to do that.
I know I'm glossing over some things, and package management is not trivial; but there's no excuse I can see for exponentially growing scan algorithms.
I've noticed that this is an issue on Windows Server 2003 (I believe R2 included). I have noticed that this is less of an issue once IE8 is installed (this should have already been done by this point), but this is still definitely an issue. I will be glad when I am rid of this OS (soon!).
I'm really not sure if I would put it past MS or not to do this intentionally and leave it unfixed while reporting (lying) about trying to fix it in order to force the death of XP on schedule. It seems too obvious.
Brought to you by Carl's Junior.
So someone thought it was a good idea to upgrade a security system with software that will have no security support in 4 months time?
And how exactly does Slashdot not have full Unicode support?
I just put XP on an old laptop to run some specialized automotive software. This svchost bug has been bothering me ever since. If you kill the process it also takes out other services (like wifi).
Only the State obtains its revenue by coercion. - Murray Rothbard
Yeah, let's throw away that perfectly good piece of kit because you don't like it.
If it were perfectly good, there wouldn't need to be any updates.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Here's a radical idea: why don't they fix the stupid exponential algorithm rather than papering it over by trimming the lists?
There's no point in questioning authority if you aren't going to listen to the answers.
How many Microsoft Engineers does it take to change a lightbulb? None. They just redefine darkness as the new standard.
There may be no "I" in team, but there's also no "F" in way.
Not trying to be patronizing or sarcastic here, but have you thought about Linux? Throw Lubuntu on it and it'll run at least twice as fast. For the small amount of things you say they do on it, there really shouldn't be many migration pains.
Just shoot the control panel. Door will just open
"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
Of course Windows performance degrades over time.
How else would they ever get anyone to upgrade? Remove the Start button?
And how exactly does Slashdot not have full Unicode support?
Slashdot used to have at least some level of Unicode support. Then vandals discovered directionality override characters and used them to break the layout and spoof moderation. The admins responded by instituting a strict code point whitelist to prevent the use of directionality overrides and the use of characters that are more useful for Unicode art (the successor to ASCII art) than for English text.
This is built into their display list widget. How shameful past the early 1980s.
What are you talking about? Do you not realize that far superior sorting algorithms were invented as long ago as the 40s? Quicksort was invented in 1960, and mergesort was invented in 1945, for example. Being the early 1980s is no excuse for using crappy sort algorithms.
I run a small computer store and this issue has been driving me crazy the last few weeks, we have had a few XP machines come back because customers are complaining they are so slow! When we refurbished them before these patches they were fine! I have had to disable Windows update to fix the issue, not the best solution at all. 100% CPU from svchost.exe for hours, how can Microsoft mess up so bad..!
Many reasons.
1. It's light enough.
2. It's air gapped.
3. It's secured via elimination of infection vectors.
4. It's needed for legacy reasons.
5. Etc.
Is everybody stupid. XP is fast. Faster than all the current consumer grade PC OSes
I think that is what this patch... Sorry... BUG is supposed to fix.
No. In my case, it's trying to apply the .NET updates that completely murders my system. Apparently MS wants a gigabyte or so of free disk space on C:\ (and nowhere else) or the update will fail miserably. As it happens, my system partition has about 200MB free space, so the update disappears down a rabbit hole and never completes.
I used to think it was because it needed a bunch of temporary disk space, so last night I changed the TMP and TEMP environment variables to point to a volume with tons of free space, rebooted (because, you know, it's Windows), set just one of the several .NET updates running, then went off to see The Hobbit. When I returned some three hours later, the update had hung, the disk was idle, C:\ had zero bytes free, and the system log was corrupted.
Honestly, I don't know why anyone continues to be surprised by Redmond's rank incompetence...
Schwab
Editor, A1-AAA AmeriCaptions
They actually just fixed the SxS bloat with a patch a month or two ago. Link : here.
Big! Strong! Wow! Tada-O!
This has been happening on and off for more than a year. I found the last couple of times that it was helped if I manually fetched and installed the latest "Cumulative Security Update for Internet Explorer" for version 8 (http://technet.microsoft.com/en-us/security/bulletin/ms13-088 at time of writing). Never understood why; perhaps it allows a serious chunk of the search tree to be pruned quickly avoiding the exponential stupidity.
If you need to stop the 100% CPU while you fetch this then Start -> Run, "Services.msc", locate and stop "Automatic Updates".
Patent litigation: A doctrine of Mutually Assured Destruction... in which everyone seems willing to push the button
Well, then good news! Windows XP is just four months away from being perfect.
To fix this problem just run the latest Cumulative Security Update for Internet Explorer - for December this is KB2898785. Once you've run the update, reboot and then the updates will work.
I've had to do this for October, November and December.
This article has some more info about it - read the comments.
http://www.infoworld.com/t/microsoft-windows/windows-xp-update-locks-machines-svchost-redlined-100-fix-it-kb-2879017-230733#disqus_thread/
We are talking about XP. Not other OSs. It's exceptionally obvious that it's light enough stands for "it's light enough to run wintel software on older machines".
I genuinely don't understand why there are so many people here on slashdot talking about windows security and not understanding it. It's entirely possible to secure a completely vanilla XP machine (zero updates, just basic boxed copy from release) to use on a fixed, open to internet static IP. I have done so myself, after my first XP machine borked itself badly trying to run SP1, completely killing the updating system. I didn't even bother fixing it and ran vanilla XP for years on that machine. This in spite of it running on university network which was teeming with aggressive nerdy wannabe hackers who made a shitload of attempts to exploit machines on the network, as I found out when I became network's admin a few years later.
Funnily enough when I eventually got my hands on slipstreamed XP SP2 disk and decided to make a clean install, that machine got owned in about 30 seconds after hitting the log in menu for the first time after installation. Because I forgot to unplug the ethernet cable during installation and machine was obviously not secure out of the box - it just had the up to date patches, but several infection vectors were left exposed. So the vanilla, complete unupdated but secured XP machine ran fine for years, and fully updated machine got owned in 30 seconds flat on the same network socket.
That is the reality of IT. First thing in securing machines is not patches, but elimination of vectors. Patches are just a jury rigged solution for the time when an exploit vector was left open. There are always vulnerabilities. That is the first rule of IT security. Eliminate or contain vectors of infection, then start thinking about what to do if something does get through.
And if you secure it tightly enough, even vanilla XP is secure.
None of those reasons explain why the product can't run on Windows 7.
Be sure to use bullets. Using a laser will just make the blast doors close.
Proper software firewall, hand built firewall security policy i.e. all ports stealthed nothing goes in our out without asking (important as it enables you to see if you do get hit regardless of everything else). Essentially machine is autistic to the internet unless there's software running on it that is asking for connection. This weeds out most of the problems.
I followed up by going through process list and weeding out everything I didn't need. The windows notification process to (dysfunctional) WAU and so on. If it's not needed, disable it, as it's a potential vector.
Use a decent block list. I used peerguardian's malware/known botnet blocklist. It severely cuts down on number on potential infection sources and again, it lets you spot a potential threat that has gotten through as such software would likely start hitting known botnet addresses for control information.
Sane antivirus. Specifically one that isn't too sensitive, but isn't too aggressive. Check everything with it.
Reasonably updated internet facing software. That's browser, mail software and so on. It may also help to sandbox these with something like sandboxie (I didn't bother because I kept them up to date and felt that was enough, now that I no longer do so on this machine I sandbox the browser and email software).
Effectively a mix of sane security policy, locked down machine and common sense. What most people appear to not understand on /. is that windows being vulnerable isn't the end of the world, nor is it a guarantee of infection. You still need an infection vector and infection source in addition to vulnerability to get infected, and locking those down is often enough, as long as you're not someone like Valve who is going to get hit by specifically tailored directed attack, you're going to be fine. Or at least much better off than someone who's all updated but doesn't secure infection vectors or infection sources.
Thank you for a reasonable sentiment. slashdot is driving me crazy.
The real world is messy. You can't always update everything. You understand this, but other do not.
I have to maintain a Frankenstein PC that interfaces to a multi-million dollar piece of manufacturing equipment. So backups of the hard drives, spare motherboards, CPUs, memory, IDE Hard drives, and other things. This computer is 8 years old, with an expected life of another 7. Yuck!
Thankfully its network connection goes to 1 thing and 1 thing only! The PLC. Am I worried about a virus? No. My concern is hardware failing. If someone plugged a malicious USB drive in, then the machine will just be restored to a known good point.
"Tried" several times to patch an error but "couldn't". "Coincidence" that it is planning to retire the platform. Smells a lot like planned obsolescence. Helps sell more junk products that become useless faster. Buy a new one!
Build your own energy sources from scratch. http://otherpower.com/
How about that update that never happened?
Some of you have probably had this happen. You run "Check for Updates" inside the security center. IE opens up to http://windowsupdate.microsoft.com./ It check to see if you have the latest version of Windows Update. Awesome! You have it! Now are are presented with a choice, you can roll the dice and click "Express" and let Microsoft install everything Bing on your computer. Or, you can go pro and click "Custom" where you can select to install everything but the Bing crap. Ha! Jokes on you, no matter which one you click it will just sit on "Checking for updates" indefinitely. You search Google, you find the Mr. Fixit on the Microsoft Knowledge base and run it. It finds everything wrong, it fixes it, you are the champion, you reboot, you try again and the same thing. The green bar mocking you as it checks and checks and checks. You restart the Automatic Update Server, it doesn't help. You go pro again and hit Start -> Run and type "notepad.exe %windir%\WindowsUpdate.log" You are mocked! There are no errors, no warnings, nothing of value! You grab the tower, you give it a DDT, then you expel the foul beast from the office window into the parking lot 5 stories below. You return to your desk the victor, problem solved, life is good.
This is really unrealistic. What if the original hardware supplier is out of business or has discontinued the product line? The supply chain for many industrial systems of this type can be 10 levels deep, and it's simply impossible (unless you make the kind of hyper-expensive arrangements the military does so that they can keep 50's era computers running today) for contractors in that chain to do as you suggest. Commodity computers are so powerful and cheap with such ubiquitous development tools and talent that it's hard for suppliers to ignore what's available just because traditional ideas of longevity can't be trusted.
Brackets contain world's first nanosig, highly magnified:[.]
I suggest you ally yourself with an actual business and try to apply these lofty principles. I'll know your education is complete by the peals of laughter and sound of doors slamming behind you.
Brackets contain world's first nanosig, highly magnified:[.]
No, but you can bet there are people sitting on exploits waiting for the security updates to stop.
Once that happens, their exploits will never be fixed and they've got free reign.
version 6? That's Vista.
XP was 5.1 and 5.2
- Make XP slow
- blame it on a "bug".
- Drop hints to the user. Windows 8 doesn't have this issue, because, its newer!
- Maybe fix it before April 8, 2014, maybe not.
They have been trying to kill XP for years. Force the user to upgrade.
Intentional or not, Microsoft are loving this. We all know it.
#4 does... Namely legacy reasons.
I have a perfectly fine multipage scanner here that doesn't have drivers for Windows 7 and the manufacturer is out of business. You do know that Windows 7 implemented driver signing right? So even if you do find a legacy driver it probably won't start because it won't be signed. And don't give me this "Linux is your route" because no driver exists for it there either. So my choices are toss a perfectly working, expensive at the time and in demand scanner just to update from a working OS to one that doesn't or stick with what is working.... Hmmmm Hard choice that one.
It would have helped if you mentioned brand and model. Perhaps people could have helped you out...
Well, if they did it right they would be on SP5 or SP6 by now, since they should be releasing a new SP annually to roll up all the existing patches.
I seem to recall there being a demand for an SP4 at least two years ago due to the volume of updates post-SP3. I think the motivation wasn't necessarily SVCHOST but just the sheer download & install time for even new installs with SP3 slipstreamed in.
You would think this would also somewhat lighten the support burden and maybe even the burden on update servers as well, as I gotta believe there is a lot of duplication in updating with patches that supersede patches getting installed at the same time.
I know I've seen XP update listings on machines that showed whole laundry lists of IE updates for the installed IE, along with a new version of IE in the same update session -- wouldn't you just install the new IE version and then skip installing all the old IE patches? I always wondered if maybe the old IE version patches were in there because they were for OS components that weren't replaced or update by the new IE version.