Exponential Algorithm In Windows Update Slowing XP Machines

jones_supa writes "An interesting bug regarding update dependency calculation has been found in Windows XP. By design, machines using Windows Update retrieve patch information from Microsoft's update servers (or possibly WSUS in a company setting). That patch information contains information about each patch: what software it applies to and, critically, what historic patch or patches the current patch supersedes. Unfortunately, the Windows Update client components used an algorithm with exponential scaling when processing these lists. Each additional superseded patch would double the time taken to process the list. With the operating system now very old, those lists have grown long, sometimes to 40 or more items. On a new machine, that processing appeared to be almost instantaneous. It is now very slow. After starting the system, svchost.exe is chewing up the entire processor, sometimes for an hour or more at a time. Wait long enough after booting and the machine will eventually return to normalcy. Microsoft thought that it had this problem fixed in November's Patch Tuesday update after it culled the supersedence lists. That update didn't appear to fix the problem. The company thought that its December update would also provide a solution, with even more aggressive culling. That didn't seem to help either. For one reason or another, Microsoft's test scenarios for the patches didn't reflect the experience of real Windows XP machines."

Remove, replace with apt

[kthreadd]

This is clearly the right time for Microsoft to completely rewamp the update system in XP; and what could possibly be better than to just remove the whole thing and import an already working package system from Debian?

Re:Remove, replace with apt

Yeah, four months before the final end of support date I'm sure they have a copious budget for massive rewrites on their three-major-versions-old legacy product.

But good news: after next April, just kill off the update checker entirely, because there will never be an update again! Problem solved. You're welcome.

Re:Remove, replace with apt

The dependency system in dpkg has been shown to be powerful enough to express sudoku puzzles which then APT has to solve to resolve conflicts. Technically still potentially exponential with improper use (I trust Microsoft would find some such non-working model reliably).

Re:Remove, replace with apt

[mlw4428]

That's right. I can just then run an apt-get dist-upgrade and I'll have a non-booting system in mere hours! No more waiting for pesky Windows releases.

Re:Remove, replace with apt

[TheRealMindChild]

It just isn't possible. There is a whole api (WUA) built on top of how it works now. Everything using it would fail if it moved to something different. That is, it is very evident that it was built with the update format currently in use to guide its direction. An emulation layer may not be possible, and even if it is, may not be more efficient than what is there now and also is work toward something that is EOL in 4 months.

The current way it works now, is the client downloads wsusscn2.cab, which in turn contains package.cab (among many others), which contains package.xml. Package.xml contains the updates in such a way that is flexible in that it can address more than one OS/platform/application/etc per patch, or more than one patch per update, or more than one file per patch, and so on. The Update nodes only point to categories/patches/files/locations/prerequisites/revision/etc via ids which have to be looked up deep in the file. Right now, that xml file is over 65MB. It would have made this easy if it were stored in a relation database, instead of an xml file, but it isn't and like I said, the API was built around the source of the information being an xml file, among other things.

Best way to force an upgrade

[s_p_oneil]

That's the best way to force users to upgrade that I can think of. They're already planning to end-of-life it. After EOL, they can simply start adding empty patches to the update system until it drives left-over XP users to upgrade. ;-)

Re:Best way to force an upgrade

[TangoMargarine]

Mainstream support ended on April 14, 2009. They've been pumping the dead horse full of adrenaline ever since to keep it from falling over.

Re:Best way to force an upgrade

[mlts]

It killed my Web browsing virtual machine until I used an offline update utility and fixed it manually.

Yes, XP needs to die, because it is made to deal with threats from 2000-2001, with added security patches strapped on as the need arose. Windows 7 and newer help address this issue.

However, I know plenty of places where XP is used that can't be fixed by a upgrade or platform change. Embedded stuff for example. Another are dedicated machinery that interfaces with a PC, does have newer drivers, and likely will not get newer drivers. A friend's $3000 sewing machine is one example.

Another person's CNC wood mill is another item. So, those machines are stuck with XP pretty much for good, because who is going to throw out a perfectly functioning mill just because it requires a legacy OS? Even some CD/DVD duplicators only will interface with XP, and moving to Vista or newer will be an exercise in futility.

So, XP in a lot of cases is here to stay, for better or worse.

Re:Best way to force an upgrade

[BronsCon]

How much, exactly, would you charge for a fully functioning OS and a steady stream of updates until the end of time? I'd like to see the math on this.

Re:Best way to force an upgrade

[recoiledsnake]

Why? People paid good money for working supported product. Just because Microsoft wants to bait and switch doesn't make it right. I hope some deep pockets corporation sues the bejesus out of them to force this issue.

I don't see a bait and switch. People knew(or could find out if they wanted) the EOL dates before they purchased it with their "good money", and MS has been extending them since many many years even though they didn't have to. That sounds exactly like the opposite of a bait and switch.

Want to check the EOL for Windows 8 before purchasing? Here it is http://windows.microsoft.com/en-us/windows/lifecycle

Re:Best way to force an upgrade

[10101001+10101001]

Yes, XP needs to die, because it is made to deal with threats from 2000-2001, with added security patches strapped on as the need arose. Windows 7 and newer help address this issue.

Help address this issue..except not really. :/ Windows 7 was made to deal with threats from 2009-2010, with added security patches strapped on as the need arose. Windows 8 was made to deal with threats from 2012-2013, with added security patches strapped on as the need arose. You see a trend? The biggest things that consistently have to be done, no matter what version of Windows you use, is to (a) use Internet Explorer/Adobe Flash as little as possible (directly or indirectly through its rendering engine) and (b) keep as much of your software as possible up to date.

That MS has chosen to not push more updates for Windows XP is the only real major thing hindering (b), but that speaks relatively little of XP. The only other major, possibly, beef is the hassle of installing so many incremental security patches. That's a major reason, of course, for Service Packs and slipstreaming.

Nah, really, the only place XP needs to "die" is in that hardware has continued to evolve and XP has been left out of a lot of developments, in large part because fundamentally some things didn't exist when XP was released. That Windows 7/8 already exists and supports said hardware as part of a new system...then XP can "die" when you switch to a new system inherently. But, that still leaves plenty of years for fully functional hardware to keep using XP for a long while.

It reminds me of a funny statement from Woz in "Accidental Empires" about how he couldn't wait for Moore's Law to reach its limit, so hardware would stop changing and schools could afford to spend the money on hardware that'd be around for 10-20 years like most other equipment. Ignoring that the actual time scale has shifted so much because of how cheap computers, not the PCs envisioned, have gotten, the mindset that old software shouldn't reasonably be supported for 10-20 years does sort of kill a lot of good ideas when it comes to reasonably using computer hardware. I guess there's always a long-term support contract with IBM and Linux...

Re:Best way to force an upgrade

[ultranova]

Yes, XP needs to die, because it is made to deal with threats from 2000-2001, with added security patches strapped on as the need arose. Windows 7 and newer help address this issue.

No, not really. Windows 7's - and for that matter Linux's - security model is centered around users rather than applications. It's designed for multi-user central computers of old, not modern single-user desktops that run random code downloaded from the Internet. It protects the system from user-level code, but your personal files are screwed, should any of it be malicious. And not even the system is really safe: a program asks for administrative privileges, and you have no option to give it "fake" permissions in its own little sandbox or even any way of knowing what it has done, even after the fact.

Android comes closer, but still has the problem of not allowing you to fake permissions. I doubt that will change, it ultimately being a glorified data mining and ad delivery platform for Google.

As for a better security model, I'd really like to see a "tree" of virtual machines, with every program running in its own leaf it can mess to its digital heart's contents and any changes being merged into upper-level machine only at the approval of said upper level. That way you could do away entirely with the concept of administrator - since every program is the master of its own virtual machine - and try out new programs safely, since no matter what devastation they cause it's limited to their own playpen.

Re:No Sympathy

[kthreadd]

They should have been off Windows XP long ago.

Indeed. But it will stay for very very long I'm afraid. Lot's of systems still runs on XP with no available migration path. They just recently upgraded the security system where I work to XP. I don't want to think about what it ran before that.

When I saw this, I didn't know what it was

I saw this during video playback, checked to see why the video was barfing and saw the svchost.exe chewing up 100% just like they say. It didn't happen on boot. I think it can happen whenever Windows Update scans for updates.

However, when I killed the svchost just to watch my video, I lost sound which made me think it had to be Media Player.

Well, maybe it was; but eventually I found out about this bug and realized I had to just sit through it.

The questions for me are "WTF does it do?", "Why does it have to walk this tree, and what is so bloody CPU intensive about it?" followed by, "Why does an update have to care what patches are superseded? As long as you're up to the latest patch level, it should be all good".

I think the whole thing is fundamentally broken. You have your current version of $Thing, it depends on N other things which must be of a given version. When you upgrade $Thing you just check to make sure the things it depends on are there and if they aren't, then you get them. The old stuff? You just check to see what depends on it, and if there is no longer anything depending on it you can quarantine it. If anything tries to access a quarantined dependancy, then your dependencies are broken and you need to patch the app that tried to do that.

I know I'm glossing over some things, and package management is not trivial; but there's no excuse I can see for exponentially growing scan algorithms.

Re:When I saw this, I didn't know what it was

[bmajik]

to isolate windows update so you can kill it safely, do

sc config wuauserv type= own

next time service manager starts wuauserv, it will get its own private instance of svchost.exe, which you can kill with impunity :)

Re:When I saw this, I didn't know what it was

[jones_supa]

Additionally, "tasklist /svc" can be used to show which services each svchost.exe is running.

On purpose?

[wjcofkc]

I'm really not sure if I would put it past MS or not to do this intentionally and leave it unfixed while reporting (lying) about trying to fix it in order to force the death of XP on schedule. It seems too obvious.

Re:On purpose?

[X0563511]

I'm really - I mean really, uncomfortable with the thought of Microsoft planning this kind of thing 12 years in advance...

Re:No Sympathy

[viperidaenz]

So someone thought it was a good idea to upgrade a security system with software that will have no security support in 4 months time?

Re: O(2â) should be avoided

And how exactly does Slashdot not have full Unicode support?

Ah that explains it

[ArchieBunker]

I just put XP on an old laptop to run some specialized automotive software. This svchost bug has been bothering me ever since. If you kill the process it also takes out other services (like wifi).

Re:Ah that explains it

[bmajik]

one thing you can do to fix this is the following

sc config wuauserv type= own

(the space between "type=" and "own" is important)

this tells the service manager to put windows update service (WUAUserv) into its own hosting process, e.g. a new/separate instance of svchost.exe

Another service that can be implicated in updates is the "BITS" service. You can use the same command to isolate it also.

Anytime I see a svchost.exe instance misbehaving I start isolating the services inside it and then seeing which individual service is being problematic.

Re:Ah that explains it

[bmajik]

Absolutely.

However, one difference between how I work now vs. how I worked 20 years ago, is that now I am invariably working on somebody else's machine.

Once upon a time, I used to spend lots of time changing my settings, making customizations to the environment, installing all kinds of tools that made my life easier.

However, a large portion of my time is spent investigating situations that aren't on my own workstations. Either lab machines or other people's environments.

I don't want to be paralyzed when I need to work out of my environment. And so I tend not to invest in or assume the presence of tools that aren't strictly necessary to do a particular task.

This is especially true when there are workable tools included in the default software distribution. So, in the case of isolating bad services, using sc.exe is perfectly sufficient. I know it's going to be there and it's going to work.

About the only basic productivity tools I frequently install any more on a windows machine are gvim and fiddler, and if the IE F12 tools were just a little bit better, I might be able to stop depending on Fiddler....

Standard MS Joke

[Naatach]

How many Microsoft Engineers does it take to change a lightbulb? None. They just redefine darkness as the new standard.

Re:No Sympathy

[TheRealMindChild]

Just shoot the control panel. Door will just open

Past abuses of Unicode (5:erocS)

[tepples]

And how exactly does Slashdot not have full Unicode support?

Slashdot used to have at least some level of Unicode support. Then vandals discovered directionality override characters and used them to break the layout and spoof moderation. The admins responded by instituting a strict code point whitelist to prevent the use of directionality overrides and the use of characters that are more useful for Unicode art (the successor to ASCII art) than for English text.

Re:No Sympathy

[Luckyo]

Many reasons.

1. It's light enough.
2. It's air gapped.
3. It's secured via elimination of infection vectors.
4. It's needed for legacy reasons.
5. Etc.

Re:another paid microsoft employee

[houstonbofh]

Is everybody stupid. XP is fast. Faster than all the current consumer grade PC OSes

I think that is what this patch... Sorry... BUG is supposed to fix.

.NET Updates Clobber My System

[ewhac]

I couldn't tell you why, but I haven't (yet) observed the described behavior on my XP system. The auto-updater ususally settles down in a matter of minutes.

No. In my case, it's trying to apply the .NET updates that completely murders my system. Apparently MS wants a gigabyte or so of free disk space on C:\ (and nowhere else) or the update will fail miserably. As it happens, my system partition has about 200MB free space, so the update disappears down a rabbit hole and never completes.

I used to think it was because it needed a bunch of temporary disk space, so last night I changed the TMP and TEMP environment variables to point to a volume with tons of free space, rebooted (because, you know, it's Windows), set just one of the several .NET updates running, then went off to see The Hobbit. When I returned some three hours later, the update had hung, the disk was idle, C:\ had zero bytes free, and the system log was corrupted.

Honestly, I don't know why anyone continues to be surprised by Redmond's rank incompetence...

Schwab

Re:Upgrade? Win7 and 8 have their own update issue

[minvaren]

They actually just fixed the SxS bloat with a patch a month or two ago. Link : here.

Re:No Sympathy

[chromas]

Well, then good news! Windows XP is just four months away from being perfect.

Re:No Sympathy

Be sure to use bullets. Using a laser will just make the blast doors close.

Re:More details please

[Luckyo]

Proper software firewall, hand built firewall security policy i.e. all ports stealthed nothing goes in our out without asking (important as it enables you to see if you do get hit regardless of everything else). Essentially machine is autistic to the internet unless there's software running on it that is asking for connection. This weeds out most of the problems.
I followed up by going through process list and weeding out everything I didn't need. The windows notification process to (dysfunctional) WAU and so on. If it's not needed, disable it, as it's a potential vector.
Use a decent block list. I used peerguardian's malware/known botnet blocklist. It severely cuts down on number on potential infection sources and again, it lets you spot a potential threat that has gotten through as such software would likely start hitting known botnet addresses for control information.
Sane antivirus. Specifically one that isn't too sensitive, but isn't too aggressive. Check everything with it.
Reasonably updated internet facing software. That's browser, mail software and so on. It may also help to sandbox these with something like sandboxie (I didn't bother because I kept them up to date and felt that was enough, now that I no longer do so on this machine I sandbox the browser and email software).

Effectively a mix of sane security policy, locked down machine and common sense. What most people appear to not understand on /. is that windows being vulnerable isn't the end of the world, nor is it a guarantee of infection. You still need an infection vector and infection source in addition to vulnerability to get infected, and locking those down is often enough, as long as you're not someone like Valve who is going to get hit by specifically tailored directed attack, you're going to be fine. Or at least much better off than someone who's all updated but doesn't secure infection vectors or infection sources.

Planned obsolescence

[h00manist]

"Tried" several times to patch an error but "couldn't". "Coincidence" that it is planning to retire the platform. Smells a lot like planned obsolescence. Helps sell more junk products that become useless faster. Buy a new one!

Re:No Sympathy

[localroger]

This is really unrealistic. What if the original hardware supplier is out of business or has discontinued the product line? The supply chain for many industrial systems of this type can be 10 levels deep, and it's simply impossible (unless you make the kind of hyper-expensive arrangements the military does so that they can keep 50's era computers running today) for contractors in that chain to do as you suggest. Commodity computers are so powerful and cheap with such ubiquitous development tools and talent that it's hard for suppliers to ignore what's available just because traditional ideas of longevity can't be trusted.

Re:No Sympathy

[viperidaenz]

No, but you can bet there are people sitting on exploits waiting for the security updates to stop.
Once that happens, their exploits will never be fixed and they've got free reign.