Forbes Blasts Latests Windows 7 Patch as Malware

← Back to Stories (view on slashdot.org)

Forbes Blasts Latests Windows 7 Patch as Malware

Posted by timothy on Sunday December 14, 2014 @07:38AM from the if-the-president-does-it-is-isn't-illegal dept.

Forbes contributor Jason Evangelho has nothing good to say about a recent Windows 7 patch that's causing a range of trouble for some users. He writes: If you have Windows 7 set to automatically update every Tuesday, it may be to permanently disable that feature. Microsoft has just confirmed that a recent update — specifically KB 3004394 — is causing a range of serious problems and recommends removing it. The first issue that caught my attention, via AMD’s Robert Hallock, is that KB 3004394 blocks the installation or update of graphics drivers such as AMD’s new Catalyst Omega. Nvidia users are also reporting difficulty installing GeForce drivers, though I can’t confirm this personally as my machines are all Windows 8.1. Hallock recommended manually uninstalling the update, advice now echoed officially by Microsoft. More troubles are detailed in the article; on the upside, Microsoft has released a fix.

42 of 230 comments (clear)

Short sighted by DavidRawling · 2014-12-14 07:41 · Score: 5, Insightful

Ah yes, one bad patch and we should all NEVER PATCH AGAIN BECAUSE THE SKY IS FALLING! Perhaps he will take personal responsibility the next time a patched vulnerability launches a new botnet? Nah, just write inflammatory rubbish, it's easier.
1. Re:Short sighted by lucm · 2014-12-14 08:06 · Score: 4, Funny
  
  THANK YOU! You just opened my eyes! I will immediately get rid of Windows and spend the next 4 weeks getting OpenBSD to somehow work on my laptop.
  
  --
  lucm, indeed.
2. Re: Short sighted by nuckfuts · 2014-12-14 08:12 · Score: 5, Informative
  
  Here's a tip: If updates are pending but you want to shutdown quickly, don't choose Shutdown. Choose Log Off instead. Then, from the logon screen, you can choose either "Install updates and shutdown", or just "Shutdown".
3. Re: Short sighted by Anonymous Coward · 2014-12-14 08:25 · Score: 4, Informative
  
  Ah, the great "you don't want to do that" solutions. As a anonymous coward I can finally say: I'm so sick of people like you. If you can't think of a real solution, then just say nothing.
  - You got shot, and need to stop the bleeding. Solution: You don't want to get shot.
  - Windows Vista doesn't update, how to solve it? Solution: You don't want to use Vista, and should upgrade.
  (add your own)
4. Re:Short sighted by tranquilidad · 2014-12-14 08:26 · Score: 4, Informative
  
  Though I agree with your sentiment there was an additional patch in the group (KB2553154) that was a security update that conveniently broke ActiveX controls and macros in Excel 2013. It wasn't just one incredibly bad patch.
  I pity the poor vendors and their even poorer customers whose spreadsheets suddenly stopped working on December 10th.
5. Re:Short sighted by reboot246 · 2014-12-14 08:37 · Score: 3, Informative
  
  I have my settings adjusted so that Windows tells me about the updates, but I choose when to download and install them. It's best to wait a couple of days after they're released to find out if anybody is having a problem with one of them. Let some other poor sucker get his computer bricked.
6. Re:Short sighted by sjames · 2014-12-14 08:49 · Score: 4, Insightful
  
  That would be terrible advice. Fortunatly, nobody has suggested that. TFA suggested changing the setting to list updates for manual selection, and that's not at all bad advice. Wait a few days to see if people are screaming about horrible problems with the update, then select them manually.
  That would work even better if MS actually described what the update fixes (so you could decide if it's even relevant) rather than slipping things in.
7. Re:Short sighted by MikeBabcock · 2014-12-14 09:03 · Score: 2
  
  Actually they are still selling it. You can buy it on brand new business machines today.
  
  --
  - Michael T. Babcock (Yes, I blog)
8. Re:Short sighted by Anonymous Coward · 2014-12-14 09:08 · Score: 2, Insightful
  
  (follow up from pevious)
  Also I love that your solution to getting OpenBSD to work on his laptop; is to install OpenBSD and then a virtual machine host, and install windows on top of that.
  So why did you get rid of windows again?
9. Re:Short sighted by phantomfive · 2014-12-14 09:16 · Score: 2
  
  More like 4 minutes. OpenBSD user here and it just works(tm).
  
  Unless you have a laptop with a USB 3 controller. Then it boots up fine, just don't expect the keyboard, mouse, or touchpad to work.
  
  --
  "First they came for the slanderers and i said nothing."
10. Re:Short sighted by GNious · 2014-12-14 09:41 · Score: 3, Funny
  
  Careful ... you keep this up, and systemd will start to come with its own nVidia driver for the 3D-enabled admin-UI
11. Re:Short sighted by hairyfeet · 2014-12-14 09:47 · Score: 3, Interesting
  
  Not to mention I used the supposedly "bad patch" on dozens of systems, Intel and AMD, with both APUs and GPUs...never saw this problem, not once. This leads me to think there was some sort of third party interference, perhaps an AV that is being over aggressive and causing the patch to only be half installed.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
12. Re:Short sighted by Paradise+Pete · 2014-12-14 09:57 · Score: 5, Insightful
  
  Ah yes, one bad patch and we should all NEVER PATCH AGAIN BECAUSE THE SKY IS FALLING!
  How is it that you interpret disabling auto-update as meaning "NEVER PATCH AGAIN"? I took it to mean don't patch until you're confident it's safe to do so. Don't you think that's a more reasonable view?
13. Re:Short sighted by phantomfive · 2014-12-14 10:15 · Score: 2
  
  Lacking USB 3 support causes devices to fall back to USB 2, unless your machine has only USB 3 (like some Apple devices).
  Yes, that is exactly the reason I wasn't able to install OpenBSD on my mac.
  
  --
  "First they came for the slanderers and i said nothing."
14. Re: Short sighted by Paradise+Pete · 2014-12-14 10:19 · Score: 5, Funny
  
  Thank you, nuckfuts.
  Now there's something you don't read every day.
15. Re:Short sighted by meerling · 2014-12-14 10:28 · Score: 2
  
  LoL, "What is *wrong* with you that you've dumped so much of your ego into a pissing context between OSs?".
  Usually it's a pissing Contest, but strangely enough, your "pissing context" seems to fit it better. :P
16. Re:Short sighted by meerling · 2014-12-14 10:52 · Score: 3, Informative
  
  From the history books I've seen, many written by non-americans, it was pretty clearly stated that if the USA hadn't finally gotten into the war in Europe, Germany would have pretty much steamrolled what was left of western Europe, then turned full forces including it's Luftwaffe on Russia (actually USSR) and overwhelmed them outside of winter. Instead they got beaten back and their forces continually depleted by the Allied forces on the Western Front, leaving the Eastern front vulnerable and less capable, loosing even their initial advances when the lack of supplies and brutal winter devastated their forces.
  Things "might" have gone smoother with the American forces in Europe, but they were also engaged in the Pacific conflict at the same time, and needed the shifting of forces from the ending of the European conflict to bring a conclusion to the Pacific conflict. Of course there are the nukes, but those only ended it quicker and with far less bloodshed than would have happened otherwise, even with the most optimistic forecasts. It just goes to show that fighting a war on multiple fronts is never a good idea.
17. Re:Short sighted by pepty · 2014-12-14 12:10 · Score: 4, Insightful
  
  So you haven't updated your OS in three years?
18. Re:Short sighted by LostMyBeaver · 2014-12-14 12:19 · Score: 2
  
  Forbes is a publications for uneducated gamblers and people who intentionally deprive their brains of oxygen by employing fashionable silk nooses.
19. Re:Short sighted by Ol+Olsoc · 2014-12-15 01:50 · Score: 2
  
  Ah yes, one bad patch and we should all NEVER PATCH AGAIN BECAUSE THE SKY IS FALLING!
  
  If Microsoft only put out "one" bad patch, you might have an argument.
  But hey, the modern day Microsoft apologist tactic of going apeshit instead of rational discussion, and blaming the victims is noted.
  And the "Capslock loaded and ready to rumble" is just adorable.
  
  --
  The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
20. Re:Short sighted by Ol+Olsoc · 2014-12-15 02:07 · Score: 2
  
  THANK YOU! You just opened my eyes! I will immediately get rid of Windows and spend the next 4 weeks getting OpenBSD to somehow work on my laptop.
  You really know nothing about modern Linux do you? And if you still want to talk about ancient installs, let's talk about how well Windows 1.0 works.
  Because it's the same thing. Haven't had on computer not "just work" after installing Linux, in the last few years and that includes some exotic installs like Chromebooks. or touchscreen laptops. And at this point, driver selection is better.
  
  --
  The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
21. Re:Short sighted by david_thornley · 2014-12-15 07:30 · Score: 2
  
  Germany did pretty much steamroll Western Europe up to the coast, except for Spain and Portugal. Taking Britain was going to be a lot harder, and everybody knew that. The German plans to invade southern England in 1940 are positively ludicrous, and their attempts to suppress British air power caused them losses they never really had a chance to recoup.
  Germany then attacked the Soviet Union, and failed in 1941, before the US had any significant impact on the war. The US didn't have an army on the European mainland before September 1943, and the US air forces didn't have a serious impact before mid-1943. Eventually, the US had a major role, but it came much later than any time Germany could possibly have won, and primarily accelerated the end of the war and kept the Soviets out of most of Western Europe.
  The US was engaged in the Pacific, and the majority of the resources available in 1942 went there, but the US was really not ready for a war by the end of 1942. The US was frantically building up a large army, but it didn't start to show up until sometime in 1943 and wasn't anywhere near full strength before 1944.
  
  --
  "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
It uninstalled itself... by radish · 2014-12-14 07:59 · Score: 5, Informative

According to my update history they automatically uninstalled it the next day (via a new update). So the auto updates worked - no drama.

--
---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"
1. Re:It uninstalled itself... by saigon_from_europe · 2014-12-14 09:50 · Score: 2
  
  In the provided link, MS claims that one of problems with the said update is that it prevents future updates. It seems that it was not the case, luckily.
  BTW, my problem with this update was that VirtualBox did not want to start the virtual machine.
  
  --
  No sig today.
Malware? by SydShamino · 2014-12-14 08:05 · Score: 4, Insightful

I think calling something "Malware" implies malice, something that's not indicated here as I see it. This is probably a case of incompetence, releasing poorly thought out, poorly written, and/or poorly tested code. Maybe we need a term for that - "bugware". (Or, for the cynics in the audience, we already have a term - "software".)

--
It doesn't hurt to be nice.
1. Re:Malware? by arbiter1 · 2014-12-14 08:21 · Score: 4, Insightful
  
  Forbes are trying to make things sound worse then it is to get views without any real journalism.
2. Re:Malware? by 0123456 · 2014-12-14 08:22 · Score: 2
  
  Didn't Microsoft lay off thousands of QA testers a few months back?
3. Re:Malware? by bingoUV · 2014-12-14 15:24 · Score: 2
  
  While that is true, the implication that the automation creates and maintains itself is very false.
  
  --
  Bingo Dictionary - Pragmatist, n. A myopic idealist.
A 1990s classic joke by Stormwatch · 2014-12-14 08:46 · Score: 2

With the recent problems being encountered by Windows users all across the country, people are begin to ask themselves if windows is a virus. In response to the high demand for an answer to that question a study was done and concluded the following.
1. Viruses replicate quickly.
Windows does this.
2. Viruses use up valuable system resources, slowing down the system as they do so.
Windows does this.
3. Viruses will, from time to time, trash your hard disk.
Windows does this.
4. Viruses are usually carried, unkown to the user, along with valuable programs and systems.
Windows does that too.
5. Viruses will occasionally make the user suspect their system is too slow (see 2) and the user will buy new hardware.
Same with Windows, yet again.
Maybe Windows really is a virus.
Nope! There is a difference!
Viruses are well supported by their authors, are frequently updated, and tend to become more sophisticated as they mature. So there! Windows is not a virus.

--
Circumcision is child abuse.
Really bad advice by mseeger · 2014-12-14 08:56 · Score: 4, Insightful

Several readers have pointed out that disabling automatic Windows Updates is bad advice, and while thatâ(TM)s a fair argument I have to disagree.
It is really a BAD advice. The average PC user is not an ops person. If an update bricks his PC, he will notice and can get help. If his PC is insecure, he will notice nothing and help (if ever) will be asked for much too late.
His arguments amount to one thing: avoid changes. Any change is a risk. But so is crossing the street. In the long run, a change-averse strategy will lead to worse results than the occasional botched change (exceptions apply, but those are rare). And the only way for the average user to do changes is to automate them.
Re:Terminal Windows Complexity? by ericloewe · 2014-12-14 09:11 · Score: 2

Any modern OS is too complex for a single person to understand.
Windows is especially bad, given that the de facto goal is to maintain as much compatibility as humanly possible - including the antiquated Win32 API.
Starting with Windows 8.1, the tendency is more towards the Unix method of providing several versions of the same thing (much like what was done with the Visual Studio runtimes), presenting applications only the one they claim to target (or the default, which is Windows 7, IIRC). This should allow the API to be "broken" in newer releases, which should allow for better manageability.
Re:Almost true by ericloewe · 2014-12-14 09:11 · Score: 2

You could at least *try* to make the joke intelligent, instead of repeating a tired one...
Did really he say that? by Okian+Warrior · 2014-12-14 09:23 · Score: 4, Informative

Ah yes, one bad patch and we should all NEVER PATCH AGAIN BECAUSE THE SKY IS FALLING!
Did he actually say that?
Or did he say turn off *automatic* patching?
It seems reasonable to always be 1 week behind in patching your systems - let someone else be the lightning rod for goofs and mistakes. I know some sysadmins patch "test" systems and try things out to see if the patches break their currently-running code. They don't seem to mind a certain time lag in patching.
Can do this without logging off by iONiUM · 2014-12-14 09:28 · Score: 5, Informative

While your steps work, you can also just focus on the desktop (by clicking the background, for example), then press ALT+F4. You will then be presented with the shutdown menu which includes the same options you cited, but without the need to log off first.
1. Re:Can do this without logging off by LinuxIsGarbage · 2014-12-14 13:40 · Score: 2
  
  While your steps work, you can also just focus on the desktop (by clicking the background, for example), then press ALT+F4. You will then be presented with the shutdown menu which includes the same options you cited, but without the need to log off first.
  I prefer to click the task bar, then ALT+F4.
  It's also useful in remote desktop when you're trying to shutdown or reboot the remote machine. Also included is Microsoft's "Windows Virtual PC" which uses remote desktop as the integration technology, and makes it difficult to shutdown or reboot the VM.
2. Re:Can do this without logging off by steelfood · 2014-12-14 14:48 · Score: 2
  
  There's nothing quite as fast as the old school method of yanking the cord.
  
  --
  "If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
Not sure if my problem is related by jandrese · 2014-12-14 09:40 · Score: 4, Interesting

After the patch my box started complaining endlessly that it was not genuine windows, but when I went to activate Windows page it said I was already activated and just told me all of the great benefits of having genuine Windows and that I should install MS Defender.

It non-activated dialog box wanted me to install some application to double activate it or something? I've had a tough time figuring out exactly what's up with it. The links all point to genuine microsoft.com websites, so it doesn't appear to be malware, but I'll be damned if it's not acting like malware.

--

I read the internet for the articles.
Re:the real story by Deathlizard · 2014-12-14 10:36 · Score: 3, Insightful

the problem that I have with this isn't this particular patch, but the pattern.
Microsoft over the last 6 months have not had a patch cycle that didn't have major widespread issues with a patch that was eventually recalled. The last time they had problems this bad was sometime around 2002-2003, and back then they claimed that they changed their testing criteria to prevent major patch issues from happening, And it worked for a good while. At least I only had to worry about 1-2 bad patches a year at most.
This patch botch, however, takes the cake. There is absolutely no way this patch should have been able to pass a competent Q/A test. Every single windows 7 machine that got this patch through our test systems (which is about 100 PC's spread across multiple vendors and OS images) popped up a "you are a conterfeit victim" message within 24 hours of receiving the patch. There is no way they couldn't have run into this unless they are doing short term checks for patch related issues.
"The Patch Installed without crashing" is Not Good enough Q/A when you are rolling out a patch to millions of potential customers. Someone in MS Q/A Needs to get fired over these issues before it causes more damage (IE: People taking Forbes stupid advice, disabling critical updates and getting infected by some cryptovirus that wipes out all of their company files that could have been prevented by a patch install.)

--
In Soviet Russia, Trojan exploits YOU!
I know I was experiencing weird behavior in IE by NotSoHeavyD3 · 2014-12-14 11:02 · Score: 2

You know besides all the weird stuff you experience browsing with IE. I did a bunch of upgrades this past week (new AMD drivers, these MS patches) on my Win7 PC and I saw that the settings in IE kept getting reset. Security was cranked up so I couldn't download anything and it blew away my history by setting it to 0 days. I'd reset that stuff, reboot my PC and come back and see everything had been set back. I could only get rid of the problem by restoring my PC to last week. I thought I picked up a virus or that it was that Raptr junk in the AMD drivers but now I'm thinking it's this patch. (I know, I should use Chrome more. It's installed here and I do use it but I use IE as well.)

--
Did you know 80 to 90% of the moderators on slashdot wouldn't recognize a troll even if one dragged them under a bridge.
Update way worse than described. by phizi0n · 2014-12-14 11:56 · Score: 2

Pretty much anything that needed elevated privileges would fail to run even if you were running on an admin account and gave UAC permission. Even my TV recordings failed while the update was applied and at first I thought it was my video driver update that I did just before manually allowing windows update to install the patch. Because I had manually installed it, I did not automatically get the removal patch and had no idea wtf was going on until I dug through several posts about driver installation problems (that I did not have) to finally find that it was wrecking far more than just driver installation.
Forbes has no standing to complain by 140Mandak262Jamuna · 2014-12-14 11:57 · Score: 3, Interesting

Forbes faithfully parroted every Gartner study fully bought for by Microsoft, like the Total Cost of Ownership. It claimed Microsoft has reached a "utility" status and it should be considered a "widows-and-orphans" stock. It actively contributed to the culture of lazy CIOs choosing Microsoft because no one got fired for choosing Microsoft. It turned a blind eye to every illegal maneuver by Microsoft. Now, suddenly, it is blasting Microsoft? I think Microsoft is a lesser evil than Forbes.

--
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Layoffs by nateman1352 · 2014-12-14 22:06 · Score: 3

So Microsoft starts laying off 18,000 employees in several waves starting in July this year. One of the first groups that was hit hard by layoffs was QA (mostly contract workers so they are easy to let go.) Within that, the QA department responsible for testing OS security patches was hit the hardest...
So now we are having a bunch of problems with botched updates that weren't tested sufficiently, go figure!