The software giant says it withdrew a security update for Windows XP after discovering that it switched off Net connections for some of the 600,000 users who downloaded and installed it. Update: Microsoft explains what got wrong.
Microsoft Pulls Windows XP Update
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
I’ve had quite a few issues with M$’s ‘fresh’ updates. Just last week I had to roll back from their ATI Mobility driver update since it caused a fatal bluescreen every time winblows booted. Great QC, guys.
I never had problem with MS’ updates. I know people who had though, and most of the time it is because of software that gets installed that messes up with the services, e.g. antivirus software.
It is impossible to be bug-free in the jungle of x86. Linux, BeOS, BSD, OS/2 and QNX are not either when they are used besides their basic functionality. Apple has it right, as it controls the hardware and the hardware configurations. On x86, you never know what the user might be running on. It is a big headache on developers and compatibility.
/me just sits back and chuckles…
I’m so glad Windows Update doesn’t work via Wine… lol, I thought updates were supposed to fix problems, not cause them…
Why are you laughing? This is not the first time it happens to neither Windows or Linux. Many times I have seen updates on Linux (mostly on Gentoo) that would even take away binary compatibility off libraries and I would need to spend a day recompiling huge chunks of software (e.g. last year’s libpng fiasco)! It happens.
Windows XP’s incompatibility was with specific THIRD PARTY software (Norton’s firewall to be precise), not with Windows software. There are millions of Windows apps out there. MS can’t and won’t test them all. It is bound to happen from time to time, live with it.
Doh!
Yeah well, this was on a bone stock Compaq EVO. Standard hardware, standard software, nothing out of the ordinary. Then again I’ve had this problem on other ‘standard’ manufacturer models (Dells, IBMs, etc.). Both desktops and servers. I attribute it to the shite ATI Mobility hardware more than anything else (none of the drivers have ever worked without some sort of bug/quirk).
What M$ really needs to do is not only provide HW certification of drivers, but also brand-name model # configuration certification in terms of brand-name models. Certified manufacturers can quite easily provide their QC results for this. i.e. instead of the ‘not signed by m$ hardware labs’ a ‘not signed by m$ hardware labs but certified for your model xxx’ would suffice. They should just forget about homebrew combos since this is near impossible.
However for this they need coordination and there is cost involved. I don’t think we would ever see something like this because their is no profit to be gained from such a feature by m$. Better to make people pay for tech-support calls when their systems go down due to faulty drivers.
I download patches, save and then install them.. Winupdate is a bit buggy still – and I have never trusted them since it emerged that they were deliberately loading bad code onto illegal winXP installs in order to make them unstable and crashy.
I wouldnt advise any user to install a patch less than 3 weeks after its released – after that time you can be pretty sure it’ been tested.
Windows is expensive and is supported by the biggest and most successful software company in the world. Gentoo is free and supported by volunteers.
Eugenia why did you post this topic?
I find it strange that you posted it with no comment and then a couple posts down you blame 3rd party software, x86, attack gentoo and then tell people to “deal with it”.
If that is not being an apologist I dont know what is…
Because that is my opinion on OS bugs: OS bugs are _everywhere_, on all OSes, and mostly x86s where the configurations are unpredictable. I did not attack Gentoo, I just gave an example where Linux can also be vulnerable to bugs and problems just as Windows is. DON’T change the meanings of my words.
>If that is not being an apologist I dont know what is…
It is called common sense and experience over a big number of OSes.
Windows Update unfortunately has a horrible record for corrupting and ruining working Windows systems.
One of the big bugs is that Windows Update will sometimes install the wrong version of drivers for your machine.
“Windows Update is supposed to check to see what drivers are currently installed on your system and then compare that list against what’s available. According to Microsoft, if there are “a large number” of .INF files in the INF folder in your system directory, Windows Update may incorrectly guess which drivers to install.”
http://techupdate.zdnet.co.uk/story/0,,t481-s2134538,00.html
Eugenia
>OS bugs are _everywhere_, on all OSes
We are not talking about regular bugs. This flap revolves around people downloading software to fix the OS. You would think that the most successful software company in the world would have better quality control.
>mostly x86s where the configurations are unpredictable
Ah yes, blame it on x86(even though the x86 arch has nothing to do with this flap)
>Windows XP’s incompatibility was with specific THIRD PARTY software >(Norton’s firewall to be precise)
Ahhh, blame other software. Wow Norton Firewall? Never heard of that, is it popular? Riiight, Norton software is extremely popular and there is no reason why MS cant test with at least the top tier of Windows software(Norton is up there)
>not with Windows software.
People had no trouble until they downloaded software from windows update…
>There are millions of Windows apps out there. MS can’t and won’t test them all.
You might have a point if it was some weird little app but it was NORTON for crying out loud!
>It is bound to happen from time to time, live with it.
So it honestly doesnt bother you that you paid 100-200 for an OS from the most successful software company in the world and a software updated from MS borked peoples computers due to a problem with a tier 1 windows software maker? Hmmm…
(Oh yeah, I apologize for the way I wrote my first post which got modded down)
> So it honestly doesnt bother you that you paid 100-200 for an OS from the most successful software company in the world and a software updated from MS borked peoples computers due to a problem with a tier 1 windows software maker?
*MY* software updates from MS have NEVER failed. As I said earlier, I know people who had problems. For example, my husband is unable to install SP3 of Win2k on his laptop, it just sits there doing nothing. But *personally*, I had never a single problem with either Win98/2k/XP. But no, I don’t run software that CHANGE the way Windows works in many ways e.g. Norton utils, Antivirus etc. I run much more “userspace” regular software and never had a problem. My firewall sits on another computer, running FreeBSD, not on Windows.
And I didn’t pay $200 for Win XP PRO. I paid $30 found on a store (yes, it is 100% legal copy, and no, it was not a resale).
Ah yes, blame it on x86(even though the x86 arch has nothing to do with this flap)
Eugenia’s point was that due to the large customisation available to the x86 arch used by owners of the Windows OS, it is impossible to test every hardware configuration, and every driver configuration. You’re talking millions of potential configurations, and that is impossible.
Ahhh, blame other software. Wow Norton Firewall? Never heard of that, is it popular? Riiight, Norton software is extremely popular and there is no reason why MS cant test with at least the top tier of Windows software(Norton is up there)
Why be so picky? Again, IMHO it is up to Norton to fix any incompatabilities with the OS, not the vendor. With linux, if a KDE/Gnome or distribution vendor GCC update breaks compatability with an application, it is the application vendor’s problem is it not?
You might have a point if it was some weird little app but it was NORTON for crying out loud!
To be fair, Norton apps are crap in comparison to others, its just the fact that the norton brand is well known due to OEM bundling. The firewall product is not that popular however from what I’ve seen, just the AV.
So it honestly doesnt bother you that you paid 100-200 for an OS from the most successful software company in the world and a software updated from MS borked peoples computers due to a problem with a tier 1 windows software maker? Hmmm…
I wouldn’t say it borked it…so they couldn’t get on the net, big deal. Doing an emerge in gentoo as Eugenia correctly points out can mess up a lot more than your net connection.
You can’t expect every combination to be tested – no matter how popular the software. All updates are removable through Add/Remove programs anyway. In my experience its only the computer savvy people that download the updates, other Joe Users leave their OS unpatched for months. I applaud MS taking the patch down in case of further problems, but its their OS and they can patch it how they like, its up to the software vendors to provide a working application.
It is impossible for an ISV to test with Microsoft patches. There is no preview of the patch, no beta, nothing. The application vendor has no clue as to what the patch even does until it comes out. Even then, many times Microsoft patch dependencies are not documented or poorly documented.
Once the user runs Windows Update, any resultant problems are incredibly difficult to track down because the state of the customer’s machine is a mystery. There are millions if not billions of combinations of patches. Which ones are installed? Which ones were successfully installed?
The problem with Microsoft Windows Update is that it tries to do too much. They should come out with a program that simply fixes bugs in the Microsoft OS files. No driver fixes, no new features, etc. That way Microsoft can at least test it. And each service pack should undergo a much more robust beta program. Yada yada yada. Pipe dreams.
As Bill Gates said, “it doesn’t pay to fix bugs”.
Eugenia
>But no, I don’t run software that CHANGE the way Windows works in >many ways e.g. Norton utils, Antivirus etc.
Windows worked fine with that software BEFORE the download from MS
>I run much more “userspace” regular software and never had a >problem.
Norton ran fine BEFORE the download from MS
>My firewall sits on another computer, running FreeBSD, not on >Windows.
I wonder if at MS page it says “Please run FreeBSD and you will have no problems”
>And I didn’t pay $200 for Win XP PRO. I paid $30 found on a store (yes, >it is 100% legal copy, and no, it was not a resale).
$30 found on a store? Hmmm, was this store in China? Sounds fishy
JCooper
>Eugenia’s point was that due to the large customisation available to the >x86 arch used by owners of the Windows OS, it is impossible to test >every hardware configuration, and every driver configuration. You’re >talking millions of potential configurations, and that is impossible.
Yes but we are talking about NORTON, *surely there must be SOME quality testing* with at least the most used/popular windows software??
>Again, IMHO it is up to Norton to fix any incompatabilities with the OS, >not the vendor.
Norton ran just fine before the download from MS, if MS going to give its users software that modifies its OS then IT IS MS RESPONSIBILITY to make sure they dont screw its customers(both users and companies that add value by creating software to run on MS’s OS). Once again we are talking about NORTON software not some shareware from Russia or something.
>With linux, if a KDE/Gnome or distribution vendor GCC update breaks >compatability with an application, it is the application vendor’s >problem is it not?
For a new release(Win2k3 not even working with MS own software) the vendor is off of the hook but for a fix update to a stable release then the vendor has responsibility.
Let me ask you this, if the responsiblity is not MS then why do they pull from their site? Why not call norton or redirect customers?
>To be fair, Norton apps are crap in comparison to others, its just the >fact that the norton brand is well known due to OEM bundling. The >firewall product is not that popular however from what I’ve seen, just >the AV.
This is pure cop-out. The Norton software worked great before the MS download.
>I wouldn’t say it borked it…so they couldn’t get on the net, big deal.
Yeah, no need to get on the net to download a fix, hahahaha
The internet, big deal… hahaha
>its their OS and they can patch it how they like, its up to the software >vendors to provide a working application.
The software vendor DID provide a working application…
that’s why we should only have source distribution, you never have problems with source, if something doesn’t compile you can fix it…if you install a binary that doesn’t work there is a big chance that you’ll bring down the entire system. The very same reason why kernel modules doesn’t have bynary compatibility across versions, it’s taking to much a risk for the overall stability to allow something you don’t know the code to mess with your system…
“That shut down Internet connections for some of the users who had other security software already installed on their computers. Microsoft said those users were not at risk of a security breach and did not experience widespread system crashes.”
Unfortunately the linked CNET article did not contain a reference to the Microsoft KnowledgeBase article. In addition it seems Microsoft pulled the originating KB article. Too bad, because they might have included a statement with the patch (README) that if the customer is running Norton AntiVirus version.X you do not need to install this patch (i.e. so don’t).
Slightly Off-Topic Comment: My employer expends many staff resources doing configuration management for their Microsoft based computing infrastructure. It is tedius and slow, however, it tends to eliminate the problems witnessed with Microsoft’s patch. We acknowledge the fact that different applications installed on the same system can cause conflicts and vendors cannot test everything.
The employer does not use Linux/Unix operating systems for the desktop or desktop server so I cannot comment on CM using those systems.
>Too bad, because they might have included a statement with the patch
>(README) that if the customer is running Norton AntiVirus version.X
>you do not need to install this patch (i.e. so don’t).
Doesnt Windows update scan for installed programs? Isnt this type of deal why the registry exists in the first place so its easy to know what the deal is with installed programs?
Actually, thats even more damning that MS knew about this problem and put the patch out anyways. Im sure MS is technically able to realize Norton Firewall is installed and then not offer the patch to that computer or at least a popup warning “Hey, this patch will kill your internet capability, hit cancel unless you dont like the internet”
Looking on the bright side, MS achieved total security with that patch on norton firewall computers, the most secure patch ever, OpenBSD eat your heart out!
Really, I think all the points Eugenia are making are valid. Sh*t happens from time to time, whether you are in Windows or Linux.
What I find odd, though, is the speed and eagerness with which she jumps in to defend MS. If there are incompatibilities in a new Linux dist, she spends paragraphs explaining why it should not be so. If a similar compat appears in Windows, she puts a nice spin on it (its a “clean break”, or designed to improve security). If its a third-party app crashing on linux, she reminds you that the user doesn’t care who writes the app. If its crashing on windows, ah .. the third party or hardware vendor gets the blame. Me wonders what this is all about???? Should an editor of a public site be more fairly minded??
heh – at last, MS have found a way to make Windows machines reasonably secure – take them off the ‘net completely!!!
Seriously though:
>I wouldn’t say it borked it…so they couldn’t get on the net, big deal.
This is a scary attitude – try telling this to a business losing thousands every second because their staff cannot get online. And how are they supposed to fix it? Will MS mail them a CD with a fix that works?
This whole deal seems to show that Windows just isn’t ready for the desktop – no matter whose fault or responsibility it is that once perfectly running applications have been broken, it takes TIME and EFFORT (in other words, lots of money) to fix them, and this is costing businesses. Once again.
Please people, try to remember this nonsense when banging on about how Windows has a wonderful TOC or ROI: this kind of farce is costing the economy.
Sssshhhh! It’s far better to get the occasional raving pro-Microsoft behavior vs. the UI-slamfest we used to get on every new Linux/KDE/GNOME/etc release!
And overall, I really like that Eugenia has opinions and is quite vocal with them. It’s much better than the dry and desolate corporate news sites. For the most part, we do get to hear about little known OS developments on OSNews as well. Fun stuff.
This is a scary attitude – try telling this to a business losing thousands every second because their staff cannot get online. And how are they supposed to fix it? Will MS mail them a CD with a fix that works?
Any business with a good-sized IT staff should have a testing pool to run these patches on before deployment on their network. I know the company I work for does (which is why I have to run Win2k and can’t installed Office2k3 betas or VS.Net2k3 yet). Of course, the notoriously slow speed of our IT means we’re also wasting money buying computers that come with WinXP pre-installed, and then installing 98SE or 2K on them…
As for fixing the problem, you remove the patch that caused the problem (the article stated this quite clearly) through Add/Remove Programs. Wait for them to release the updated version of the patch (since they claim people running Norton firewall weren’t vulnerable in the first place).
Of course, businesses that are too small to have a testing pool in the first place are also the most likely to be using software firewalls, but really, which costs more, licenses for software firewalls on each workstation and server, or one hardware firewall (or computer running OpenBSD) to secure the whole network?
Actually this is not the only Windows Update that causes a problem in recent time.
The Windows Update 411493 for XP has been downgraded from critical to recommanded because in many instances it kills the performance when oepning files.
It is even documented in one Microsoft tech note.
MS Windows updates are garbage. They take hours and hours to download and install (back when I used to use MS I wanted to throw my computer out the window), while Linux updates take about 5 minutes.
Why are all flaming Eugenia, she does a nice job here for us.
If you all can do it better then do so and send them in to Osnews.
This is a cock-up, not a major cock-up, not the end of civilization, nor an attempt by the borg to take over the world.
While I agree no one can test all the combinations out in the wild, I do feel there is a responsibility to test the most common. Having been bitten by MS patches before, in circumstances where no third party software was involved, I don’t believe they are tested as thoroughly as they should be. A symptom of monopoly if you will.
In the end, there will be a few red faces, a few snide remarks from those not involved directly and we’ll all carry on as normal. More’s the pity.
I feel these thing happen with windows. For attention and to rationalize getting the new service pack for even more attention and/or oh well we have problems with that os. Here is another new and improved os windows (insert new name here). Buy this one and everything will be better. I believe that sometimes any attention from the public is better than no attention. Even if it is negative attention.
A month or so ago, a user at a remote branch said her computer wouldn’t boot – Came up to a blue screen every time. I asked if she had made any changes – and there had been automatic updates (W2K SP3) She set it up by herself to do the automatic updates. Turns out that Microsoft screwed up the order of patches, and one overwrote a file that was a SP3 file to a lower SP file. Microsoft’s site said nothing about it. The only way I found an answer on how to fix it without reformatting was on google groups. I’ve also had users do the manual updates and download drivers. I never trust Microsofts selection of drivers. I have never had success using their “updated” drivers. I always end up with blue screens.
I have used an application called “Software Update” very long, and I have never had any problems with it. And it has good documentation on the updates. http://www.apple.com/macosx/upgrade/softwareupdates.html
So I was right after all. I was one of the 600,000 that downloaded this update. I basically downloaded it, installed it, then turned off the computer and went to work. When I returned, my internet didn’t work. I turned off both my cable modem and the router and then back on and the connection didn’t work still. I knew there was a problem when I couldn’t even browse my local network. I immediately blamed the update.
On Friday, I had announced this problem to the higher-ups in my ISP but they all assumed I was an idiot and lying. Good to know I wasn’t.
I agree that something like this is not the end of the world or perhaps a person should back up before applying the patch. However, isn’t a patch not just a fix to something but also something that gives peace of mind that things WILL get fixed? I too have been bitten by the update bug, even BEFORE Windows Update. There was a service pack to Win2K that (if memory serves) would cause Microsoft Office to either not install properly or not function right if you had Lotus Notes R5 installed. They released a KB note stating how to fix the issue. It became a running joke that we’d wait to deploy until a patch for the patch was released.
Yes there are a lot of things MS can’t test, but at least take the time to test the patch with the most popular applications before deployment. It further makes users feel as though they are paying beta testers.
Though we COULD conspiracy-theorize that MS INTENDED to cripple Norton’s firewall software….mwahahahaha!
bhwaahahahaa.
again and again and again this keeps on happening with this sorry and sad excuse for an OS. flaws and bugs are in all OS as Eugina said above but who sends out a ‘update’ that breaks its own product?? Yup, the same company who corrects bugs at the same pace as my birthdays appear!? And is this some hobby OS that we all downloaded? No its an highly overpriced commercial product!
…but for some wierd reason people still use it… but then again alot of people also claim they enjoy listening to britney spears, 50 cent and what-not
“Windows XP’s incompatibility was with specific THIRD PARTY software (Norton’s firewall to be precise), not with Windows software”
Bussienes as usual. Micorosft updated you system so all but the Microsoft applications broke. If they did not break this time,, it might happend next time.
Think twice before installing a non Microsoft application on you Micrsoft computer.
“again and again and again this keeps on happening with this sorry and sad excuse for an OS. flaws and bugs are in all OS as Eugina said above but who sends out a ‘update’ that breaks its own product?? Yup, the same company who corrects”
As I mentioned in an earlier post, this ‘problem’ is common among MS Windows systems with multiple applications. Adding just one application or update to a stable environment might break something else. We expend lots of staff time doing CM. I am sure most small business (forget the personal user) do not have the resources to do extensive testing and reengineering of installation routines.
The problem is not a matter of one to one, rather many to many. Certainly if all you installed were the O/S and Norton AntiVirus then that is all you test. Our environment is the O/S, plus Norton AntiVirus, plus numerous (more than 50) other applications and application components. It becomes a veritable house of cards. Take one away, or add one application in this case, and the whole stack could come tumbling down. DLL hell is only part of the problem.
I am not trying to let Microsoft off the hook; they in fact created the environment for this nightmare to exist. Frankly it might be easier to have one desktop per application. Yikes! I hope my employer does not read this. 🙂
FWIW – When you start trying to make muliple applications coexist on one system you must be vigilant about testing or prepare yourself for trouble.
buy Mac OS X;)
Anon:
I sure wouldn’t want to be in the same business as you, using Norton as your firewall…..
http://www.neowin.net/comments.php?id=11369&category=main
“I have now received the official response from Simon Conant, MCSE Security Programme Manager for Microsoft. The problems stems from when downloaded the L2TP/IPSec NAT-T Update for Windows XP (Q818043) from Windows Update (which has now been removed).
According to Simon the update was a feature add – to run WindowsXP clients using the IPSEC security protocol with NAT translation. IPSEC listens on UDP port 500 & UDP port 4500, if a none-microsoft application or firewall is using the port -or- is being blocked by personal firewall even if the ports are opened by configuring the Personal firewalls advanced options – the error may occur.
Although this problem may seem like a error, it is in-fact just IPSEC using its default security setting, which is to make the connection safe. But in this case it can unfortunately cause loss of internet functionality.
You can un-install this update via Add/Remove (control panel) as well as being able to call Microsoft Support.”
As I sit here running Mac OS X, I just chuckle at Microsoft’s ineptitude. Updates that cause more problems than they solve – thats the MS way. I’ve never had an Apple update do that. Why can Apple get it right, and MS gets it so wrong?
EUGENIA READ THIS
>What I find odd, though, is the speed and eagerness with which she
>jumps in to defend MS. If there are incompatibilities in a new Linux
>dist, she spends paragraphs explaining why it should not be so. If a
>similar compat appears in Windows, she puts a nice spin on it (its a
>”clean break”, or designed to improve security). If its a third-party app
>crashing on linux, she reminds you that the user doesn’t care who
>writes the app. If its crashing on windows, ah .. the third party or
>hardware vendor gets the blame. Me wonders what this is all about???? >Should an editor of a public site be more fairly minded??
It was written on the last page by someone else.
Why do people feel the need to boast about what OS they use? Tech sites are getting unbearable somtimes due to trolls who just feel the need to say “My OS/platform r00lz, yours sUx0rZ!”
Get over yourself.
“MS Windows updates are garbage. They take hours and hours to download and install (back when I used to use MS I wanted to throw my computer out the window), while Linux updates take about 5 minutes.”
What a load of crap. When I first installed mandrake 9.0, the day after it went to the mirrors, it had over 150 megs of updates I downloaded. I guarantee the only way anyone would have that many megs worth of updates for windows is if they’re just now installing 2k.
btw I had the problem with the slowdown due to patch 811 whatever. Guess how I fixed it? I went to add/remove programs and removed it. Ta freakin da.
“As I sit here running Mac OS X, I just chuckle at Microsoft’s ineptitude. Updates that cause more problems than they solve – thats the MS way. I’ve never had an Apple update do that. Why can Apple get it right, and MS gets it so wrong?”
Remember when os 10.1 was released? Remember all the connectivity problems it created? Remember that it was sold as a retail package? So apple does the same thing, only they charge to knock you off the net.
I never had a connectivity problem with Mac OS X 10.1