Microsoft has apologized for a Windows Server update that automatically installed the Windows Desktop Search tool on users’ desktops without approval. The mistake happened because Microsoft reused the same update package for when WDS was first published in February as an optional update that was only applicable to systems with the search tool previously installed.
I don’t know why, but I have suspicions about how ‘accidental’ this was, given Microsoft’s battle over searching with Google.
Not me. Mistakes happen. If anything I would think Google would be the one trying to sabotage since they had a fit over not being the default search on Vista.
Yeah mistakes do happen that’s true, but I just don’t understand how something that is as obvious as this being missed through all the Q/A processes.
Leaked slide from a UK Microsoft stakeholders meeting:
http://www.offsetdesign.co.uk/static/stakeholders.jpg
“Never ascribe to malice, that which can be explained by incompetence.”
Variations on that same quote here: http://en.wikiquote.org/wiki/Robert_J._Hanlon
My favorite is a combination of that quote and another,
“Any sufficiently advanced stupidity is indistinguishable from malice.”
Edited 2007-10-29 22:38
“Never ascribe to malice, that which can be explained by incompetence.”
This person must never have worked with Microsoft. Ever notice how their blunders always seem to benefit themselves?
Edited 2007-10-31 12:01
It wasn’t an accident… they were just testing how far they can go without being detected.
Think about it – in most cases, users will not detect this update when its being installed; when their machine starts slowing down (as mine did *) they’ll either disable/remove it (if they know what they are doing), use it (if they need it – instead of Google search) or upgrade their machine (“because it’s too slow”) switching to Vista instead.
I may sound paranoid, but what exactly did Microsoft lose because of this mistake?
– Gilboa
* My workplace doesn’t use auto-update; They push authorized updates down-stream only after they test them; however, being an incompetent bunch, they chose to authorize this update even after I, and others like me called to warn them about this update. Needless to say they are enjoying the joy of having the number of support calls quadruple.
Lucky for me I mostly use the Windows XP machine to read mail
Edited 2007-10-30 06:14
If you read the article, this was an ‘update revision’ so once the base update (without WDS) had been authorised, revisions are automatically installed, this bypasses the autorisation mechanism rather neatly for microsoft.
True,
But when I called them to report the possible problem I had the following phone conversation (and I kid you not):
Gilboa: “Microsoft is auto-pushing their search engine…”
IT: “We know”
Gilboa: “It may slow people’s computer down”
IT: “… Naah! It’s integrated into the desktop… it doesn’t slow the machine down”
Gilboa: “Argh. If people need it, they’ll install it. People who don’t need it will needlessly suffer!”
IT: “But we tested it!”
Gilboa: “On what machine? How loaded was the machine? For how long did you ‘test’ it?”
IT: “Err… I… we… tested it”
Gilboa: “Most people don’t need it. It’ll slow the machine down… Don’t let MS auto-install it.”
IT: “But we tested it…”
Gilboa: Click.
… Now this is what I call MSDN mentality…
– Gilboa
Edited 2007-10-30 10:26
I have disabled automatic updates years ago during the era of Win95 as I found they made the system unstable and conflicted with each other. Now I tried to enable it again in hope somewhat changed over years. And first what it did was installation of this search panel. Fortunately I found uninstall ingformation in recycle bin and removed it quickly.
Edited 2007-10-29 20:59
“Now I tried to enable it again in hope somewhat changed over years. And first what it did was installation of this search panel.”
I call 100% BS. This article was related A) only to environments that have WSUS installed and B) having met condition A, a specific update had to be approved. An update from 9 months ago.
Nice try.
Well I have no WSUS but this search panel disppointed me too.
I call 100% BS. You can’t install Windows Desktop Search on Win95.
:b
I agree that it was a mistake. They are incompetent so it’s expected…
i’was surprised today to see that every single windows host at school with this joke… some admins just don’t care at all.
Read the article, this affects even the WSUS systems that require authorisation before they deploy a patch. WDS was ‘accidentally’ pushed as an ‘update revision’ to a previous update, this bypasses the separate authorisation requirement
… thereby making it a backdoor.
http://en.wikipedia.org/wiki/Backdoor_%28computing%29
I’m beginning to think Homer Simpson (TM) now works at Microsoft.
Leave Homer out of this, ok! Whats wrong with Homer, quit picking on Homer, Homer good!
Besides, i think that MS would improve with him working there.
So because the company is big enough, they can make a ‘mistake’ and that’s the end of that.
What about all the troubles it was causing people with the thin indexing networks.
I understand mistakes happen, but there seems to be a few ‘mistakes’ slipping through lately is there anything being done about it?
OMG THEY LET AN UPDATE WITHOUT APPROVAL SLIP THROUGH!
Call the European Union!
Please.
The fact that something from Microsoft inappropriate to servers got through without approval and installed itself on servers is not the major concern. The update can be removed and the servers restored to correct functioning.
No, the real concern is that here is yet another indication that Windows has a backdoor. Things are getting installed on machines without the owners of said machines approving the installation. It happened this time on servers, which is even more worrying.
Having a backdoor into your mission-critical servers is ***NOT*** a good idea.
That’s not the point I make, the point I make is what the hell does the poster I replied to want people to do about it?
Voice your opinion with your money, but when 80 Million Vista copies are sold it’s sort of hard for Microsoft to hear you over the “Cha-ching”
at least EU does smth about it
Microsoft is a majority government elected by enterprise taxpayers using IT budget dollars to vote with. As long as they keep getting re-elected, there is no reason for them to hold themselves accountible.
The onus is on the organizations that have to deal with issues like this; if something like an unwanted forced installation is disruptive to a corporate network, then those organizations affected should be leveraging their purchasing power to affect change with Microsoft’s abusive practices.
But sadly, they won’t. The problem isn’t really Microsoft, it’s the customers that keep allowing this to happen. Microsoft has no incentive to change as long as they keep getting new license sales and new contract renewals. The reality is that this probably was a simple mistake on Microsoft’s part, but they must be doing something right if their customers continue to be so forgiving for simple mistake after simple mistake…
I don’t know of a single admin who even runs auto-update on servers. They manually apply patches in a test enviroment and after they are sure its ‘safe’ then they apply them to their servers.
It sucks but I can’t see this wreaking havoc on too many admins if they are on the ball.
My thinking is that should be the same for Microsoft themselves. They shouldn’t force the individual Administrators to do their testing for them.
I do agree that any administrator worth their salt will not have auto-update on. I never do. It’s especially noteworthy to have it turned off because Microsoft in their infinite stupidity had some updates automatically restart your computer, which if you have a mission critical server, that is the last thing on the planet you want to happen.
Hell, I had Vista reboot itself with no warning at all so that it could apply some updates and I was in the middle of using Rosetta Stone. It’s a good thing I wasn’t trying to write a novel or something, I would have been thoroughly pissed. It was at that moment that Vista disappeared from my laptop and now I use XP again.
You didn’t read the article. This only affected environments with WSUS (Windows Software Update Services) installed, and only if the admins had approved a specific previous update. Normal Windows Update clients were not affected, hence why this was not widespread.
Your are right, most don’t. Where I work it was an accident when they pushed the patch onto all the computers. What Microsoft did was label it a critical update to the os, it never said it would start up and start indexing everything.
You also have to understand a lot of the admins are over worked, and cant check every patch when Microsoft releases lots of “critical” updates. Also you have to consider if they did test the update out it wouldn’t have clogged the network like it did when over a 1000 pc’s had it start up.
Seriously this should be a poll not a topic.
This is just to funny, the other day the entire network went down because of this stupid update. Every computer on the network started indexing everything, causing our network to go down the toilet.
One one hand, according to the link above, WDS can easily be uninstalled, so there’s really no harm done. It’s only the principle of the matter.
On the other hand, everytime something like this happens, I just fall off my chair laughing and then I remember the days when I used to use windows. A few years ago, this would have been me in that spot.
In any case, regardless whether this was an honest mistake or not, these things do happen. Unless, some forced update made your computer go boom, this really isn’t a big deal. Home computer users should be competent enough to fix problems.
Unless of course someone other than Microsoft decides to force their own “update” onto a large percentage of the world’s desktop computers.
… or even if Microsoft itself decides to force an uninstallable update that machine owners really don’t want onto a large percentage of the world’s desktop computers.
… then it would be a big deal.
Personally, I would avoid running on my own machines an OS that gives a backdoor to Microsoft (or potentially even to other parties).
BTW, these things don’t happen to your machine if you run an OS that doesn’t have such a backdoor.
Edited 2007-10-31 10:57
“BTW, these things don’t happen to your machine if you run an OS that doesn’t have such a backdoor. “
Maybe it’s good then that I don’t use windows?
Edited 2007-10-31 19:34
“… or even if Microsoft itself decides to force an uninstallable update that machine owners really don’t want onto a large percentage of the world’s desktop computers. “
I’m sorry to say this but when you use closed source software, you’re not really giving yourself much choice here. You have to accept both the good and bad. They can do whatever they wish even when they pull off such stunts.
Not than I am against closed source because I still use the nvidia binary drivers which are closed source. A lot of good software is closed source even if it puts you under the mercy of the maker of the software
Edited 2007-10-31 22:55