Microsoft silently kills silent, automatic Skype install via Updates Microsoft has pulled the plug on a Windows update that snuck Skype onto business PCs. Corporate admins got a nasty surprise on Wednesday when Skype 5.9 was automatically and silently installed on work machines via Windows Server Update Service (WSUS) - including PCs that did not have the voice chat software previously …
If one administers a bank of holding companies (or hold a bank of adminsitration companies or ... ) one would suggest that one would be prudent enough to either have ones own wsus server which pushes, or to at least have a way to bless wsus updates before rolling them out.
If an update is fatally broken, the reg (and a gazillion other techie websites) are more then happy to splatter the fact that the wupdate is broken all over your face ...
Indeed - as some wsus updates have caused problems in the past we have lab machines that get automatic updates and only after they have been deemed safe are they then rolled out enterprise-wide from our own servers.
If wsus broke several of your machines AND you're in the middle of an IT audit you're obviously in the wrong line of work and you should consider a career change - maybe pastry chef.
Now don't be so hard on the guy.
After all, it only WindblowZE, and possibly, he has the same amount of experience that the India based employees of RBS had WRT their rollout of a CA-7 update; in dealing with WindblowZe updates.
And Micro$oft wonders WHY people do not want automatic updates?
All it takes is one update to fuck up a system, and the shit hits the fan. I truly feel for the small businesses that can not afford IT staff, and have these shitty choices:
Turn off all automatic updates, and run the risk of getting infected, or
Allow automatic updates, and run the risk that one fucks up your system, or
Pay some one to come in and update manually.
None of these are ideal, and they all suck.
Hello, Captain Huggies! Nice to meet you again. Grown men use separate development, testing and production environments, and of course every goddamn update from Comverse, Cisco, Alcatel-Lucent, Siemens, SAP, Oracle, LHS or g-d forbid HP is thoroughly tested in testing environment before being pushed to production.
Well true, anyone with responsibilities at that level is expected to check updates before corporate-wide distribution. And I expect the Skype install would have stood out like a sore thumb. But still, MS had no business putting something like this in an update. At all. It's ridiculous.
And until Skype can manage the basic functionality of setting different statuses to some groups and visible to others, it isn't a good fit for business anyway.
"I had to dispatch techs immediately to remove the software from appx 25 machines"
Oh...we use remote management to pull software of machines, failing that remote to the bloody things. And 25 machine? C'mon, how bloody small is this bank? Hardly earth shattering amounts.
Still, he's probably busy still fixing that mistake he made with CA-7.
which the security/WSUS teams spent a considerable amount of time fixing. This comment on the technet forum seems to sum it up:
'This is now a confirmed issue, and since remediated by expiring the Skype update. In short, the Skype team screwed up the package. The really sad part is that apparently nobody actually tested the package against a machine that did not already have Skype installed.'
How did the Skype team get an update package into the main distribution channel without the updates team being able to test/see the results of a test plan. Bad, bad practice all round.
If you have "All products" selected in Products and Classifications then you're asking for trouble.
It means that any software Microsoft decide people might like will start turning up on computers that you administer. That coupled with automatic approval is just a bad way to configure WSUS.
Other software Microsoft might decide to install for you if you're stupid enough to have All products ticked included the bing bar, bing desktop, Windows live photo gallery.
The thing to remember is that All Products means All current and future products.
In fact, shouldn't any organisation which isn't doing this fail any security assesment anyway ? The only setup I would approve would be
1) Updates limited to security only
2) *all* updates to be tested before pushing
3) have a rollback procedure in place *before* pushing updates
anything less, in a commercial sense - especially with multiple sites and profiles - should be a security FAIL.
Beat me to it.... Aside from bloating out your updates store selecting all products is daft because you can get all kinds of new softwares installed. Be less lazy - select products you know are installed (what - you don't inventory your network... tsk tsk) in your organization and check the updates you approve.
I actually selected and deployed the Skype update successfully as was quite please to see it as the guys where I work rely on Skype and its a good way to keep it up to date. Sadly I'm now not happy again because other people can't configure/use WSUS properly, shame.
About bloody time. You were arrogant in assuming people wanted skype.
Just because you bought them does NOT mean you have the right to infect other peoples pc's with unwanted software. It might not have been such a SNAFU if you had asked!!!!
Shit like this *will* push folks to use an alternative O.S.
However, well done for withdrawing it.
"Sh*ugar* like this *will* push folks to use an alternative O.S."
I'm not so sure. Most Windows Server admins are using that OS because the business dictated so.
I have been in the situation of pushing for Linux servers, eventually sneaking one in, then having that mostly replaced by a Windows / sharepoint server and being hosted on a VM for backup purposes.
It isn't the first time that MS have SNAFUed on updates, they get away with it because business have this blinkered view that they are the only OS in town.
One bad update wouldn't force people to move off Windows Server!
This said, I am happy that I don't have much cause to deal with Windows Servers any more. I've killed nearly all of them off in my side of the business, and with a few upgrades, we can finally kill of SQL Server here. Then the only one I need worry about is one domain controller.
"You were arrogant in assuming people wanted skype."
Well, to receive the update they had to have Skype selected in the products section, and the only way that could happen without someone explicitly clicking the checkbox, would be if they had already selected All Products, which will leave your WSUS server downloading bloody everything, including the Bing bar, and the Zune software.
WSUS is for server admins, and if you didn't put any thoughts into which products you have selected then you only have your self to blame.
(not to mention you have to have Auto approve updates switched on, which is also daft.)
I wonder if the Ulster Bank runs Windows, with Skype now available ...... and that is conflicting? Or are there other unwelcome gremlins in the works, still busy at their work, phoning home/stealing metadata
Certainly there is something still ongoing in the works which no one is telling everybody about, for there is no one available/no spokesperson has been forwarded to spin that IT has fixed the present problem[s] although the ether has mooted that it could run on into next week ...... with no reassurance that even then are things as they used to be.
All in all, a right fiasco of a scandal which is probably just the beginning of something else much more significant, as these/those sorts of things tend to take on a life of their own, with the status quo systems a petrified spectating passenger in the train of events, dear boy, events.
Fact is stranger than fiction, so really anything can happen ........ and whenever you have command and control in virtual worlds, is reality not safe from ITs interventions/inventions.
Capiche?!.
After a skype update last night, I now have Youcam running on my PC, it keeps popping up a window asking me to setup a new profile picture and arbitrarily doing a left to right reversal of my video feed.
At no time did the skype update ask if I want to install Youcam
Heil MickySoft, they only have skype a couple of weeks and already they've managed to fuck it up.
Currently looking for an alternative to skype.
@ Michael B.
I have that laptop 8 months, it was decrapified, skype was installed, and has been in regular use for the last 8 months. Automatic updates are switched off.
First time I saw this particular piece of crapware ware was immediately after the latest update last Sunday!
"... they only have skype a couple of weeks and already they've managed to fuck it up...."
Or
Skype have only been working in a new environment, with a new way of doing things a few weeks and managed to cock up an update.
Which is more likely? I also not that there has been an update to Skype for Linux and it's less sucky than the versions before MS took it them over.
http://support.microsoft.com/kb/2692954
This update includes:
[ . . . ]
* Microsoft Bing Bar included as part of the install package
Assholes.
Imagine being sat in the pub, minding your own, having a pint or two when suddenly...
This drunk slapper troddles up to you "heeelloo daaarling, gis us a leg over will ya! Ooohhllll you're making me go all funny, lets go to the bogs and have a bunk up, you sexy sort you!"
You reply - "look love, sod off, you're just showing yourself up!" Then you hear the barman (sys admin but deals with beer related stuff) the other side of the room shout "Right love, that's enough!! You're bard! Get outta here will ya!"
That drunk slapper - her name is Skype!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
