I've been saying for some time now that quality control and the delivery mechanism in Microsoft Update are both stuffed.
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Microsoft has urged users to remove a buggy update as it yanked download links to the offending patch, after reports emerged it caused the dreaded blue screen of death. The fixes issued on Patch Update Tuesday addressed privilege escalation bugs but an apparent font cache clearing issue lead to Windows boxes turning the colour …
COMMENTS
-
-
Sunday 17th August 2014 23:16 GMT Anonymous Coward
I've been saying for some time now that quality control and the delivery mechanism in Microsoft Update are both stuffed.
I've been saying the same thing for at least 15 years. Maybe even over 20. It was readily apparent with all the heap, stack and buffer overrun problems way back when. They were much too interested in adding supposed features instead of fixing the bugs as should have been done. It is one of the reasons why I left the support industry. Like the old "Where is the ANY key?" question that one can only answer so many times before exploding, one can only fix the same systems from the same bugs only so many times. $$$ be damned.
-
Monday 18th August 2014 06:01 GMT Bob Vistakin
Their ad delivery system here on the Reg certainly isn't stuffed - I find it says it all when, surrounded by microsoft marketing messages telling me how great they are we're constantly reading, err on the same page, how crap they are. Could this be because microsoft put more money into marketing than actual r&d/quality control/product development? You be the judge...
-
Monday 18th August 2014 07:06 GMT Anonymous Coward
I've been saying for some time now that quality control and the delivery mechanism in Microsoft Update are both stuffed.
Yes, but how else are you going to distribute governmentware to all on the planet? The NSA must have stumbled on that one years ago..
-
Monday 18th August 2014 13:22 GMT Vince
Blah Blah Blah. Do you know how rare it really is that this happens?
Do you know how many billions of hardware/software combinations windows works with?
Do you have any idea just how many builds/systems/setups MS already tests against?
Do you have any idea just how many bits of software do things they're not supposed to and are often responsible for this kind of issue (might not be in this case, haven't looked, but i'm talking about the issue in general).
It's actually quite impressive how rarely things go wrong considering the scale.
Now compare to say, Apple... they break systems on the hardware they supply which is much more rigid and controlled than in the Windows world... if you're going to call someone out, perhaps ask why the vendor with the most controlled environment out there has issues.
Linux updates of various types don't always go smoothly either.
However, that's the price we pay for the incredibly diverse tasks, roles and services, hardware software, firmware and so on we can all choose and run.
-
Tuesday 19th August 2014 04:43 GMT eulampios
@ Vince
>>Linux updates of various types don't always go smoothly either.
Only that (GNU) Linux supports many times more hardware, including various CPU archs, and a few magnitudes more of software than Windows does.
Plus the update mechanism is more robust as well. In case of any trouble with a new kernel, the latest stable can be used since it's almost never discarded, thanks to a better modularity.
More so, you don't need to write any special powershell code to "determine if users had installed affected updates", you simply look in the /var/log directory (on Debian based systems /var/log/apt/history.log)
-
-
-
Monday 18th August 2014 00:32 GMT Shannon Jacobs
So that's what was going on, but I still argue for installing over not
One of my machines (out of 4 or 5 with Windows 7) has had 3 BSODs since this patch Tuesday, but a second machine had quite a bit of problem getting the updates installed. My initial hypothesis was that some 3-letter agency was having compatibility problems with their spyware, so I'm almost relieved by this explanation of mere incompetence. Only "almost" since this article mentions Langley. I'm sure it's just another harmless coincidence.
Not that I have any reason to protect my privacy, of course. I know I'm not likely to do anything interesting, so they are just spying on my computers because the light is better over here. It's such a nuisance to look for actual terrorists in the dark shadows without conveniently pwnable computers, eh?
By the way, as regards the post by John Tserkezis, I still have to recommend quick patching. Once Microsoft reveals the latest crop of their incompetence, you are in a race condition. If the black hats can reverse engineer the patches, your computer is just an accident waiting to happen. If you patch, then at least you are in the latest and greatest race to be pwned, so to speak.
Think what a different world it would be if Microsoft were actually liable for their mistakes. You could bet that they would be much more cautious in their programming practices. Mayhaps my computer wouldn't even be smothered under over 120 mostly mysterious processes and some 150 plus services (according to what Task Manager can see), any of which might be buggy. Oh wait. I should say "Most of which are buggy, but any of which might be mostly harmless."
Frankly, I think this level of incompetence should justify an emergency patch from the Microsoft. Oh wait. I keep forgetting the EULA. Whatever happens, NOTHING is Microsoft's fault, so why would they care about how soon they fix this SNAFU?
Freedom = (Meaningful + Unconstrained) Choice ≠ Beer | Microsoft
-
Monday 18th August 2014 06:30 GMT king of foo
understood, but
I've never understood this stance on security. It's at best lazy and at worst negligent. It might be your boss, or your boss' boss that's to blame on this, but you don't have to drink the Kool Aid. Call a spade a spade. Too many people just "accept" this.
Nobody said work had to be easy.
-
-
Monday 18th August 2014 00:33 GMT dan1980
There are two problems - the sheer number of bugs being found and the number of updates being released.
Testing updates is a time-consuming and potentially expensive task and there is always a trade-off between security, time and stability - a classic 'pick any two'.
While IT best practice might be to test every update first, the reality is that it is not business best practice across the board to provide sufficient resources (time, budget and staff) for IT to do such testing. Microsoft, has to realise this and make decisions accordingly because there are people for whom their computers are critical but cannot afford the kind of testing that Microsoft updates require.
Under consumer law in Australia, software is expressly stated to be a 'good', which means that there are liabilities which cannot be disclaimed. I understand the situation is less clear in the US and perhaps other countries. Goods must be of merchantable quality and damages arising from faults in the good can be recovered. Of course, a vendor may fix or replace at their discretion but, crucially, those fixes must themselves be of sufficient quality and a consumer or business can seek damages if problems arise because of those fixes.
OS software is necessarily much harder to pin down in terms of its purpose than, say, a piece of software used to calculate correct medication dosages or an aeronautical chart (both of which have been involved in wrongful death cases) but I think there are definitely grounds for a class action against MS when these kind of things happen. The difficulty is that there isn't much case law to guide it.
-
-
Monday 18th August 2014 07:44 GMT Anonymous Coward
Ahh.So this explains
my BSOD on my laptop last week.
It really borked my laptop although to be honest, the update was the straw that broke the camels back.
So after 30 mins of fruitless self repair, out came the ghost disk. Within an hour, back up and running...A minor inconvienience (to me)...
Fisrt time an update has ever borked my systems...
-
Monday 18th August 2014 09:12 GMT Anonymous Coward
Updated a W7 Professional 32bit laptop yesterday for the first time since March. However - the Control Panel display "Programs....." showing installed Windows updates does not appear to have any of those four rogue ones.
It's not easy to check as there is no "search" function - and the KB number is not in a position that can be used to sort a column. The only useful sort field was the installed date - grouping all the updates for yesterday.
-
Monday 18th August 2014 09:17 GMT Anonymous Coward
Staggered installs?
Week one - 10% test PC / laptops in different departments
Week two - Rest of PCs / laptops and some test servers (non mission critical)
Week three - Rest of non mission critical servers
Week four - A) Half of DCs early in week (Monday / Tuesday)
B) Other half of DCs later in week (Thursday or following week)
Not been bitten by a patch problem since started using this process.
-
-
Monday 18th August 2014 16:01 GMT Anonymous Coward
Re: Staggered installs?
I wonder noone checks for the attack vectors and the associated risks? If a vulnerability is only locally exploitable then, yes, you can wait for applying a patch (as long as local access are well defined and used the proper way...)
But if a vulnerabilty is exploitable from remote, and maybe without much privileges, do you really wait for "several weeks"?
-
-
Monday 18th August 2014 11:42 GMT WereWoof
3 Windows 7 machines and one Windows 8, 2 of the W7 systems were fine after patches had been installed (Had to install one patch twice on 1 of them as the anti virus threw a fit on 1st install so I had to turn it off for the patch to succeed), Windows 8 system fine but 1 of the W7 systems did the reboot after the patches then failed to configure windows 5 times before it went finally went through.IMO this is not acceptable behaviour. Still i managed to kill one of my linux VMs too doing updates.
-
Monday 18th August 2014 11:53 GMT Anonymous Coward
snaggin frashin rashin gashin....*
damn thing gave me one MASSIVE headache of a system failure, causing a 0xc00021a problem that wouldn't let me rollback, restore, or even bypass. Somehow managed to get it to "refresh", and that at least has me to a point that I now have a system that operates, but some data that missed backup is forever lost.
NOT freaking impressed one sodding bit.
Previous coments on Windoze are therefore confirmed: Next system upgrade: Linux OS of some form/branding/distro.
* - Sylvester the cat cursing, writ large.