Feeds

back to article Microsoft silently kills silent, automatic Skype install via Updates

Microsoft has pulled the plug on a Windows update that snuck Skype onto business PCs. Corporate admins got a nasty surprise on Wednesday when Skype 5.9 was automatically and silently installed on work machines via Windows Server Update Service (WSUS) - including PCs that did not have the voice chat software previously installed …

COMMENTS

This topic is closed for new posts.
Thumb Down

Test the updates ?

If one administers a bank of holding companies (or hold a bank of adminsitration companies or ... ) one would suggest that one would be prudent enough to either have ones own wsus server which pushes, or to at least have a way to bless wsus updates before rolling them out.

If an update is fatally broken, the reg (and a gazillion other techie websites) are more then happy to splatter the fact that the wupdate is broken all over your face ...

21
0
FAIL

Re: Test the updates ?

Indeed - as some wsus updates have caused problems in the past we have lab machines that get automatic updates and only after they have been deemed safe are they then rolled out enterprise-wide from our own servers.

If wsus broke several of your machines AND you're in the middle of an IT audit you're obviously in the wrong line of work and you should consider a career change - maybe pastry chef.

7
0
Silver badge

Re: Test the updates ?

Well true, anyone with responsibilities at that level is expected to check updates before corporate-wide distribution. And I expect the Skype install would have stood out like a sore thumb. But still, MS had no business putting something like this in an update. At all. It's ridiculous.

And until Skype can manage the basic functionality of setting different statuses to some groups and visible to others, it isn't a good fit for business anyway.

8
0
Silver badge
FAIL

Re: Test the updates ?

"I had to dispatch techs immediately to remove the software from appx 25 machines"

Oh...we use remote management to pull software of machines, failing that remote to the bloody things. And 25 machine? C'mon, how bloody small is this bank? Hardly earth shattering amounts.

Still, he's probably busy still fixing that mistake he made with CA-7.

5
2
Bronze badge
FAIL

Re: should consider a career change

Now don't be so hard on the guy.

After all, it only WindblowZE, and possibly, he has the same amount of experience that the India based employees of RBS had WRT their rollout of a CA-7 update; in dealing with WindblowZe updates.

And Micro$oft wonders WHY people do not want automatic updates?

All it takes is one update to fuck up a system, and the shit hits the fan. I truly feel for the small businesses that can not afford IT staff, and have these shitty choices:

Turn off all automatic updates, and run the risk of getting infected, or

Allow automatic updates, and run the risk that one fucks up your system, or

Pay some one to come in and update manually.

None of these are ideal, and they all suck.

5
7
Gimp

Re: should consider a career change

The Nineties called - they want their Windows derogatory nicknames back.

Windblowze? Micro$oft? Please.

Potty mouth.

Oh, and apologies for singling you out: it's not just you, it's a whole slew of new commenters, lately.

9
4

@TheRealRoland

Hello, Captain Huggies! Nice to meet you again. Grown men use separate development, testing and production environments, and of course every goddamn update from Comverse, Cisco, Alcatel-Lucent, Siemens, SAP, Oracle, LHS or g-d forbid HP is thoroughly tested in testing environment before being pushed to production.

2
0
Anonymous Coward

@Ramazan: Grown men use separate development, testing and production environments,

We have separate TEST and PROD, but only for some things. Per management, "We don't have the resources to test everything. We have to just trust Microsoft."

0
0
FAIL

A repeat of Windows Update Mistakes from years back

which the security/WSUS teams spent a considerable amount of time fixing. This comment on the technet forum seems to sum it up:

'This is now a confirmed issue, and since remediated by expiring the Skype update. In short, the Skype team screwed up the package. The really sad part is that apparently nobody actually tested the package against a machine that did not already have Skype installed.'

How did the Skype team get an update package into the main distribution channel without the updates team being able to test/see the results of a test plan. Bad, bad practice all round.

10
0
Anonymous Coward

Hanlon needs a shave...

2
0
Bronze badge

Asking for trouble

If you have "All products" selected in Products and Classifications then you're asking for trouble.

It means that any software Microsoft decide people might like will start turning up on computers that you administer. That coupled with automatic approval is just a bad way to configure WSUS.

Other software Microsoft might decide to install for you if you're stupid enough to have All products ticked included the bing bar, bing desktop, Windows live photo gallery.

The thing to remember is that All Products means All current and future products.

7
1
Anonymous Coward

Re: Asking for trouble

the only thing you might think you ought to install automatically is "critical updates".

the rest should be assessed before approval.

3
0
FAIL

Re: Asking for trouble

Beat me to it.... Aside from bloating out your updates store selecting all products is daft because you can get all kinds of new softwares installed. Be less lazy - select products you know are installed (what - you don't inventory your network... tsk tsk) in your organization and check the updates you approve.

I actually selected and deployed the Skype update successfully as was quite please to see it as the guys where I work rely on Skype and its a good way to keep it up to date. Sadly I'm now not happy again because other people can't configure/use WSUS properly, shame.

0
0
Anonymous Coward

Re: Asking for trouble

In fact, shouldn't any organisation which isn't doing this fail any security assesment anyway ? The only setup I would approve would be

1) Updates limited to security only

2) *all* updates to be tested before pushing

3) have a rollback procedure in place *before* pushing updates

anything less, in a commercial sense - especially with multiple sites and profiles - should be a security FAIL.

3
0
Coffee/keyboard

@Fuzz

OK, you ain't seen nothing yet, buddy, it's pretty obvious. Proper operating systems in their stable branch have 2 magical commands: "apt-get update" and "apt-get upgrade", that will perform proper update with no skypes attached. Case solved.

1
2
Meh

Re: Asking for trouble

That was a "critical" update - just like various other junk that they try and push out under this cover.

Have you ever heard of WGA? That landed on a lot of computers that only got critical updates.

"Windows Genuine Advantage"? Only one of those words is remotely true...

1
0
FAIL

Whoops

Well if you auto approve updates and download all products then you got caught napping didn't you. Tsk tsk.

0
0
Silver badge
Thumb Up

Dear MS

About bloody time. You were arrogant in assuming people wanted skype.

Just because you bought them does NOT mean you have the right to infect other peoples pc's with unwanted software. It might not have been such a SNAFU if you had asked!!!!

Shit like this *will* push folks to use an alternative O.S.

However, well done for withdrawing it.

4
5
Anonymous Coward

Re: Dear MS

"Sh*ugar* like this *will* push folks to use an alternative O.S."

I'm not so sure. Most Windows Server admins are using that OS because the business dictated so.

I have been in the situation of pushing for Linux servers, eventually sneaking one in, then having that mostly replaced by a Windows / sharepoint server and being hosted on a VM for backup purposes.

It isn't the first time that MS have SNAFUed on updates, they get away with it because business have this blinkered view that they are the only OS in town.

1
0
Bronze badge
FAIL

Re: Dear MS

"You were arrogant in assuming people wanted skype."

Well, to receive the update they had to have Skype selected in the products section, and the only way that could happen without someone explicitly clicking the checkbox, would be if they had already selected All Products, which will leave your WSUS server downloading bloody everything, including the Bing bar, and the Zune software.

WSUS is for server admins, and if you didn't put any thoughts into which products you have selected then you only have your self to blame.

(not to mention you have to have Auto approve updates switched on, which is also daft.)

5
1
Anonymous Coward

Re: Dear MS

One bad update wouldn't force people to move off Windows Server!

This said, I am happy that I don't have much cause to deal with Windows Servers any more. I've killed nearly all of them off in my side of the business, and with a few upgrades, we can finally kill of SQL Server here. Then the only one I need worry about is one domain controller.

1
1
Stop

Re: then you only have your self to blame

Nope. Proper operating system must have sane and secure default settings, so that apt-get update followed by apt-get upgrade won't result in system breakage or pwnage.

0
0
Bronze badge

Re: Dear MS

If you only have one domain controller, I'd build a 2nd one.

0
0
FAIL

All updates on SBS

Feel sorry for small companies running SBS - the default is all updates. changing this to a lesser setting results in a yellow warning every time you login to the console. That means that you're likely to miss other problems.

3
0
Anonymous Coward

Re: All updates on SBS

You still ought to consider and approve individual updates in SBS.

And you also use the WSUS console directly for maximum control

0
0
Silver badge

All your money belongs to us.

I wonder if the Ulster Bank runs Windows, with Skype now available ...... and that is conflicting? Or are there other unwelcome gremlins in the works, still busy at their work, phoning home/stealing metadata

Certainly there is something still ongoing in the works which no one is telling everybody about, for there is no one available/no spokesperson has been forwarded to spin that IT has fixed the present problem[s] although the ether has mooted that it could run on into next week ...... with no reassurance that even then are things as they used to be.

All in all, a right fiasco of a scandal which is probably just the beginning of something else much more significant, as these/those sorts of things tend to take on a life of their own, with the status quo systems a petrified spectating passenger in the train of events, dear boy, events.

Fact is stranger than fiction, so really anything can happen ........ and whenever you have command and control in virtual worlds, is reality not safe from ITs interventions/inventions.

Capiche?!.

1
2

Re: All your money belongs to us.

Paranoid much? Somebody ballsed up a mainframe batch update run. There is nothing else to it. Not everything has to be black helicopters when IT problems happen.

1
0
Terminator

Re: All your money belongs to us.

Oh my god - amanfrommars just won the Turing test.

I for one welcome my etc. etc.

1
0
Joke

Re: All your money belongs to us.

Good to see amanfromMars posting again, probably has a lot more time on his hands now that he has finished upgrading CA-7

0
0
WTF?

Not only that...

After a skype update last night, I now have Youcam running on my PC, it keeps popping up a window asking me to setup a new profile picture and arbitrarily doing a left to right reversal of my video feed.

At no time did the skype update ask if I want to install Youcam

Heil MickySoft, they only have skype a couple of weeks and already they've managed to fuck it up.

Currently looking for an alternative to skype.

4
1
Silver badge
Big Brother

a good reason

to tape over the webcam on any laptop ....

1
0

Re: Not only that...

Youcam has nothing to do with Microsoft, it's a cyberlink product. It is probably part of the crapware on your machine or bundled up with a webcam driver update.

3
1
Anonymous Coward

Re: Not only that...

"... they only have skype a couple of weeks and already they've managed to fuck it up...."

Or

Skype have only been working in a new environment, with a new way of doing things a few weeks and managed to cock up an update.

Which is more likely? I also not that there has been an update to Skype for Linux and it's less sucky than the versions before MS took it them over.

0
0

@Michael B.

And again, this Youcam crapware most probably got to machine thanks to Microsof's OEM or driver certification policy.

0
0

Re: Not only that...

@ Michael B.

I have that laptop 8 months, it was decrapified, skype was installed, and has been in regular use for the last 8 months. Automatic updates are switched off.

First time I saw this particular piece of crapware ware was immediately after the latest update last Sunday!

0
0
Bronze badge
FAIL

Corporates?

Installing new updates from WU without first vetting/testing and approving them??

The admins should be bloody fired!

1
0
Anonymous Coward

Oh look.

http://support.microsoft.com/kb/2692954

This update includes:

[ . . . ]

* Microsoft Bing Bar included as part of the install package

Assholes.

4
0
Silver badge
FAIL

Re: Oh look.

Has anyone anywhere ever intentionally and wilfully installed any kind of browser toolbar ever?

4
0
Windows

Re: Oh look.

Yes. The Google Toolbar for Enterprise was the least-worst option for adding spell-checking to text input fields in Internet Explorer. Group Policy is used to limit both the features and the number of installations to as few as necessary.

1
0
Silver badge

Re: Oh look.

to be fair, the LastPass one is good - if just for generating passwords.

0
0
Bronze badge
Stop

Straw Poll (was Reply Icon Re: Oh look)

Not me :(

1
0
Anonymous Coward

DAFUQ?

OAT? Release process? No? This week a release was found that would impact 1.5% of my estate. Never reached prod. Anon as rude to brag about the size of ones estate.....

0
0
Anonymous Coward

Depends on your estate

Country or council?

0
0
Anonymous Coward

Re: Depends on your estate

Grew up on Council now manage Corporate. There is no excuse why no-one else can too

0
0
Silver badge
Pint

So desperate

Imagine being sat in the pub, minding your own, having a pint or two when suddenly...

This drunk slapper troddles up to you "heeelloo daaarling, gis us a leg over will ya! Ooohhllll you're making me go all funny, lets go to the bogs and have a bunk up, you sexy sort you!"

You reply - "look love, sod off, you're just showing yourself up!" Then you hear the barman (sys admin but deals with beer related stuff) the other side of the room shout "Right love, that's enough!! You're bard! Get outta here will ya!"

That drunk slapper - her name is Skype!

1
1
Anonymous Coward

Re: So desperate

"You're bard!"

Let me get this right - the slapper was SHAKESPEARE ???

2
0
Silver badge
Happy

Re: So desperate

I knew some smart Alec would say that! I can't bothered to check if I have spelt stuff right any more, I am no Shakespeare you know!

0
1
Silver badge
Joke

Re: So desperate

Nah, she had a lute, see?

0
0
Silver badge
Joke

she had a lute

It was obviously Folk music night then!

Talk about derailing my joke guys! You bunch of cyber bullies - we need one of those CEOP buttons on here!

0
0
Anonymous Coward

"I administer several banks that belong to a holding company."

Is it just me or does it sound inherently suspicious/wrong for banks to be owned by a holding company........

0
0
This topic is closed for new posts.