back to article Microsoft silently kills silent, automatic Skype install via Updates

Microsoft has pulled the plug on a Windows update that snuck Skype onto business PCs. Corporate admins got a nasty surprise on Wednesday when Skype 5.9 was automatically and silently installed on work machines via Windows Server Update Service (WSUS) - including PCs that did not have the voice chat software previously …

COMMENTS

This topic is closed for new posts.
  1. Gerhard den Hollander
    Thumb Down

    Test the updates ?

    If one administers a bank of holding companies (or hold a bank of adminsitration companies or ... ) one would suggest that one would be prudent enough to either have ones own wsus server which pushes, or to at least have a way to bless wsus updates before rolling them out.

    If an update is fatally broken, the reg (and a gazillion other techie websites) are more then happy to splatter the fact that the wupdate is broken all over your face ...

    1. Joe Drunk
      FAIL

      Re: Test the updates ?

      Indeed - as some wsus updates have caused problems in the past we have lab machines that get automatic updates and only after they have been deemed safe are they then rolled out enterprise-wide from our own servers.

      If wsus broke several of your machines AND you're in the middle of an IT audit you're obviously in the wrong line of work and you should consider a career change - maybe pastry chef.

      1. Fatman
        FAIL

        Re: should consider a career change

        Now don't be so hard on the guy.

        After all, it only WindblowZE, and possibly, he has the same amount of experience that the India based employees of RBS had WRT their rollout of a CA-7 update; in dealing with WindblowZe updates.

        And Micro$oft wonders WHY people do not want automatic updates?

        All it takes is one update to fuck up a system, and the shit hits the fan. I truly feel for the small businesses that can not afford IT staff, and have these shitty choices:

        Turn off all automatic updates, and run the risk of getting infected, or

        Allow automatic updates, and run the risk that one fucks up your system, or

        Pay some one to come in and update manually.

        None of these are ideal, and they all suck.

        1. TheRealRoland
          Gimp

          Re: should consider a career change

          The Nineties called - they want their Windows derogatory nicknames back.

          Windblowze? Micro$oft? Please.

          Potty mouth.

          Oh, and apologies for singling you out: it's not just you, it's a whole slew of new commenters, lately.

          1. Ramazan

            @TheRealRoland

            Hello, Captain Huggies! Nice to meet you again. Grown men use separate development, testing and production environments, and of course every goddamn update from Comverse, Cisco, Alcatel-Lucent, Siemens, SAP, Oracle, LHS or g-d forbid HP is thoroughly tested in testing environment before being pushed to production.

            1. Anonymous Coward
              Anonymous Coward

              @Ramazan: Grown men use separate development, testing and production environments,

              We have separate TEST and PROD, but only for some things. Per management, "We don't have the resources to test everything. We have to just trust Microsoft."

    2. h4rm0ny

      Re: Test the updates ?

      Well true, anyone with responsibilities at that level is expected to check updates before corporate-wide distribution. And I expect the Skype install would have stood out like a sore thumb. But still, MS had no business putting something like this in an update. At all. It's ridiculous.

      And until Skype can manage the basic functionality of setting different statuses to some groups and visible to others, it isn't a good fit for business anyway.

    3. Anonymous Coward
      FAIL

      Re: Test the updates ?

      "I had to dispatch techs immediately to remove the software from appx 25 machines"

      Oh...we use remote management to pull software of machines, failing that remote to the bloody things. And 25 machine? C'mon, how bloody small is this bank? Hardly earth shattering amounts.

      Still, he's probably busy still fixing that mistake he made with CA-7.

  2. Just a geek
    FAIL

    A repeat of Windows Update Mistakes from years back

    which the security/WSUS teams spent a considerable amount of time fixing. This comment on the technet forum seems to sum it up:

    'This is now a confirmed issue, and since remediated by expiring the Skype update. In short, the Skype team screwed up the package. The really sad part is that apparently nobody actually tested the package against a machine that did not already have Skype installed.'

    How did the Skype team get an update package into the main distribution channel without the updates team being able to test/see the results of a test plan. Bad, bad practice all round.

  3. Anonymous Coward
    Anonymous Coward

    Hanlon needs a shave...

  4. Fuzz

    Asking for trouble

    If you have "All products" selected in Products and Classifications then you're asking for trouble.

    It means that any software Microsoft decide people might like will start turning up on computers that you administer. That coupled with automatic approval is just a bad way to configure WSUS.

    Other software Microsoft might decide to install for you if you're stupid enough to have All products ticked included the bing bar, bing desktop, Windows live photo gallery.

    The thing to remember is that All Products means All current and future products.

    1. Anonymous Coward
      Anonymous Coward

      Re: Asking for trouble

      the only thing you might think you ought to install automatically is "critical updates".

      the rest should be assessed before approval.

      1. Anonymous Coward
        Anonymous Coward

        Re: Asking for trouble

        In fact, shouldn't any organisation which isn't doing this fail any security assesment anyway ? The only setup I would approve would be

        1) Updates limited to security only

        2) *all* updates to be tested before pushing

        3) have a rollback procedure in place *before* pushing updates

        anything less, in a commercial sense - especially with multiple sites and profiles - should be a security FAIL.

      2. Spanners Silver badge
        Meh

        Re: Asking for trouble

        That was a "critical" update - just like various other junk that they try and push out under this cover.

        Have you ever heard of WGA? That landed on a lot of computers that only got critical updates.

        "Windows Genuine Advantage"? Only one of those words is remotely true...

    2. Anonymous Coward
      FAIL

      Re: Asking for trouble

      Beat me to it.... Aside from bloating out your updates store selecting all products is daft because you can get all kinds of new softwares installed. Be less lazy - select products you know are installed (what - you don't inventory your network... tsk tsk) in your organization and check the updates you approve.

      I actually selected and deployed the Skype update successfully as was quite please to see it as the guys where I work rely on Skype and its a good way to keep it up to date. Sadly I'm now not happy again because other people can't configure/use WSUS properly, shame.

    3. Ramazan
      Coffee/keyboard

      @Fuzz

      OK, you ain't seen nothing yet, buddy, it's pretty obvious. Proper operating systems in their stable branch have 2 magical commands: "apt-get update" and "apt-get upgrade", that will perform proper update with no skypes attached. Case solved.

  5. Reading Your E-mail
    FAIL

    Whoops

    Well if you auto approve updates and download all products then you got caught napping didn't you. Tsk tsk.

  6. Anonymous Coward
    Thumb Up

    Dear MS

    About bloody time. You were arrogant in assuming people wanted skype.

    Just because you bought them does NOT mean you have the right to infect other peoples pc's with unwanted software. It might not have been such a SNAFU if you had asked!!!!

    Shit like this *will* push folks to use an alternative O.S.

    However, well done for withdrawing it.

    1. Anonymous Coward
      Anonymous Coward

      Re: Dear MS

      "Sh*ugar* like this *will* push folks to use an alternative O.S."

      I'm not so sure. Most Windows Server admins are using that OS because the business dictated so.

      I have been in the situation of pushing for Linux servers, eventually sneaking one in, then having that mostly replaced by a Windows / sharepoint server and being hosted on a VM for backup purposes.

      It isn't the first time that MS have SNAFUed on updates, they get away with it because business have this blinkered view that they are the only OS in town.

      1. Anonymous Coward
        Anonymous Coward

        Re: Dear MS

        One bad update wouldn't force people to move off Windows Server!

        This said, I am happy that I don't have much cause to deal with Windows Servers any more. I've killed nearly all of them off in my side of the business, and with a few upgrades, we can finally kill of SQL Server here. Then the only one I need worry about is one domain controller.

        1. Anonymous Coward
          Anonymous Coward

          Re: Dear MS

          If you only have one domain controller, I'd build a 2nd one.

    2. phuzz Silver badge
      FAIL

      Re: Dear MS

      "You were arrogant in assuming people wanted skype."

      Well, to receive the update they had to have Skype selected in the products section, and the only way that could happen without someone explicitly clicking the checkbox, would be if they had already selected All Products, which will leave your WSUS server downloading bloody everything, including the Bing bar, and the Zune software.

      WSUS is for server admins, and if you didn't put any thoughts into which products you have selected then you only have your self to blame.

      (not to mention you have to have Auto approve updates switched on, which is also daft.)

      1. Ramazan
        Stop

        Re: then you only have your self to blame

        Nope. Proper operating system must have sane and secure default settings, so that apt-get update followed by apt-get upgrade won't result in system breakage or pwnage.

  7. Andrew Baines Silver badge
    FAIL

    All updates on SBS

    Feel sorry for small companies running SBS - the default is all updates. changing this to a lesser setting results in a yellow warning every time you login to the console. That means that you're likely to miss other problems.

    1. Anonymous Coward
      Anonymous Coward

      Re: All updates on SBS

      You still ought to consider and approve individual updates in SBS.

      And you also use the WSUS console directly for maximum control

  8. amanfromMars 1 Silver badge

    All your money belongs to us.

    I wonder if the Ulster Bank runs Windows, with Skype now available ...... and that is conflicting? Or are there other unwelcome gremlins in the works, still busy at their work, phoning home/stealing metadata

    Certainly there is something still ongoing in the works which no one is telling everybody about, for there is no one available/no spokesperson has been forwarded to spin that IT has fixed the present problem[s] although the ether has mooted that it could run on into next week ...... with no reassurance that even then are things as they used to be.

    All in all, a right fiasco of a scandal which is probably just the beginning of something else much more significant, as these/those sorts of things tend to take on a life of their own, with the status quo systems a petrified spectating passenger in the train of events, dear boy, events.

    Fact is stranger than fiction, so really anything can happen ........ and whenever you have command and control in virtual worlds, is reality not safe from ITs interventions/inventions.

    Capiche?!.

    1. Alan Bourke

      Re: All your money belongs to us.

      Paranoid much? Somebody ballsed up a mainframe batch update run. There is nothing else to it. Not everything has to be black helicopters when IT problems happen.

      1. Alastair C
        Terminator

        Re: All your money belongs to us.

        Oh my god - amanfrommars just won the Turing test.

        I for one welcome my etc. etc.

        1. Field Marshal Von Krakenfart
          Joke

          Re: All your money belongs to us.

          Good to see amanfromMars posting again, probably has a lot more time on his hands now that he has finished upgrading CA-7

  9. Field Marshal Von Krakenfart
    WTF?

    Not only that...

    After a skype update last night, I now have Youcam running on my PC, it keeps popping up a window asking me to setup a new profile picture and arbitrarily doing a left to right reversal of my video feed.

    At no time did the skype update ask if I want to install Youcam

    Heil MickySoft, they only have skype a couple of weeks and already they've managed to fuck it up.

    Currently looking for an alternative to skype.

    1. JimmyPage Silver badge
      Big Brother

      a good reason

      to tape over the webcam on any laptop ....

    2. Michael B.

      Re: Not only that...

      Youcam has nothing to do with Microsoft, it's a cyberlink product. It is probably part of the crapware on your machine or bundled up with a webcam driver update.

      1. Ramazan

        @Michael B.

        And again, this Youcam crapware most probably got to machine thanks to Microsof's OEM or driver certification policy.

      2. Field Marshal Von Krakenfart

        Re: Not only that...

        @ Michael B.

        I have that laptop 8 months, it was decrapified, skype was installed, and has been in regular use for the last 8 months. Automatic updates are switched off.

        First time I saw this particular piece of crapware ware was immediately after the latest update last Sunday!

    3. Anonymous Coward
      Anonymous Coward

      Re: Not only that...

      "... they only have skype a couple of weeks and already they've managed to fuck it up...."

      Or

      Skype have only been working in a new environment, with a new way of doing things a few weeks and managed to cock up an update.

      Which is more likely? I also not that there has been an update to Skype for Linux and it's less sucky than the versions before MS took it them over.

  10. NogginTheNog
    FAIL

    Corporates?

    Installing new updates from WU without first vetting/testing and approving them??

    The admins should be bloody fired!

  11. Anonymous Coward
    Anonymous Coward

    Oh look.

    http://support.microsoft.com/kb/2692954

    This update includes:

    [ . . . ]

    * Microsoft Bing Bar included as part of the install package

    Assholes.

    1. Crisp
      FAIL

      Re: Oh look.

      Has anyone anywhere ever intentionally and wilfully installed any kind of browser toolbar ever?

      1. Chris Beattie
        Windows

        Re: Oh look.

        Yes. The Google Toolbar for Enterprise was the least-worst option for adding spell-checking to text input fields in Internet Explorer. Group Policy is used to limit both the features and the number of installations to as few as necessary.

      2. JimmyPage Silver badge

        Re: Oh look.

        to be fair, the LastPass one is good - if just for generating passwords.

  12. Philip Lewis
    Stop

    Straw Poll (was Reply Icon Re: Oh look)

    Not me :(

  13. Anonymous Coward
    Anonymous Coward

    DAFUQ?

    OAT? Release process? No? This week a release was found that would impact 1.5% of my estate. Never reached prod. Anon as rude to brag about the size of ones estate.....

    1. Anonymous Coward
      Anonymous Coward

      Depends on your estate

      Country or council?

      1. Anonymous Coward
        Anonymous Coward

        Re: Depends on your estate

        Grew up on Council now manage Corporate. There is no excuse why no-one else can too

  14. LinkOfHyrule
    Pint

    So desperate

    Imagine being sat in the pub, minding your own, having a pint or two when suddenly...

    This drunk slapper troddles up to you "heeelloo daaarling, gis us a leg over will ya! Ooohhllll you're making me go all funny, lets go to the bogs and have a bunk up, you sexy sort you!"

    You reply - "look love, sod off, you're just showing yourself up!" Then you hear the barman (sys admin but deals with beer related stuff) the other side of the room shout "Right love, that's enough!! You're bard! Get outta here will ya!"

    That drunk slapper - her name is Skype!

    1. Anonymous Coward
      Anonymous Coward

      Re: So desperate

      "You're bard!"

      Let me get this right - the slapper was SHAKESPEARE ???

      1. LinkOfHyrule
        Happy

        Re: So desperate

        I knew some smart Alec would say that! I can't bothered to check if I have spelt stuff right any more, I am no Shakespeare you know!

      2. Richard 12 Silver badge
        Joke

        Re: So desperate

        Nah, she had a lute, see?

        1. LinkOfHyrule
          Joke

          she had a lute

          It was obviously Folk music night then!

          Talk about derailing my joke guys! You bunch of cyber bullies - we need one of those CEOP buttons on here!

  15. Anonymous Coward
    Anonymous Coward

    "I administer several banks that belong to a holding company."

    Is it just me or does it sound inherently suspicious/wrong for banks to be owned by a holding company........

This topic is closed for new posts.

Other stories you might like