The Return of BSOD: Does ANYONE trust Microsoft patches? Patch early and patch often is the advice of security professionals when it comes to software updates. After all, who needs to be left wide open to hackers and malware writers when the solution is delivered by the software's maker? Yet sysadmins will be increasingly leery of applying such an approach to Windows systems …
I would say that automated testing (including regression) is not working ok for them... and that makes you wonder what else is slipping...
It is very difficult AND expensive to corectly test everything.. and if it is for me (an we have limited interfaces and SW collisions) the OS is even more difficult...
>It is very difficult AND expensive to corectly test everything..
Never use the phrase test everything as its impossible to test all inputs as you would need to go to infinity. Say thorough test coverage or some such en vogue nonsense. Sorry to be pedantic but people seem to think truly complete regression is very possible and all security bugs are due to sloppiness testing when that is often but not always the case. Seems to be pretty clear in this case though Microsoft screwed the pooch.
It's a bit difficult to test an OS deployed on hundred of millions of machines with very different software configuration on them.
I updated my LAN machines - and but for an issue with Delphi (which tries to write a font from its resources to %temp%, and then try to add and remove it dinamically), I didn't find any issue.
But because those patches changed the way some font APIs work, I guess other software may be impacted. And if it happens in some drivers loaded at startup (it could be a video driver or printer driver, maybe), some really bad can happen.
Sometimes the large number of hardware devices and software Windows supports may become a double edged sword - it's impossible to test everything.
But it's silly to blame the support technician who asked for details - you really need a "sample" from an affected machine to understand what's wrong and fix it - until you have it, there's little you can do if on everything else you tested with it works...
For example on one of my machines I have a conflict between Asus USB 3.0 Boost software and the Epson Perfection 2400 Photo scanner driver, you really need them both to see the issue.
@wdmot
A bugbear of mine as well. I explain it as meaning "many", whereas it is often seen used as though it meant "lot" (a myriad of X).
Given 'myriad' can sound a a little pretentious, I usually reserve it for conveying the idea that something is many and various. Thus, I generally only use it with classes of things. For example, I might say 'myriad animals' to mean that not only where there lots of animal, there was a great diversity of them too. I would not say 'myriad badgers' - for that I feel the simpler 'many' (or other constructions) to be preferable.
I approve of 'myriad combinations' - gives the impression of a bewildering array; too many to feasibly address.
@LDS: Stop trying to put a sensible comment in reply to a news item which is a Rant Magnet.
So many hardware companies send out buggy "It runs, so ship it" drivers. Drivers clearly not fully following the correct rules in the MS manuals. Then add in the whole rafts of extra weird apps theses same hardware manufacturers throw into the Startup as services or sitting down by the clock in the Task Tray. Add in dozens of other "helper apps". No wonder this then becomes a minefield for OS updates.
Some of the crud I find running on client PCs is unbelievable!!
So many hardware companies send out buggy "It runs, so ship it" drivers. Drivers clearly not fully following the correct rules in the MS manuals. Then add in the whole rafts of extra weird apps theses same hardware manufacturers throw into the Startup as services or sitting down by the clock in the Task Tray.
Then the OEMs take this, and pour in some proprietary code of their own into the proverbial proprietary soup.
Then there's what we need to get a job done.
Naturally, companies don't test with their competitors' software, they'd rather you just used their own rather than their competitors' programs. So if there's a clash, there's no incentive to assist you with it. A good example of this is VPN clients. Too bad if you need both to get a job done; i.e. company A likes VPN solution X, company B likes VPN solution Y and company C likes VPN solution Z.
Being a systems integrator, we're stuck with having these potentially conflicting VPN clients, which also battle Kaspersky, VirtualBox and in some cases VMWare Player and Microsoft VirtualPC, for control of the host's networking stack.
I look at Windows and wonder how anything works … My work-supplied laptop, a Dell Vostro, dual-booting Windows and Ubuntu Linux, has seen the odd BSOD on Windows 7.
It's been fine in Linux however, has has my own personal Panasonic Toughbook which dual boots Gentoo Linux and Windows 7. I don't use my own machine in Windows often enough to see BSODs, so I can't comment much there.
That is why I moved my main workstation from Windows to Linux back in 2001 ... never looked back. I do get these systems infested with apps and shit in systray and whatever that do nothing for repairs.
Also, the crud you get on unboxed Windows systems is impressive ... how do you guyz accept that ? You spend more time removing the crap than installing something coool like Linux instead ...
A kid came in this morning, his laptop was failing under the load, PC Booster et al was on there, including the whole saga of OEM apps left, right and center ... he went back home with Ubuntu 14 LTS.
Yes, updates fail on Ubuntu as well, happens, sometimes this or that library has vanished, but it is often just an "apt-get install" fix.
As for BSOD's, I have seen more on Windows 7 than on any other windows version, arguably, my HP Elitebook 8540W had a very flakey Wifi driver that BSOD'd on me when I shut the system down. Note that I re-installed Windows onto a partition some time ago, the BSOD has now gone, however, the wifi device sometimes just vanishes and I need to go into device manager and disable it, wait a few secs before I enable it again for everything to go back to normal ... sometimes, that does not even work... yes, I have the latest drivers, the only drivers installed are the ones from the HP site for the computer ... I have two games installed, for the kids and an anti virus ... that is all.
Needless to say, the computer runs Debian 7 flawlessly ...
>>Drivers clearly not fully following the correct rules in the MS manuals.
And how do you know that exactly, or that MS follow their own manuals in the first place? Is the source code available?
As for the OS flaw, once again, I said that earlier and got downvoted without any explanation: on a GNU/Linux system an old stable kernel is never discarded so that a user could boot back to it and get a functioning system again.
I think MS are well aware that something's amiss with their patching and testing and they're trying to cut down on platforms. As well as XP being knocked on the head, for later versions of Windows you also need the latest version of IE and with Windows 8.1 you need Update 1. Shame it doesn't seem to be catching everything.
that WE the users are the field testers for their patches as well as their new releases.
They (MS) don't care a jot if their crud borks our systems. They won't come and fix it so we are stuffed with living with their crap.
It is rather sad but at least with releases from the Fruity company they do have retail stores when you can take your Macbooks when their updates go wrong.
Like many posters on El-Reg today I never update with MS Patched until at least a week after they get released. So what if my systems are 'vunerable'. None of them are directly connected to the internet nor do they have an client connections from outside our firewall.
What about USB sticks, removable disks, mail attachments, browser vulnerabilities, 'unknown' software installs?
Most systems today are not often compromised by a direct attack to a system from outside the network perimeter (although exposed vulnerable services may be an issue).
Attack vectors are often an email attachment, visiting a web site, using an infected removable disk, or running software of 'unknown' origin... are all your USB ports disabled? All attachments blocked? Only whitelisted web sites accessible? All users running without admin privileges?
Attack vectors are often an email attachment, visiting a web site, using an infected removable disk, or running software of 'unknown' origin... are all your USB ports disabled? All attachments blocked? Only whitelisted web sites accessible? All users running without admin privileges?
Spoken like a seasoned Windows user, with the scars.
>> so we are stuffed with living with their crap.
You're really not. You and every other Windows user really don't have to keep taking this shit.
Its just that for whatever reason, most people choose to remain stubbornly ignorant of, or averse to, moving over to Linux, even though its MUCH more stable, secure, standards-compliant, powerful and logical in its operation than any Microsoft product.
It is, and yet equally it isn't.
I'm very fond of Linux for many purposes but no distro is really well suited for end user desktop use at present, at least on the scale that Windows is.
Sometimes, with the right hardware and the right distro, Linux as a desktop just works out of the box and that's fine.
Sometimes however you have to do endless fiddling, swapping distro provided video drivers for vendor ones or vice versa, or blacklisting driver modules to get other driver modules to load so that your audio works properly. That's not so fine, and presents some very real potential problems for many typical users.
As for updates, I've known package updates from a main repository break systems before, and sometimes with Linux this can be harder to fix as removing the package doesn't put it back as it was and stops the previous version working again.
The real problem is Linux grew from being aimed at and used by computer experts and sysadmins, and has had a large portion of it's development aimed towards servers and specific applications. This means it's not ideal for more general purposes or more general users, and developing it to be so is hard and slow.
Windows was developed right back from Windows 3.1 and it's predecessors to be a system for the average end user and to be easy to use and designed in such a way as to bread familiarity. This makes it a good general purpose OS usable and easily taken to by any user, but makes developing it as a reliable server or specific application platform harder.
@JustNiz
"Its just that for whatever reason, most people choose to remain stubbornly ignorant of, or averse to, moving over to Linux, even though its MUCH more stable, secure, standards-compliant, powerful and logical in its operation than any Microsoft product."
Any story about Windows or MS inevitably diverts into comments about Windows vs Linux.
Linux is very customisable and exists in several different flavours, which can make for a lot of confusion and not very much portability, in terms of a 'normal' user just being able to pick it up. You have the distro, which will contain specific bits and then they have the window manager/desktop environment built on top. You can change that, which is nice but there is a downside in that if you have used (e.g.) Fedora at a previous job, you can't necessarily be confident you can use Fedora at a new job as it could be running a different desktop.
Likewise the repository managers and the packages available through them. Again, take Fedora, which uses RPM with a front-end of yum. On top of that you might use a GUI like yumex or Appcenter. Of course that's not the only front-end you can use and indeed, while RPM is used in other distros, those may use a different front-end, such as apt-rpm in PCLOS or URPMI and Rpmdrake in Mageia. And, of course, other distros may use a different package manager such as pdkg/APT, which itself can be used with multiple front-ends such as synaptic and aptitude.
And, even then, the packages available for a given distro may vary, even if they use the same desktop and package manager. Again, take Fedora, which doesn't allow you to download any non-FOSS packages through the manager. That sounds very righteous until you realise that 'non-FOSS packages' includes vendor drivers.
Now, that's fine because you can get around that by adding in the RPM Fusion repositories (plural) but, if you're running CentOS, you'll have to enable the Extra Packages for Enterprise Linux (EPEL) first, of course. After that you'll be able to download the wireless adapter driver, however.
All this variation makes the relatively simple question of 'how do I install the latest video card driver' somewhat more complex than it might otherwise be.
And that's just the basics.
What about in a business environments? Active Directory is a suite of tools that are unparalleled for what they do. Linux supporters will argue that AD is there to make up for inherent problems and deficiencies in the Windows world and that Linux is better by design as it is 'built as a multi-user operating system' and has security and stability baked-in. Maybe so, but the change from a Windows environment to a Linux environment requires a complete paradigm change - from how you buy computers and server, to how you build PCs and install applications, how you manage user accounts and configuration settings - it all has to be reworked.
Let me be very clear - I am not pro-Windows and I am not anti-Linux. I run both - at work and at home. I have been through Mandrake and Mandriva and Fedora and Ubuntu and Kubuntu and Arch and Puppy and PCLOS and SUSE and CentOS and Slackware and Mint several other miscellaneous ones like OpenELEC, gOS and Mythbuntu.
What I am saying is that there is no real single operating system called 'Linux'. There are instead hundreds of distributions and, even narrowing it down to the more popular ones you'll still be presented with a dozen or more, depending on which ones are being forked-off or falling in and out of favour. Out of that dozen distros, no two will function the same. Each will have a different combination of configuration tools and desktop and package manager and installed applications and you can change some of these yourself, such as installing Enlightenment or XFCE on Fedora.
Likewise you can install Ubuntu but, if you decide you don't like Unity, you can install KDE. Unfortunately, while it may look similar, this will result in a different OS than if you just installed Kubuntu from the start as you will have all the other libs and programs. This may be advantageous to you or it may result in a slower system. Again, the point is just the huge amount of variation.
I love the ability to customise Linux and chose something that fits your needs like a glove. This is why so many Linux users swap distros so much! That strength, however, is also a downside.
In the end, whatever the benefits in stability or security, Linux and Windows are built on different paradigms and to say that one is flat better than the other is patently ridiculous. The OS that best fits the way you want to work is where you should start.
Actually, I'm going through pains at the moment thanks to a certain distro and, more importantly, the video drivers they insist on. It has been about two days now since I last saw a full working desktop and I have had all sorts of suggestions on what has actually happened. Sounds familiar? Yes, that's what can happen in Linux, just as it can in any other operating environment including Windows. That's why I try not to take sides when this sort of thing happens.
Usually because I'm too busy cursing out the sods that caused the problem!
i'm getting annoyed at my fellow windows users on here, shouting at the world out of frustration whenever a smug linux user laughs at our misery
who are they trying to convince? we all know windows is shite - stop defending it, and stop slagging it off. your both wasting your time.
Since you're not being specific on what the problem, distro and the drivers are, let me give a general piece of advice: reboot to the previous desktop you had a full working desktop with. If that's bloody nvidia --> nouveau transgression or vice versa, you might need to do something additional as to edit the /etc/modprobe or /etc/modules/ entries and blame Nvidia for all this additional trouble .
@LDS
Exactly. This is, perhaps, an oversight in the way things were originally developed and this crash shows on of the reasons why it's so difficult to fix after the fact.
Developers use the code and libraries and so on as they are provided. Sometimes they use deliberately undocumented calls to enable functionality or improve speed or simply make their coding easier. Problem like this can occur - in part - when MS 'fix' something and it then breaks the way a third-party uses that feature/library/API.
It does seem as though - based on the widespread report of this issue - that MS really did mess this up. Using the excuse that you can't test for everything only really works if it's just a small number of people affected.
"Doesn't Microsoft catch errors in their code any more? It would be a lot better than coming up with STOP ?"
The 4k or so redundancies at Redmond (as opposed to the 12k or so at Microsoft owned Nokia) apparently fell mainly on testing and QA staff according to a softie blog whose comments those made redundant were using to let off a bit of steam.
Coincidence?
Patch early and patch often is the advice of security professionals when it comes to software updates.
I certainly hope not: a variant on the old "measure twice, cut once" should be applied: "backup and test twice, patch once". I regularly get random failures with Microsoft's patches – but I'm lucky enough to be using them in a virtual machine. Not had a blue screen from the most recent round.
my main windows 7 VM that I use on my laptop anymore. There is an outstanding patch for IE11(KB2964444 - was failing since 5/2) that if it gets installed the system will BSOD on reboot(not installing it seems to hold up other patches). I cannot uninstall IE11 due to some sort of internal corruption in the system. Tried a few basic things I found online to try to fix it nothing worked.
The system functions fine otherwise.
I suppose at some point I need to reinstall it (tried doing some basic recovery stuff to fix the issue everything failed), the system is pretty well protected as-is anyway, but hasn't seen a patch in several months. I've personally never had this kind of issue with windows before, though I haven't been a serious windows user in some time(still not).
LDS - I don't know. I don't tend to skip patches I just let the system patch whatever it wants. I looked and indeed I do not have KB2929437, I'll take a snapshot of my VM and see if I can get that one to install(faster to recover with vmware than with windows system restore for me)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
