Linked by Thom Holwerda on Tue 1st Dec 2009 23:53 UTC
Windows There was a bit of a stink today about an antivirus vendor claiming that Microsoft's November security patches caused computers to show a 'black screen of death'. Microsoft has investigated the issue, and states that the antivirus vendor, Prevx, is wrong.
Order by: Score:
Comment by graigsmith
by graigsmith on Wed 2nd Dec 2009 00:58 UTC
graigsmith
Member since:
2006-04-05

hmm. i diddn't get any black screens.

Reply Score: 1

Comment by kaiwai
by kaiwai on Wed 2nd Dec 2009 01:53 UTC
kaiwai
Member since:
2005-07-06

Funny enough my parents are back running Windows Vista and the first thing I installed was 'Microsoft Security Essentials'. As much as I'd love third parties to give Microsoft competition, it is time for third parties like the organisation in question to stop blaming Microsoft for their crap programming and look for another niche to carve out. This isn't the first time, anyone remember Application Enhancer from Unsanity, the most useless piece of crap ever devised? the same thing that causes blue screens of death on Mac? well, same thing is happening again for Microsoft.

Both Microsoft and Apple are faced with this problem and I really wished that there was some way to ring fence of the operating system from these sorts of crap. Third party software taking an otherwise perfect operating system and kill it within a few seconds.

Sorry if the above posts sounds like a out of control rant but it really pisses me off when I see things go tits up and the third party have the gaul to blame the operating system vendor instead of taking responsibility themselves.

Reply Score: 3

v RE: Comment by kaiwai
by lemur2 on Wed 2nd Dec 2009 02:10 UTC in reply to "Comment by kaiwai"
RE[2]: Comment by kaiwai
by flanque on Wed 2nd Dec 2009 02:32 UTC in reply to "RE: Comment by kaiwai"
flanque Member since:
2005-12-15

They merely stated that particular piece of malware is known for causing black screens. I didn't read it as they were blaming it in this particular case.

Not sure if you've re-read the article but there's an Update:

Update: In a blog post published shortly after this story was filed, Prevx's Jacques Erasmus confirmed that Microsoft's patch was not to blame and apologized to Microsoft "for any inconvenience our blog may have caused."

The black screen problem appears to be linked to improper alteration of the Shell value in the Windows registry, as explained in the blog post.

A bit of due diligence on the part of Prevx could have avoided this entirely. At least they apologised.

Reply Score: 5

RE[3]: Comment by kaiwai
by Bryan on Wed 2nd Dec 2009 03:09 UTC in reply to "RE[2]: Comment by kaiwai"
Bryan Member since:
2005-07-11

It's good that they apologized, but still irritating that they didn't do this basic detective work beforehand. Many people won't ever see that follow up and they'll just remember hearing that Microsoft screwed up with their updates, and, to the extent it discourages people from patching regularly, it's especially bad since keeping software up to date is such an important part of keeping a system secure. In effect, this security firm helps create a less secure environment. This is why responsible disclosure is so important. I mean, if an investigation reveals there's a clear problem and the vendor dismisses or minimizes the issue, by all means raise a sh*tstorm, but at least try to work with them and do thorough research before making these kinds of claims. Incidents like this just lend credence to the notion that security firms are just fearmongering opportunists, and that this one in particular shouldn't be trusted.

Edited 2009-12-02 03:11 UTC

Reply Score: 7

RE[4]: Comment by kaiwai
by _xmv on Wed 2nd Dec 2009 13:56 UTC in reply to "RE[3]: Comment by kaiwai"
_xmv Member since:
2008-12-09

It's good that they apologized, but still irritating that they didn't do this basic detective work beforehand.

exactly. no news/media website (or even TV or newspapers nowadays) does their job of verifying. If it sounds legit enough, and sentionalistic enough, it will make it through.
worse case, a few days later you can also post a withdrawal, you still got a zillion hits (= money) and desired effect (omg, hate microsoft quick! praise google quick!).

and it suck.

Reply Score: 2

RE[5]: Comment by kaiwai
by sbenitezb on Wed 2nd Dec 2009 16:52 UTC in reply to "RE[4]: Comment by kaiwai"
sbenitezb Member since:
2005-07-22

You can stop listening to them anytime. I've already done so.

Reply Score: 2

RE[2]: Comment by kaiwai
by cb_osn on Wed 2nd Dec 2009 10:33 UTC in reply to "RE: Comment by kaiwai"
cb_osn Member since:
2006-02-26

I do agree with you, however, that there is a great deal of utterly useless software out there for Windows. Huge amounts. Bucketloads. It is all heavily promoted and pushed on people, too.

Please let us know when you find an operating system where this is not the case.

Reply Score: 6

RE[3]: Comment by kaiwai
by strcpy on Wed 2nd Dec 2009 13:07 UTC in reply to "RE[2]: Comment by kaiwai"
strcpy Member since:
2009-05-20


Please let us know when you find an operating system where this is not the case.


Say, Gentoo. Or NetBSD.

Edited 2009-12-02 13:08 UTC

Reply Score: 4

RE[4]: Comment by kaiwai
by rockwell on Fri 4th Dec 2009 15:18 UTC in reply to "RE[3]: Comment by kaiwai"
rockwell Member since:
2005-09-13

Fair enough. Of course, other than server stuff, neither of those have any *useful* software, either.

Reply Score: 2

Word quibble
by cavol on Wed 2nd Dec 2009 02:31 UTC
cavol
Member since:
2009-12-02

"They need to seed it, so they can sow it later on."

I thought this sounded weird, but had to google it to be sure I wasn't off base: sow=plant, so I think you are writing "they need to plant it so that they can plant it later on".

The cliche english expression is "to reap what you sow". Obviously, you can choose not to use the cliche, but the metaphor only makes sense if you preserve the meaning that reap=harvest and sow=plant.

Reply Score: 5

RE: Word quibble
by Timmmm on Wed 2nd Dec 2009 17:10 UTC in reply to "Word quibble"
Timmmm Member since:
2006-07-25

Indeed. More sensible would have been "They need to sow the seeds of fear, so they can reap the profit later on." or something.

Reply Score: 2

No updates
by Andre on Wed 2nd Dec 2009 07:36 UTC
Andre
Member since:
2005-07-06

I know some people disabeling updates, because they say when they had updates enabled, it turned their computer slow. Incorrect claims like this about updates makes people like that think they're right by disableling their updates.

Reply Score: 1

RE: No updates
by hollovoid on Wed 2nd Dec 2009 10:50 UTC in reply to "No updates"
hollovoid Member since:
2005-09-21

I know people like this as well, on all platforms though and not just windows. Funny thing is, while with windows I have never had an update actually break or slow my system, ive had many a linux installs that went completely toe up from a seemingly innocent update, which required hours (cumulative) of screwing around to correct. This made me kind of apprehensive of any major updates, but I ultimately bit the bullet, because not being patched in any system is like leaving the door open, with a sign on your mailbox that lists all your nice goodies inside ready to take.

Reply Score: 2

v Not an issue?
by msundman on Wed 2nd Dec 2009 09:55 UTC
RE: Not an issue?
by Thom_Holwerda on Wed 2nd Dec 2009 10:50 UTC in reply to "Not an issue?"
Thom_Holwerda Member since:
2005-06-29

They're not claiming the issue doesn't exist - they're just saying Prevx was talking out of its ass when it said it was caused by Windows updates.

In fact, they did acknowledge it was an issue by pointing at malware that can cause it.

Reply Score: 2

RE[2]: Not an issue?
by msundman on Wed 2nd Dec 2009 11:25 UTC in reply to "RE: Not an issue?"
msundman Member since:
2005-07-06

They're not claiming the issue doesn't exist

You're right, they're saying it's not "a broad customer issue". I don't know if any broad customers have the issue, but for the customers having the issue it certainly is broad. :-)

Reply Score: 2

RE: Not an issue?
by larwilliams2 on Wed 2nd Dec 2009 12:46 UTC in reply to "Not an issue?"
larwilliams2 Member since:
2009-12-02

The fact is that thousands of people suffer from this issue and it has been known for years now and MS doesn't seem to be doing anything about it, except claiming that the issue doesn't exist, which obviously is a lie.


Way to spread some FUD! It's already well-known that this problem is not an issue caused by Microsoft, but rather the crapware people choose to run or malware they blindly let install. Dealing with all sorts of PCs on a daily basis, I have NEVER seen a Black Screen of Death that was Windows fault, so hah!

That being said, am I the only one who has never heard of this Prevx company? Glad MS did their homework for them though, and then proceeded to hand their ass to them.

Edited 2009-12-02 12:47 UTC

Reply Score: 2

v RE[2]: Not an issue?
by msundman on Wed 2nd Dec 2009 13:08 UTC in reply to "RE: Not an issue?"
RE[3]: Not an issue?
by strcpy on Wed 2nd Dec 2009 13:09 UTC in reply to "RE[2]: Not an issue?"
strcpy Member since:
2009-05-20


If the user can't edit his/her own apt sources then he/she shouldn't be installing anything not already provided by the current apt sources.)


And there is nothing that can cause the system to crap out in apt sources? The same fallacy that Fedora made.

Edited 2009-12-02 13:12 UTC

Reply Score: 2

RE[4]: Not an issue?
by msundman on Wed 2nd Dec 2009 13:27 UTC in reply to "RE[3]: Not an issue?"
msundman Member since:
2005-07-06

And there is nothing that can cause the system to crap out in apt sources? The same fallacy that Fedora made.

I'm not sure what you mean, but there's nothing even remotely similar, no. And if something would cause the OSes of thousands of users to completely lock up then obviously the people making the OS would provide some means to fix it. But not MS.

[The comment preview here on OSnews is seriously b0rken. Usually in such a way that things look good in preview but not in the final version. E.g. nested quotes.]

Edited 2009-12-02 13:31 UTC

Reply Score: 2

RE[5]: Not an issue?
by strcpy on Wed 2nd Dec 2009 14:09 UTC in reply to "RE[4]: Not an issue?"
strcpy Member since:
2009-05-20


I'm not sure what you mean, but there's nothing even remotely similar, no. And if something would cause the OSes of thousands of users to completely lock up then obviously the people making the OS would provide some means to fix it. But not MS.


I mean that while I haven't used Ubuntu for a while, I am sure that the repository contains all kinds of things (e.g. kernels, kernel modules, insecure daemons, SUID binaries, etc.) that can badly crap out the system in inept hands.

Reply Score: 2

RE[6]: Not an issue?
by msundman on Wed 2nd Dec 2009 14:25 UTC in reply to "RE[5]: Not an issue?"
msundman Member since:
2005-07-06

I mean that while I haven't used Ubuntu for a while, I am sure that the repository contains all kinds of things (e.g. kernels, kernel modules, insecure daemons, SUID binaries, etc.) that can badly crap out the system in inept hands.

Of course, but any such thing would never go on for days without getting fixed once someone suffers from it. The Black SoD has plagued people for several hundred days now, a couple of years even. I'm not criticizing MS for not being perfect, but for not fixing known critical faults. (On a related note, I wonder if the F-Spot devs are MS employees.. you know, with their 5+ years old data-destroying bug still unfixed and all..)

Reply Score: 2

RE[5]: Not an issue?
by BluenoseJake on Wed 2nd Dec 2009 16:15 UTC in reply to "RE[4]: Not an issue?"
BluenoseJake Member since:
2005-08-11

This is not MS's fault, no matter how much you want it to be. Even PrevX admitted it. Stop the fud, for the love all that is good in the world.

Reply Score: 2

RE[6]: Not an issue?
by sbergman27 on Wed 2nd Dec 2009 17:02 UTC in reply to "RE[5]: Not an issue?"
sbergman27 Member since:
2005-07-24

This is not MS's fault, no matter how much you want it to be.

Well... unless you count the fact that such dubious "security tools" as antivirus are necessary in the first place. But yes, once things have reached a level of f--ked-upedness for long enough, it becomes difficult to accurately apportion the blame.

Reply Score: 1

RE[6]: Not an issue?
by msundman on Wed 2nd Dec 2009 18:58 UTC in reply to "RE[5]: Not an issue?"
msundman Member since:
2005-07-06

This is not MS's fault, no matter how much you want it to be. Even PrevX admitted it.

AFAIK PrevX admitted no such thing. It'd be absurd to "admit" such an obvious untruth. You've probably confused the fact that MS didn't cause that particular Black SoD (at least not with their updates) with the fact that MS is responsible for there being such a thing that they won't fix.

(Also, I don't want anything to be MS's fault. I'd love to see MS being good and perfect in every way.)

Stop the fud, for the love all that is good in the world.

Please make properly specific accusations if you feel the need to make any at all. I welcome negative criticism (even more than positive - one learns more from the former than from the latter).

Edited 2009-12-02 19:07 UTC

Reply Score: 2

RE[7]: Not an issue?
by BluenoseJake on Wed 2nd Dec 2009 19:18 UTC in reply to "RE[6]: Not an issue?"
BluenoseJake Member since:
2005-08-11

Here, read this:

http://www.prevx.com/blog.asp.

Oh, and unless you have proof about a blackscreen of death that MS refuses to fix, stop making unsubstantiated claims. I've been in the business for ~20 years, I have yet to see what you describe in the numbers you claim. Also, read the comments, there is a lot of good info there.

Spreading FUD is what you are doing.

Edited 2009-12-02 19:19 UTC

Reply Score: 2

RE[7]: Not an issue?
by BallmerKnowsBest on Wed 2nd Dec 2009 22:23 UTC in reply to "RE[6]: Not an issue?"
BallmerKnowsBest Member since:
2008-06-02

"This is not MS's fault, no matter how much you want it to be. Even PrevX admitted it.

AFAIK PrevX admitted no such thing. It'd be absurd to "admit" such an obvious untruth. You've probably confused the fact that MS didn't cause that particular Black SoD (at least not with their updates) with the fact that MS is responsible for there being such a thing that they won't fix.
"

By that reasoning, if you're careless while using a chainsaw and accidentally remove a few limbs, then it's the chainsaw's fault. No one would suggest that chainsaws should be "fixed" by making them incapable of cutting things... yet people have no problem claiming that Windows needs to be "fixed," when the only way to fix it would mean crippling it just as thoroughly.

Look at ChromeOS. It protects users from installing malware... in about the only way possible, by preventing them from installing ANY software locally or making any modifications to the underlying OS. And, amusingly, the Linux geeks are all cranky about how locked-down it is: they got what they asked for, and now they're whining about the results. Boo hoo.

Reply Score: 4

RE[3]: Not an issue?
by rockwell on Fri 4th Dec 2009 15:21 UTC in reply to "RE[2]: Not an issue?"
rockwell Member since:
2005-09-13

so if a user operates an object incorrectly and the object malfunctions, it's the object's fault?

Apparently you've never known anyone killed by a drunk driver. Douchebag.

Reply Score: 2

RE[4]: Not an issue?
by msundman on Sat 5th Dec 2009 00:02 UTC in reply to "RE[3]: Not an issue?"
msundman Member since:
2005-07-06

so if a user operates an object incorrectly and the object malfunctions, it's the object's fault?

No. If a manufacturer makes a product such that it's particularly easy for users to render it useless by mistake then it's the manufacturer's fault that so many such products get rendered useless. (Of course the primary responsibility still lies with the one operating the product, but that's irrelevant since this obviously is a case with more than one fault.)

Apparently you've never known anyone killed by a drunk driver. Douchebag.

Nobody drives drunk by mistake.
Along similar lines, it's not MS's fault if the OS fries as a result of the user switching non-hotswap RAMs on-the-fly. That'd be against the specs and not something one would do by mistake.
And there's no reason for name-calling. Try to be civil.

Reply Score: 2