Home > Bugs & Viruses > Microsoft mega-patch dogged by problemsMicrosoft mega-patch dogged by problems Eugenia Loli 2004-04-30 Bugs & Viruses 27 CommentsMicrosoft has released details about a number of problems which could be dogging those who install one of its patches issued on April 13 – the patch that fixes 14 vulnerabilities, among them two which are now being actively exploited.About The Author Eugenia LoliEx-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.Follow me on Twitter @EugeniaLoli 27 Comments 2004-04-30 7:26 pm HMmm… I seem to remember a bunch of people around here bragging about how good Microsoft’s testing is, how superior their software development methos are etc..in a recent thread from yesterday, and how Linux is so inferiour an OS because of this. http://www.osnews.com/story.php?news_id=6894...Bah.. stuff it. 2004-04-30 7:33 pm There are infinite possibilities of PCI cards and motherboards and infinite amount of crappy third party software for Windows that people use and many third party drivers that haven’t being certified. Microsoft can’t do anything about this, it’s just is. It is normal to produce some unwanted behavior that is difficult to reproduce at labs because of the above reality. As much bigger/popular is the OS, more difficult it becomes to debug it 100%.There is no such thing as “100% bug free” normal-size application, because even the compilers have bugs. So, please be a bit more objective on your comment. You are obviously not a system developer. 2004-04-30 7:45 pm I’m a lawyer. In my job, if I get it wrong first time, I get sued. Simple as that – no second chances. Why does the same standard not apply in the IT industry?Matt 2004-04-30 7:54 pm Because it can’t. It is above the strength of any software house to be able to test the infinite amount of software/hardware combinations. 2004-04-30 8:32 pm “Because it can’t. It is above the strength of any software house to be able to test the infinite amount of software/hardware combinations.”why do you need to defend those people after they made this stupid mistake of selecting a multiprocesser kernel for a single processer system.? 2004-04-30 8:54 pm I do not defend them “just for defending them”. I just know how the thing works, I am a developer. If Apple or Red Hat or Sun was at MS’ place, they would have the exact same problems, so why not just be objective? 2004-04-30 9:06 pm “why not just be objective?”yes. thats why i dont defend them 😉 2004-04-30 9:14 pm No, you are not. The subject here is about some bugs on a big patch, not about MS’ monopoly or business tactics. Be objective to the subject itself, don’t let your hatred about unrelated things get in your way of evaluating the current situation. This is a development issue, not a business one. Be objective to that. 2004-04-30 9:17 pm “Because it can’t. It is above the strength of any software house to be able to test the infinite amount of software/hardware combinations.”Well, if they can’t produce a quality product perhaps they should consider dropping their extremely overinflated monopolistic prices. 2004-04-30 9:20 pm “No, you are not. The subject here is about some bugs on a big patch, not about MS’ monopoly or business tactics”yes. that made mistakes and i am critising it. whats non objective about that. care to explain? 2004-04-30 9:28 pm What ‘mistakes’ are you talking about? Bugs? I explained above that bad architecture decisions and bugs DO happen everywhere (not just by MS), so I don’t get what you mean. It happens to everyone. Even to NASA’s 400mil robots. 2004-04-30 9:33 pm “What ‘mistakes’ are you talking about? Bugs? I explained above that bad architecture decisions and bugs DO happen everywhere (not just by MS), so I don’t get what you mean. It happens to everyone”i will criticise them when they happen to release buggy products no matter whether NASA does it or Microsoftits equally objective. dont tell me your interpretation of being objective is NOT critisiing MS 2004-04-30 9:39 pm You REALLY don’t get it, doya?It is not about “not critising” MS, it is about being objective on the problem they have to deal with. PUT yourself in THEIR position momentarily and recognize that releasing a 100% bug-free massive product is _impossible_. Anything about 200-300 lines of code –usually– has bugs, no matter the platform. As I said, even the compilers themselves have bugs, so even if your code IS bug-free, the output produced by the compiler might end up problematic.WHY is it so difficult to understand that, and recognize that no matter what, bugs will always happen?I really don’t get some people on this board. They seem so full of themselves and so anti-MS that they just don’t think for themselves, but instead follow the general flow like lemmings. 2004-04-30 9:42 pm “I really don’t get some people on this board. They seem so full of themselves and so anti-MS that they just don’t think for themselves, but instead follow the general flow like lemmings.”are you saying that i can critise them or i shouldnt.if you say i cant i dont agree with youif i can then you can shut upwhat lemmings?. why are so pro-MS are following them like sheep. My production servers got affected by these problems and I will critise their failures 2004-04-30 9:48 pm Okay, I got a question (or two) for you. And these are honest ones. Isn’t there a way Microsoft could provide patches without alerting worm writers to newly found security holes? Why is it always a race to get the patch before the worm people do? 2004-04-30 9:49 pm I am not saying that you should not critisize them for their failures, PLEASE do.But at the same time, *also* do understand how things work and that’s not possible to get a bug-free system by anyone out there. 2004-04-30 9:57 pm “But at the same time, *also* do understand how things work and that’s not possible to get a bug-free system by anyone out there.”compared to any product these people are doing are a bad job when you have to release a patch for a patch. 2004-04-30 10:09 pm The problem is how everything in Windows is so tightly integrated, how everything is so inter-dependent, a flaw in one service opens the way for ones in others. Compare that to the UNIX world where everything is build on individual services that do not depend upon each other, and you have a system where one vulnerability won’t bring down the house.At work we were hit by this vulnerability, and typically the day _before_ the patch was released. I’m working on convincing management to move to FreeBSD, but two key pieces of our puzzle (ColdFusion and JDBC drivers for an old version of AcuCOBOL) won’t work on it, so it looks like we’re kinda stuck.Damien 2004-04-30 10:17 pm “There are infinite possibilities of PCI cards”There are actually a finite number of possibilities. What you mean is that the number is large enough to prohibit thorough testing. 2004-04-30 10:25 pm “ColdFusion and JDBC drivers for an old version of AcuCOBOL) won’t work on it, so it looks like we’re kinda stuck. ”check again with Linux 2004-04-30 11:18 pm The subject here is about some bugs on a big patch, not about MS’ monopoly or business tactics.Actually, it is MS’s policy to release fewer big patches instead of multiple little ones because it looks better from a Marketing point of view (they don’t look as if they had as much vulnerabilities that way). So in fact, one can say that this is partly the result of their business tactics, and that criticism of those tactics is on-topic.Personally, I think it’s another black eye for Microsoft. Now, people have to choose between risking being vulnerable to remote exploits and risking that this will happen:A third problem detailed by Microsoft was that those who applied the patch could find that their computers appeared to stop responding at start-up, were unable to log on to Windows or find CPU usage for the system process approaching 100 percent.If I was a Windows user at home right now, I’d be royally pissed. Microsoft’s own worst enemy is itself. 2004-05-01 2:04 am I guess this proofs even Holy Corporations make mistakes in their long-time test efforts, doesn’t it? 2004-05-01 4:24 am I guess this proofs even Holy Corporations make mistakes in their long-time test efforts, doesn’t it?Huh? 2004-05-01 4:48 am Looks like AdobeSoftwareOnline is a clever semi-legal scam. Read their “Terms of Software Use” and you’ll find out they don’t sell Adobe software but rather they offer a software backup service.9.1 You understand that in order for AdobeSoftwareOnline.com to make you a copy of any software, you acknowledge that you are the legal owner of this same software, and are looking to just make a new copy for archival (backup) purposes only. 2004-05-01 8:04 pm >I’m a lawyer. In my job, if I get it wrong first time, I get sued.Yes, lawyers do it right first time. Always. They are super humans. A lawyer never made a mistake. An innocent person was never executed due to mistakes in legal system, and nobody spent years in prison just because of inept lawyer assigned by the court.Then, a lawyer turns around and bashes software developers whose mistake, at most, is “slow” computer- which can be undone by logging in safe mode and uninstalling patch.How can bad justice be undone? 2004-05-02 4:03 pm Or perhaps he is just a better one than you are. 2004-05-02 4:47 pm Then, a lawyer turns around and bashes software developers whose mistake, at most, is “slow” computer- which can be undone by logging in safe mode and uninstalling patch.Excuse me but your blind support of Microsoft should cause you to acknowledge that, at most, the problems can be quite severe. Allow me to cite Microsoft again:“those who applied the patch could find that their computers appeared to stop responding at start-up, were unable to log on to Windows or find CPU usage for the system process approaching 100 percent.”And if you simply “uninstall the patch” by going into safe mode, then your computer is once again vulnerable to what the patch was supposed to protect against. Since these include dangerous remote exploits, then I’d say that Microsoft has indeed royally screwed up on this one.Of course, no matter what the facts are, you’ll find a way to defend Microsoft and its abysmal security and stability records.