Thursday, May 25, 2006

When in Doubt, Leave it Out, Windows update Mess

April Windows update Woes

Here are Microsoft's April Fool's patches, starting with small ones at the top and going to the worst ones below::

• Obscure hotfix for XP SP2 machines, patch 900485 from Dec. 2005, downloaded as a "critical" security patch via Automatic Updates on Apr. 25, two weeks after Redmond's regular Patch Tuesday distribution. Almost no one needs this hotfix, although it seems to have done no harm. It was apparently inserted into the Automatic Updates mechanism by accident, according to some newsgroup comments, although Microsoft still hasn't explained the gaffe.

• Security bulletin MS06-016, released on Apr. 11, makes it impossible for some users of Microsoft's free Outlook Express e-mail program to open the Address Book or reply to e-mails. Microsoft acknowledged on Apr. 26 and published Knowledge Base article 917288. The company describes how to backup, delete, and import the Address Book to fix Outlook Express. But, six weeks later, it hasn't issued a corrected MS06-016 patch to save people from having this problem in the first place.

• MS06-015, released on the same Patch Tuesday as MS06-016, conflicts with widely used nVidia video drivers, some HP printer/scanner/CD/DVD software, Kerio Personal Firewall, and some other applications, as described in KB 918165. The problem caused Microsoft Office components and some other apps to freeze when accessing files in My Documents or My Pictures, interferes with Windows Explorer and Send To, and prevented Internet Explorer from visiting typed-in Web addresses unless they were prefixed with http. The security bulletin was re-released on Apr. 25 users could install a version to correct the problems.

• Windows Genuine Advantage, the Microsoft program that checks users Windows installations for valid licenses, was pushed out as a "critical" security update to the U.S., U.K., Australia, and other countries beginning on Apr. 25. It's impossible to use Add/Remove Programs to remove the GA app, which displays warnings (once per hour after 14 days) if the software considers a copy of Windows to be nonlicensed. (Microsoft explained in KB 905474 how to disable the warnings until the next update is installed.)

What a surprise, this Genuine Advantage download is a major blunder of trust. Microsoft previously said this tool would be strictly opt-in, but these automatic midnight installs flooded companies' help desks with calls from panicking users. Nobody expects Microsoft to give away products for free, but No responsible company, slams its biggest, most legitimate customers with a change like this with little or no notice other than a press release the day before.

In the face of the screwups above, Microsoft has had no explanation. The Redmond company might be filled with thousands of talented developers, but they don't drive the corporation's overall policy. inquiries seeking comment, from a Microsoft spokeswoman : "Unfortunately, we are unable to provide you with an interview at this time due to lack of spokesperson availability."

Maybe home users of Windows (as opposed to advanced users) should keep Automatic Updates turned on. That was when Microsoft assured the public that Automatic Updates would only be used to distribute security updates rated as "critical." Microsoft abused its security upgrade mechanism to stealthily install Genuine Advantage, in addition to these many outrageously buggy patches, is inexcusable, and It's clear that MSFT corporate executives have made a deliberate decision to use Automatic Updates to install software that benefits the company, whether or not it helps users or has any relationship to users' security.

Pros update manually, novices should too


• Advanced users (including companies with full-time IT staff) should never use Automatic Updates. Professionals should first test Microsoft patches — and every other company's patches — on isolated machines. Read the free and paid versions of the Windows Secrets Newsletter that are published 2 days after Patch Tuesday with warnings of problems. Then use patch-management techniques to carefully install the needed upgrades to end users.

• Novice users, who can't or won't read up on reported patch problems before updating their machines, should leave Automatic Updates turned to Automatically Download, and Notify, but Do Not Install. Keep your Anti-Spyware and Antivirus updated, most Beginners have a greater risk of catching a virus than they do of encountering a serious patch need.

And you can disable Autoupdates totally as most Patches should still be installed manually within a few days of release, after a thorough check of news reports for potential Micorsoft screwups or software failures and conflicts.

Tuesday, May 09, 2006

More view from the Field, Macs do Windows, MSFT scrambles

OOOH, Me too, Me too, MSFT says Me too to VOIP IM blah blah blah

Oh boy, we better get back on the bandwagon and announce
that MSFT also has a VOIP addition to the Windows OS, how
convenient, another way to get Phishing Dialers, Porn 900
number billings and a virus in your phone. Remember the MSFT
programmable phone product from 5 years ago, that went
nowhere.

Lets see AIM, MSN IM, Google Chat IM, Jabber IM, ICQ IM, Gizmo
IM, Skype IM, or VOIP, so I'm confused....once these pieces of
crap all talk to each other, safely, and easily...then we might
actually have an Open design that allows people to really use
this junk to make a simple phone call.

When was the last time you opened up a cell phone to push the
wrong buttons and got the Web and not a damn phone call you
were trying to make. Putting calling and phones into a PC is way
overboard, especially when the PC is the number one target of ID
stealing, Phishing, scams, viruses, trojans and whatever else can
sneak into the swiss-cheese OS and ruin an otherwise simple
concept. When I need to make a call....I think I will use my
Telephone.

Microsoft proposes joint research with OSDL

This idea would serve no one but Microsoft. Their offer to pay half is chump change for them, since they asked for the meeting they should pay for all of it, from the Bill and Melinda Gates Foundation funds. They can make it a "true" public service effort, a way to assist companies to lower the TCO, helping US businesses handle soaring costs related to all types of technology & software. There is "no way" OSDL should accept an offer from Microsoft to work together on this study. Is there ANY doubt that Microsoft will handle the information with measures to keep it from being polluted with their "Windows everywhere" mentality. There is no place for a meeting of the minds, when the only results they seek are to eradicate the enemy. Further, any company who has ever shown any technology they built to Bill Gates, soon found their business harmed, by a hacked up, 2nd rate product that was bundled into Windows. Of course you can sue them, or hope they buy you out, but the whole consumer and corporate market suffers when Microsoft bundles more "junk" into the OS, rather than focusing on what THEY need to do, make a better, more secure OS, with less "stolen ideas" mashed in just to corner a new market opened by a more creative company. There is no good sense in showing Bill Gates your attack map, he will steal the ideas and mow over you with his legal hounds. Let them suffer in ignorance and get their facts somewhere else, they wouldnt know a Firewall, W3C standard, or secure and stable OS if they saw one.

“Vision is the art of seeing the invisible.”
Jonathan Swift


Simple to get, simpler to give away. Avoid the MSFT lie
Reader post by: Jonathan Swift

Story: Microsoft tries new tack with small firms

Simpler to get, simpler to give away. Save the costs of doing
business with Microsoft products, the only company that gets
more profit is them, your company is meanwhile muddled in
upgrade hassles, file incompatiblity, and insecure Internet
access technology that makes you more vulnerable to data and
identity theft.

The list of features that are harmful to your business, and the
economy, are not mentioned in Steve Ballmer's notes. Just hot
air, from a Procter & Gamble-ized "new and improved" promise
that will merely choke the worlds businesses out of more money
and man-hours, while MSFT tries to strangle another sector,
company, or great idea.

The best thing you can do is short MSFT stock with the money
you wouldve spent on their software, and instead buy some
Linux systems for a much lower cost, bringing TCO in line, and
letting your money work for you, rather than having to work for
the money, and the poorly built software MSFT sells for too high
a cost.

They still have not learned how to listen to the customer or the
market, we want secure, easy to use software, without the
constant barrage of enticements to join MSN, Hotmail, or get a
Passport. Do not buy windows, give it away and turn to
Macintosh or Linux, you will find it is the best decision you will
ever make. There are thousands of users who can attest to this,
and all they can say is "why didnt we do this move off MSFT
sooner".