There was a bit of a stink today about an antivirus vendor claiming that Microsoft’s November security patches caused computers to show a ‘black screen of death’. Microsoft has investigated the issue, and states that the antivirus vendor, Prevx, is wrong.
David Kennerley said in a post on the Prevx’ blog that patches released as part of the November patch cycle from Microsoft caused machines to display a black screen. He claimed that this was the case because the patches in question made changes to the access control lists of certain parts of the registry. More specifically, the HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonShell
key.
Conveniently, the antivirus vendor also provided a free fix for the problem, which should’ve probably raised some red flags in the media. Microsoft delved into the issue, and after studying the patches in question came to the conclusion that they do not touch the registry at all.
“Microsoft has investigated reports that its November security updates made changes to permissions in the registry that that are resulting in system issues for some customers,” said Christopher Budd, Microsoft’s security response communications lead, in an e-mailed statement to InformationWeek, “The company has found those reports to be inaccurate and our comprehensive investigation has shown that none of the recently released updates are related to the behavior described in the reports. While we were not contacted by the organization [that] originally made these reports, we have proactively contacted them with our findings.”
In addition, Microsoft checked with its worldwide Customer Service and Support organisation, which found that the black screen issue was not “a broad customer issue”. Since Microsoft was not contacted about any problems, they have no idea what’s causing the black screen – but they do state that malware in the Daonol family is known to cause black screens.
This further solidifies my belief that you should always take the statements from security vendors with heaps of salt. Remember, these guys have a product to sell, and they rely on fear. They need to seed it, so they can sow it later on.
Just use a modern Windows system (Vista or 7), and install Microsoft Security Essentials, a minimalist, fast, and efficient anti-malware and antivirus program, and you’re pretty much okay. If security is paramount to your computer’s operation, stick to Mac OS X, Linux, BSD, or Solaris.
hmm. i diddn’t get any black screens.
The Black screen of death is a cute term, but I dont buy it. Its likely something made up by people (iTards) who are still using macs and trying to justify the $5000 they spent on an obsolete-out-of-the-box, disappointing piece of junk from apple.
Funny enough my parents are back running Windows Vista and the first thing I installed was ‘Microsoft Security Essentials’. As much as I’d love third parties to give Microsoft competition, it is time for third parties like the organisation in question to stop blaming Microsoft for their crap programming and look for another niche to carve out. This isn’t the first time, anyone remember Application Enhancer from Unsanity, the most useless piece of crap ever devised? the same thing that causes blue screens of death on Mac? well, same thing is happening again for Microsoft.
Both Microsoft and Apple are faced with this problem and I really wished that there was some way to ring fence of the operating system from these sorts of crap. Third party software taking an otherwise perfect operating system and kill it within a few seconds.
Sorry if the above posts sounds like a out of control rant but it really pisses me off when I see things go tits up and the third party have the gaul to blame the operating system vendor instead of taking responsibility themselves.
FTA:
Who is to blame for not having any idea what is causing the black screens?
Who is to blame for vulnerability of the OS to “malware in the Daonol family”?
I do agree with you, however, that there is a great deal of utterly useless software out there for Windows. Huge amounts. Bucketloads. It is all heavily promoted and pushed on people, too.
They merely stated that particular piece of malware is known for causing black screens. I didn’t read it as they were blaming it in this particular case.
Not sure if you’ve re-read the article but there’s an Update:
A bit of due diligence on the part of Prevx could have avoided this entirely. At least they apologised.
It’s good that they apologized, but still irritating that they didn’t do this basic detective work beforehand. Many people won’t ever see that follow up and they’ll just remember hearing that Microsoft screwed up with their updates, and, to the extent it discourages people from patching regularly, it’s especially bad since keeping software up to date is such an important part of keeping a system secure. In effect, this security firm helps create a less secure environment. This is why responsible disclosure is so important. I mean, if an investigation reveals there’s a clear problem and the vendor dismisses or minimizes the issue, by all means raise a sh*tstorm, but at least try to work with them and do thorough research before making these kinds of claims. Incidents like this just lend credence to the notion that security firms are just fearmongering opportunists, and that this one in particular shouldn’t be trusted.
Edited 2009-12-02 03:11 UTC
exactly. no news/media website (or even TV or newspapers nowadays) does their job of verifying. If it sounds legit enough, and sentionalistic enough, it will make it through.
worse case, a few days later you can also post a withdrawal, you still got a zillion hits (= money) and desired effect (omg, hate microsoft quick! praise google quick!).
and it suck.
You can stop listening to them anytime. I’ve already done so.
Please let us know when you find an operating system where this is not the case.
Say, Gentoo. Or NetBSD.
Edited 2009-12-02 13:08 UTC
Fair enough. Of course, other than server stuff, neither of those have any *useful* software, either.
“They need to seed it, so they can sow it later on.”
I thought this sounded weird, but had to google it to be sure I wasn’t off base: sow=plant, so I think you are writing “they need to plant it so that they can plant it later on”.
The cliche english expression is “to reap what you sow”. Obviously, you can choose not to use the cliche, but the metaphor only makes sense if you preserve the meaning that reap=harvest and sow=plant.
Indeed. More sensible would have been “They need to sow the seeds of fear, so they can reap the profit later on.” or something.
I know some people disabeling updates, because they say when they had updates enabled, it turned their computer slow. Incorrect claims like this about updates makes people like that think they’re right by disableling their updates.
I know people like this as well, on all platforms though and not just windows. Funny thing is, while with windows I have never had an update actually break or slow my system, ive had many a linux installs that went completely toe up from a seemingly innocent update, which required hours (cumulative) of screwing around to correct. This made me kind of apprehensive of any major updates, but I ultimately bit the bullet, because not being patched in any system is like leaving the door open, with a sign on your mailbox that lists all your nice goodies inside ready to take.
> Microsoft checked with its worldwide Customer
> Service and Support organisation, which found
> that the black screen issue was not “a broad
> customer issue”.
Hah! I’ve encountered the Black Screen of Death, and no amount of filesystem tinkering or Ctrl-Alt-Del/Ctrl-Shift-Esc->Run explorer.exe helped. Not even reverting to an earlier system restore point helped, nor did any of the safe-mode/repair alternatives at the F8-screen or the install dvd. Had to reinstall the OS completely (at which point I made it a dualboot with ubuntu so that at least something would work the next time the Black SoD happens).
The fact is that thousands of people suffer from this issue and it has been known for years now and MS doesn’t seem to be doing anything about it, except claiming that the issue doesn’t exist, which obviously is a lie.
Edited 2009-12-02 09:57 UTC
They’re not claiming the issue doesn’t exist – they’re just saying Prevx was talking out of its ass when it said it was caused by Windows updates.
In fact, they did acknowledge it was an issue by pointing at malware that can cause it.
You’re right, they’re saying it’s not “a broad customer issue”. I don’t know if any broad customers have the issue, but for the customers having the issue it certainly is broad.
Way to spread some FUD! It’s already well-known that this problem is not an issue caused by Microsoft, but rather the crapware people choose to run or malware they blindly let install. Dealing with all sorts of PCs on a daily basis, I have NEVER seen a Black Screen of Death that was Windows fault, so hah!
That being said, am I the only one who has never heard of this Prevx company? Glad MS did their homework for them though, and then proceeded to hand their ass to them.
Edited 2009-12-02 12:47 UTC
Of course it’s Microsoft’s fault, even though MS isn’t it’s cause. Nothing that normal, non-admin users can run should be able to completely destroy your OS to the point not even the normal recovery tools work. In my case there was nothing blindly installed by any action of the user. Heck, installing malware should never be so easy that users that are utterly clueless should be able to do it. (In ubuntu, which I recommend to all clueless users, it’s much easier and safer. If the user can’t edit his/her own apt sources then he/she shouldn’t be installing, and therefore can’t install, anything not already provided by the current apt sources. (One just has to make sure the clickety-click deb-installer isn’t provided.))
Edited 2009-12-02 13:10 UTC
And there is nothing that can cause the system to crap out in apt sources? The same fallacy that Fedora made.
Edited 2009-12-02 13:12 UTC
I’m not sure what you mean, but there’s nothing even remotely similar, no. And if something would cause the OSes of thousands of users to completely lock up then obviously the people making the OS would provide some means to fix it. But not MS.
[The comment preview here on OSAlert is seriously b0rken. Usually in such a way that things look good in preview but not in the final version. E.g. nested quotes.]
Edited 2009-12-02 13:31 UTC
I mean that while I haven’t used Ubuntu for a while, I am sure that the repository contains all kinds of things (e.g. kernels, kernel modules, insecure daemons, SUID binaries, etc.) that can badly crap out the system in inept hands.
Of course, but any such thing would never go on for days without getting fixed once someone suffers from it. The Black SoD has plagued people for several hundred days now, a couple of years even. I’m not criticizing MS for not being perfect, but for not fixing known critical faults. (On a related note, I wonder if the F-Spot devs are MS employees.. you know, with their 5+ years old data-destroying bug still unfixed and all..)
This is not MS’s fault, no matter how much you want it to be. Even PrevX admitted it. Stop the fud, for the love all that is good in the world.
Well… unless you count the fact that such dubious “security tools” as antivirus are necessary in the first place. But yes, once things have reached a level of f–ked-upedness for long enough, it becomes difficult to accurately apportion the blame.
AFAIK PrevX admitted no such thing. It’d be absurd to “admit” such an obvious untruth. You’ve probably confused the fact that MS didn’t cause that particular Black SoD (at least not with their updates) with the fact that MS is responsible for there being such a thing that they won’t fix.
(Also, I don’t want anything to be MS’s fault. I’d love to see MS being good and perfect in every way.)
Please make properly specific accusations if you feel the need to make any at all. I welcome negative criticism (even more than positive – one learns more from the former than from the latter).
Edited 2009-12-02 19:07 UTC
Here, read this:
http://www.prevx.com/blog.asp.
Oh, and unless you have proof about a blackscreen of death that MS refuses to fix, stop making unsubstantiated claims. I’ve been in the business for ~20 years, I have yet to see what you describe in the numbers you claim. Also, read the comments, there is a lot of good info there.
Spreading FUD is what you are doing.
Edited 2009-12-02 19:19 UTC
Didn’t I already tell you about it? OK, the proof doesn’t exist anymore once I reinstalled the OS, but if you give me your contact info I can let you come and have a go at it when it happens next time.
And I’m not trying to spread anything but the truth. I’ve told you what happened to me. That was the absolute truth. That I searched a lot and found nothing that would fix it (and MS’s support didn’t help at all, the only things I could try besides the normal recovery tools came from people in different forums). This is also the absolute truth. The fact that many other people have had the same problems is something I can’t verify, but it seems unlikely so many people on various forums would try so hard to get their OSes to work if they weren’t broken.
So, what certainly is not FUD (because it’s the simple, unadulterated truth) is that I’ve experienced the Black SoD, and that none of the normal recovery methods provided by MS worked and that I couldn’t find anything else (provided by MS or otherwise) that would work and many other people seem to have the same problem, or at least problems with the same symptoms.
I’m not sure what you think is FUD that I’m “spreading”, but if you want to continue the discussion we’d better take it elsewhere, because it’s offtopic here. You can reach me at ‘sundman’ followed by the at-sign followed by iki.fi.
followed by iki.fi.
Ooo, another finn here!
It’s not *that* rare…
By that reasoning, if you’re careless while using a chainsaw and accidentally remove a few limbs, then it’s the chainsaw’s fault. No one would suggest that chainsaws should be “fixed” by making them incapable of cutting things… yet people have no problem claiming that Windows needs to be “fixed,” when the only way to fix it would mean crippling it just as thoroughly.
Look at ChromeOS. It protects users from installing malware… in about the only way possible, by preventing them from installing ANY software locally or making any modifications to the underlying OS. And, amusingly, the Linux geeks are all cranky about how locked-down it is: they got what they asked for, and now they’re whining about the results. Boo hoo.
By that reasoning, if you’re careless while using a chainsaw and accidentally remove a few limbs, then it’s the chainsaw’s fault. No one would suggest that chainsaws should be “fixed” by making them incapable of cutting things… [/q]
Of course people “suggest” chainsaws should be made as safe as possible (obviously without hindering their main purpose). That’s why chainsaws have a top handle switch that cuts the power on kickbacks, and that’s why they’re often sold with pants padded with chainsaw-choking filling.
Huh?? Why do you think providing working recovery tools and recovery fixes would imply crippling something thoroughly?
Actually I do hope windows gets some inherently decent security system at some point, and there’s even hope now that Jonathan S. Shapiro went working for MS. Nothing needs to be crippled, at least not as thoroughly as those gazillion (and thus horrible to the point of uselessness) “this is a privileged action, are you sure you want to allow this?” dialog boxes that windows uses. But again, this is going offtopic. If you want to continue either the chainsaw thing or the nonsensical crippling thing or the security thing you can reach me the way I wrote in my previous message.
You’re shifting the goalposts. You originally wrote:
“MS is responsible for there being such a thing that they won’t fix.”
…implying that you believe that Microsoft should prevent it from happening, which is not the same thing as providing recovery tools/fixes.
You’re also making a gigantic assumption that Microsoft has enough information about the problem to provide recovery fixes for it. Unless you’ve contacted Microsoft and provided them with sufficient details to reproduce the problem, that is.
And have you made any attempts to determine if hardware issues could have caused the problem? If you have file corruption because of faulty RAM or a dying hard drive, that’s hardly Microsoft’s fault or responsibility to fix, is it?
You’re shifting the goalposts. You originally wrote:
“MS is responsible for there being such a thing that they won’t fix.”
…implying that you believe that Microsoft should prevent it from happening, which is not the same thing as providing recovery tools/fixes. [/q]
No, I specifically included the “that they won’t fix” in what “MS is responsible for”. Your interpretation like “(MS is responsible for there being such a thing) that they won’t fix.” (i.e., with the “that they won’t fix” as a completely separated statement) is different from my intended meaning like “MS is responsible for (there being such a thing that they won’t fix)” (i.e., that MS is responsible for having this relatively wide-spread issue remain unfixed for years).
Have you ever contacted MS support? Have they ever been of any real help (not counting giving out new activation codes or somesuch), or have they ever forwarded your problem (which they can’t solve themselves because they are extremely incompetent and only ask stupid things like “have you tried plugging in the computer?” even after telling them e.g. that the computer runs memtest86+ just fine) to some technical department which actually would be capable of something? MS is one of the worst companies I’ve encountered at receiving and handling bug reports. (Probably because it has such a large user base, but that doesn’t mean they’re off the hook – quite the opposite.)
Of course! The very first thing I almost always do when something breaks is to test the integrity of the hardware (no use in fixing broken software with broken hardware which could break the software even more) – an over-night memtest86+, check the S.M.A.R.T. status, generic stress-testing (e.g., SuperPi).
Obviously it’s not. I would never claim it is.
so if a user operates an object incorrectly and the object malfunctions, it’s the object’s fault?
Apparently you’ve never known anyone killed by a drunk driver. Douchebag.
No. If a manufacturer makes a product such that it’s particularly easy for users to render it useless by mistake then it’s the manufacturer’s fault that so many such products get rendered useless. (Of course the primary responsibility still lies with the one operating the product, but that’s irrelevant since this obviously is a case with more than one fault.)
Nobody drives drunk by mistake.
Along similar lines, it’s not MS’s fault if the OS fries as a result of the user switching non-hotswap RAMs on-the-fly. That’d be against the specs and not something one would do by mistake.
And there’s no reason for name-calling. Try to be civil.