What will the innovators at M$ think of next? Having trouble convincing people to try Skype? No problem! Just install it at 3am while they sleep…
“Microsoft’s Windows Server Update Services (WSUS) last night deployed a Skype update to Windows clients that had never had the telephony and messaging software installed. This resulted in Skype being installed on these computers.”
I have used WSUS. It helps keep a bunch of PCs updated. I never could get it to work perfectly and now it’s acting like a trojan, bypassing IT policies to avoid time/bandwdith-wasters. How many $millions will be wasted removing the junk from PCs in schools and offices and homes?
See Microsoft installs Skype without consent – The H Security: News and Features.
17466
12762
206
3
2
23909 
11862 
11714 
4634 
4261 
1642 
198 
14 
2 
0 
0 
0 
Mr. Pogson likes to believe in conspiracy theories. Let’s quote that which he didn’t:
Apparently by mistake, Microsoft’s Windows Server Update Services (WSUS) last night deployed a Skype update to Windows clients that had never had the telephony and messaging software installed.
It’s also clear from the linked-to thread in Microsoft’s forums that this indeed wasn’t intended.
Of course, you can choose to believe otherwise. As you always do, Mr. Pogson.
Troll FAIL. Intended or not, it happened. Accidental or not, it’s unacceptable. Unless MS can reverse the process (doubtful), a lot of time will be wasted fixing it. Another reason to avoid Microsoft like the plague it is.
Chris Weig quoth, “Apparently by mistake”.
What we learned about how M$ works, fundamentally, is that they don’t make mistakes. Every action of M$ is geared toward shoring up the monopoly any way they can. It is possible that such an action could be a bug, but just imagine what kind of an error it takes to install something on a system… It had to be multiple errors managed by several layers of M$’s bureaucracy. I would not be surprised if the CEO himself signed off on it. We know M$ has quality control and testing heavily of updates. It was no accident.
I remember a similar incident that harmed me and my employer way back when. We had automatic updates turned off and still SP2 of XP was installed in the middle of the night while we slept. Several applications and the scanner could not be used afterwards. M$ is not above using the update system to get what it wants. Where I last worked I found one machine that had been off-line for 8 years (just word-processing in a back office). It had 60% of the processes running that automatically updated systems had. I believe that automatic updates is part of M$’s plans to slow down PCs (MIPS-eating applications) so that users will be frustrated and buy new hardware with new licences.
When I absolutely need to have Windows on a machine, I use a utility called Codestuff Starter to switch off unneeded services and startups. It helps.
Chris Weig would like us to believe that Microsoft made a mistake. Well, Chris, they’ve made “mistakes” like this too many times in the past. Due to their frequency and the fact that they always favor Microsoft we strongly suspect that they are not mistakes. But let’s suppose they are. What the Hell is a company like Microsoft doing making such a gross mistake as installing a major application without the user’s consent? That is gross incompetence.
Maybe you’d like to make excuses for Microsoft and explain how something like that could happen. It’s the least you could do for your beloved Microsoft. Come on now Chris, let’s hear it.
Look who’s talking. You all glossed over Debian’s OpenSSL disaster just fine. And such things also happen constantly in the world of FLOSS.
Even if true, “You do it, too!” is no defense for bad actions, so, again, FAIL.
Chris Weig wrote:
“And such things also happen constantly in the world of FLOSS.”
You will always know about FLOSS failings and you will know about it as soon as they become apparent. When they do happen, let’s talk about it. Right now Microsoft is the one who trashed their users trust. And it doesn’t look like a “mistake”.
Even if true, “You do it, too!” is no defense for bad actions, so, again, FAIL.
Of course it is. It is a viable defense as long as you try to make it look like that kind of thing only happens to/at Microsoft. With FLOSS things simply happen, and nobody’s ever responsible. The Debian maintainer of the OpenSSL package tried to blame the OpenSSL developers for giving him false instructions. Very irresponsible.
Chris Weig writes:
“Of course it is. It is a viable defense as long as you try to make it look like that kind of thing only happens to/at Microsoft.”
Wow, you really are out to lunch. In your own reality. No, it’s not okay. Pointing to others, saying they do it too, is not any kind of defense for a transgression. To even mention that shows you are lacking in scruples. Of course, you fit right in with the Microsoft crowd. That’s normal for them.
Nobody is saying mistakes only happen at Microsoft. What I insinuated was that Microsoft seems to make mistakes that help their bottom line while screwing someone else a little too often. They also make mistakes that screw themselves like Vista, but those are easy to sort out from the ones that screw others.
Chris Weig
“The Debian maintainer of the OpenSSL package tried to blame the OpenSSL developers for giving him false instructions.”
In fact there was a mailing list entry where the Debian Maintainer had checked and was told the optimisation was fine by one of the lead OpenSSL developers. The openssl developer believed something that was not true.
Really you are loony. FOSS world the exact person who stuffed up is findable. Test suite of OpenSSL was updated the configuration script was updated so it never can happen again. Mailing list and other records are public.
The Debian Maintainer did also get hauled over the coals for not running the test cases with openssl even that those back then would not have shown anything.
Finding who stuffed up is important. Why to make sure it don’t happen again. Case of Openssl and debian you had a total of 4 located stuff ups.
1) Openssl test suite was not good enough. Design process error. This leads to the development of klee.llvm.org and other tools to automate development of test suites.
2) Openssl Configuration system did not check for incompatible options. Human error the test was in the configuration file but disabled. Hidden because the testsuite did not work.
3) OpenSSL developer believed the configuration and test suite worked. Human error.
4) Debian maintainer did not run the test suite after building when he should have.
Number 4 has lead to Debian developing systems to auto run as many test suites as able.
http://upsilon.cc/~zack/blog/posts/2011/07/Test_Driven_Development_in_Debian/
Yes the numbers of faults found and removed by the openssl disaster is massive.
oiaohm wrote, “the openssl disaster”.
It was not the best of times, but it was far from disastrous. It definitely was a learning experience. Years later there are still a few of those weak keys surviving in the wild. I had one return in a backup of user files. Fortunately Debian spotted it and warned me.
“What I insinuated was that Microsoft seems to make mistakes that help their bottom line while screwing someone else a little too often. They also make mistakes that screw themselves like Vista, but those are easy to sort out from the ones that screw others.”
Your tinfoil hat needs adjusting…