Windows XP To Block Use Of "Troublesome" Drivers

Johnno74 writes "According to this story on The Register, Windows XP rc2 now includes the ability for Microsoft to prevent users from installing certain device drivers. Sounds like a good idea? Well, apparently among the casualties are ZoneAlarm and BlackIce... Two popular free personal firewall products for windows. Guess What? XP includes its own firewall ... So you don't really need then anyway, right? The full details on how this works are in this 1mb word document on Microsoft's site.

The document details how XP will automatically download the latest drivers for your hardware from the windows update site, and more worringly, XP will reguarly update the list of blocked drivers from the site. Quote from the document:

&nbsp&nbsp&nbsp"On a related note, Windows XP provides the ability for Microsoft to receive crash dump data on specific drivers (i.e. when a user receives a blue screen, we upload that information for further analysis). When Microsoft reporting systems indicate crashes have exceeded a certain threshold, Microsoft will notify the Vendor that the device is being considered for the blocked driver list. If reports pass an even greater threshold, we will then flag that specific version of the driver as needing to be blocked."

Boy, The site that uploads that crash dump data (and whatever else it snags...) better have a lot of bandwidth... ;-) As The Register points out, this brings back memories of how Microsoft killed Caldera DR-DOS by deliberately crashing Windows 3.1 if you were running on DR-DOS -- for no reason other than forcing you to use MS-DOS."

Note: according to this article, the change does not prevent Black Ice or other programs from running per se -- but it does require them to use updated versions tailored for XP.

o my god

How can you publish such a biased comment? The article from TheReg clearly states that Microsoft is working with exactly those vendors to solve compatibility problems. And that is probably just because the programs previously used hacks to accomplish their tasks.

"We've been working closely with Microsoft - BlackIce is widely used inside Microsoft - in order to make sure it works well," Rob Graham, founder of NetworkIce told us.

O my god right back at you!

I guess it was the need to inject your own leveling to Slashdot, but the article does NOT state that Microsoft is working with "exactly those vendors". It says nothing of the sort. Your pull quote was the only evidence that there is cooperation going on, and if you read that quote carefully and critically, you might spot the touch of bias in it that indicates we can draw very little information from it.

I would not say that adding a major feature that breaks competitors' software in the SECOND RELEASE CANDIDATE is kosher in ANY sense of the word. I mean, think of the implications JUST from the software development life cycle aspect. This addition will certainly have system-wide implications, and it's going into RC2? TWO??? Wouldn't that effectively nullify most of the beta testing that applied to RC1 and ALL previous builds? Isn't this just plain common sense?

And if you were a prosecutor, you'd look at the defendant's past history of proven, similar actions and call it damning. Just the things that we know for sure, coming largely from internal memos and emails that came out of the discovery process during the various legal actions, indicate that there is a predatory culture in Microsoft. Not that there isn't a similar culture in a lot of companies, but this one goes beyond the bounds of the law, common sense, and is certainly NOT in the interests of the comsumer. (And when I say comsumer, that's you 'n' me, chief!)

Furthermore, you saw fit to add your own conjecture. Frankly, if ZoneAlarm uses hacks to accomplish what it needs to do, I for one am entirely happy; and so are the millions of other people using it, who find that it causes no crashes whatsoever. I am hard-pressed, in fact, to think of a system utility that does its job so well, sitting in the background as unobtrusive as it can be. Especially something that has to intercept and examine every packet coming into a machine.

If you're going to accuse Slashdot submitters of faulty journalism, you can't interject your own bias as well and hope it all balances out...

Free?

among the casualties are ZoneAlarm and BlackIce, Two popular free personal firewall products

Don't know about ZoneAlarm, but BlackIce isn't free. It costs [networkice.com] $40.

Oh, god, no!

After about the umpteenth million time that I've successfully used ZoneAlarm to block out some adware, or some s'kiddie trying to r00t my winbox, I'm what you'd call satisfied. Sure, That program causes some instability, but that's nothing compared to what would happen if my computer were a zombie. Presumably Microsoft expects me to trust their firewall to block out adware? Or to actually be secure? No thanks. XP is one "upgrade" this user won't be wasting time/money on.

Re:Oh, god, no!

Bottom line is that they are saying that vendors will need to upgrade their wares to be compliant with the new platform.

Almost, but not quite. Yes, an app vendor needs to recompile/port/totally rewrite their 9x/NT application to get it running reliably under XP. That's not the issue. The issue is that M$ is now requiring that you certify your software under the XP logo program. This is cost-prohibitive for many companies, almost certainly excludes any GPL programs from running under windows, and it seems that an individual will be unable to author, compile and run a program on their own system!

The only way to get your program into that list is to get the logo. This implies that the database will have to be refreshed on individual user's computers from time-to-time, so a new app when published, will fail to install on any computer that has not been refreshed recently. The user will not blame Microsoft for this, and will likely return the product to the store and buy the competing solution. Also, if you read the entire Register article, it mentions that ill behaved software will have their XP credentials yanked, if too much BSOD events are logged. If you've ever developed any Windows software, you know that Microsoft breaks plenty of API calls during rev-level releases, potentially causing a vendor's application to get blacklisted. Or from the conspiracy theory perspective, this becomes a new tool Microsoft can employ during the "extinguish" phase.

MS Marketing : internal pr

No, the problem is trust. Microsoft has done just about everything possible to ensure that they don't have mine. Remember the truism: fuck me once, fuck you. Fuck me twice, fuck me! Bill can go find another hunny to take from. He can't have any more of mine.

Agreed. It has gotten to the point that I no longer trust their technology solutions, because of all of this enhancement in ther marketing and monopoly functionalities.

Let me repeat this. I do not trust their technology. I do not trust their marketing. There is the old joke revisted: How can you tell when an MS exec tells a lie? Answer: [fill in the blank]

Many MS geeks live inside a microsoft world depicted by microsoft marketing. Imagine the vaporware presentations they give the staff about the new technology coming out 5 to 10 years down the road! No wonder they go OOO and AHHH. But it is vaporware all the same. MS probably lies to thier staff as much as they lie to us. They got to keep the vision alive, sell the microserfs on the long term dream enough to get get 5 or 10 years of juicey code out of them before they burn out.

Guess what - more FUD

Zone Alarm has ALREADY been updated to be XP compatible. BlackICE will be updated before the end of next week to be compatible.

This is a Good Thing(tm) for MS to do. If they KNOW that a certain driver is bad then why shouldn't they prevent you from making an obvious mistake. Why would you WANT to be able to add in a known bad driver? You actually fault MS for this? I applaud them - I say: FINALLY!!

Re:Improve "reliability"

Yes, despite what the most vocal MS critics say, NT is quite stable, third party drivers do kill it.

Linux doesn't have this problem because there aren't too many vendors writing kernel modules.

IMHO, it is a harsh solution for a bad problem. But I can't fault them -- I can't think of any other way of doing it... except maybe a "I forfeit support from MS, and accept the risks of running this driver" button.

Remember too that MS has been responding to industry requests for privacy and control over updates. I imagine this will be among those tools with an option to point towards a privately run server. If not, corporate customers would have a fit. Just imagine being an IT manager finding out that Windows XP purged the video drivers from half your users in North America.

On the other hand, the worse MS gets, the more sense Linux makes.

Re:Improve "reliability"

I would say, yes.
We HAD NT systems here that ran for almost 5 years, with reboots only for service packs and hotfixes.

(As a side note, after receiving nearly 35 letters from the BSA and Microsoft, sent to us because we were developers and resellers and customers, offering us a "truce" and calling us all manner of names, we have removed all Microsoft Server products from our organization, have replaced them with Linux or BSD based systems. MS, F*CK you and your BSA Cronies! I dont care if it was a form letter, we were a bit more than offended.)

If We Trusted Them....

If we trusted them this might not be so bad. They ARE trying to make the end user expereince better. they are trying to say that drivers that are certified to work will be allowed.

The problem is though...we really do not trust them. I like MS and I don't trust them.

On the bright side though, this seems more like a hardware issue. Except for mice/keyboards/joysticks there isn't a wholelot of hardware MS sells. Thats not to say though that they wouldn't blackball a competitor of a favored hardware manufacturer that pays them a little extra cash to get their hardware/driver certified.

It seems to me that if what it takes to pass the test is out in the open, and it really is in MS's best interest to do that, there shouldn't be a p[roblem. I have always said that the reason why MS seemed so unstable was because the device drivers and the devices really didn't play well with Windows despite the Windows certified logo.

Instability?

I want to know exactly how people know that "most of the instability I've had with windows was due to bad 3-rd party drivers."

--or--

"Most of the instability I've had with windows was due to windows."

A whole new Bred of Hacks!

I can see this one coming a mile a way!

I can imagine someone flooding Microsoft's 'Crash Dump Servers' with loads of fake dump info making Microsoft take action on disallowing that application to run!

First one to make Windows XP NOT ALLOW OFFICE XP TO RUN --->!!WINS!!

First step towards software closed shop

Something tells me that this is the first step towards creating a 'closed shop', whereby NO software, not even application-level, can be installed or run unless it has M$'s approval.

Goodbye small independent software developers - if you can't afford the hassle and expense of MS$'s Certification Program, or if you don't toe the party line with MS$'s marketing agendas, then you'll find that your software is barred from Lose-dows XP.

Another possibility is that unknown software might be severely restricted in what XP allows it to do - for instance, non-certified programs may be strictly forbidden from all but the most basic access to the Internet.

And it's only a matter of a couple of years before you won't be able to buy a legal copy of Win2k, Win98 etc - it'll be WinXP or nothing.

Don't be surprised to see mandatory updates of XP which include blocked websites, blocked protocols etc.

I hope that the masses migrate to Linux, and that WinXP fails to recoup its development costs.

Good! Finally we get rid of stupid "personal fws"

Ahh. It would be So Cool if microsoft actually blocked blackice and zonealarm. Preferrably blocked each new version, with each new update of windows.

The "personal firewall" industry is a full-of-crap industry created by the media. There is absolutely NO NEED for a person to install a 'personal firewall'. There is a small set of rules he should follow to be safe from email-viruses, trojans and "crack attempts".

The firewalls prevents crack attempts, and preventes outgoing connections on non-allowed ports from non-allowed software. The first .. well .. normal people with windows (or newser linux distros) really have their computers pretty damn closed down when they buy'em. If they open things up - they really don't need a firewall to "double-check" everything for them.

The "firewall" may prevent them from becomming netbus/back orifice /sub7 victims, but only _after_ they've been stupid enough to run the fscking trojan in the first place. NOrmal rules of conduct on computers really says that they SHOULD NOT RUN PROGRAMS THEY DO NOT KNOW.

The entire 'personal-firewall' industry is a mediahyped hystery that really shouldn't exist. Its an industry that is all about creating 'fear' in the normal citizens, and the SO CALLED "security consultants" that recomends that you should install personal firewalls .. well .. I don't know why they do it -- either they are stupid or they are bought out by the "personal-fw-industry".

Personally I just shake my head when I hear about stupid lusers that has actually INSTALLED such things.

Another piece of misinformation

This is so typical of some Slashdot submitters. Any news about Microsoft is mangled into something bad about the company, regardless whether this really is the case or not.

In this case, only CURRENT versions of these programs are blocked, because they access Windows internals which causes instability on XP. They just need to be adjusted to work with XP correctly. Just like some /dev/ files changed between some version of Linux. Microsoft preventing this software from installing is like having different plugs for 220 V and 9 V devices so you won't plug your shaver directly into a high voltage outlet.

People who badmounth a company (whether it be Microsoft or another) using information like this as an argument should either shut up or be sued and punished for spreading mis-information.

It's a perfect example of double standards: when Windows crashes this is always the fault of Microsoft, not of bad drivers or programs which access Windows internals, while in fact they often are (especially video drivers). When Microsoft tries to do something about it, it's suddenly only done for promotion of their own firewall software.

Make up your mind. If you are against Microsoft for monopoly reasons or anything else, that's your right. But mangling any piece of information to something negative only hurts the credibility of the anti-Microsoft camp.

Not a bad idea, but not perfect, either

Putting all the anti-Microsoft BS aside, this really is a pretty good idea - they just need an opt-out option. I wouldn't mind MS telling me that the driver I'm about to install has crashed 4 trillion machines - but I reserve the right to go ahead and install it anyway.

it IS Microsoft's fault

It's a perfect example of double standards: when Windows crashes this is always the fault of Microsoft, not of bad drivers or programs which access Windows internals, while in fact they often are (especially video drivers).

Software vendors don't "access Windows internals" because programmers want to--it takes a lot of time to do so. They do it because Microsoft's APIs are insufficient and poorly thought out. Microsoft has profited handsomely from this because third parties have managed to figure out how to make that pitiful platform do things Microsoft never had the sense to design APIs for. Without third party vendors doing this, Windows would be nowhere. Now that Microsoft has finally copied enough from other vendors, their system doesn't quite need such enthusiastic third party software vendors anymore.

It's also a question of architecture: except for a very limited set of hardware drivers, there is no reason why the installation of anything should either be prohibited or cause instability. (Linux doesn't get this right either, but it is considerably better than Windows.)

The biggest problem with this is, though, that, whether it is sensible or not, Microsoft is driven by the profit motive, and for them to be able to exclude vendors from the market and force them to submit to certification procedures is a great way of controlling their market and increasing their profits. That is, even if there is some weak justification of this action in terms of profits, it is still highly suspect, and should be.

This isn't about being intrinsically "anti-Microsoft". The company has been found to be a monopolist, and it is rightfully subject to this kind of scrutiny and suspicion. Microsoft needs to tread extra careful in ways other companies don't have to, and instead the company is still giving consumers, software vendors, and regulators the finger.

(Incidentally, your characterization of blocking "only current versions of the drivers" is incorrect. I suggest you take the time and actually read the document at Microsoft's site describing their policies.)

Stop whining and keep using win2k.

I mean. what is WinXP? it's taking a very good and successful product with good features, and put some "meat" around it to grab more marketshares. For most of us, everything new XP has to offer we know how to install the equivalent on win2k... switching from Win2k to winXP is simply an interface upgrade (which can be done also with windowsblind(?) or similar).

Question is, is there a good reason for a win2k user to upgrade (downgrade I should say) to XP? XP seems so much more restrictive WIHTOUT giving any new features that can't be match with 3rd parties software. It's not an OS for most of us who like to mess around with hardware or software and betas. It's meant for the home user that is running 98/ME and wants to upgrade, THAT guy is gonna see a shitload of improvements.

Yes there's a professionnal version as well... I know... do you really think it's gonna be a major seller? heck they didn't expect win2k to sell that much, why did it sell that much? Games support/directX, Stability, speed, dual processor support, etc... XP offers nothing new in any of these area, so the win2k userbase Won't upgrade unless they have money to burn.

Finally, that product activation thing is gonna be another major pain in the butt for them, most IT people won't tolerate that, and boycott it. (personnally I don't feel like wasting 10hrs a month waiting over the phone because something bad happened to my users and I have to reactivate each one of them one by one or for whatever other reasons).

Spoofing?

How can Microsoft stop people from sending in spoofed data? What will stop, for example, NVidia from sending in data that makes Matrox drivers look buggy as hell and getting them blocked?

Misleading summary

Note: according to this article, the change does not prevent Black Ice or other programs from running per se -- but it does require them to use updated versions tailored for XP.

Hello??? Anybody home? Did it occur to anyone that maybe the reason why Microsoft is considering blocking old versions of ZoneAlarm and BlackIce is because they don't work on the new operating system? I'm sure by the time XP ships, there will be updated versions of ZoneAlarm and BlackIce available, and users will simply be required to upgrade them (for free I'm sure) before installing them on XP. If Microsoft didn't do this, some morons would try to install the same old version they used on Win98, and it would break things, and many of the users would blame XP.

Microsoft did something similar in WinME: the OS ships with a database of known-incompatible software, and if you try to run a known-incompatible program, it gives you a warning, with the option to cancel or run it anyway. An example of this is Enternet 100, a PPPoE client that Mindspring used to distribute for their ADSL service. Guess what? It actually doesn't work on WinME. Runs fine on Win95b, Win98, NT 4 and 2000, and I understand there's a way to hack it to make it work on ME, but according to the company that makes it, it's not compatible - you have to upgrade to a version of Enternet 300, or use a different PPPoE client. I did tech support for Earthlink after the Mindspring merger, and that feature that Microsoft put in actually saved us from some pretty annoyed customers, because it told them it wasn't going to work before they found out for themselves the hard way.

The real reason for this:

Is to do away with those pesky non-standard codecs like SMR, DivX ;-), 3ivx, M$MPEG-4 and so forth. Right now you get just a warning when you try to install those ACX/DLL files but come XP then that "Unable to find codec" message is all you are going to see.

Also you can say goodbye to those wonderful drivers that let you load a "sound card" to output the contents of the wave device to the hard drive of those "video cards" that let you screen capture ASF/RM player windows in an unencrypted format.

As soon as the encrypted video standards are rolled out you can bet that any kind of video output driver will be limited to VHS quality or the driver just simply won't be allowed.

Microsoft is smoking some serious crack if they think they can become the sole authoritative source for drivers on the Internet. Their WindowsUpdate driver server (if you go though the process of registering your hardware config with Microsoft) is worthless and do you think that companies are going to want to have to go through the hassle of signing very beta or unsupported driver they release?

Lesson from history folks...when the Amiga 4000 came out and told their customers that everything they had bought up to this point was no longer compatible Amiga went down the toilet. When Mom and Pop find their CD burner no longer works because their manufacturer hasn't gotten around to becoming "XP Ready" (even though the code base is no different than NT/2K) then I seriously doubt they'll be keeping it. Even though they can't return it. Shafted.

- JoeShmoe

Re:The real reason for this:

All they will do is drive people to dual boot their machines to Linux for those purposes. Anyone using "SMR, DivX ;-), 3ivx, M$MPEG-4" are probably good enough with computers to handle the dual boot. So just keep MS for the MS approved games, and start using Linux for everything else. Eventually the games will follow.

Another real reason to kill non MS firewalls

The last thing that MS wants is for the user to see a bunch of pop-up warnings each time XP and MS servers talk to each other to validate/snitch registration information.

Re:The real reason for this:

Funny. DivX works fine on XP RC2 here.

You only get warnings. It doesn't prevent you from installing any unsupported driver. I've install the beta nVdia 14.2 drivers as well.

If Microsoft prevented you from installing ANY unsupported driver in XP it would mean 3rd parties can't write custom drivers without going through microsoft. I see nothing that mentions this will ever happen in the DDK docs.

Blocking drivers is minor.

The big thing is that they will be uploading crash dumps.
This is just another method to determine what things are installed on your computer. They couldn't get away with HD scan uploads, so now they upload what's installed on your computer - but only when it crashes. On windows, that's more than early enough, my win2k box crashed twice today.

Do you have StarOffice installed? Well that's why you crashed.