Windows XP To Block Use Of "Troublesome" Drivers

Johnno74 writes "According to this story on The Register, Windows XP rc2 now includes the ability for Microsoft to prevent users from installing certain device drivers. Sounds like a good idea? Well, apparently among the casualties are ZoneAlarm and BlackIce... Two popular free personal firewall products for windows. Guess What? XP includes its own firewall ... So you don't really need then anyway, right? The full details on how this works are in this 1mb word document on Microsoft's site.

The document details how XP will automatically download the latest drivers for your hardware from the windows update site, and more worringly, XP will reguarly update the list of blocked drivers from the site. Quote from the document:

&nbsp&nbsp&nbsp"On a related note, Windows XP provides the ability for Microsoft to receive crash dump data on specific drivers (i.e. when a user receives a blue screen, we upload that information for further analysis). When Microsoft reporting systems indicate crashes have exceeded a certain threshold, Microsoft will notify the Vendor that the device is being considered for the blocked driver list. If reports pass an even greater threshold, we will then flag that specific version of the driver as needing to be blocked."

Boy, The site that uploads that crash dump data (and whatever else it snags...) better have a lot of bandwidth... ;-) As The Register points out, this brings back memories of how Microsoft killed Caldera DR-DOS by deliberately crashing Windows 3.1 if you were running on DR-DOS -- for no reason other than forcing you to use MS-DOS."

Note: according to this article, the change does not prevent Black Ice or other programs from running per se -- but it does require them to use updated versions tailored for XP.

XP: a gamble that is important to tech sector

[walterbyrd]

For those who didn'tt know: the entire PC sector is counting on XP to pull it out of the year long tech wreck. By PC sector I am refering to: INTC, AMD, MU, GTW, DELL, CPQ, etc. XP seems like a huge gamble for MS, either it will be a great success, or an awful failure. Considering MS history, it is hard to believe that anything from MS will be a failure - no matter how bad it sucks. But, I keep hearing people say that they want no part of XP.

o my god

[martijn-s]

How can you publish such a biased comment? The article from TheReg clearly states that Microsoft is working with exactly those vendors to solve compatibility problems. And that is probably just because the programs previously used hacks to accomplish their tasks.

"We've been working closely with Microsoft - BlackIce is widely used inside Microsoft - in order to make sure it works well," Rob Graham, founder of NetworkIce told us.

O my god right back at you!

[Tony Shepps]

I guess it was the need to inject your own leveling to Slashdot, but the article does NOT state that Microsoft is working with "exactly those vendors". It says nothing of the sort. Your pull quote was the only evidence that there is cooperation going on, and if you read that quote carefully and critically, you might spot the touch of bias in it that indicates we can draw very little information from it.

I would not say that adding a major feature that breaks competitors' software in the SECOND RELEASE CANDIDATE is kosher in ANY sense of the word. I mean, think of the implications JUST from the software development life cycle aspect. This addition will certainly have system-wide implications, and it's going into RC2? TWO??? Wouldn't that effectively nullify most of the beta testing that applied to RC1 and ALL previous builds? Isn't this just plain common sense?

And if you were a prosecutor, you'd look at the defendant's past history of proven, similar actions and call it damning. Just the things that we know for sure, coming largely from internal memos and emails that came out of the discovery process during the various legal actions, indicate that there is a predatory culture in Microsoft. Not that there isn't a similar culture in a lot of companies, but this one goes beyond the bounds of the law, common sense, and is certainly NOT in the interests of the comsumer. (And when I say comsumer, that's you 'n' me, chief!)

Furthermore, you saw fit to add your own conjecture. Frankly, if ZoneAlarm uses hacks to accomplish what it needs to do, I for one am entirely happy; and so are the millions of other people using it, who find that it causes no crashes whatsoever. I am hard-pressed, in fact, to think of a system utility that does its job so well, sitting in the background as unobtrusive as it can be. Especially something that has to intercept and examine every packet coming into a machine.

If you're going to accuse Slashdot submitters of faulty journalism, you can't interject your own bias as well and hope it all balances out...

Re:o my god

[Bimble]

Don't get so wrapped up in indignation over biased treatment of Microsoft that you forget that Microsoft has done some things that merit harsh criticism. If you read the Register article referenced, you'll notice a reference to how Windows would give bogus error messages to people trying to run it on top of DR-DOS, error messages put into Windows because management didn't want people using a competing product. While the driver-blocking in Windows XP does have a legitimate reason for being implemented in many cases (changes to the TCP/IP implementation would cause problems for firewall software, for instance, so disabling them would prevent the first boot of an XP-upgraded system from crashing due to that conflict), the possibility does exist that Microsoft could pull an old trick. All they would need to do would be to put some competing software in the "banned" list not because it could cause problems, but because it's competing software. The quick rise of IE illustrated that users are more likely to use what they get with the OS than they are to go out of their way to download a competing product, so such a move would certainly encourage people to use whatever's bundled with XP rather than download an updated version of the software. Especially since I'm sure the "blocking" feature doesn't display a download URL for the user to make updating the software easier.

Yes, Microsoft does make some good software (I hate IE for Windows, for instance, but love IE 5 on the Mac). But in case you missed the recent appeals court ruling, Microsoft isn't exactly a saint. If you look beyond blind MS-bashing and blind MS-defending, you'll see a report about a feature that should be closely watched because of its potential for abuse.

Microsoft Using OpenSource?

[ryanw]

My question is how much is microsoft actually comming up with themselves and how much are they hacking away from the opensource community? I heard that Active Directory is just bind with a microsoft twist to it. Is IIS just apache tweeked to hell and back?

Microsoft is combining a firewall with WindowsXP but did they actually write it or is it just ipchains? Is there any way we would ever really know if microsoft is using open source (GPL) code for their commercial purposes?

Re:Microsoft Using OpenSource?

[plone]

yah, and outlook is just pine with a pretty interface. And internet explorer is just lynx with graphics. I'm pretty sure that microsoft stole the code for calculator from xcalc. They practically work alike, so Microsoft MUST have stolen it from the GPL'd version.

Re:Microsoft Using OpenSource?

[Zeinfeld]

My question is how much is microsoft actually comming up with themselves and how much are they hacking away from the opensource community? I heard that Active Directory is just bind with a microsoft twist to it. Is IIS just apache tweeked to hell and back?

Active Directory is an LDAP interface, BIND is a DNS interface. Active Directory also provides DNS support but the underlying data model is LDAP and the probability that any BIND code would be useful is zero.

At the time IIS first appeared Apache did not exist, it was still the NCSA Web server with a bunch of third party patches. Thau was still doing major surgery on the first release of Apache while I was running IIS in the office across the hall from him. IIS could conceivably contain some of the CERN Libwww code, but that was put in the public domain, it is not open source restricted. The Microsoft lawyers called up to ask what the status of the CERN code was before MSFT downloaded it.

But still it is easier to make completely unsubstantiated allegations, admitting that you have no evidence apart from your belief that Microsoft >= absolute evil => If it is evil Microsoft must be doing it.

Since you appear to be a Newbie Microsoft-basher I will help you with some hints:

The Register article itself states that the blocking of the old incompatible application versions is taking place with the knowledge and co-operation of the companies themselves who are not complaining. Therefore Microsoft must bave blackmailed the companies into not complaining

The mechanism is a blacklist that lists bad programs that cannot be run. Therefore Microsoft csn stop you running your own software by not including it on the blacklist.

Then write drivers that don't crash

[Chemisor]

If you read the article, you'll see that the mechanism
blocks drivers which crash the system frequently
as determined by the crash dump reports sent to MS.
Clearly, if you write your driver so it crashes the
system all the time, it will be blocked. So stop
complaining that you are "denied market share" and
write a better driver. What, do you think you are
entitled to be installed on every Windows machine just
because your software is free?

Re:Then write drivers that don't crash

[J'raxis]

That's one way to get a driver blocked by Microsoft -- but here's another way [slashdot.org] the block list could (and probably will) be (ab)used.

But sir...

[jsse]

Microsoft to prevent users from installing certain device drivers.

Oh Great! One more product edge taken down by marketing idiots!

Do they get a clue why their product is so popular?

If this happend....NO XP FOR ME!

[Chanc_Gorkon]

You know why? I have a Permedia 2. Yeah I know, it's old, but it's paid for and as soon as I can afford to dump it, I will. I am not a 3D gamer. The Permedia does fine on most of the stuff I play. I use the last driver for it that 3DLabs released. Well, it's not WHQL (Windows Hardware Quality Labs) certified. I guess it means I have to upgrade it since, by my guess, Microsoft won't let me use this driver. 3DLabs no longer is releasing drivers for it. I know I was planning on getting rid of this card, but that's not the point. The point is Microsoft DOESN'T know best. If they did, they'd have done a better job with the Driver section of Windows Update. Has anyone EVER downloaded a driver from there? ....I here CRICKETS!!!! I have never had ANYTHING come up in there. Not even a LPT driver or anything. Not ONE of my devices use a driver that's on the Windows CD. I have to use a generic video driver until I get the proper one installed, the modem driver does load, but it doesn't work and I have a Multimedia Keyboard I use that I had to load the driver for too. If I installed ANY MS OS and it recognized most (I'd say I would be happy with 90 percent) of my devices and got the right, most current driver for it, well, then I would say fine. But if it did that, then they wouldn't need this mumbo jumbo.

Does Linux bitch when I install my decidedly non standard Sound Card driver for my Aureal?? Nope! So Windows should not either.

Re:If this happend....NO XP FOR ME!

[Zeinfeld]

I have a Vodoo 3 card as well, only my problem is that I can't get it to work with my existing O/S, Tomb Raider Chronicles that is. But the problem is that 3DFX being a gonna and not having released their drivers open source the hardware is going to be useless sometime or other regadless.

Re:If this happend....NO XP FOR ME!

[Chanc_Gorkon]

Like I tell my boss with a printer we run and someone else makes the files: As long as we have some part, no matter how small, we have to fix their CRAP! Microsoft will have to just deal wit it! You are running a BETA and not a final product. Just because it works on the beta means SQUAT! The whole idea is bad. If they at least let you install a driver, even if it's in their list, then I have no problem with letting you know there may be a problem with the driver. Just so long as they don't scare the crap out of new users...unfortunately that's what this will do! The new user will have something that worked under 98 and they will try it on XP and it does not work. They will want something else but my neighbor who has just gotten his computer will not have any choice. He'll have to get a Mac I guess to have something easy to manage. Linux would not be easy for him as easy as it is for us. As much as I hate to say it, Microsoft's software, at least for home users, is decent, easy to use, and unless you try to do things like heavy multitasking or web serving, it performs quite well. Stability isn't as important for home users (although, I think it is) as it is for business or techies. Is this an excuse to not make XP better? NO! But I see this causing MAJOR problems for home users and they will complain....loudly!

This is getting RIDICULOUS.

[SuiteSisterMary]

An entire story that intimates, implies, and infers that Microsoft has decided to block competing products, then the last sentance says

does not prevent Black Ice or other programs from running per se -- but it does require them to use updated versions tailored for XP.

Ok, I'm all for bashing things that need bashing, but this is getting out of hand. How DARE Microsoft try to stop those damn BSODs! How DARE they actually stop you from doing something that has the possibility of rendering your machine unbootable. How DARE they let vendors know when they're seeing a lot of problems with a new driver revision! Oh, but if something like this is on Linux, i.e. Ximian Red Carpet, then that's ok. Then it's great. They should download new versions automatically, and install them without asking. But if it's from Windows Update, then NO NO NO! IT'S WRONG!

Free?

[tetrad]

among the casualties are ZoneAlarm and BlackIce, Two popular free personal firewall products

Don't know about ZoneAlarm, but BlackIce isn't free. It costs [networkice.com] $40.

Oh, god, no!

[tulare]

After about the umpteenth million time that I've successfully used ZoneAlarm to block out some adware, or some s'kiddie trying to r00t my winbox, I'm what you'd call satisfied. Sure, That program causes some instability, but that's nothing compared to what would happen if my computer were a zombie. Presumably Microsoft expects me to trust their firewall to block out adware? Or to actually be secure? No thanks. XP is one "upgrade" this user won't be wasting time/money on.

Re:Oh, god, no!

[coolgeek]

Bottom line is that they are saying that vendors will need to upgrade their wares to be compliant with the new platform.

Almost, but not quite. Yes, an app vendor needs to recompile/port/totally rewrite their 9x/NT application to get it running reliably under XP. That's not the issue. The issue is that M$ is now requiring that you certify your software under the XP logo program. This is cost-prohibitive for many companies, almost certainly excludes any GPL programs from running under windows, and it seems that an individual will be unable to author, compile and run a program on their own system!

The only way to get your program into that list is to get the logo. This implies that the database will have to be refreshed on individual user's computers from time-to-time, so a new app when published, will fail to install on any computer that has not been refreshed recently. The user will not blame Microsoft for this, and will likely return the product to the store and buy the competing solution. Also, if you read the entire Register article, it mentions that ill behaved software will have their XP credentials yanked, if too much BSOD events are logged. If you've ever developed any Windows software, you know that Microsoft breaks plenty of API calls during rev-level releases, potentially causing a vendor's application to get blacklisted. Or from the conspiracy theory perspective, this becomes a new tool Microsoft can employ during the "extinguish" phase.

This *is* MS's problem

[StrawberryFrog]

.... rant to the effect that we musn't blame MS for the instabilities of 3rd party drivers ...

Actually we should blame MS - it was a deliberate decision on MS's part to put speed over stability - ie to put the video etc. drivers into the kernel level in NT4 onwards, for increased speed as the expense of them being able to bring down the whole OS if they crashed.

Re:Oh, god, no!

[HydroCarbon10]

AFAIK, no internet connection is required. You can use activation over the phone if you prefer, and you can turn off any automatic updating that might want you to be connected (although the auto. updates will not force you to go online if, for example, you're on a dial-up connection). So far I've seen no indication that internet connectivity is a must (at least under build 2486 of winxp pro).

Re:Oh, god, no!

[tulare]

I dunno ?genius. I guess if you weren't so hastily blasting out hard-nosed apology for the Redmond team, at least two things would have happened: first of all, you would have seen my comment [slashdot.org] which I posted when someone pointed out that the ZoneAlarm port is already out. Second, you wouldn't have run into the Cowboy speech, which considering how much you appear to be missing, probably wouldn't be a bad thing.

My beef is with the Big Picture of what M$ is and has done. The beef you attempted with a later post [slashdot.org] is yet another example of this. No, Microsoft wasn't opposing DR-DOS because it was screwing it up: they deliberately set 3.1 up so that bogus errors would appear if a user wasn't using MS DOS, which IMHO was and is inferior.
No, the problem is trust. Microsoft has done just about everything possible to ensure that they don't have mine. Remember the truism: fuck me once, fuck you. Fuck me twice, fuck me! Bill can go find another hunny to take from. He can't have any more of mine.

MS Marketing : internal pr

[Alien54]

No, the problem is trust. Microsoft has done just about everything possible to ensure that they don't have mine. Remember the truism: fuck me once, fuck you. Fuck me twice, fuck me! Bill can go find another hunny to take from. He can't have any more of mine.

Agreed. It has gotten to the point that I no longer trust their technology solutions, because of all of this enhancement in ther marketing and monopoly functionalities.

Let me repeat this. I do not trust their technology. I do not trust their marketing. There is the old joke revisted: How can you tell when an MS exec tells a lie? Answer: [fill in the blank]

Many MS geeks live inside a microsoft world depicted by microsoft marketing. Imagine the vaporware presentations they give the staff about the new technology coming out 5 to 10 years down the road! No wonder they go OOO and AHHH. But it is vaporware all the same. MS probably lies to thier staff as much as they lie to us. They got to keep the vision alive, sell the microserfs on the long term dream enough to get get 5 or 10 years of juicey code out of them before they burn out.

I should install what I want on my PC, period.

[Maul]

It doesn't matter if these programs do not work properly with Windows XP. This feature is dangerous, and gives Microsoft yet another unfair advantage over competing products.

Sure, it might block programs to cause Windows to crash, but it could also be used to block software MS just doesn't want you to run. They've done things like this before. Because MS feels safer with Dubya's administration, I won't be surprised if they do even nastier things to competition than they did in the past. I expect them to try to kill off all non-MS operating systems by replacing TCP/IP with their own.

When I buy a PC, I should be able to install whatever software I want, period. If I'm dumb enough to install software that is known to make my OS crash repeatedly, so be it. It is MY box. I'm responsible for what happens to it. If we give away that responsibility to MS, then we're also giving them the ability to further steal away our freedom of choice.

/. has had lots of recent articles about business wanting to kill off the internet and replace it with a new one where users are at their whim. I think Windows XP is going to be Microsoft's stepping stone to creating that new internet. Companies will pay MS to give their packets priority. All service providers will have to pay MS royalties to use their protocols. All users will have to upgrade Windows every year to stay connected. MS will control it all, and their software won't even allow you to TRY to install another network protocol.

And it won't be any more secure than what we have in place. If anything, stupid email viruses and exploits will be even more damaging than before, because now EVERYONE will have the exact same system setups. And each time one of these attacks takes place, Microsoft can charge everyone for the update.

Oh, and let's call this new Internet/Software Control system "RapeNet," since that is what it is going to do to each and every computer user.

Re:I should install what I want on my PC, period.

[spongman]

sure, Micrsoft could put code in windows to automatically transfer funds from your back account to them when you log onto your online banking system. will they do this? i don't think so. are you being paranoid? why, only you can answer that one. careful though...

Guess what - more FUD

[Drestin]

Zone Alarm has ALREADY been updated to be XP compatible. BlackICE will be updated before the end of next week to be compatible.

This is a Good Thing(tm) for MS to do. If they KNOW that a certain driver is bad then why shouldn't they prevent you from making an obvious mistake. Why would you WANT to be able to add in a known bad driver? You actually fault MS for this? I applaud them - I say: FINALLY!!

Re:Guess what - more FUD

[Tri0de]

Because- I *AND ONLY FUCKING I* should decide what does or does not get installed on my computer. I DO NOT give a shit about what you *OR* Mickyshaft think will or will not work. Not that I intend to use Xcess Profits anyway, but, still, fuck them, and anybody who would ever say to me or anyone "No, you shouldn't have that". I shall install, upgrade or uninstall any damn thing I want to on my computer. If it dosen't work then I'll fucking troubleshoot it myself; fuck Redmond and their FUDsters.

Re:Guess what - more FUD

[spitzak]

I would greatly applaud MicroSoft getting away from their back-compatability parnoia and actually fixing the system. But this is obviously not the reason they are doing this.

If they were fixing the system and unconcerned about old programs doing "tricks" they would switch to NT as the underlying system. XP is not NT. They have promised the NT+DOS merge for TWELVE years now and it has not happened, this is because the upper management (probably in a big fight with the actual poor saps who have to implement this mess) do not want to do obvious steps, like have all programs that make an old call pop up a box that says "This program does not work on Windows XP". The problem is that this may prevent some sales of XP and the continuation of older MicroSoft machines, which are actually their biggest "competitor" (there are about 100 times as many Windows '93 machines than Linux machines, and that is probably an "enemy" they are more worried about!).

This system sounds like it will allow them to actively choose which programs they want to have fail, and they can make them fail with ominous messages about the given program being unsafe and disallowed by MicroSoft.

Serious OS design would cause Black Ice and literally thousands of others to fail at startup, possibly with cryptic messages. And I agree with you that would be a good design decision. But that is not what they seem to be doing.

Re:Guess what - more FUD

[spitzak]

Um, that was what I was trying to say. My complaint is that MicroSoft is not breaking *enough* software. They should have switched to NT a decade ago and they still haven't. This is not good design and demonstrates that they are quite unwilling to break existing software, no matter how good of an idea it is.

I am concerned that they have decided to break old software by explicitly putting each piece of software in a list that they control, rathern than having the software fail for technical reasons that are under the software writer's control.

If We Trusted Them....

[quakeaddict]

If we trusted them this might not be so bad. They ARE trying to make the end user expereince better. they are trying to say that drivers that are certified to work will be allowed.

The problem is though...we really do not trust them. I like MS and I don't trust them.

On the bright side though, this seems more like a hardware issue. Except for mice/keyboards/joysticks there isn't a wholelot of hardware MS sells. Thats not to say though that they wouldn't blackball a competitor of a favored hardware manufacturer that pays them a little extra cash to get their hardware/driver certified.

It seems to me that if what it takes to pass the test is out in the open, and it really is in MS's best interest to do that, there shouldn't be a p[roblem. I have always said that the reason why MS seemed so unstable was because the device drivers and the devices really didn't play well with Windows despite the Windows certified logo.

Instability?

[Cardhore]

I want to know exactly how people know that "most of the instability I've had with windows was due to bad 3-rd party drivers."

--or--

"Most of the instability I've had with windows was due to windows."

A whole new Bred of Hacks!

[QwkHyenA]

I can see this one coming a mile a way!

I can imagine someone flooding Microsoft's 'Crash Dump Servers' with loads of fake dump info making Microsoft take action on disallowing that application to run!

First one to make Windows XP NOT ALLOW OFFICE XP TO RUN --->!!WINS!!

Re:A whole new Bred of Hacks!

[Tackhead]

> First one to make Windows XP NOT ALLOW OFFICE XP TO RUN --->!!WINS!!

1) Virus/worm.
2) ...that randomly corrupts one or two bytes in a pointer table in a .DLL installed by Orifice XP...
3) ...that modifies itself to change which bytes its children will corrupt before attempting to propagate...
4) ...that securely deletes itself after propagating, leaving only the corrupted .DLL files or other internals.
5) Bonus points for doing some RTM-Worm-like cross-platform magic and using r00t exploits to leave a reservoir of Linux boxen from which it can re-emerge after the publicity dies down.

Good thing I'm not running XP. And never will.

First step towards software closed shop

[heretic108]

Something tells me that this is the first step towards creating a 'closed shop', whereby NO software, not even application-level, can be installed or run unless it has M$'s approval.

Goodbye small independent software developers - if you can't afford the hassle and expense of MS$'s Certification Program, or if you don't toe the party line with MS$'s marketing agendas, then you'll find that your software is barred from Lose-dows XP.

Another possibility is that unknown software might be severely restricted in what XP allows it to do - for instance, non-certified programs may be strictly forbidden from all but the most basic access to the Internet.

And it's only a matter of a couple of years before you won't be able to buy a legal copy of Win2k, Win98 etc - it'll be WinXP or nothing.

Don't be surprised to see mandatory updates of XP which include blocked websites, blocked protocols etc.

I hope that the masses migrate to Linux, and that WinXP fails to recoup its development costs.

The Future of programming....

[F34RL3SS L34D3R]

Since XP is being pushed so hard by MS as the future desktop OS, I wonder what type of questionable changes like this will have on those in the programming community who write for MS products. It would seem that ANY software corporation not directly in contact with MS, might possibly be hung out to dry and on their own in terms of support. From where I stand, Windows 2000 may be the last functional OS MS has released.

Just another evolved monkey with a keyboard!

Good! Finally we get rid of stupid "personal fws"

[arcade]

Ahh. It would be So Cool if microsoft actually blocked blackice and zonealarm. Preferrably blocked each new version, with each new update of windows.

The "personal firewall" industry is a full-of-crap industry created by the media. There is absolutely NO NEED for a person to install a 'personal firewall'. There is a small set of rules he should follow to be safe from email-viruses, trojans and "crack attempts".

The firewalls prevents crack attempts, and preventes outgoing connections on non-allowed ports from non-allowed software. The first .. well .. normal people with windows (or newser linux distros) really have their computers pretty damn closed down when they buy'em. If they open things up - they really don't need a firewall to "double-check" everything for them.

The "firewall" may prevent them from becomming netbus/back orifice /sub7 victims, but only _after_ they've been stupid enough to run the fscking trojan in the first place. NOrmal rules of conduct on computers really says that they SHOULD NOT RUN PROGRAMS THEY DO NOT KNOW.

The entire 'personal-firewall' industry is a mediahyped hystery that really shouldn't exist. Its an industry that is all about creating 'fear' in the normal citizens, and the SO CALLED "security consultants" that recomends that you should install personal firewalls .. well .. I don't know why they do it -- either they are stupid or they are bought out by the "personal-fw-industry".

Personally I just shake my head when I hear about stupid lusers that has actually INSTALLED such things.

Re:Good! Finally we get rid of stupid "personal fw

[jchristopher]

The "personal firewall" industry is a full-of-crap industry created by the media. There is absolutely NO NEED for a person to install a 'personal firewall'. There is a small set of rules he should follow to be safe from email-viruses, trojans and "crack attempts".

I MUST disagree with you. You should see my ZoneAlarm logs of people port-scanning me, trying to make a connection on every port.

I am not a systems administrator, and although I try, I do not neccessarily have the knowledge needed to completely lock down my various systems.

ZoneAlarm fills two important needs:

1. Prompt me when incoming connections have been denied on some port. (Lets me know I have an open port, also, it's nice to know when you're being hit so you can do something about it if it gets really bad)

2. Lets me know when spyware has been installed on one of my systems, because the first time it gets installed, I get a prompt when it tries to 'phone home'. I can then deny the connection and go uninstall it.

I want to KNOW what internet traffic is coming IN and OUT of my system. ZoneAlarm fulfills that need, for $0, and deserves praise.

Re:Good! Finally we get rid of stupid "personal fw

[mikethegeek]

"I want to KNOW what internet traffic is coming IN and OUT of my system. ZoneAlarm fulfills that need, for $0, and deserves praise."

Microsoft has a history of creating deliberate incompatibilities for competition, and it's no coincidence that ZoneAlarm and others find their software broken for no good reason in XP. It's happened before and it will happen again, and KEEP happening until developers learn that when they are playing M$'s game, the only winning move is NOT TO PLAY.

In the case of a firewall, or any other kind of security software, I have a LOT more faith in a third party than I do in MS's "security bug a week" laughable record.

I have no doubt that MS's so-called "firewall" in XP with Active Swiss Cheese (tm) technology will prove just as sucessful as their foray into bundling anti-virus software with DOS 6.x (horrible failure).

Bundling a swiss-cheese firewall with the OS is a BAD idea, as it will, like the MS Anti-Virus debacle, it will give a LOT of people a false sense of security, and cause the demise of third party security apps for `Doze (who will cease development because their air supply is cut off). Which will do NOTHING for MS's reputation as the least secure, MOST dangerous OS to let loose on the `net there is.

Aim down, FIRE, where did my foot go today?

Re:Good! Finally we get rid of stupid "personal fw

[svirre]

Are you opposed to traditional firewalls as well? While a personal firewall can't compete with a dedicated firewall it will still provide far better protection than a bare connection.

While you can likely keep a machine free from trojans by beeing cautious of who you source your software from, there is still loads of spyware out there, some contained in quite useful apps.

While you can say (/shout) "SHOULD NOT RUN PROGRAMS THEY DO NOT KNOW". In practice noone can know all the software they run, as this entails reading and understanding all source, as well as building from the ground up all software you use. Some trust must be applied, and when you trust you may be mistaken.

A firewall app provedes an extra layer of security against your own erronous judgements (after all noone is perfect) as well an enable you to use and identify some spyware without sacrificing privacy (By blocking the spyware's channel to home)

Since when ...

[whjwhj]

Since when did it become the responsibility of the OS to insure that third party software / drivers work adaquately? Clearly this is a ploy by Microsoft to wrestle even more control from third party vendors.

I've been using Windows on the desktop (more out of necessity than anything) for several years. But I am *not* going to upgrade to XP. No sir. I'm going to jump ship to the only other viable desktop alternative: Mac OS X.

Another piece of misinformation

[roguerez]

This is so typical of some Slashdot submitters. Any news about Microsoft is mangled into something bad about the company, regardless whether this really is the case or not.

In this case, only CURRENT versions of these programs are blocked, because they access Windows internals which causes instability on XP. They just need to be adjusted to work with XP correctly. Just like some /dev/ files changed between some version of Linux. Microsoft preventing this software from installing is like having different plugs for 220 V and 9 V devices so you won't plug your shaver directly into a high voltage outlet.

People who badmounth a company (whether it be Microsoft or another) using information like this as an argument should either shut up or be sued and punished for spreading mis-information.

It's a perfect example of double standards: when Windows crashes this is always the fault of Microsoft, not of bad drivers or programs which access Windows internals, while in fact they often are (especially video drivers). When Microsoft tries to do something about it, it's suddenly only done for promotion of their own firewall software.

Make up your mind. If you are against Microsoft for monopoly reasons or anything else, that's your right. But mangling any piece of information to something negative only hurts the credibility of the anti-Microsoft camp.

Re:Another piece of misinformation

[pjrc]

In this case, only CURRENT versions of these programs are blocked, because they access Windows internals which causes instability on XP. They just need to be adjusted to work with XP correctly.

It is such a stretch of imagination to believe that Microsoft could improve the APIs that are used to "access windows internals" so that it's simply not possible to "cause instability on XP"?

Not a bad idea, but not perfect, either

[chennes]

Putting all the anti-Microsoft BS aside, this really is a pretty good idea - they just need an opt-out option. I wouldn't mind MS telling me that the driver I'm about to install has crashed 4 trillion machines - but I reserve the right to go ahead and install it anyway.

Re:Not a bad idea, but not perfect, either

[spongman]

yeah the problem with this is that when the operating system crashes because of a 3rd party driver Microsoft often has to take the cost of a support call. This cost effecively means they may as well not have sold that copy of windows - it's a huge hit. anything they can do to reduce the number of support calls - especially when it's not their fault - it a big win for them and their stock-holders.

Re:Not a bad idea, but not perfect, either

[CAIMLAS]

Take the cost of a support call? No, no, no... no. They don't pay for you to call them, you pay them. They charge extorbanant prices for per-minute calls, where you're lucky to get someone that knows what they're talking about. It's likely the person on the other end is simply a glorified marketeer.

From this standpoint, it's more financially beneficial for MS to put intentional glitches in their software - if anything.

Makes you ponder why Win98 had/has more problems and is less stable than Win95...

Re:Not a bad idea, but not perfect, either

[Joe Rumsey]

And besides, with a little bit of futzing, you can easily disable specific drivers from being on the list.

That's probably true, since the article tells us what file the list is stored in, but that list is going to be automatically updated periodically, so even assuming that it is easy to manually remove drivers from the list (which isn't clear, you never know what kind of tricks they might play to avoid letting you run your system with a modified file!), you're going to have to do it every time it gets updated. And maybe they'll move it around or otherwise obfuscate it in future system updates.

I do think that this is a REALLY NEAT IDEA. Heck, some Linux distro should steal it. But it's not so neat not if they are forcing everyone to use it.

Ah well, it's not like this is the first reason not to use XP.

it IS Microsoft's fault

[janpod66]

It's a perfect example of double standards: when Windows crashes this is always the fault of Microsoft, not of bad drivers or programs which access Windows internals, while in fact they often are (especially video drivers).

Software vendors don't "access Windows internals" because programmers want to--it takes a lot of time to do so. They do it because Microsoft's APIs are insufficient and poorly thought out. Microsoft has profited handsomely from this because third parties have managed to figure out how to make that pitiful platform do things Microsoft never had the sense to design APIs for. Without third party vendors doing this, Windows would be nowhere. Now that Microsoft has finally copied enough from other vendors, their system doesn't quite need such enthusiastic third party software vendors anymore.

It's also a question of architecture: except for a very limited set of hardware drivers, there is no reason why the installation of anything should either be prohibited or cause instability. (Linux doesn't get this right either, but it is considerably better than Windows.)

The biggest problem with this is, though, that, whether it is sensible or not, Microsoft is driven by the profit motive, and for them to be able to exclude vendors from the market and force them to submit to certification procedures is a great way of controlling their market and increasing their profits. That is, even if there is some weak justification of this action in terms of profits, it is still highly suspect, and should be.

This isn't about being intrinsically "anti-Microsoft". The company has been found to be a monopolist, and it is rightfully subject to this kind of scrutiny and suspicion. Microsoft needs to tread extra careful in ways other companies don't have to, and instead the company is still giving consumers, software vendors, and regulators the finger.

(Incidentally, your characterization of blocking "only current versions of the drivers" is incorrect. I suggest you take the time and actually read the document at Microsoft's site describing their policies.)

Why can't I post a longer message than 2 lines?

[Otis_INF]

bug in slash?

I hope they automate this server-side...

[Kjella]

...because I can't wait to see something like KERNEL32.DLL or NTDLL.DLL getting blocked. Then again it probably has a "if M$ then ignore", if not they'd never get the beta out the door. Disclaimer: Using win2k here, and from my personal experience, next to a crappy ISDN card driver, most BSODs happen because of M$ internal drivers.

Kjella

Stop whining and keep using win2k.

[tcc]

I mean. what is WinXP? it's taking a very good and successful product with good features, and put some "meat" around it to grab more marketshares. For most of us, everything new XP has to offer we know how to install the equivalent on win2k... switching from Win2k to winXP is simply an interface upgrade (which can be done also with windowsblind(?) or similar).

Question is, is there a good reason for a win2k user to upgrade (downgrade I should say) to XP? XP seems so much more restrictive WIHTOUT giving any new features that can't be match with 3rd parties software. It's not an OS for most of us who like to mess around with hardware or software and betas. It's meant for the home user that is running 98/ME and wants to upgrade, THAT guy is gonna see a shitload of improvements.

Yes there's a professionnal version as well... I know... do you really think it's gonna be a major seller? heck they didn't expect win2k to sell that much, why did it sell that much? Games support/directX, Stability, speed, dual processor support, etc... XP offers nothing new in any of these area, so the win2k userbase Won't upgrade unless they have money to burn.

Finally, that product activation thing is gonna be another major pain in the butt for them, most IT people won't tolerate that, and boycott it. (personnally I don't feel like wasting 10hrs a month waiting over the phone because something bad happened to my users and I have to reactivate each one of them one by one or for whatever other reasons).

Spoofing?

[JimDabell]

How can Microsoft stop people from sending in spoofed data? What will stop, for example, NVidia from sending in data that makes Matrox drivers look buggy as hell and getting them blocked?

Misleading summary

[Phroggy]

Note: according to this article, the change does not prevent Black Ice or other programs from running per se -- but it does require them to use updated versions tailored for XP.

Hello??? Anybody home? Did it occur to anyone that maybe the reason why Microsoft is considering blocking old versions of ZoneAlarm and BlackIce is because they don't work on the new operating system? I'm sure by the time XP ships, there will be updated versions of ZoneAlarm and BlackIce available, and users will simply be required to upgrade them (for free I'm sure) before installing them on XP. If Microsoft didn't do this, some morons would try to install the same old version they used on Win98, and it would break things, and many of the users would blame XP.

Microsoft did something similar in WinME: the OS ships with a database of known-incompatible software, and if you try to run a known-incompatible program, it gives you a warning, with the option to cancel or run it anyway. An example of this is Enternet 100, a PPPoE client that Mindspring used to distribute for their ADSL service. Guess what? It actually doesn't work on WinME. Runs fine on Win95b, Win98, NT 4 and 2000, and I understand there's a way to hack it to make it work on ME, but according to the company that makes it, it's not compatible - you have to upgrade to a version of Enternet 300, or use a different PPPoE client. I did tech support for Earthlink after the Mindspring merger, and that feature that Microsoft put in actually saved us from some pretty annoyed customers, because it told them it wasn't going to work before they found out for themselves the hard way.

Re:Misleading summary

[Sarcasmooo!]

Well thank god we have Microsoft to solve all our problems so us morons don't have to deal with them. I'm done putting peoples' rights over the rights of a for-profit business. I want passport and hailstorm, I want my news handpicked by MS-spinsters before I wake up, I want my computer tailored to MS's idea of what I should be using it for, I want my car fixed before I even knew it was broken, and when I become utterly vacant of dignity and turn to suicide as a last resort, I want hailstorm tobe able to notify the authorities when I purchase a noose. Now, please bend over.

The real reason for this:

[JoeShmoe]

Is to do away with those pesky non-standard codecs like SMR, DivX ;-), 3ivx, M$MPEG-4 and so forth. Right now you get just a warning when you try to install those ACX/DLL files but come XP then that "Unable to find codec" message is all you are going to see.

Also you can say goodbye to those wonderful drivers that let you load a "sound card" to output the contents of the wave device to the hard drive of those "video cards" that let you screen capture ASF/RM player windows in an unencrypted format.

As soon as the encrypted video standards are rolled out you can bet that any kind of video output driver will be limited to VHS quality or the driver just simply won't be allowed.

Microsoft is smoking some serious crack if they think they can become the sole authoritative source for drivers on the Internet. Their WindowsUpdate driver server (if you go though the process of registering your hardware config with Microsoft) is worthless and do you think that companies are going to want to have to go through the hassle of signing very beta or unsupported driver they release?

Lesson from history folks...when the Amiga 4000 came out and told their customers that everything they had bought up to this point was no longer compatible Amiga went down the toilet. When Mom and Pop find their CD burner no longer works because their manufacturer hasn't gotten around to becoming "XP Ready" (even though the code base is no different than NT/2K) then I seriously doubt they'll be keeping it. Even though they can't return it. Shafted.

- JoeShmoe

Re:The real reason for this:

[shokk]

All they will do is drive people to dual boot their machines to Linux for those purposes. Anyone using "SMR, DivX ;-), 3ivx, M$MPEG-4" are probably good enough with computers to handle the dual boot. So just keep MS for the MS approved games, and start using Linux for everything else. Eventually the games will follow.

Another real reason to kill non MS firewalls

[owlmeat]

The last thing that MS wants is for the user to see a bunch of pop-up warnings each time XP and MS servers talk to each other to validate/snitch registration information.

Re:The real reason for this:

[KarmaBlackballed]

even though the code base is no different than NT/2K

I think not. The XP code base shares its roots with Win2k but is not Win2k.

Re:The real reason for this:

[JoeShmoe]

Yes...and Win2K shares its roots with WinNT but is not WinNT. Windows NT 3.x laid the groundwork, registry, ntfs, accounts, services, events, hal...etc. NT 4.x added the familiar interface and rudimentary multimedia functions, increased drivers...etc. 2K added plug and play, USB firewire, file encryption...etc. And now XP adds the Luna interface, registration locking, driver blocking...etc.

It all depends on what you define as code base. To me, Win2K and XP are no more different from NT4 as Windows 98SE and ME are different than 98. Basic updates and add ons that could have easily been added as an incremental release.

I'm still pissed as hell I had to upgrade stable bloat-free NT4 servers just because I needed to access a USB accessory...there's is absolutely no reason why MS couldn't have done USB support in NT except for the fact they would sell less 2K!

- JoeShmoe

Re:The real reason for this:

[TummyX]

Funny. DivX works fine on XP RC2 here.

You only get warnings. It doesn't prevent you from installing any unsupported driver. I've install the beta nVdia 14.2 drivers as well.

If Microsoft prevented you from installing ANY unsupported driver in XP it would mean 3rd parties can't write custom drivers without going through microsoft. I see nothing that mentions this will ever happen in the DDK docs.

Re:The real reason for this:

[JoeShmoe]

From the document:

One of the valuable prevention features that have been added to Windows XP is the ability to block users from installing a particular version of a driver. Since the release of Windows 2000, Windows has had the ability to block installation of a driver through a Setupapi.dll check of known problem drivers. Windows XP adds the capability to update the list of problem drivers from Windows Update. Windows Update, independent of the access mechanism described above, automatically downloads this information.

Read that...the list of drivers is controlled by a DLL that is updated by Microsoft. The information is automatically updated.

If a user with administrative privileges has the device installed (or plugs an external peripheral into the PC), they will receive a balloon popup in the taskbar indicating that the driver has known problems and will not be loaded. When a user clicks on the balloon or notification icon, Help and Support Services will provide information on where to get an updated driver if information is available. Driver blocking is independent of whether the device is signed or not (i.e. Microsoft will block signed drivers that are known to have problems).

So yes you are correct...it will be possible for 3rd parties to add in their own drivers...the catch being that Microsoft still retains control over them...even if they are signed (which most unofficial drivers aren't). All MS has to do is add the driver (probably DLL information?) to their list of "problem drivers" and they will be blocked.

I don't know bout you...but that sounds like a perfect setup for MS to break practically any application they want at will on millions of PCs in a heartbeat. Brrrr.

- JoeShmoe

Maybe they should fix their priorities...

[Guppy06]

I've seen several posts jumping on Slashdot about how this story is biased against Microsoft, how it's normal with such a big change for the OS, that the hardware and software in question will have new versions, and so on and so forth...

However...

One thing no post has touched on (at least not to my satisfaction) is why popular hardware and software manufacturers need to bend over backwards to keep up with changes to the operating system instead of the other whay around.

The one you got aint workin so good

[Graymalkin]

So...Windows XP figures out when vendors write shitty drivers and call them on it by informing you and the vendor and that's bad? Is it just as bad when a kernel module causes a core dump and it writes a mail message to the admin defining the error? This is ridiculous. So the fuck what if Microsoft fucked over Caldera by making Windows 3.11 crash on it, it's their fucking product. Windows 2000 supports driver certification just like Win XP does, it is a professional class workstation OS and damn well should have some way to verify the integrity of the hardware drivers you're installing. Maybe when a vendor's drivers keep causing a system to core dump they will get on the ball and release what we call "updates" to their drivers. I'm sorry releasing a single driver update over a product's lifetime is a pretty shitty way to treat your customers. Compare for example Creative and nVidia. Creative drivers for their sound cards and modems are over a year old and dispite being shit have not been improved upon at all. On the other end of the spectrum nVidia unified their driver base and continuously updates and refines their drivers. It drives you to buy shitty bargain basement hardware for your systems because at least then you get what you paid for.
I'd like to see alot more talkback features in fucking software so vendors can actually improve their fucking products. The Omni group pretty graciously lets you use their browser for free with no restrictions yet maintains a bug tracking system. Bug report e-mails aren't exactly support for software. Slashdot always finds a reason to bitch just because Microsoft's logo is found somewhere near an article.

As an Option

[Midnight Thunder]

As said by other posters this is probably not such a bad thing, as it ensures that driver developers do better quality control before they release the driver. The problem, like anything it is open to abuse. For example do we know for sure that MS will be putting the same limitations on home grown drivers, or that they won't use this in anti-comptetitve manner? We don't, but this doesn't mean they will (only time will tell).

I believe that if there was an option to disactivate this feature, or have a admin control-panel which lists the software that has been perceived as causing the problems, with an over-ride, then I am sure users would appreciate this feature a bit more. The FUD comes from the fact that the user, as I understand, has no control over this feature and has to trust MS is not abusing their position - given past history it would take a lot of faith to put 100% trust in them.

Being to turn off this featue would also mean that you don't need an MS certified development environment to develop your software.

The other question I ask myself, is what do you do if you don't have an internet connection?

and you all bitched

[gsfprez]

when apple wouldn't let you change the theme of Mac OS X?

ah...the days of installing whatever drivers we felt like installing...make us sound like the "I actually USED punchcards!" guys, don't it?

Gee

[Snover]

What happens if "explorer" crashes? God knows that it happens at least once-per-day to every Windows user. Would that be an unacceptable threshold? Would explorer be put on the banned driver list (putting aside the fact that it isn't a driver, heh)

Stop the ride! I want off!

[shokk]

Firewall included in XP? I can see the support calls now.

"I heard about these viruses and l337 h4x0r5 and wanted to protect my desktop so I installed the firewall. Why is it you people can't have a stable network?"

"But, Bob, you're protected inside our site firewall. You didn't need that, and that is why your network stopped working."

OK, so this scenario could happen with any of the commercial firewalls now, but in most places one would have to go through an approval process to get the software, where if it is now included on the CD it is more readily accessible and much easier for people to screw it up.

And frankly with everything that Microsoft has gone through in the last few months (sites hacked into multiple times, Red Code, etc.), they are the last people I will trust to make firewall product. They had better have already qualified both Zone Alarm and Black Ice. This "driver blocked by vote" idea is just too too dumb.

Re:Stop the ride! I want off!

[SuiteSisterMary]

Just so you know, an NT admin would simply define a group policy to disable that option for XP installs on their network.

Re:Stop the ride! I want off!

[shokk]

For my firewall needs, I went with Darrel Reed's IPFilter [anu.edu.au] on an old Sparc5. As a single purpose box, it more than fills the need to protect my Windows desktop machines at home. Here in the office, I went with Netscreen [netscreen.com], a relatively cheap, but powerful firewall, VPN, and remote access solution.

Blocking drivers is minor.

[Bartab]

The big thing is that they will be uploading crash dumps.
This is just another method to determine what things are installed on your computer. They couldn't get away with HD scan uploads, so now they upload what's installed on your computer - but only when it crashes. On windows, that's more than early enough, my win2k box crashed twice today.

Do you have StarOffice installed? Well that's why you crashed.

Re:Blocking drivers is minor.

[tswinzig]

This is just another method to determine what things are installed on your computer. They couldn't get away with HD scan uploads, so now they upload what's installed on your computer - but only when it crashes.

I realize this is blasphemy to say this, but I seriously doubt Microsoft would be stupid enough to risk the fallout that would occur if people's crash dumps were anything more than anonymous.

There is just no way in hell they are going to have your computer send them anything more than the crash dump and system configuration data. Not your personal data.

I know you paranoids will think of a million different ways that Microsoft can try to tie this data to you personally ("They can record my IP address," "They can match up my name and location to caller ID," etc). But the fact is, the watchdogs are going to be all over this, and it would be suicide for them to try it.

As an example, whenever you are setting up Windows Update, they make it very clear that they are only sending system configuration data (which you can view), and not anything personally identifiable. They realize people are paranoid about that, and when the screen first loads, it says something like "checking your system configuration -- this is done without sending anything to Microsoft."

They are dumb, but not stupid.

Re:Blocking drivers is minor.

[IronChef]

I wouldn't have thought they'd have faked three videos presented as evidence in a Federal court, either.

Re:Blocking drivers is minor.

[tswinzig]

The entire justice system can't touch MS

How did they win their recent case against MS?

but they will be afraid of watchdogs

Microsoft has repeatedly been bitten by watchdog groups, and often changes their behavior because of it. Apparantly you need an example. How about the recent Smart Tags issue? Everyone got in a tizzy, and Microsoft pulled it, even though I feel the problem wasn't as bad as it was made out to be.

MS has a monopoly and they can do whatever they damned well please. They have 30 billion in cash for chrissake they can buy the entire congress and have change left over to buy the president. Oh I forgot they already bought the president and the attorney general nevermind

Uhhhh yeah. ok.

Re:Blocking drivers is minor.

[Malcontent]

Who cares if they lost? They lost before and all they got was a slap on the wrist. This court is going to do the same thing. They are utterly immune from any and all pressures from the govt. MS is above the law. If you need proof take a look at the trial. For most people tampering with evidence is a crime for MS executives there is zero punishment for evidence tampering. Same with witness tampering, intimidating witnesses, and of course lying under oath.

BTW if you think smart tags are gone you are really stupid.

Clogging up the internet

[DrCode]

People are worried about all the worms and viruses slowing down the internet? If every time Windows PC's blue-screen, the data is uploaded to MS, it will slow to a crawl.

Re:Crash dump uploads are totally voluntary!!

[BeanThere]

Are you incapable of thinking long-term? Just because something is voluntary now doens't mean it will always be. New Microsoft features are almost always voluntary - they're usually voluntary only until people have gotten used to the idea. Then either they become involuntary, or the process of opting out is made overly-complicated and obscure, so that most people just give in anyway. Think man.

Re:Blocking drivers is minor.

[dasunt]

I'm sorry I'm not 3l33t3 d00d downloading warez versions of XP. I'm certainly not following the beta process of an OS I have absolutely no intention of installing even when it's final. So, stick your ego ....

WinXP has been in beta for awhile now, someone in the local shop has been testing a prerelease version for the past month. In Microsoft's big package of fun software you can get for $500/year, the latest one the local shop got included WinXP (arrived this week).

So, don't start flaming people who have actually researched and used an OS that a vast majority of us will probably come in contact with over the next few years. Some of us can't support a Linux only setup, there are end users, and customers, with software sometimes going back years, and specialized equipment with windows only support. Hint: Linux may be nice, but it doesn't work everywhere, for everyone.

(Oh, replace "Linux" with your operating system of choice. The argument doesn't change.)

News at 11

[bryan1945]

"This just in: Microsoft drops support for all security products in a move to solidfy support for its own firewall. However, Microsoft's firewall has a mere 61,000 bugs, but only 20,000 are considered to be serious. Bill Gates says, 'Screw you Steve Jobs, we got the money, baby!'"

And everyone thought that Apple's "Big Brother" ad was so off the wall...

Things to remember

[cluge]

Remember Microsoft claimed they were working on a fix for DrDOS. It just never came.

The windows XP OS "phones home" and delivers information to MS headquarters (supposeldy just about your liscence data and nothing else of course). If you had a firewall program like Black Ice or ZoneAlarm you would be alerted that your computer was trying to send something over your internet connection. You could then STOP IT from transmitting data with a functional personal firewall.

When MS says they are working with vendors on an "XP" version what they really mean is
**sillymodeon**
"We are forcing vendors to allow our Big Brother program to work without your ability to disable it because we really need to know what software you are installing and whether or not you have an ext2 partition or other non-suitable for XP partitions on your harddrives. You of course have accepted us snooping into what you eat and your e-mail when you bought windows XP, merely glancing at the packaging in the store binds you to this agreement whether or not you even own XP. Our lawyers are that well paid *wink*".
**/sillymode**

I don't think I will be purchasing any computer with XP on it.

The implications

[Mihg]

I've seen lots of comments about how Microsoft is evil and is trying to eliminate all their competitors in the personal firewal market and how they are going to spy on what the users have installed and how they will block web sites a programs too, along with the drivers, but nobody seems to have realized the true implications of this modification to Windows, instead of all the paranoid stupidity.

First of all, this provides another revenue stream for Microsoft. In order to get their the drivers marked as Windows XP Compatible (and the digital signature that goes along with this), hardware vendors will undoubtedly have to pay Microsoft some fee, whether it be for the signature itself or perhaps something slightly more useful (and less greedy), like paying Microsoft to do some testing on the drivers and then providing the certification.

This isn't particularly bad (although, Microsoft is once again abusing its monopoly power to gain money, who else are the hardware companies going to make hardware for?).

What does worry me is the fact that this provides an easy way for Microsoft to infulence hardware manufacturers. If they don'y follow Microsoft's "suggestions", the testing and certification could be "accidently" delayed, while all the hardware company's competitors deliver their products to market before them.

What will those suggestions be?

Probably something like "Hey, you know those weird communist hippy freaks who work on that evil anti-American OS called Linux? We want you to stop providing them with technical specifications and hardware drivers. Thanks, and have a nice day!"

Re:Improve "reliability"

[spongman]

yeah, basically the only way the operating system can crash is if an expcetion raised in a thread running in kernel mode is unhandled. this leads to a BugCheck (aka blue-screen). however, sometimes a kernel thread can cause the OS to hang if it's running at a particular interrupt level and doesn't yield, or otherwise prevents user threads from running (maybe by holding a mutex when it shouldn't). bad driver code is the most common cause of problems on any operating system and I'm sure that this move by Microsoft is just them trying to improve the percieved stability of their OS. The problem with writing drivers is that often the code is specific to one version of the OS. I'm not surprised that vertain driver no longer run correctly on XP. I woudln't want to upgrade to XP and find that I get a blue-screen on boot just because I had some bad driver installed. Maybe the win2k versions of the ZoneAlarm drivers work fine on XP, if so this is a bad move on Microsoft's part, but I wouldn't be surpised of they need updating to a newer version.

Re:Improve "reliability"

[Dr. Evil]

Yes, despite what the most vocal MS critics say, NT is quite stable, third party drivers do kill it.

Linux doesn't have this problem because there aren't too many vendors writing kernel modules.

IMHO, it is a harsh solution for a bad problem. But I can't fault them -- I can't think of any other way of doing it... except maybe a "I forfeit support from MS, and accept the risks of running this driver" button.

Remember too that MS has been responding to industry requests for privacy and control over updates. I imagine this will be among those tools with an option to point towards a privately run server. If not, corporate customers would have a fit. Just imagine being an IT manager finding out that Windows XP purged the video drivers from half your users in North America.

On the other hand, the worse MS gets, the more sense Linux makes.

Re:Improve "reliability"

[MrBogus]

Yes, despite what the most vocal MS critics say, NT is quite stable, third party drivers do kill it.

Infoworld published a Microsoft study into the causes of NT 4.0 failures. "3rd Party drivers" and "Internal failure" were about equal as the two greatest sources of failure. As someone who saw a few bleu screens in the SP1 through SP4 days, this jibes with experience.

Obviously Microsoft's approach has been to reduce both those causes with the much more stable W2K OS and a enhanced driver certification program.

Re:Improve "reliability"

[IvyMike]

Yes, despite what the most vocal MS critics say, NT is quite stable, third party drivers do kill it.

Here's a fix for this problem: MS requires all vendors (except for itself, of course) to open-source their drivers. THAT would be ironic.

Re:Improve "reliability"

[wolf-]

I would say, yes.
We HAD NT systems here that ran for almost 5 years, with reboots only for service packs and hotfixes.

(As a side note, after receiving nearly 35 letters from the BSA and Microsoft, sent to us because we were developers and resellers and customers, offering us a "truce" and calling us all manner of names, we have removed all Microsoft Server products from our organization, have replaced them with Linux or BSD based systems. MS, F*CK you and your BSA Cronies! I dont care if it was a form letter, we were a bit more than offended.)

Re:So its good AND bad - Sigh in an ideal world...

[spongman]

Now I fault Microsoft for writing code that can't handle a drive rfailure,

You can't handle a driver failure. By definition a driver is part of the kernel, and if the kernel screws up, you're toast. the NT kernel does support exception handling, in fact many of the kernel support routines require you to handle exceptions that they throw, but if you don't handle an exception, or BugCheck intentionally then there's nothing the kernel can do. "Oh, the drive controller failed to load this virtual memory page from disk that I was just about to execute kernel code in, hey I'll just make it up as I go along..." I don't think so.

Maybe someone can correct me here, but I don't think there are any desktop operating systems that can recover after an unhandler kernel-mode exception.

Handling the truth (about driver failures)

[warpeightbot]

You can't handle a driver failure.

Exqueeze me??

Hey, I used to write Linux kernel code for a living. I've seen a driver crash all over the place. Multiple times. And you know what? Linux kept on ticking. It's easy to handle a driver crash. Just write the oops to the log device and return from the driver as if nothing happened. Of course, you can't do that when your memory protection has failed (or is non-existient) and the bad driver just scribbled all over your stack...

A driver under Linux is a module. If the module fails, it fails; the scheduler continues to run, and therefore so does the rest of the system. It's not a very pretty way to handle a screwup, but a system complex enough to handle it prettily is gonna be such a resource hog I wouldn't want it. But it does get handled.

As for the wags that say Linux is not a desktop operating system, tell that to my wife, who's been running Red Hat and Mandrake for the last four years. Or better yet, tell it to the Germans, who just threw out Microsoft in favor of SuSE. (And then there's all the folks running OS X, which we all know is just BSD with a nice GUI... and looks a helluvalot like Solaris and CDE...)

You're missing the point

[tulare]

Microsoft is simply doing what it has done for years: describe anybody who has a chance of competing with them, ususally due to a better product, as "troublesome" or "incompatable" or "unstable" and then rewriting critical parts of the operating system to, er... prove their point. I liked DR DOS, and still haven't forgiven M$ for their treatment of it back in the day.

Re:You're missing the point

[Mike Schiraldi]

The apps like zonealarm may serve as replacements for applications INCLUDED with the OS. But who gives a shit? At that Microsoft has already got their money - they really could care less what app you use as long it foesnt fsck the system up and as long as its windows/dos compatible.

Oh, so Microsoft wasn't worried about Netscape, because it only served as a replacement for an application included with the OS?

Re:You're missing the point

[Mike Schiraldi]

1. Tech support isn't Microsoft's problem, it's the OEM's problem. When was the last time you even heard of anyone calling Microsoft Tech Support? When my mom is having trouble connecting to MSNBC over MSN using Microsoft Internet Explorer running on Microsoft Windows, she calls Dell Tech Support and they have to deal with it.

2. Why would people think that everything on their computer was approved by Microsoft? Why shouldn't they think that everything was approved by the OEM? When you buy a car with an AIWA music system, you don't say, "Oh, gee, these must be AIWA tires, too."

The first step is to allow OEMs to replace the bootup screen, so that it conveys the impression of, "This is a Gateway computer running Windows" rather than "This is a Windows computer shipped by Gateway."

Re:Now make up your mind folks

[shokk]

This is not about making things more stable. This is about squashing the competition by claiming that the product was defective. This is just a more brazen way of being anti-competition.

My guess is with this kind of press, Microsoft is going to make the decision to punish them a lot easier for the government. It's transparent and no one is going to be fooled by it. This cannot be helping their case.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:zone alarm and xp rc 2 - gotta love ZoneLabs

[tulare]

Still no reason to buy Bill's Bogus Journey, though. Although the idea of using ZoneAlarm to prevent Microsoftware from phoning home every time I crashed it (by using java?) does have some appeal :)

Oh, yes I can!

[tulare]

It's called "Don't buy the fscking software!" I take every opportunity to encourage people to do the same. Right now, my winbox runs only those programs I haven't had the time to port (yet). I see no need to buy a piece of software which breaks my firewall.

Re:zone alarm and xp rc 2

[cmat]

I another thing I dunno is how to turn off this "feature" in windows....

Well, the thing is you can't turn this feature on or off... it's automatically running all the time in the back ground. And actually, it looks like it's geard to reducing the number of "unstable" drivers on your system. This may or may not be a good thing(tm), however, they did not mention in their reference document exactly how they are going to validate these "crash dumps" that will be sent back to them. They will need to validate these dumps somehow, or else you'll get a new kinda of DoS attack... one where a bunch of computers are crashed purposefully to generate dumps that seem to indicate that a particular driver is faulty. Then MicroSoft blocks this driver from ALL the installed XP user base and Wammo! Driver DoS :)

BTW, I copyright that idea.... erm, yeah, whatever. ;) Cheers!

Hmm, product identification key, remember?

[Balinares]

Yeah, a lot of kiddies and black hats all around the world must have been thinking about that the second they read the article, but you can BET Microsoft will have thought of it: they'll ask for your id key, or worse, your Passport id, before letting you submit crash dumps and download stuff. The former would make sense, since it also contains info about your hardware. Anyway, in both cases, you'll have to auth yourself in a way that will let MS know who you are.
This could also be a way for them to check that you didn't crack the product activation key, for what we know... The sad thing is, it is actually a good idea they had, but they're severed their own reputation so badly over the years, that whenever they come up with something new, people all other the world immediately assume they'll use it for Evil Purposes. The SmartTags weren't that bad, in themselves, for example (go see a screenshot of them, they don't really deface sites); we just assumed they'd be put to their worse possible use. I don't know if we were right to do so. It's just not possible to trust Microsoft.
Ah well. I'm sure the aforementionned kiddies will find a way to exploit the update server anyway. I mean, it's such a big entry point for such a variety of data, there has to be a buffer overflow somewhere in there. And God bless XP users once the kiddies fiddle with the central driver database! :)

Re:What's the problem?

[BeanThere]

You don't see the problem? Its Microsoft doing this. Here are a few questions for you:

(1) Has Microsoft's behaviour, in the past, shown that we can reasonably expect that we can trust Microsoft to NOT abuse this feature to diss or shut out competition?

(2) Looking at the general trend that this feature is most likely to go, can we expect that a similar feature could, in future, be used to block competing^H^H^H^H^H^H^H^H^H, uh, I mean, unstable applications?

(3) In the case of Linux, not only can we most likely expect the entire process to be open and transparent (i.e. so we'll know who is getting blocked and why), but with Linux you can always just rebuild the source with the 'feature' disabled. Now, in the case of Microsoft, can we expect fully open and transparent access to the database of blocked drivers (and in future applications), and can we expect to always be able to disable this feature easily?

Not everything is black and white. Just because the same feature is there, doesn't make it the same issue.

Re:Slashdot Needs A Microsoft Section

[donutello]

That Bill Gates as borg icon you see on top signifies the topic "Microsoft".

While I agree that the whole article should probably be labeled "Flamebait" designed to increase hits, you can always block articles about MS out by going to your user info and clicking "Customize Homepage". Check on "Microsoft" and you won't see any articles about the company again.

The problem, of course, is that you will also miss out on the important stuff like the final resolution of the DOJ case and also that Slashdot editors frequently post thinly veiled flamebait about Microsoft under other topics.

Actually, you're wrong too

[Vladinator]

According to the The NIST Reference on Constants, Units, and Uncertainty [nist.gov] the correct terminology is derived from the International Electrotechnical Commission (IEC), Prefixes for binary multiples. [nist.gov] So as you can see, the correct term would actually be one mebibyte (1 MiB = 220 B = 1 048 576 B). It is suggested that in English, the first syllable of the name of the binary-multiple prefix should be pronounced in the same way as the first syllable of the name of the corresponding SI prefix, and that the second syllable should be pronounced as "bee."

Re:Malicious use

[coolgeek]

New Email Worm Selectively Disables Software on your Computer

Los Angeles, CA February 20, 2003

Think you're safe just because you never open an email attachment, like your computer savvy friends have told you? This is not the case any longer. Software on your computer, software that you have paid hundreds of dollars of your hard-earned cash for, can be disabled on your system, even if you never check your email with it.

You may ask yourself, How is this possible? Well, it seems to be the result of a Half-Baked[tm] feature integrated into the new Microsoft Windows XP Operating System that was designed to prevent the installation of error-prone software on your computer has been subverted by hackers to deny services to computers users on a massive scale.

This technology works by maintaining a list of "good", meaning Microsoft-approved software titles. If a program is not on the list, it cannot run on your computer. Fine enough, but the software ran on my computer yesterday, you might say. The clincher is this, an application that is believed to cause too many errors can be removed from the list, thus rendering it unusable. The hackers authoring this worm have targetted certain software titles, and introduce new computer codes into those titles, causing those titles to create system errors during their use.

Re:Ignorance

[tb3]

because XP is raising the bar to a whole new level in terms of user experience

Oops, blew your cover there, quoting directly from the Microsoft PR handbook. You certainly have earned your right to praise XP; in your weekly pay packet.

*sigh* Again someone who doesn't understand it

[Otis_INF]

Look: the overall experience of XP by the majority of the users of it will INCREASE if the crappy videodrivers from manufacturers like f.e. ATI or Matrox, or soundcard drivers like the poop from Creative, are tested by the MS testlab if they are compatible with XP and don't crash the box.

This way, the name of 'crash-prone' OS windows has for decades will slowly vanish. That's the whole idea.

Now, to get to your point of choice: in win2k, you get a warning when you install a non-signed driver. If you continue, and the box crashes due to that driver, just when you were about to save that important document, are you still happy? Who will you blame? Yourself, because you were so utterly stupid to install that poopdriver? Or microsoft because 'their OS' crashes all the time?

I know the answer. So does Microsoft. That's why this option is included.

What's the difference?

[Keeper]

When Mozilla receives n crash reports from a specific page, they don't block you from looking at the URL that crashed the browser. When Microsoft gets n crash reports from a certain program, they won't allow it to run. Of course, with Microsoft's dubious history, I'm *sure* that a perfectly good 3rd party application that works just fine won't be blocked ... rriiiiggghhttt....