DC writes: OK, people... this a long post about a serious issue, so sit back and read.
As you may or may not have seen recently, on Wednesday, September 12 approximately 8PM central, Microsoft began forcing users of Windows Live 8.0 and MSN Messenger 7.5 and below to install Windows Live Messenger 8.1 as the solution to patching a vulnerability in how webcam invites are handled. The flaw is caused by a buffer overflow that may allow an attacker sending the invite from the other end to run malicious code on your pc by clicking a webcam invite from an untrusted source. A great deal of users prefer MSN 7.5, and do not want to use Live because of it's flaws, system resource hogging, bugs, and the look. This issue does not only affect them, though, it affects everyone running a Windows system, as this may be Microsoft's new policy to their users: use what we tell you to or we'll deny your services.
They act as if installing Live Messenger is the only solution to the problem, and are forcing anybody with a compatible OS to install Windows Live Messenger (WLM), yet also released a patch for MSN Messenger 7.0 for any OS under Windows XP, though installing this on XP or Vista will still force you to install Live, so it is not a solution to get around being forced to install Live, whether you want it, like it, can't run it, or not. Either that, or stop using MSN and change clients, though if you prefer MSN 7.5 to other clients, you should be allowed to use it, as that is your right to choose.
Upon sign in of MSN Messenger, you are presented with a popup stating you MUST install Live Messenger to continue, giving the option of yes to install, or no to close the popup and go back to the sign in screen. You are denied logging into your client until you install WLM. Many people believe this is nothing more than a ploy to force people to install Live Messenger, hiding behind the disguise of a really minor security flaw to save face. I say minor because the only way one can be affected is if they: have a webcam to start a webcam conversation and openly accept webcam invites from untrusted sources. Ask yourselves, how many people do you know that accept webcam invites from just anybody?
A few days before the incident, Microsoft made a comment about the security flaw, and made a small mention there may be a chance for a mandatory update. The day the incident occurred, they issued the mandatory update to Live Messenger to fix the security flaw, completely cutting off all users of MSN Messenger until they installed WLM 8.1, as reported by this blog by the Security PM calling himself Anand, which is also where the nearly 100% of comments state they hate Live Messenger and refuse to use it, as well as the great deal of problems reported that have been caused by the mandatory update. Anand's blog, September 12
A few days after receiving the surge in negative comments demanding they allow use of MSN Messenger 7.5, stop the mandatory update, and release a patch for those earlier versions, which would take little more than modifying the patch for Messenger 7.0, as well as how just plain wrong it is to be forcing people to install this software, a Microsoft employee named Jason released another blog under the title "We hear you!" addressing the issues people had in the comments, yet completely ignoring the nearly 100% who state they hate Live and want MSN 7.5 and below allowed with a patch released to fix the flaw. Sounds like they're really listening to their users, eh? Jason's blog, September 14
On the same day, another blog was released by the Windows Live program manager, Rick, posted again to address the issues people had, and going lightly into the comments about the ethics of the forced install, and the issue of a person's rights to decide what they want to do with their computer. In opening, he states this affects 1/4 to 1/3 of their users, which sounds more like a number pulled out of his rear, as the response from the people seems to suggest that well over 50% of users were forced from MSN 7.5 and below, and at least 60% were forced to install WLM 8.1 to sign in. A search around the net on this matter shows thousands of websites worth of pissed off people looking for a way around the update to continue using a lower version that they prefer. As far as people I know goes, most of them do not want Live at all, and are looking for MSN 7.5.
First, he makes a over-exaggerated claim that this vulnerability that has existed for years already without causing any problems would be capable of bringing down everyone connected to their network, which is completely false, as this vulnerability can only truly affect people on a per user basis. Only the person being exploited by the flaw would be affected by it, as the attacker would have to start another webcam invite from the user's computer in order exploit the flaw again and spread it further than the one user's computer.
Next, he states that Microsoft had to take action to protect their users with the "right fix", addressing the flaw as a disease they must inoculate. Again, this goes back to stating that the only fix for the problem is to force people to install Live, instead of modifying the MSN 7.0 patch for users that wish to use MSN 7.5. This again implies that good old Microsoft knows what's best for you, and will force you to do what they imply is right for you with no concern for your wishes.
He then states that most people aren't smart enough to know how to run their computers and watch out for things, as if he knew what we, the users, know about our systems. Nowadays, I'd have to say that the number is actually more than 70%, at least, that are aware of danger on the net and what to look out for. Again, do they believe that everyone is just going to start accepting random webcam invites from untrusted users?
After once more addressing the stability issues that most, if not all, users that had commented caused by the install of Live on their system, he effectively shows just how serious they are taking the comments by people that flat out state they hate WLM and to give back the choice of using MSN 7.5 and below by comparing the issue to getting a shot by the doctor... which, I have to mention, is actually something you get by choice, and does not affect you for longer than a few seconds. Then a comment stating Microsoft is right and doing it for security. Once more, the real fact is, a security patch is the "right fix", not forcing everyone into using a program they do not want to use, or can't use.
Microsoft's "we know what's best for you, and you will do as we say" approach to this issue shows a complete and utter lack of respect for the wishes of their users. Is this going to be the new policy? Will you be the next person to be told to install software you don't want, because Microsoft knows what you want better then you do... all for the sake of "security"? For those that already run and prefer Live, that is your personal preference, not the preference of everyone. If you were the one being blocked from signing in unless you installed a piece of software you believe is garbage, or can't use, do to it taking too many resources, slowing your pc to a crawl, or just plain crashing and freezing, like many that have posted in the blogs have had, you would be pissed too.
It is obvious they are not taking the issue of respecting the users' preference of program and their right to use what they wish very seriously at all. If something isn't done to show how serious the issue is, they will do this again in the future and know they will get away with it. Dictating what you can and can't use is wrong, and very unconstitutional, removing the users' right to the freedom of choice.
If you believe it is wrong for Microsoft to force software on you whether you like it or not, stepping all over your right to choose what you want to run on your pc, it's time to take a stand against this. Head over to Microsoft's blogs, and anywhere else to contact them at, and post your opinions on the subject. Tell them you think what they are doing is wrong, and tell them your opinion of Live Messenger if you do not like it. It's really quite easy to see that this really is nothing more than a ploy by Microsoft to force people to install something they want their users running.
Maybe there wasn't enough people using it so this is what they came up with to get people to switch. Why would Microsoft go through the trouble of creating this mandatory update system rather than creating a patch for MSN users on XP? If you ask me, it sure brings back thoughts about Windows Media Player secretly bundled with drm software, and after the recent stealth update of Windows Update files, as well as the Windows Genuine Advantage screwup a few months ago, it sure seems like there is a hidden agenda behind this new example of stupid from the team at Microsoft. Maybe this stealth update is what allows their forced updater to view what version of Messenger and what OS you are running so as to deny you access if you don't have the right Messenger.
As for the issues being caused by this forced install, as a warning to those that haven't yet... if you do this, you will lose all of your emoticons and be denied the ability to add them back, as Live will tell you they are already there, despite not showing up anywhere. Some report also being denied the ability to grab the emoted from the folder they are in to manually add them back, no matter what they try. Most report not being able to start a conversation, their friends not being able to start a conversation, not being able to sign in, their connection continuously being dropped, extreme amounts of lag, slowing their pc to a crawl, freezing and flat out crashing before the program can even start up. This is to warn those of what they will probably see upon using this update, and everyone I have talked to about this has reported this to be true.
For those that do not wish to use Live, or can not due to it causing problems, there is a temporary fix for it. First, if you installed Live, uninstall it, or do a System Restore to the point before the install to get your earlier version back. If you can't get it back, search on Google for the version of Messenger you want (MSN Messenger 7.5.0324 being the last MSN version) and download and reinstall it. After installation, say no to the forced update if it happens to pop up, and close out of messenger, including the tray icon. Once messenger is completely closed, go to C:/Program Files/MSN Messenger, or Live Messenger if you decide to use Live 8.0, then right click on the program, the msn version called msnmsgr.exe, then go to Properties. Select the Compatibility tab, then check "Run in compatibility mode," and select "Windows 2000". Click OK, and then you're set. If you use a patch program such as Mess Patch, a window will appear as the program attempts to repair itself. Cancel the repair to keep it from making any changes. It's annoying, but you will get to keep your patch program changes.
I hope this news gets around for all to see, as Microsoft has gone over the line this time once more in disrespecting the users' freedoms and wishes. Pass it on, and tell Microsoft your thoughts!
A DOCUMENT describing Osama bin Laden as a courageous "resistance fighter" — used by authorities to portray Guantanamo Bay detainee Mamdouh Habib as a terror threat — has been exposed as a TAFE assignment written by his wife.