Eyes Wide Shut: Big Brother 1 March 15, 2002 Paul Sullivan

Introduction

Page:: ( 1 / 4 )

Floating The Line

Over the last few months, I’ve been criticized for being paranoid in my articles, particularly in regards to Microsoft and Windows XP. I rant about secrecy, privacy, security and things like Passport and Messenger, and I get a flood of mail taking me to task for being so unreasonable with no actual foundation. But experience has taught me to trust my instincts, so I usually hang in there and wait for the dust to settle. In this case, now that the dust has settled, I think it is time to take a look at the industry and see what lines these companies have been floating, and seeing how many consumers took the bait.

Words Of Prophecy

The Scorpions are one of the best rock bands I’ve heard in the last 30 years. Of course you have Zep, Van Halen and others, but the lyrics of the Scorpions seem to sum life up so perfectly. In this place we call the Zoo, there are bad boys running wild and sometimes, revelations can rock you like a hurricane.

Lame sentiments aside, there have been some stunning discoveries in the world of Windows XP. Windows XP was supposed to be the most stable, most secure, most user-friendly version of Windows ever released, but as we all should now know, those claims did not pan out. Windows XP was built on the Windows 2000 foundation, but somehow, the initial release has been rated as being less stable and less secure that its predecessor. Luckily, Microsoft is preparing the first service pack and is hoping, I’m sure, that it solves the majority of problems that people seem to be having. What problems you ask?

Documentation

Well, Windows XP seems to be rebooting randomly on some systems. Instead of presenting the user with a blue screen that they may be able to recover from, XP simply restarts itself with no word to the user. Take the hard-to-diagnose but well documented “Infinite Loop” problem that people are having with their Nvidia drivers under XP. The problem has become so pervasive that an actual petition has been created so users can mass together as a force to ask Nvidia to correct the issue. Quoting from the petition:

There are many ways to spot an "Infinite Loop". The most common occurs when the computer freezes, sometimes with a "Blue Screen of Death" (BSoD), rendering all input useless. Upon reboot, entries in the system log indicate problems with i.e., nv4_disp.dll, spouting errors about getting "stuck" in a loop. Here is a typical example:

"The driver nv4_disp for the display device \\Device\\Video0 got stuck in an infinite loop. This usually indicates a problem with the device itself or with the device driver programming the hardware incorrectly. Please check with your hardware device vendor for any driver updates."

It is time for you, the vendor, to resolve this issue. We have worked on our own time to gather various "hypotheses" as to where the root of the problem lies. There are no solutions documented on your webspace, nor have you made any attempts to validate the existence of the problem to the public. Attempts to upgrade to the latest driver, flash to the latest bios, or download the latest service pack have proven fruitless.

Denial

Page:: ( 2 / 4 )

Don’t Panic The Natives

After the release of XP into the retail stream, the veneer of invulnerability slowly began to crack. A lot of users, including myself, found driver issues with our existing hardware that could not easily be solved. What was so frustrating to me was how these driver issues were able to undermine the stability of the operating system itself. For months we had been told that XP would not be like the other operating systems, that it could not be brought down by bad drivers. But as the “Infinite Loop” bug clearly demonstrates, it is still pretty darn easy to lock XP up so tight that a restart is the only way to fix it.

In spite of all the claims to the contrary -- the reassurance that XP was nearly bullet-proof -- consumers were still finding issues. They cropped up everywhere. Motherboard chipset drivers caused blue screens and reboots, as did CD Burning software like Roxio Easy CD Creator 5. Old DOS and Windows applications caused lockups even when they were run “emulation mode” and supposedly separate memory space.

Microsoft public relations continued to assure consumers that these problems were not caused by XP at all, and that it must be a result of unsupported hardware or some such thing. But the problem for Microsoft was that these issues occurred nearly as frequently on OEM machines that came bundled with XP as it did those systems that had XP installed as an upgrade.

Taking The Wraps Off

Instead of hashing over every little fault, let’s just say that XP turned out to be a bit less than was promoted in terms of stability. Stability, however, turns out to be the least of the worries surrounding Windows XP. One of the first big issues turned out to be around security and Universal Plug And Play. In late December of 2001, it was like a wind blew the veil of secrecy away and suddenly, a major flaw was exposed for everyone to see.

Without restating the entire issue, it turns out that some weeks before the late December announcement, an extremely serious security problem was discovered that allowed people to take advantage of holes in the Universal Plug And Play implementation in Windows XP to gain control of an XP system remotely. Not only could someone gain complete control of an XP system, they could also make use of that system in Denial Of Service (DOS) attacks. For weeks the vulnerability was kept quiet as they worked hard on a fix. Once the fix was in place, Microsoft made the announcement.

Angering The Wrong Crowd

The fact that Microsoft had been aware of the problem and said nothing for weeks got the attention of one of their biggest and best customers: The United States Government. Immediately after Microsoft made the disclosure public, they were contacted by representatives of the Department Of Defense (DOD) and the Federal Bureau Of Investigation (FBI). This direct contact is certainly uncommon, but it was perhaps the tone of the conversation that got the most attention. The DOD and FBI were said to be fairly furious at Microsoft for withholding this information from them and maintaining a shroud of secrecy while they worked on a solution in private. They felt that if anyone had the right to know about such a major flaw, it was the government agencies charged with protecting this nation. After the events of 9/11, I’m not about to chastise the government for being concerned.

Microsoft had made some very bold claims about Windows XP security, and it had come back and bit them where the sun don’t shine. They had continued to deny problems existed, when all the while they knew of some pretty major issues. Now, not only were the pundits angry, but the government was angry. Consumers have claimed for years that Microsoft kept them in the dark about problems with their software, but now there was an incredibly glaring example of the kind of problems people were talking about. Only now, Microsoft could not deny or explain it away. They had been caught red-handed with a major security problem in “The Most Secure Operating System Ever Released”. The odd part is, it turned out to be only one of many such problems that XP had.

SIDEBAR: It would be nice if we did not have to worry about these security concerns, because there are some features in Windows and Office that are truly helpful, such as semi-automated Windows Update and Office Update procedures that help you download patches and bug-fixes in a quick and easy fashion.

Lip Service

Page:: ( 3 / 4 )

Won’t They Ever Learn?

You figure after getting caught red-handed, MS would eat some humble pie and try to work the issues out in public. You’d figure wrong. Microsoft began pressing people who did find security leaks in the software to keep their discoveries under wraps. People who tried to do the right thing and notify Microsoft of such leaks were often made targets of intimidation to keep them quiet. Of course, now that the genie was out of the bottle and Microsoft had been denounced by the US government, people began to feel emboldened and decided it was time to put Microsoft in their place. So, more security leaks were discovered and announced and one by one, dents appeared in the Microsoft armor. Bill Gates had put it all on the line, declaring XP as secure as they came. However, the Microsoft Public Relations machine kept trying to deny and minimize the problem. The stakes were simply too high, and this time, Microsoft lost. Big time.

A New Direction

As many of you now know, Bill Gates, in a stunning reversal, admitted the security flaws in Windows XP and has vowed to refocus the efforts from adding fancy features with flash and sizzle to ensuring that security concerns are put at the very top of the wish list for every program Microsoft creates. New ideas would not be allowed to go forth until they were found not to pose a security risk to the consumer.

If you want to be able to log into to Outlook remotely, you had better be able to show that people could not take advantage of that feature to violate system security. If you could not show that, the feature did not make it into the product. It was supposed to be just that simple. Mr. Gates was coming clean and laying his cards on the table, and we were asked to take him at his word that things were going to be different.

Microsoft has been sending all programmers to a series of Security workshops in order to help train them to make their applications secure. They have been on a media blitz demonstrating just how secure they intend to make things. They have outlined procedures and put forth plans of action, all in a move to convince users that they are indeed being sincere. Even the skeptical people, including myself, were impressed. However, good things do not always come to those who wait.

Two Left Feet

Here we have a new edict from the founder of the company. He has stated clearly that he wants things to change and has expressed publicly that he has been embarrassed by the latest turn of events and wants to change the culture at Microsoft to make them better. When people like me, who tend to be cynical about such things, hear something so profound and passionate from the founder of a company, we want to believe them. We want to hope that they mean it and that things are going to change. Unfortunately, reality often smacks us hard in the face and forces us to wake up from our dream world.

On February 20th of this year, I read a story from the Associated Press that only served to confirm my worst fears. It turns out that Windows Media Player 8, a native XP application that cannot be uninstalled by default, has been tracking the songs and movies that XP users have been playing and sending the information directly to Microsoft since the first day XP was made available to consumers. No mention of this fact was made by Bill Gates during his pro-security, pro-privacy press junket. No mention of this was made in the email he sent to all Microsoft employees and leaked to the press regarding the company-wide refocus on security and privacy. Nope, not a word. Not a single word. Not only that, their reaction is to simply change the wording of their privacy statement to avoid a conflict. They have provided no opt-out information, no way for consumers to stop the transfer of such private data. They have, in essence, said “My bad. You caught us. We’ll fess up to it in our privacy policy, but we won’t stop doing it and we won’t tell you what we do with the data.” How are we supposed to trust these big companies when they keep stepping over themselves like this? Come on Bill!

SIDEBAR: With this new change in direction, you would hope that Microsoft would finally release a version of Windows XP that comes without all of those extra applications that are currently very hard to remove, like Media Player, the Video Editor, Internet Explorer and Outlook Express. Here’s hoping.

Conclusions

Page:: ( 4 / 4 )

Reality Bites

You want to believe in the goodness of people, but in this industry, as in many other industries, it is not about being honest and being sincere. It is about perception. It is about the spin. It is about controlling the flow of information. It is about putting out your propaganda and covering your tail at the same time. Make no mistake about it,it’s about the sound the bite and the headline. Do what you can to maximize profit and keep the stock high, and don’t let anything get in your way. If you get caught, deny. If that doesn’t work, deny some more. If you really get caught, fess up, play nice and let it blow over, but by no means come clean because the truth will not set you free, it will drive your stock down and hurt the bottom line, regardless of whether it is the right thing to do or not.

Bad Behavior

As the years have progressed, I’ve seen the lengths some of these companies will go to. I’ve covered the ATI driver thing to death, so I won’t go on about that, but the concept of cheat and cover-up is pervasive. I have learned that companies pay people to monitor popular sites and newsgroups, always on the lookout for negative criticism. Most of these ‘trolls’ as people call them, not only report back to the “mother ship” but also take the time to attack posters who make negative comments about their product. You slam Windows, they come right at you with a barrage of prepared statements designed to cut you off at the knees. They seek to discredit you and undermine your arguments to help their company come out looking as good as they can.

I have seen first hand newsgroup trolls that blast into someone on Comp.Fonts who directs users asking for fonts to check out Alt.Binaries.Fonts. They take your name, your IP address and whatever they can get and put you on a list of people who promote piracy. I’ve heard of people being emailed with intimidating words telling them not to spread “distortions” in public newsgroups or they might face legal action for expressing their opinion.

I’m sure you all have heard about the problems publishers and writers face. If you try to be fair and objective, you may have a hard time getting products to review. If you point out flaws in some of the hardware, the next time you ask for an evaluation unit, you are stonewalled. If you write editorials about companies that are less than flattering, you risk being black listed. Your ears might be burning as they say “Don’t trust that guy, he is not a team player. He thinks for himself.” All that when in fact you might just be a customer who wants companies to be honest and live up to what they promised.

Have you heard about Microsoft monitoring Ebay auctions in search of people trying to sell their software? They have been forcing Ebay, again, through the use of intimidation, to delete such auctions and turn over seller information to their legal department. Hopefully that recent case in California, the one where the judge ruled a user could in fact sell his bundled Adobe software as individual items regardless of what the EULA said, will help put the kibosh on such abuses of power.

Remember McAfee and how they tried to prevent any critical articles of their products by placing language in the EULA that forbade reviews? Luckily, that one did not hold up to legal scrutiny, but it does serve as an example of how far companies will go to try to silence the voices of those who would take them to task.

Summing It Up

You want to trust these companies, but the more you learn, the more you realize you can’t. They hide things, they mislead the press and their own customers, they use heavy-handed tactics and sometimes, they flat out lie, all in an effort to stay in control. Next time you hear privacy concerns about Microsoft Passport, JavaScript and Browser Cookies, try not to be so dismissive. There might just be something there that you need to worry about, as Media Player 8 clearly demonstrates. Living life with blinders on is not always a smart move, particularly if someone is about to run into you from the side...

SIDEBAR: Are you upset about the instabilities in Windows XP? Does it bother you that Microsoft has been cataloging every CD and DVD you play in Media Player 8? Are you more skeptical than ever, or do you think it is much ado about nothing?

Let us know how you feel in our Comments Section.