By Joe Wilcox, Betanews
Microsoft's response to the so-called "Black Screen of Death" problem is a throwback to an older and equally ineffective strategy -- what I have called "security by PR." Rather than managing the problem, Microsoft is managing the reaction. That simply is the wrong approach to quality customer service or instilling users with confidence about using Windows. With Windows 7 only in market for about six weeks and the holiday sales season just started, the company's priority should be fixing the problem rather than denying culpability.
Recap: Some Windows users are complaining of a Black Screen of Death (KSoD), where the operating system essentially fails to fully load at startup. KSoDs aren't new, but there have been recent reports suggesting an increasing number starting in mid November. Last week, British security firm Prevx claimed that November 10 Microsoft security updates caused recent KSoDs. However, in a late-day blog post yesterday, Prevx backed away from its assertion:
"Having narrowed down a specific trigger for this condition we've done quite a bit of testing and re-testing on the recent Windows patches including KB976098 and KB915597 as referred to in our previous blog. Since more specifically narrowing down the cause we have been able to exonerate these patches from being a contributory factor."
The post followed Microsoft's denial by many hours. But Prevx's update doesn't exonerate Microsoft from having mishandled the situation, because Windows security may yet be an issue. Prevx still identifies a registry problem, just one it now asserts could be caused by malicious software:
The issue appears to be related to a characteristic of the Windows Registry related to the storage of string data. In parsing the Shell value in the registry, Windows requires a null terminated "REG_SZ" string. However, if malware or indeed any other program modifies the shell entry to not include null terminating characters, the shell will no longer load properly, resulting in the infamous Black Screen with the PC showing only the My Computer folder.
The malware modifying the registry caught my attention, and Microsoft mentions it in yesterday's blog post denying culpability as deflection of responsibility:
We've conducted a comprehensive review of the November Security Updates, the Windows Malicious Software Removal Tool, and the non-security updates we released through Windows Update in November. That investigation has shown that none of these updates make any changes to the permissions in the registry. Thus, we don't believe the updates are related to the 'black screen' behavior described in these reports.
We've also checked with our worldwide Customer Service and Support organization, and they've told us they're not seeing 'black screen' behavior as a broad customer issue. Because these reports were not brought to us directly, it's impossible to know conclusively what might be causing a 'black screen' in those limited instances where customers have seen it. However, we do know that 'black screen' behavior is associated with some malware families such as Daonol.
But neither Microsoft's denial nor Prevx's retraction resolve the issue or answer why some Windows users report experiencing new KSoDs after installing Microsoft security updates. What if, say, the security updates corrected changes made by malware that results in black screens? I certainly have seen Windows PCs rendered partially unusable after removing malware. Example: Networking features disabled after some spyware is excised.
The point: Prevx only just made its assertions about Microsoft security updates and KSoDs last week, offering up a fix, too. How can either company definitively say that Microsoft security updates aren't involved? In the scenario I arbitrarily suggest, Microsoft could still claim its security updates weren't the cause, since the updates would fix changes made by malware. That's great security by PR.
Even if the security updates aren't the cause, Microsoft should show customers that it's aggressively looking for what might be causing the KSoDs -- particularly if malware might be mucking with the Windows registry. I expect more from Microsoft. Security by PR shifts the blame. Real security seeks a solution for the benefit of customers that might have comprised systems and, more importantly, to protect other users who might be assaulted by others' infected Windows PCs. Afflicted customers don't want to hear what's not causing their KSoDs. They want to know the cause and how to fix the problem. Microsoft's denial fixes nothing but blame.
The holidays have historically been a time of increased malware attacks. That's all the more reason for Microsoft to show customers -- and even malware writers planning holiday attacks -- that it's prepared for most anything. But is Microsoft really on the job, or are too many security professionals without a job because of the company's 5,000-plus layoffs? I'm not feeling confident because of Microsoft's response to Prevx? Are you?
Copyright Betanews, Inc. 2009
One of the aspects of Microsoft that should come as no surprise is that the company plans ahead not just next year’s product launches, but decades in advance, in terms of the evolution of its technology. Not limited to its own software, this strategy is an integral part of how the company is tackling problems faced by education systems world... (
Firefox 4.0, the next major release of Mozilla’s open source browser, will bring to the table a major overhaul of its graphical user interface, one that would put the UI in line the Windows 7 Ribbon/Fluent style. Mozilla has already made public details on the revamping of the Firefox User interface for version 4.0, and various concepts and sketches ha... (
With Valentine's Day just around the corner, Microsoft is helping Windows 7 customers celebrate love right on their desktops. In this regard, the Redmond company has made available for download a new desktop theme designed to integrate seamlessly into the desktop of their Windows 7-power computers. The Lacy Hearts is, as the software giant has put i... (
The latest development milestone of Office 2010 has made it into the wild, even though Microsoft never intended to have the general public get their hands on the release. Earlier this week, the Redmond company revealed that the next iteration of the Office System reached a key milestone in the evolution to RTM, namely the Rel... (
Leave a Reply
You must be logged in to post a comment.