Windows Live Essentials, crapware quotient?

Monopoly money comes in many flavors: 7, Vista, XP, 2K, ME, 98, etc.

Moderators: Flying Fox, Ryu Connor

Re: Windows Live Essentials, crapware quotient?

Postposted on Thu Oct 28, 2010 1:29 am

I don't recommend that people disable update systems which are actively giving them updates for products they use. However, I do recommend that you take a look at what you've got Microsoft Update enabled for (on XP you can use the Windows Update site to trawl through your update history, on Vista/7 you can do the same through Control Panel > Windows Update). If you don't need Silverlight for example, I would remove it, and if that was the only thing using Microsoft Update, then disable Microsoft Update.

Re: sarcastic comments about 300MB being "serious business":

The average user just wants a machine that they can go on the Internet with, e-mail, photos, a bit of word processing. They don't have the latest rig. Their income is not used to beef up their computer or play StarCraft 2. Windows XP is still the most common OS I encounter when visiting customers. That tends to mean that they've got 512MB RAM. Even the ones on XP with more memory (and loads of free memory) complain that their machine is slow, so I do my usual round of performance tweaks, get rid of their bloated security software, put on a free anti-virus and enable the Windows Firewall. It takes an enormous chunk out of the machine's memory usage and the startup time drops sharply. Customers commonly say to me that their machine performs loads faster since I first checked it out. The average person just sees their computer as a tool, not something that they want to pour money into. Some people who need extra memory sometimes say no because their computer is not their highest budget priority and their budget is minimal. On a 512MB machine, 300MB is "serious business". My car has a few issues, my budget for fixing them is minimal, largely because no mechanic can guarantee a solution within a reasonable budget. That's life sometimes, that's not a situation you can just discount, and being able to afford things is relative. Just because you would not hesitate in buying your machine more memory, it doesn't mean that everyone who hesitates should be belittled, in your opinion.

I've built myself a new computer this year with Win7 and 4GB RAM. I don't spend hours trying to get back a few meg here and there, I was quite happy with its performance when I had finished setting it up. I disabled a few Windows services I don't need, the ones pertaining to LAN file-sharing and IPV6, and I did the same with the NIC's network config. According to Task Manager the memory usage is 1.1GB right now, with Thunderbird and Firefox open. Windows takes about 40 seconds to start on this machine, including login. I'm happy with that. However, if average memory usage rose for some reason up to 1.4GB on idle, I would investigate. Wouldn't you? Why has your computer's behaviour changed? If it was down to something that is useful to me, fine, but having a grasp of your computer's typical resource usage means that it is easier to spot abnormal behaviour.
mikeymike
Gerbil Elite
 
Posts: 635
Joined: Wed Jan 27, 2010 5:09 am

Re: Windows Live Essentials, crapware quotient?

Postposted on Thu Oct 28, 2010 2:10 am

I had MSN previously installed in windows 7 and it asked me to update a few days ago
I believe this time it already had some of the other components checked for install even when I only had MSN on the computer before

on a side note, did you try and paste a youtube video in MSN while chatting with someone?
that's pretty cool feature, I like it
potatochobit
Gerbil Elite
 
Posts: 919
Joined: Mon Dec 01, 2008 3:56 pm

Re: Windows Live Essentials, crapware quotient?

Postposted on Thu Oct 28, 2010 2:21 am

potatochobit wrote:I had MSN previously installed in windows 7 and it asked me to update a few days ago
I believe this time it already had some of the other components checked for install even when I only had MSN on the computer before

on a side note, did you try and paste a youtube video in MSN while chatting with someone?
that's pretty cool feature, I like it


I use Trillian on the rare occasion I need MSN or ICQ access :)
mikeymike
Gerbil Elite
 
Posts: 635
Joined: Wed Jan 27, 2010 5:09 am

Re: Windows Live Essentials, crapware quotient?

Postposted on Thu Oct 28, 2010 4:37 am

Oh man i'm annoyed. All i had was Messenger installed and then the WLE update comes through yesterday. I tick all the "do not install this and this component" checkboxes available... yet upon restart i notice the Bing toolbar and other BS is installed and my computer HANGS for 30 secs as WLE opens.... FUUUUU MS and your buggy update/install program that didn't do what i told it to do.

*Begins uninstallation of everything i told it not to install*
Core i7 4770K | eVGA GTX770 SC ACX | 16GB DDR3 2133mhz | Asus Z87-PLUS | Corsair HX650 | Fractal Define R4 | Samsung 840 Pro 256GB | Windows 8 x64
yogibbear
Gerbil Elite
Gold subscriber
 
 
Posts: 664
Joined: Fri Feb 08, 2008 10:30 am

Re: Windows Live Essentials, crapware quotient?

Postposted on Thu Oct 28, 2010 4:54 am

Someone said earlier along the lines of "why shouldn't .net 4.0 be an 'important' update?" - a Vista machine I have here at the moment has spent at least five minutes starting up, and most of the time setup.exe has been running of its own accord, which through its properties I found to be .net related, then after that, the ".net optimisation" program started, and is still running. The system has probably been switched on for about eight minutes now.
mikeymike
Gerbil Elite
 
Posts: 635
Joined: Wed Jan 27, 2010 5:09 am

Re: Windows Live Essentials, crapware quotient?

Postposted on Thu Oct 28, 2010 6:16 am

Image

Looks like 300MB to me.

Well, it does if I add 750% to it.
"Welcome back my friends to the show that never ends. We're so glad you could attend. Come inside! Come inside!"
Ryu Connor
Global Moderator
Gold subscriber
 
 
Posts: 3450
Joined: Thu Dec 27, 2001 6:00 pm
Location: Marietta, GA

Re: Windows Live Essentials, crapware quotient?

Postposted on Thu Oct 28, 2010 6:33 am

mikeymike wrote:If you don't need Silverlight for example, I would remove it

Why bother?
...
mattsteg
Gerbil God
 
Posts: 15752
Joined: Thu Dec 27, 2001 6:00 pm
Location: Applauding the new/old variable width forums

Re: Windows Live Essentials, crapware quotient?

Postposted on Thu Oct 28, 2010 7:16 am

mattsteg wrote:
mikeymike wrote:If you don't need Silverlight for example, I would remove it

Why bother?


Yeah, I don't get this, either. Its like having a rolling tool chest and you remove your hex wrenches because they add weight. Silverlight is a tool. Its usually better to keep a nice little tool like that on hand in case you need it.
Sony a7
Sony Zeiss 55/1.8 SSM, 24-70/4 SSM
Minolta 17-35/2.8-4 D, 35-105/3.5-4.5, 100-300 APO
TheEmrys
Minister of Gerbil Affairs
 
Posts: 2067
Joined: Wed May 29, 2002 7:22 pm
Location: Northern Colorado

Re: Windows Live Essentials, crapware quotient?

Postposted on Thu Oct 28, 2010 7:18 am

I've already said why twice in this thread, I'm not going to bother saying it again. If you think this is rude, then think about what you're doing first.
mikeymike
Gerbil Elite
 
Posts: 635
Joined: Wed Jan 27, 2010 5:09 am

Re: Windows Live Essentials, crapware quotient?

Postposted on Thu Oct 28, 2010 7:20 am

Ryu Connor wrote:Looks like 300MB to me.

Well, it does if I add 750% to it.


Have you confirmed that you've got Microsoft Update (not Windows Update) enabled? Also, have you checked its memory usage when the computer starts up (though I would be surprised if it settled down that much, because I've never seen MS Update on XP do that)?
mikeymike
Gerbil Elite
 
Posts: 635
Joined: Wed Jan 27, 2010 5:09 am

Re: Windows Live Essentials, crapware quotient?

Postposted on Thu Oct 28, 2010 7:30 am

While I agree with what you are saying in theory Mikeymike I honestly think that most customers are better off with their programs updated by default even if they dont use them or rarely use them. Net 4.0 may take a few minutes to update on a machine for the first time but after that well it is no real bother, same as office updates etc.

As for other bloatware like those horrible toolbar add-ins, yes I remove them everytime I see them but again most clients don't even notice these or really care. The bigger culprit is 3rd party programs and services hogging resources. You can tell your clients about these but there is not much you can really do. You can disable and remove all the stuff but most like in a few months it will be all back again.

As someone used a dreaded car analogy I will use one as well.. sort off.. Do you know that when you replace your spark plugs if you fit them with the right orientation to the combustion chamber you will improve the burn spread and pick up a small amount of HP and fuel economy.. Is it worth it ? Maybe to some but most people dont notice or care.
Jypster
Gerbil
 
Posts: 36
Joined: Wed Feb 21, 2007 2:40 am
Location: Australia

Re: Windows Live Essentials, crapware quotient?

Postposted on Thu Oct 28, 2010 7:38 am

Jypster wrote:While I agree with what you are saying in theory Mikeymike I honestly think that most customers are better off with their programs updated by default even if they dont use them or rarely use them. Net 4.0 may take a few minutes to update on a machine for the first time but after that well it is no real bother, same as office updates etc.


You realise that .net 4 doesn't replace its predecessors, it goes alongside them. You don't even necessarily need the first three versions, let alone four, and there are security vulnerabilities in them that get patched along the way.

I responded about MS Office already.

As for other bloatware like those horrible toolbar add-ins, yes I remove them everytime I see them but again most clients don't even notice these or really care.


Well, if they don't really care, they're not calling me in the first place. All those toolbars have IE integration, so they're slowing down IE's startup. I can't speak with authority about whether they get loaded in some fashion on startup.

The bigger culprit is 3rd party programs and services hogging resources. You can tell your clients about these but there is not much you can really do. You can disable and remove all the stuff but most like in a few months it will be all back again.


So far, your point seems to be "yeah, but you can't do anything about it". I disagree. If a customer needs to pay to get their computer working properly again, it's not usual for them to load it up with crapware again, at least, not as bad as before, in my experience.

As someone used a dreaded car analogy I will use one as well.. sort off.. Do you know that when you replace your spark plugs if you fit them with the right orientation to the combustion chamber you will improve the burn spread and pick up a small amount of HP and fuel economy.. Is it worth it ? Maybe to some but most people dont notice or care.


A mechanic should care. I'm a computer fixer, therefore if there's something similar in computer terms, I ought to know it.

Lots of little changes can make as much difference as one big change, like removing unnecessary AOL software.
mikeymike
Gerbil Elite
 
Posts: 635
Joined: Wed Jan 27, 2010 5:09 am

Re: Windows Live Essentials, crapware quotient?

Postposted on Thu Oct 28, 2010 7:57 am

mikeymike wrote:I've already said why twice in this thread
Not really...
mikeymike wrote:I'm not going to bother saying it again.
s/again/at all ?
...
mattsteg
Gerbil God
 
Posts: 15752
Joined: Thu Dec 27, 2001 6:00 pm
Location: Applauding the new/old variable width forums

Re: Windows Live Essentials, crapware quotient?

Postposted on Thu Oct 28, 2010 8:15 am

Well Mikeymike I'll agree to disagree on some of your comments while agreeing with others and leave it at that :wink:

BTW a mechanic is not going to give a toss about the sparkplugs that is a drag racing trick. Not worth their time when doing a service as time is money.
Jypster
Gerbil
 
Posts: 36
Joined: Wed Feb 21, 2007 2:40 am
Location: Australia

Re: Windows Live Essentials, crapware quotient?

Postposted on Thu Oct 28, 2010 9:11 am

mikeymike wrote:Have you confirmed that you've got Microsoft Update (not Windows Update) enabled?


Image

Also, have you checked its memory usage when the computer starts up (though I would be surprised if it settled down that much, because I've never seen MS Update on XP do that)?


Yes, it starts slightly higher and then settles down to what I posted after just a few minutes.

By all means though, you keep pushing bad security practice and settings on the myth of 300MB of continuous usage. You've already helped one person in this thread one step closer to becoming another bot.
"Welcome back my friends to the show that never ends. We're so glad you could attend. Come inside! Come inside!"
Ryu Connor
Global Moderator
Gold subscriber
 
 
Posts: 3450
Joined: Thu Dec 27, 2001 6:00 pm
Location: Marietta, GA

Re: Windows Live Essentials, crapware quotient?

Postposted on Thu Oct 28, 2010 10:02 am

I only advised him to remove Siverlight and revert to Windows Update if he has no other dependencies on Microsoft Update. Don't get on your high horse when you're only choosing to interpret half of what I've written. How exactly does Microsoft Update protect your machine any more than Windows Update if the only Microsoft software you're using is Windows?

If I have an XP box in at some point soon with a relevant config, I'll post a screenshot with regard to Microsoft Update's memory usage.
Last edited by mikeymike on Thu Oct 28, 2010 10:07 am, edited 2 times in total.
mikeymike
Gerbil Elite
 
Posts: 635
Joined: Wed Jan 27, 2010 5:09 am

Re: Windows Live Essentials, crapware quotient?

Postposted on Thu Oct 28, 2010 10:05 am

Jypster wrote:Well Mikeymike I'll agree to disagree on some of your comments while agreeing with others and leave it at that :wink:

BTW a mechanic is not going to give a toss about the sparkplugs that is a drag racing trick. Not worth their time when doing a service as time is money.


I don't know much about cars; I never claimed to, and was your car analogy somehow relevant? If you think it was, you missed the point.
mikeymike
Gerbil Elite
 
Posts: 635
Joined: Wed Jan 27, 2010 5:09 am

Re: Windows Live Essentials, crapware quotient?

Postposted on Thu Oct 28, 2010 10:19 am

To go ahead and kill the, "It must balloon to 300MB when installing" argument.

Downloading:
Image

Actively Installing:
Image

Worst memory scenario:
Image

This is an image of the Malicious Software Removal Tool at work.

Few minutes after completion, sitting asking to be reset:
Image


I only advised him to remove Siverlight and revert to Windows Update if he has no other dependencies on Microsoft Update.


Oh?

How do I manually get these updates later? Any reccomendation how often?

That depends on what Microsoft products you use, Office being the tricky one as its update system of choice is Microsoft Update. You could temporarily enable Microsoft Update every so often (once a week/month?), pull down the latest Office updates, then disable Microsoft Update (note: this does not disable Windows Update).


If I have an XP box in at some point soon with a relevant config, I'll post a screenshot with regard to Microsoft Update's memory usage.


Ah, so now the objective is to somehow find a box that is not representative of the norm to shore up your view point that security is less important than RAM? Gotcha.
"Welcome back my friends to the show that never ends. We're so glad you could attend. Come inside! Come inside!"
Ryu Connor
Global Moderator
Gold subscriber
 
 
Posts: 3450
Joined: Thu Dec 27, 2001 6:00 pm
Location: Marietta, GA

Re: Windows Live Essentials, crapware quotient?

Postposted on Thu Oct 28, 2010 10:39 am

I said he could do that, the implication was that it's a workaround. I gave him the facts, if he wanted a recommendation, I would once I knew more about his needs and knowledge. Security and usability must be in balance with each other. If you disagree with that, then we'll have to agree to disagree, because it's a fundamental principle IMO.

Ah, so now the objective is to somehow find a box that is not representative of the norm to shore up your view point that security is less important than RAM? Gotcha.


Yes, because my FIENDISH SCHEME all along was to spread disinformation, unlike your contribution to this topic, which you must think is like the SHINING KNIGHT come to save everyone reading this thread from the follies I'm spouting*. Try to calm down a bit and not think of this and me vs. you, and the fact that I'm saying something I consider to be true. You claim that if I try to come up with evidence that it will be the exception rather than the rule, because it is my intention to lie to people, and you've automatically assumed that your evidence is definitive?

Here's something else that's not an absolute truth, but most people would agree - Windows Vista's performance sucks (in most ways the average person considers a machine's performance to be - except gaming, I'm not sure about). However, I've seen 2 or 3 machines where it performs not badly at all (and the rest with suboptimal performance have 2GB RAM or more, one even had a Core i7-920). I have no idea why those three machines performed so much better, one machine was a laptop with enough memory (2GB I think, maybe 3GB) but otherwise completely unremarkable. Another machine was a custom-build desktop that I had little to do with, and the third was an old rig I had on Vista for a while. There are millions of Windows machines out there. If I take the amount of customers on my books, plus another 50 - 100 then I've seen 550 - 700 of them. I might have worked on a lot more Windows computers than a hell of a lot of people, but I don't regard my experiences as definitive, and I will always have more to learn.

I don't think security is less important than RAM. See the first paragraph of this response. And please also note (in a previous response) that I haven't disabled Microsoft Update on my own Win7 setup because it seems to be running fine!

* - DAMN! Just like a James Bond villain, I revealed my evil plot! Curses!
mikeymike
Gerbil Elite
 
Posts: 635
Joined: Wed Jan 27, 2010 5:09 am

Re: Windows Live Essentials, crapware quotient?

Postposted on Thu Oct 28, 2010 11:15 am

You claim that if I try to come up with evidence that it will be the exception rather than the rule, because it is my intention to lie to people, and you've automatically assumed that your evidence is definitive?


Lie? No. Not know any better, want to save face, want to present what people want to hear? Maybe, maybe not.

You know this thread is actually the number three hit for Microsoft Update using 300MB? Link I'd note the other hits aren't even actually about MS Update using 300 MB.

Shining Knight? Eh. If this was a Linux forum and you were spouting fallacies you'd get crucified. It's hip to bash and say absurd things about Microsoft, so no one even bats an eye. This is supposed to be a place of information. If it's information that is harmless, but ultimately pointless - who cares. If it's weakening the security of the machine, I take that seriously. You're not surrounded by experts here and there's a bunch of people who think they're experts and don't come close.

What people ultimately think at the end of this? Don't care. Human nature is such that they'll follow your advice if you're saying what they want to hear. That you're wrong doesn't even matter. Doesn't mean I'm gonna sit passive. Could be worse, you could be talking about how you disable UAC for your customers. You think I'm "fired up" over messing with critical patching you should see what I have to say about disabling UAC.
"Welcome back my friends to the show that never ends. We're so glad you could attend. Come inside! Come inside!"
Ryu Connor
Global Moderator
Gold subscriber
 
 
Posts: 3450
Joined: Thu Dec 27, 2001 6:00 pm
Location: Marietta, GA

Re: Windows Live Essentials, crapware quotient?

Postposted on Thu Oct 28, 2010 12:24 pm

Ryu Connor wrote:
You claim that if I try to come up with evidence that it will be the exception rather than the rule, because it is my intention to lie to people, and you've automatically assumed that your evidence is definitive?


Lie? No. Not know any better, want to save face, want to present what people want to hear? Maybe, maybe not.


And what do you think your angle is? Telling it like it is, I suppose? Have you considered that what you're saying might not be definitive?

Shining Knight? Eh. If this was a Linux forum and you were spouting fallacies you'd get crucified. It's hip to bash and say absurd things about Microsoft, so no one even bats an eye. This is supposed to be a place of information. If it's information that is harmless, but ultimately pointless - who cares. If it's weakening the security of the machine, I take that seriously. You're not surrounded by experts here and there's a bunch of people who think they're experts and don't come close.


Well, if you think I go around saying things because I think it would be hip or cool, you're mistaken, and there's not much I can add to that.

You talk about if this were Linux-orientated that I would get crucified, have you considered that your general argument tack is extremely blunt and based on the assumption that you cannot possibly be wrong?

Example from the thread you posted:
That is perhaps the worst wiki and advice ever.


And that's the end of your post. When asked about it, you do, to your credit, state your reasons, but the only way you could have made your original post worse would be to fire off a load of expletives.

You even notice what you're doing seemingly, at least to a certain extent, because on that thread you said:
Don't let this read personal. Nothing against you 7im


What people ultimately think at the end of this? Don't care. Human nature is such that they'll follow your advice if you're saying what they want to hear. That you're wrong doesn't even matter. Doesn't mean I'm gonna sit passive. Could be worse, you could be talking about how you disable UAC for your customers. You think I'm "fired up" over messing with critical patching you should see what I have to say about disabling UAC.


I don't recommend disabling UAC, for the record. As I don't know of any other significant security changes to Vista/7 that seem directly relevant, I tend to credit UAC with helping secure Windows against attacks quite a bit, as most of the malware I see these days doesn't get (or trying to go for, seemingly) elevated privs (usually an exe in HKCU > SOFTWARE > MICROSOFT > WINDOWS > CURRENTVERSION > RUN, or in the equivalent 32-bit node).

Also, you didn't answer my previous question:
How exactly does Microsoft Update protect your machine any more than Windows Update if the only Microsoft software you're using is Windows?

- edit -

Also, you seem to show an awful lot of concern for users potentially being misled, yet you don't make any comment about a default install of WLE *must* increase the possibility of security compromise because of the additional programs installed. Of course, a user makes a choice to install WLM, but I think it's a fair assumption for an uninformed, average user to assume that the additional that the installer has ticked by default might somehow be needed for WLM's full functionality. A browser plug-in, a 'search enhancement' service, an e-mail program, and a browser toolbar (possibly some other components that I've forgotten about as well) all qualify as directly Internet-facing programs that could be targetted by exploit writers. The silent install of the .net framework add-in into Firefox (some version of the .net framework gets installed on a default install if it isn't already on the system, btw) just adds insult to injury, as well as the fact that there's no uninstall option in Firefox and a registry hack is needed to remove the add-on is just mind-boggling. But maybe I'm lying about all of that too, because it makes me feel good.
mikeymike
Gerbil Elite
 
Posts: 635
Joined: Wed Jan 27, 2010 5:09 am

Re: Windows Live Essentials, crapware quotient?

Postposted on Thu Oct 28, 2010 1:36 pm

And what do you think your angle is? Telling it like it is, I suppose? Have you considered that what you're saying might not be definitive?


My angle? Clarification.

Might I be wrong? Yeah, I considered it, which is why yesterday I stated I would be checking XP today. You had the benefit of the doubt all the way up until I touched a series of machines. Hell, I have images on my drive right now for conditions I tested that I didn't even post.

So yeah, I definitely figured I might be wrong and I let my curiosity carry me into wasting way too much time.

Well, if you think I go around saying things because I think it would be hip or cool, you're mistaken, and there's not much I can add to that.

You talk about if this were Linux-orientated that I would get crucified, have you considered that your general argument tack is extremely blunt and based on the assumption that you cannot possibly be wrong?


Text sucks. I also have a very direct writing style, which is weird to be honest. As I feel verbally I'm sure some people wish I'd disable the -v switch. I make no apologies for it. There are some other regulars on this forum who make me look like silk.

Also, you didn't answer my previous question:
How exactly does Microsoft Update protect your machine any more than Windows Update if the only Microsoft software you're using is Windows?


Because you don't know how things might change for the user in the future. Who is to even say you will remain their business choice for future IT support? Who is to say what MS software will be supported by MS Update in the future? Maybe something not presently supported by it now, will be. With security holes that crop up into MSN Messenger now and again I wish they'd add it. If MS adds software to it that your customer does use and was traditionally not supported, will they be covered? Will it somehow magically turn back on?

If the customer installs some other MS product - such as Excel Viewer. The office Viewers often have many of the same holes that the full programs in Office 2007 receive. Are you 100% sure the the disabling of MS Update will reverse? In all cases? Under all conditions? 100% error free? I don't know, I'd have to setup a new fresh XP box, install the viewer and see. Even if testing shows it works, is it worth the risk?

What if the customer had MS software that was covered and you missed it? You are human, you will err.

Then there are more problematic issues like teaching some random dude on a forum how to do it because he asked. You don't know him, I don't know him. He didn't know enough to cut it off to begin with, but you went ahead and handed him the loaded gun. Whose to say he'll be diligent? What if he just totally forgets and doens't patch it for months? What if he is diligent, but chooses a long period like once a month? He then gets hit by a very fast spreading new virus because it occured between his four week routine?

You can say, "That's unlikely". Whatever. Life is unlikely. You might drive out to the next job site tomorrow and get t-boned. You plan security based on unlikely. You don't plan based upon saving RAM.
"Welcome back my friends to the show that never ends. We're so glad you could attend. Come inside! Come inside!"
Ryu Connor
Global Moderator
Gold subscriber
 
 
Posts: 3450
Joined: Thu Dec 27, 2001 6:00 pm
Location: Marietta, GA

Re: Windows Live Essentials, crapware quotient?

Postposted on Thu Oct 28, 2010 2:29 pm

I know we're arguing philosophy at this point. But, in case I'm the one that's about to be botted:

This old box is used by the kids for games. It used to (almost) never go on the internet. Now it does every weekend or two (by me) for updates. The rest of the time it's running Spore, Civ4, etc. with an AGP card and two full DIMM slots. I'm not putting another single dollar into hardware there. I'd like to hold out for Sandy Bridge, but more likely they'll get a nice hand-me-down. Box #2 is a (slow) celeron fileserver + benefits: mirc and a few other windows only apps. I'm leaning toward continuing to ignore that one. EDIT: eg it's all auto-patch, and always in swap, and that's ok for my apps.

These are perfectly good computers that have been overtaken by software bloat. Many hardware enthusiasts have a blind eye to this. My 16GB Q6600@3.2ghz is doing fine. And that's for Maya simulations and renders - lest I be accused of having too much computer. :D I don't have broad experience to pick a side on if most non-technical users eventually suffer from lack of MS update.

So that was a little bit ego rising to the bait, and something about assumptions. Most importantly, I wanted to thank everyone for the specific infos. I'll grab that sysinternals util too so I can see what svchost is up to. Windows admin has always felt like a black art to me vs unix. Especially printer sharing. But, I know it's lack of time investment.

Carry on.
zqw
Gerbil
 
Posts: 49
Joined: Sun Dec 28, 2003 1:27 pm

Re: Windows Live Essentials, crapware quotient?

Postposted on Thu Oct 28, 2010 2:36 pm

Ryu Connor wrote:Text sucks. I also have a very direct writing style, which is weird to be honest. As I feel verbally I'm sure some people wish I'd disable the -v switch. I make no apologies for it. There are some other regulars on this forum who make me look like silk.


Great, so there's someone worse than you, so that's ok then. If your blunt approach combined with your opinion on a topic turned out to be wrong, would you apologise for your attitude then? If so, why not just cut the attitude out to begin with? Have you considered that you might get your point across better without the attitude, and that people would be more receptive to what you're saying?

Also, you didn't answer my previous question:
How exactly does Microsoft Update protect your machine any more than Windows Update if the only Microsoft software you're using is Windows?


Because you don't know how things might change for the user in the future. Who is to even say you will remain their business choice for future IT support?


How is that relevant?
Who is to say what MS software will be supported by MS Update in the future?


Then, based on previous MS behaviour, MS update would be enabled. It doesn't get enabled by Windows on its own.

Maybe something not presently supported by it now, will be. With security holes that crop up into MSN Messenger now and again I wish they'd add it. If MS adds software to it that your customer does use and was traditionally not supported, will they be covered? Will it somehow magically turn back on?


You may as well argue "what if Microsoft Update goes horribly wrong and loads of users' computers get compromised because of it?", because dealing in future "what ifs" is a pretty shaky argument when we're talking about something in the present day.

If the customer installs some other MS product - such as Excel Viewer. The office Viewers often have many of the same holes that the full programs in Office 2007 receive. Are you 100% sure the the disabling of MS Update will reverse? In all cases? Under all conditions? 100% error free? I don't know, I'd have to setup a new fresh XP box, install the viewer and see. Even if testing shows it works, is it worth the risk?


Actually, I don't think it does, but again you're taking a standpoint of future-based "what if"'s, because what if a user installs anything. If you want to go for this line though, what happens on a clean Windows install and a customer wants an office viewer program, and if I'm right, Microsoft Update doesn't get enabled (at least I don't think it does for 2003, not sure about 2007), damn, Microsoft isn't doing the right thing!

What if the customer had MS software that was covered and you missed it? You are human, you will err.


Fair point. I try to take sufficient care in my work to minimise mistakes, that's the best anyone can do at any time. Mistakes can cause all manner of problems.

Then there are more problematic issues like teaching some random dude on a forum how to do it because he asked. You don't know him, I don't know him. He didn't know enough to cut it off to begin with, but you went ahead and handed him the loaded gun. Whose to say he'll be diligent? What if he just totally forgets and doens't patch it for months? What if he is diligent, but chooses a long period like once a month? He then gets hit by a very fast spreading new virus because it occured between his four week routine?

You can say, "That's unlikely". Whatever. Life is unlikely. You might drive out to the next job site tomorrow and get t-boned. You plan security based on unlikely. You don't plan based upon saving RAM.


Have you ever given out any advice that carried any level of risk on a forum? Shame on you.

I'm not sure where the risk is in "if you don't use Silverlight, uninstall it, and if you don't use any software that gets updated via Microsoft Update, disable that and revert to Windows Update", that there isn't risk in "you ought to update driver x", or "you ought to try this security software rather than that", even though their suggested security software is actually quite good (but not perfect obviously).

"security based on unlikely":

The way you've argued in this thread suggests that if a user has Microsoft Update enabled, they're protected against MS security vulnerabilities and that's that. You ignored my point about the added security risk of the optional parts of WLE, you largely ignore my question about what extra protection does Microsoft Update ACTUALLY provide over Windows Update if no other Microsoft software is installed and instead tried to patch it up with "well, it might, you know, one day". Yes, it might grow into a phoenix one day and fly away, but I wouldn't count on it.

They say that the most secure computer is one without power, filled with cement and buried underground. Everything less than that is a security compromise. Using Microsoft software is compromising to a certain extent, because on the face of it, most malware is written to target it, largely because of its popularity. You're on a forum and you've very likely got JavaScript enabled in your browser, major security compromise right there. Are there any unpatched vulnerabilities in the software you're using right now? Has a recent security update caused a security regression? Basically your computer usage right now is based on a large list of security compromises, and you're talking about "unlikely"?

Let's just recap. One of my original points was that if you're not using Silverlight or any other MS products that are addressed specifically by Microsoft Update, is that you should disable Microsoft Update (and remove Silverlight), because of its performance drawbacks. Performance drawbacks aside (and hopefully I'll get a test scenario together to address that soon), because we're currently talking about computer security, you're taking issue with my example of Silverlight being unnecessarily installed, that I think it should be removed and MS Update reverted to Windows Update, and you think the bigger problem is Microsoft Update? Hello! browser plugin! Let alone the (IMO, unlikely, but considering your desire to split hairs) possibility of a vulnerability specifically in Microsoft Update.
Last edited by mikeymike on Thu Oct 28, 2010 3:35 pm, edited 3 times in total.
mikeymike
Gerbil Elite
 
Posts: 635
Joined: Wed Jan 27, 2010 5:09 am

Re: Windows Live Essentials, crapware quotient?

Postposted on Thu Oct 28, 2010 2:46 pm

zqw wrote:I know we're arguing philosophy at this point. But, in case I'm the one that's about to be botted:

This old box is used by the kids for games. It used to (almost) never go on the internet. Now it does every weekend or two (by me) for updates. The rest of the time it's running Spore, Civ4, etc. with an AGP card and two full DIMM slots. I'm not putting another single dollar into hardware there. I'd like to hold out for Sandy Bridge, but more likely they'll get a nice hand-me-down. Box #2 is a (slow) celeron fileserver + benefits: mirc and a few other windows only apps. I'm leaning toward continuing to ignore that one. EDIT: eg it's all auto-patch, and always in swap, and that's ok for my apps.


You don't mention how much memory they have. What's the memory usage like when when you start them up? What length of time do they take to start up from the moment that you see Windows loading to the point where the hard disk stops accessing?

What Microsoft software is on these machines? If you're not sure, consult the add/remove programs list.

What security software is installed? What icons have you got on the system tray next to the clock (sorry, I know that's a tedious one, but it's one of my favourite tactics in looking for things to take a mallet to).

You might be better off starting a new thread as other people who may be avoiding this one might be able to help you too.
mikeymike
Gerbil Elite
 
Posts: 635
Joined: Wed Jan 27, 2010 5:09 am

Re: Windows Live Essentials, crapware quotient?

Postposted on Thu Oct 28, 2010 7:20 pm

mikeymike wrote:Great, so there's someone worse than you, so that's ok then. If your blunt approach combined with your opinion on a topic turned out to be wrong, would you apologise for your attitude then? If so, why not just cut the attitude out to begin with? Have you considered that you might get your point across better without the attitude, and that people would be more receptive to what you're saying?


The attitude is perceived, not real. Any time you challenge another human on details they tend to react negatively. That's only going to be doubly so when the topic of discussion is the quality of your work. Can't fix human nature. This is also a deflection and a distraction. It's not defending your technical malfeasance, it's just playing the victim card.

How is that relevant?


Always in motion is the future. It's relevant because if you leave them configured one way and someone else becomes the provider, it's not like you're leaving notes for them. They might assume that MS Update is actually on, which isn't a crazy assumption. Queue the Benny Hill theme from there as the comedy of assumptions manages to impact the customer.

There is after all no rule that their next provider need be anything like you, they might be worse than you! They might keep the customer over you simply because they're more personable, or better looking, or because they know each other. At that point you just blow the situation off? Say well, since they screwed me they deserve everything they get? Yeah, that goes real well until their machine ends up part of the botnet that send me another piece of spam or is involved in a DDoS of Gene Simmons' website. I might have been trying to view that Gene Simmons site!

At that point it was your actions that lead to the issue, not the idiot that replaced you. Even if you don't believe that, trust me, when the idiot does clean the computer and undoes it, he's gonna blame you any way. Who knows how that might impact your business, word spreads after all.

You may as well argue "what if Microsoft Update goes horribly wrong and loads of users' computers get compromised because of it?", because dealing in future "what ifs" is a pretty shaky argument when we're talking about something in the present day.


Are you leaving your customers best prepared to reach all the patches available to them irregardless of how their configuration may or may not have changed since you last saw their machine?

You're not.

Why do you think you are in a superior position to dictate to this user - who doesn't know any better and doesn't understand - that they don't and potentially won't need this service now or in the future? They are in no position to argue with you. At what point have you ceased to provide a service to a customer and started assuming that this user and this machine has the same behavior as you?

This is practially as obnoxious as going in and changing their wallpaper, theme, or screensaver on the idea it's better for them. You're taking their machine and dicking with it to fit your own sensibilities. Maybe you do get their consent, I certainly hope you do before you start uninstalling applications, but this WU vs MS Update thing is not something the laymen is in a position to understand. You're not going to give them a fair argument on the merits either. You're just gonna tell them it's better and they'll agree.

Actually, I don't think it does, but again you're taking a standpoint of future-based "what if"'s, because what if a user installs anything. If you want to go for this line though, what happens on a clean Windows install and a customer wants an office viewer program, and if I'm right, Microsoft Update doesn't get enabled (at least I don't think it does for 2003, not sure about 2007), damn, Microsoft isn't doing the right thing!


You as the "IT Pro" are already one step behind the enemy. You have to work in what ifs. What if this network gets compromised. What protections do we have in place internally to minimize the damage? What can we do to futher minimize that damage?

What if Word Viewer didn't patched by your actions? What if they got infected through that vector? What if that didn't just result in the machine becoming a bot, but instead lead to indetity theft?

What if this MS application gets installed? What if it needs a critical patch? What if it gets a zero day exploit and receives a critical out of band patch?

What if a new virus comes out? What if a new piece of malware comes out? What if a new OS vulnerability is released?

You're perfectly okay with those last three what ifs. Yet what if the customer installs something that needs MS update and your actions have left it disabled? Somehow that doesn't pass your muster and it's very intellectually dishonest.

For most end users the question of what if in regard to an application patch is not good. The MS products covered by MS Update on the other hand. That's a plan in action, we can answer the what if.

Or you can just save some RAM.

Have you ever given out any advice that carried any level of risk on a forum? Shame on you.


Only in ignorance and someone not so gently illustrated my error.

There were many tears ;_;. Can I be a victim in this thread too?

The forums made me the way I am! Don't hate me, it's not my fault after all!

The way you've argued in this thread suggests that if a user has Microsoft Update enabled, they're protected against MS security vulnerabilities and that's that.


Pretty much. Obviously the user needs other protections as well. You wouldn't deprive them of anti-virus to save RAM. You wouldn't disable automatic updates for the virus scanner for RAM. Then why are you disabling security patches for MS products? Obviously you're updating the virus definitions on the what if that a new virus would land on the machine. What's so hard about the concept of leaving the patching system in place in the event of the what if of new software on the box?

The hope that the software they install undoes your actions? They paid you to fix a problem, not to configure their computer to the way you like it. They might have even paid you to fix some malware and I presume as part of that service they expect you to help them mitigate such problems again in the future. Yet you disable a patching point for them, based not upon any sort of reality, but instead all based upon an assumption of an assumption of an assumption.

You assume they won't change, you assume a relevant change will undo your actions, and you assumed they were you and thus didn't need it to begin with. It's shocking really.

You ignored my point about the added security risk of the optional parts of WLE, you largely ignore my question about what extra protection does Microsoft Update ACTUALLY provide over Windows Update if no other Microsoft software is installed and instead tried to patch it up with "well, it might, you know, one day". Yes, it might grow into a phoenix one day and fly away, but I wouldn't count on it.


Because I don't care about WLE and WLE is irrelevant to my point. It's a distraction, it's a tangent, it's only peripherally related and that's being generous. You're trying to make this into being about WLE. I've conveyed what MS provides over WU, it's just not the answer you want to hear. Queue the earlier item about people focusing on the answer they want. You want to be right, you don't want to consider a negative future implications of your actions. You've moved the debate into derision and called it, what if. You mock it as some impossibility that needs no planning for and can walk away smug in your satsifaction that you need not actually accept you're wrong and that you're actions represent poor IT work.

The real hilarity of all this is how goal posts got shifted a bit. After I stomped on the reality of the memory footprint of MS Update, you've been purposefully avoiding that. Suddenly it's the fact that my justifcations aren't sufficient. Then there's the derision of what if, yet so many of your actions are already guided by what if. It's much easier to deride and attack the concept than it is to answer the fact that MS Update basically has no serious memory footprint impact over WU. Your original incorrect understanding of MS Updates behavior has lead you to screw up. If this for some reason this discussion actually continues (hopefully not). If you produce this magical 300MB MS Update, do be forewarned that I'm not an idiot and that I realize that SVCHost.exe is hosting many services.

P.S. You'll make more money and satisfy more customers if you can convince them to actually upgrade their RAM.
"Welcome back my friends to the show that never ends. We're so glad you could attend. Come inside! Come inside!"
Ryu Connor
Global Moderator
Gold subscriber
 
 
Posts: 3450
Joined: Thu Dec 27, 2001 6:00 pm
Location: Marietta, GA

Re: Windows Live Essentials, crapware quotient?

Postposted on Thu Oct 28, 2010 10:15 pm

Clap, clap, clap.
There are people that embrace the Oxford comma and people who don't. Never get between these people when drink has been taken. I use the Oxford comma and always will. The rest can sod off.
Captain Ned
Global Moderator
Gold subscriber
 
 
Posts: 19735
Joined: Wed Jan 16, 2002 6:00 pm
Location: Vermont, USA

Re: Windows Live Essentials, crapware quotient?

Postposted on Fri Oct 29, 2010 1:33 am

Ryu Connor wrote:The attitude is perceived, not real. Any time you challenge another human on details they tend to react negatively. That's only going to be doubly so when the topic of discussion is the quality of your work. Can't fix human nature. This is also a deflection and a distraction. It's not defending your technical malfeasance, it's just playing the victim card.


Ah, so you didn't go for a direct attack with "my actions are leading to adding another machine to a botnet" then? This is your opinion. If you don't see the difference between your opinion and fact, then you're not going to see what I'm talking about on this point.

Always in motion is the future. It's relevant because if you leave them configured one way and someone else becomes the provider, it's not like you're leaving notes for them. They might assume that MS Update is actually on, which isn't a crazy assumption. Queue the Benny Hill theme from there as the comedy of assumptions manages to impact the customer.


(Isn't your first sentence a Yoda quote?) They might assume a lot of things. They might assume that an update system works that hasn't been tinkered with that doesn't. Once again, just because I said something on a forum you're assuming that I use that suggestion with customers.

One thing I can almost guarantee with my customers, is that if I come across a Vista machine without either service pack on, if time (and the customer) permits the I put the first service pack on myself then leave them instructions for how to put on the second one (because usually they'll say they can do that themselves rather than pay me another hour or so). Nine times out of then, they won't have followed the instructions six months later. Such people do not make good candidates for ensuring they'll do something manually for their computer security's sake on a regular basis.

I've skipped the rest of your comments where you're assuming that I give advice or make recommendations on a much more technical forum than any of my customers are likely to frequent. I'd be surprised if all the people on this forum can't explain the difference between computer memory and hard disk space.

This is practially as obnoxious as going in and changing their wallpaper, theme, or screensaver on the idea it's better for them.


Where the hell did that come from? You're the one making some enormous assumptions here, and they don't stand up to reality.

Actually, I don't think it does, but again you're taking a standpoint of future-based "what if"'s, because what if a user installs anything. If you want to go for this line though, what happens on a clean Windows install and a customer wants an office viewer program, and if I'm right, Microsoft Update doesn't get enabled (at least I don't think it does for 2003, not sure about 2007), damn, Microsoft isn't doing the right thing!


You as the "IT Pro" are already one step behind the enemy. You have to work in what ifs. What if this network gets compromised. What protections do we have in place internally to minimize the damage? What can we do to futher minimize that damage?


By this I'm assuming that you enable Microsoft Update on every machine you encounter? Why don't you leave a LiveUpdate client on there as well, just in case they start using Norton, or Adobe's update manager (which, let's say you saw the machine about a couple of years ago, this update client is now redundant yet is left on the machine)? You know, just in case? If you don't do these other things as well, then surely you're in conflict with your own argument, but also, if you do, you're potentially increasing the number of vectors of attack on said computer. Or are the other update clients an exception to the rule because they're not made by Microsoft?

One of the things I do is to tweak the file-sharing services and alter the network adapter's TCP/IP configuration so that if the firewall was offline, the machine wouldn't leave these ports exposed. I do that for performance reasons as well, why have the computer providing a service when that service is not needed.

Of course, at some point, another computer-fixer might ASSUME that these measures weren't in place and cue the Benny Hill theme here.

What if this MS application gets installed? What if it needs a critical patch? What if it gets a zero day exploit and receives a critical out of band patch?


What if any other application gets installed that for some reason lacks its update system and gets exploited? What if, by enabling Microsoft Update and the user then goes and installs a piece of MS software and the installer tries to enable it and somehow corrupts it instead?

I'm sorry, I just don't agree with your "enable Microsoft Update just in case, because then everything will be ok". Your "what if" scenarios are as far-fetched as the ones I counter with.

You're perfectly okay with those last three what ifs. Yet what if the customer installs something that needs MS update and your actions have left it disabled? Somehow that doesn't pass your muster and it's very intellectually dishonest.


Because in my experience it isn't plausible. In my experience, disabling or removing everything everything unnecessary for the use and upkeep of the machine in its current configuration is plausible, as it something that could be a threat in the future without affecting the usage of the computer.

I don't go as far as disabling or uninstalling unnecessary network hardware, even though that could have an exploitable vulnerability in the future, because that would affect the (much more likely and plausible) use of the computer in the future. If I did go around disabling/uninstalling unnecessary network hardware, it would make the machine slightly more secure, but I believe that this is pushing security too far to the expense of the user. I don't want to make my customers dependent on me to do something like changing their machine from a wired to wireless connection or vice versa. Making such assumptions about future computer-fixit people coming to fix the computer could result in a lot of problems for them too.

Have you ever given out any advice that carried any level of risk on a forum? Shame on you.


Only in ignorance and someone not so gently illustrated my error.


*smirk* Wow, you make it sound like it only happened once. Does that not seem a tad arrogant to you? No, I'm not implying the outcome of this thread, I mean generally speaking.

The way you've argued in this thread suggests that if a user has Microsoft Update enabled, they're protected against MS security vulnerabilities and that's that.


Pretty much.


Right, well, I disagree, and I've stated my reasons. Yours are based on a scenario that I don't think is plausible enough to enable (or leave enabled) a currently redundant system that may carry its own vulnerabilities.

The real hilarity of all this is how goal posts got shifted a bit. After I stomped on the reality of the memory footprint of MS Update, you've been purposefully avoiding that.


I haven't purposefully avoided that, I've said twice on this thread that I intend to counter that point when I have an XP machine in-house that I can check it with.

Suddenly it's the fact that my justifcations aren't sufficient. Then there's the derision of what if, yet so many of your actions are already guided by what if. It's much easier to deride and attack the concept than it is to answer the fact that MS Update basically has no serious memory footprint impact over WU. Your original incorrect understanding of MS Updates behavior has lead you to screw up. If this for some reason this discussion actually continues (hopefully not). If you produce this magical 300MB MS Update, do be forewarned that I'm not an idiot and that I realize that SVCHost.exe is hosting many services.

P.S. You'll make more money and satisfy more customers if you can convince them to actually upgrade their RAM.


I can't counter the point sufficiently yet about its performance, so I have to base my argument on assuming that I'm right there. You've already poured derision on me providing evidence on this topic.

Your advice seemingly is to enable Microsoft Update in any scenario, just in case. I disagree, because in my experience, just like with any other piece of major-label piece of software, its update system is installed/enabled at the time of software installation. I think that following your advice leads to excessive memory usage and presents a possible vulnerability in the future. I work by disabling or removing unnecessary software because I think that's a much more plausible principle of securing systems, but I try to be careful not to push that principle too far. It won't lead to 100% security, but nothing does, except disconnecting the computer from the mains.

I recommend anti-virus software to customers who are using security software that is significantly affecting their computer's performance. If they accept my recommendation, it's quite possible that the software that I recommend ends up not protecting them against a threat that their current software does, or vice versa. That is accepting both faces of the sort of "what if" scenario that you like to present one face of.

P.S. You'll make more money and satisfy more customers if you can convince them to actually upgrade their RAM.


Not if it doesn't fix their machine's performance issues. Disk I/O is a much greater problem than RAM usually. That's one of Microsoft Update's issues on XP, in my experience it adds quite a bit of time to the startup routine (though obviously, the slower the machine, the more pronounced the problem will be), which is not resolved by having lots of RAM. While high RAM usage and high disk I/O doesn't necessarily go hand-in-hand, there's a common correlation because there's not a lot of point in using loads of RAM without putting data in it.
mikeymike
Gerbil Elite
 
Posts: 635
Joined: Wed Jan 27, 2010 5:09 am

Previous

Return to Windows

Who is online

Users browsing this forum: No registered users and 4 guests