James Bannan29 October 2007, 4:13 AM
Has your PC suddenly started running slowly for no obvious reason? You can thank Microsoft for that.
Has your PC suddenly started running slowly for no obvious reason? You can thank Microsoft for that.
Windows XP and 2003 users and administrators were recently bewildered by the sudden appearance of the Windows Desktop Search toolbar on their systems.
But it was the resulting machine slow-downs as WDS commenced indexing of local content that has made users see red.
 Surprise! |
It turns out that Windows Desktop Search – an optional add-on for Windows XP and 2003, and an integrated function in Windows Vista – was slipped into a recent Windows update and unknowingly downloaded by Windows Update users and WSUS administrators.
It has sparked significant complaint and criticism. For home users it’s inconvenient enough, but for administrators it’s an absolute nightmare. System indexing is a time-consuming and disk-intensive procedure, resulting in slow-downs and end-user frustration. To have such an update sneak in (totally unauthorised) on to multiple enterprise systems simultaneously, not to mention Windows 2003-based servers is an outrageous situation, resulting from a staggering oversight.
Bobbie Harder, a program manager on the WSUS team, announced late last week that:
"Unfortunately, in revising this update, the decision to reuse the same update package had unintended consequences to our WSUS customers. Many of you who had approved the initial update package for a limited number of machines, had Tuesdays' WDS revision automatically install on all clients because of the expanded applicability scope and because, by default, WSUS is set to automatically approve update revisions.
"We sincerely regret the inconvenience this has caused and extend a sincere apology to all impacted customers."
This explanation is highly suspect, however, as many WSUS administrators (myself included) have confirmed that the original package Windows Desktop Search was never approved and in many cases was specifically declined.
 We're not home to WDS |
Trawling through the update logs of an affected system, it seems that the package which is KB917013 (Windows Desktop Search 3.01 for Windows XP & 2003, 32- and 64-bit), was automatically approved by the Update client and downloaded and installed without notifying the user. In the case of a WSUS-connected machine, the package had been downloaded and cached to the local WSUS server, again without administrative approval.
To remove the package, end-users can uninstall it via Add/Remove Programs, and select Windows Desktop Search.
 Get rid of what you never asked for |
Administrators can target the following uninstall script:
C:\WINDOWS\$NtUninstallKB917013$\spuninst\spuninst.exe
WSUS administrators should also clear out the following file from all local WSUS servers:
driveletter:\WSUS\WsusContent\7A\AFFE68329462028DB8BD5B6A64FCAA4CC5064A7A.exe
This is the update package containing the WDS install files.
Users and administrators alike will be looking for a more comprehensive explanation and apology from Microsoft. Windows Update and WSUS have excellent reputations amongst Windows users, but this is based very strongly on a sense of trust and reliability, as well as the ongoing belief that Microsoft are doing the right thing by their customers.
While no-one is accusing Microsoft of deploying WDS knowingly and maliciously (not yet anyway), such a monumental stuff-up will do serious damage to end-user confidence.