Saturday, July 28, 2018

winblows update

so i'm using my computer thursday night when i get a notification that updates have been applied that require a reboot. ok, whatever, i've mostly come to terms with the fact that Windows 10 updates itself without asking me, at least it asks me when is a good time to reboot. that wasn't a good time so i said later.

well, later came in the wee hours of the morning when i was done working and ready to head to bed. i go to shut off the computer and the new options in the shutdown menu remind me that there was an update to take care of, so i choose the update and reboot option.

i chose that option rather than update and shut down because, from past experience, the update process has not actually completed by the time the system shuts down. there's a bunch of stuff it needs to do on the next restart and that takes up time i could be doing something else, so no shutdown just yet, just an update and reboot and i head off to take care of my evening oral hygiene routine thinking that the process would be done by the time i get back.

when i come back the computer is still in the process of rebooting? what the heck? oh no, i've seen this before (or at least i think i have). is the computer stuck in a reboot loop? powering off for a few moments usually breaks out of the loop, but this time i discover it wasn't a reboot loop at all. when i let it power up again i see a screen saying that it's applying updates and that several reboots will be required.

are you kidding me? this is not what i want to deal with in the wee hours of the morning when i still have to go to work the next day. this is not convenient, and frankly "several reboots" for an update is bullshit. i understand the need to perform a reboot during an update; files and other resources that need to be changed may be locked by running processes and rebooting eliminates that impediment, but several reboots? Microsoft has been at this update business for decades now, you'd think their little minions would have figured out how to coordinate their efforts so that each part of the update could make use of the same reboot, but no, apparently that kind of unified effort is beyond them and in fact they seem to be moving in the opposite direction where every bit and piece of their updates (and the operating system itself) is becoming more separate and isolated from the others.

so i did what i hate doing. i left the computer on completely unattended overnight so that hopefully by morning the update would be done. and it was, but that's not the end of the update related problems. you see, Microsoft's updates aren't just for security fixes. those are important, yes, and the fact that people were taking too long to apply them and leaving their systems to become part of massive botnets is part of the reason the user's control over updates was taken away from them. however, Microsoft has re-imagined how versioning of their operating system will work so those updates now also come with feature changes, which (due to the increasingly isolated approach units within Microsoft are taking nowadays) means new binaries with new behaviours.

how the hell is anyone supposed to develop a behavioural baseline for their system with this never ending parade of new binaries and new behaviours? this morning's culprit? BackgroundTransferHost.exe. what does it do? who the hell knows? not only does Microsoft give us less agency now that we can't control if/when updates occur, but there's also less transparency now too because the number of separate/isolated binaries they're introducing to the system has far, far outpaced anyone's efforts to document them.

maybe BackgroundTransferHost.exe isn't even Microsoft's. maybe it's malware. if i were going to make a downloader trojan, that sounds like just the sort of name i'd use - but what do i know, i'm not a malware writer. i suppose they expect me to trust it because it's signed, but that's not how that works. being signed (and passing the signature validation procedure) just means it hasn't been modified after getting signed, not that it's legitimate, not that it's safe, not that it's trustworthy. signing certificates get stolen. there's plenty of signed malware out there.

oh, and the cherry on top is now VMware is non-functional.

what the actual f#$% Microsoft. stop making alternative security approaches so much harder than they have to be. i'm regretting moving on from Window XP. at least there i could perform application and behavioural whitelisting with relative ease.

0 comments: