Feeds

IE uninstaller – was it broken deliberately?

DoJ expert Felten comes close to saying it was...

  • alert
  • submit to reddit

New hybrid storage solutions

The transcript of Professor Felten's testimony as to what Microsoft did to the prototype removal program makes interesting reading, so we are including the full text of that part of the transcript so that readers may draw their own conclusions. David Heiner, a Microsoft lawyer, is asking the questions. Heiner: Dr. Felten, isn't it true that the Windows update feature is almost entirely nonfunctional after the prototype removal program is run? Felten: No, I don't believe that's the case. I should say--hang on. We are getting into an issue here that was one of the things that's changed since I filed my testimony, so let me talk about that for a minute. Heiner: Sir, the question is: isn't it true that the Windows update feature is almost entirely nonfunctional after the prototype removal program is run? It's a yes-or-no kind of question. Felten: Let me explain what the situation is with regard to that. In September, in early September, we provided Microsoft with the source code for the prototype removal program. And on the 4th of December, ten days ago, Microsoft modified some of the software that they distribute as part of the Windows update feature in a way that made it incompatible with the prototype removal program. (Expert's code gets 'broken') Specifically, it was modified in two ways. The first--the first way was that the software was made to download a file in an attempt to put that file into the same directory, into the Internet Explorer directory. Since that directory is no longer present, the attempt to download that file doesn't work. This is a very easy thing for Microsoft to fix. Simply put the file anywhere else. And we have verified that that fix works. there is another change that Microsoft made at this time, which is simply a bug in that the Microsoft code, at one point, fails to initialise a part of the Microsoft API called "com." This is a simple bug. So, Microsoft introduced those two changes after seeing our prototype removal program, and those two changes had the effect of making Windows update incompatible with the prototype removal program. We have verified that Microsoft could easily fix both of those changes, and we verified that by making modifications to the software so that it works again. but it's true that as Microsoft--if you look at the software that Microsoft is offering today, it doesn't work because of these incompatibilities that Microsoft introduced. The Court: Let's see if I understand that testimony. You are telling me that in the course of discovery in this case you provided the source code for your protocol, removal protocol? The Witness: Yes. That happened over the Labour Day weekend. The Court: Therefore, there appears to have been product changes by Microsoft? The Witness: The change was to--technically to an ActiveX control, which is a program that Microsoft provides for download. And as part of this Windows update feature, this program gets automatically downloaded to the user's PC. And there were changes to this file, and the changes had the effect of making the file incompatible with the prototype removal program. Heiner: Dr. Felten, isn't it true that the Windows update feature was entirely dysfunctional after the prototype removal program is run back in September 1998, the day you gave us the code, sir? Felten: No, that's not the case. After giving Microsoft the code--since giving Microsoft the code, I have run Windows update on my primary desktop PC, which is running a version--on which the prototype removal program has been run, so that is not the case. Heiner: Dr. Felten, isn't it the case that the Windows Update Web site was dysfunctional after the prototype removal program was run every day in September, October, and November 1998? Felten: No, I do not believe that to be the case. Heiner: Isn't it true that the search bar across the top of the Windows update site, which is essential functionality to that site, is totally dysfunctional after the prototype removal program is run? Felten: No, I know of no reason to believe that. I have used Windows update successfully myself several times since then without seeing any problem. ® Complete Register trial coverage

The next step in data security

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
Show us your Five-Eyes SECRETS says Privacy International
Refusal to disclose GCHQ canteen menus and prices triggers Euro Human Rights Court action
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.