What the "Black screen of death" story says about tech journalism

I’ve spent the better part of the last 48 hours looking into the colossal fiasco that is the “Black Screen of Death” story. It’s a near-perfect case study in how Internet-driven tech journalism rewards sloppy reporting and how the echo chamber devalues getting the story right.

Here, let me walk you through the whole sordid, depressing episode.

On Friday, November 27, an obscure computer security company, Prevx, publishes a blog post accusing Microsoft of releasing security patches that cause catastrophic crashes in Windows PCs. The inflammatory headline reads: Black Screen woes could affect millions on Windows 7, Vista and XP. The post lacks even the most rudimentary technical details and is maddeningly vague. It goes unnoticed over the U.S. Thanksgiving weekend.

Early Monday morning, November 30, Jeremy Kirk of the IDG News service sends a story out on the wire that is picked up by IDG flagship publications PC World and ComputerWorld. Conveniently, the story is posted at 7:05AM Eastern Time, ensuring that it will be at the top of news sites as Americans drag back into work after the long holiday weekend.

Here’s the first headline as it appeared at PC World and ComputerWorld early Monday morning: Latest Microsoft patches cause black screen of death According to the accompanying story, the patches “cause some PCs to seize up and display a black screen, rendering the computer useless” for millions of Windows users. The security company “hasn’t contacted Microsoft yet” and “Microsoft officials could not be immediately reached for comment.”

The story is echoed by dozens of other publications within an hour, some pointing specifically to PC World as the source. The rush of coverage catapults the accusations into the mainstream. At some point that morning, Microsoft’s security team goes into “fire drill” mode.

Later that day, this follow-up headline appears in ComputerWorld: Microsoft investigates Windows “black screen of death” The report quotes a Microsoft spokesperson, who says “Microsoft is investigating [the] reports…"

I interrupt here to note that asking Microsoft for comment on Monday morning was disingenuous. Prevx admits that no one from the company contacted Microsoft before publishing their vague findings and inflammatory headline. Given that this is the first that anyone at Microsoft is hearing of the issue, what else can they say but “We’ll investigate and get back to you”? In the initial flurry of reports, not a single reporter talks to an independent expert on computer security or Windows.

More headlines:

Microsoft is investigating... Microsoft is probing... Microsoft is looking into the problem... And then, finally, on Tuesday afternoon: Microsoft denies blame for ‘black screens of death’. Oh, really? By the time your name appears in “So-and-so denies…” headlines, you are toast. Ask Tiger Woods.

It’s he-said-she-said journalism at its finest. Security expert says Microsoft patches seem to cause fatal crashes, and Microsoft denies it! Who’s right? Hey, we’re just the press, we don’t know. You decide! In a refreshing bit of actual reporting buried deep in his story, ComputerWorld’s Gregg Keizer notes that a search of Microsoft’s support forums turns up only one thread on the subject in the entire month. Alas, he does nothing to help his readers draw the obvious conclusion from that data point.

After two full business days of relentlessly negative coverage for Microsoft, the noise from the echo chamber is deafening. More than 500 separate posts on mainstream tech sites and in blogs have amplified the original story, most of them simply repeating the accusations from the Prevx blog post with no original reporting or fact-checking. The story has now taken on a life of its own.

Finally, on Tuesday evening, Prevx backs down completely from the story, publishing a formal retraction and apologizing to Microsoft. Another follow-up post the next day from Prevx CEO and CTO Mel Morris tries to deny any responsibility for the damage. He includes this hilarious bit of understatement: “Regrettably, it is clear that our original blog post has been taken out of context and may have caused an inconvenience for Microsoft.”

You’ll notice I didn’t link to any of the Prevx blog posts or IDG headlines in the account above. Here’s why: Doing so increases the rank of those pages on search engines and makes those inaccurate headlines and summaries even more likely to bubble to the top of a search for troubleshooting information on Windows. And given that most of those stories have not been corrected, it would be irresponsible to give them more Google juice than they already have.

In an e-mail exchange earlier today, I asked PC World Editorial Director Steve Fox whether he plans to publish a retraction or apology for PC World's role in spreading this inaccurate information. Fox stoutly defends his publication’s coverage, saying that they were chasing the story “in real time” and adding, “We were reporting the facts as they were understood at the time (including reference to the primary source), confirmed the existence of an actual problem, and asked for comment from Microsoft.”

Sorry, I’m not buying it.

The idea that IDG was chasing a fast-moving story in real time is absurd. IDG publications weren’t chasing the story, they were leading it. As I noted, the original blog post was published on a Friday. No one noticed it until Monday morning, and IDG was the first one to report on it. An IDG editor could have tossed the story back for some basic fact-checking and reporting. If someone had exercised even a basic set of journalistic skills, this story might never have taken off. But someone decided that this sensationalist report was worth a lot of page views and hit the Publish button when it was half-baked.

PC World’s Fox says he has inserted updates in the relevant stories but that it would be “dishonest and even disingenuous to change an old headline after the fact.” It doesn’t matter that the headline is factually wrong and will appear in search results until the end of time. (The notion that a headline or story becomes part of a sacred historical record and can’t be changed is not shared by other modern journalists. My corporate cousins at CNET aren’t afraid to change a headline when the original is inaccurate. The New York Times has been known to change headlines in blog posts to fix a mistake. There’s a process for making formal corrections in news and feature headlines at the Times, too, as in this particularly amusing example. Even smaller papers like the Birmingham Post are unafraid to tweak a headline when they realize they got it wrong initially.)

Unfortunately, IDG publications aren’t alone in training their correspondents and writers that being first is more important than being right. But in my reading through the dismal headlines around this story, I found several journalists who were willing to wait and do some basic reporting and managed to get the story right. Scott M. Fulton III of Betanews skewers Prevx for sloppy research and irresponsible disclosure:

For a company that made its name pointing out the dangers of trusting any old site that claims it's found an infection on your system and it can fix that for you, it may be a little ironic for Prevx to be pushing a quick fix as an .EXE file, for a problem whose causes it can't adequately explain. …

Prevx knows of ten different scenarios that could trigger KSoD conditions, and acknowledges that maybe this fix will work and maybe it won't. …

[E]ven if the Prevx fix does cure the KSoD problem, it would be conceivable that adjusting the permissions the other way could re-introduce the vulnerability that the original Microsoft patch addressed. That's assuming the fix actually does anything at all -- something which we haven't yet been able to verify.

However, all of that is speculation until anyone, including Microsoft, can make sense of just what it was that Kennerley is claiming.

[…]

E-mails to known Prevx addresses bounced back this morning, as though no one were actually present at the firm.

Rob VandenBrink of the Internet Storm Center, an independent, all-volunteer security outfit founded by the SANS Institute that doesn’t make its living based on scaremongering, connected the other dots:

[W]e simply aren't seeing any widespread "black screen" issue.

The thing I find most interesting in this cyber-opera is the number of  posts that we're seeing on other sites that took the original post as truth without doing any check at all.  I realize people are busy and everything, but a little bit of fact-checking goes a long way ....

Indeed.

As for Prevx, they deserve to be laughed out of the security commmunity for their role in this fiasco.