MS OneCare nukes MS Outlook data!
Summary: Microsoft's OneCare has had a rough start in the antivirus market, with a recent poor showing in an AV shootout. If that wasn't bad enough, the engine component of OneCare was ironically the first serious remote code execution vulnerability in Windows Vista, though Trend Micro beat them to the punch as a third-party vendor.
Microsoft's OneCare has had a rough start in the antivirus market, with a recent poor showing in an AV shootout. If that wasn't bad enough, the engine component of OneCare was ironically the first serious remote code execution vulnerability in Windows Vista, though Trend Micro beat them to the punch as a third-party vendor.
If that wasn't bad enough, Scott M. Fulton III of BetaNews is reporting that OneCare is deleting Microsoft Outlook user files! With security guards like that, who needs malware?
It seems that this issue has been known since late January, and Microsoft only issued an official response yesterday, according to Fulton. Microsoft won't have a patch until March 13th, and users are supposed to manually put in file exclusions for their PST files in the meantime. For something as important as a user's entire e-mail database and all their contact information, some urgency would seem to be in order. If Microsoft can patch a DRM crack in 3 days, it should certainly be able to patch this problem in less than a week, much less a month.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
It's not going well for Microsoft
All this combined with other issues such as the video codecs George has outlined, the network folder problems, etc, etc, and this looks like the sloppiest product update from Microsoft for many years.
I really think that they had not finished the testing properly or development of Vista/Office. I think commercial pressure pushed it out the door early in a vain hope to catch the Xmas sales which they then missed when it slipped to January. At that point further delay became unacceptable.
Service Pack 1 had better be sooner than later. There's a lot to fix.
Same 'ol
That synopsis pretty much sums it up nicely. They probably should have produced an additional RC beta too, and pushed the final release off a good 2 to 3 months to iron out more of these pesky bugs. Then again, I can't honestly think of an major MS release that didn't follow this pattern to some extent. It has become of the hallmarks of Microsoft releases.
Is it any wonder Service Pack 1's are always so eagerly anticipated, or that so many - individuals adopters and enterprise alike - have learned not to be in a mad rush when it comes to jumping in blindly?
That "synopsis" is clueless since it's the wrong subject
Clueless? Try SOS
But to bring it past the larger scope and to the particulars at hand, since you seem to be insisting on viewing such developments from the "each program unto itself" angle only, when their own flagship security program is zapping their ubiquitous communication app, things have spun from the zone of the 'overlooked' into the realm of the laughable.
To quote yourself: [i]Microsoft's OneCare has had a rough start in the Anti-Virus market with a recent poor showing in an AV shootout. If that wasn't bad enough, the engine component of OneCare was ironically the first serious remote code execution vulnerability in Windows Vista. If that wasn't bad enough, Scott M. Fulton III of BetaNews is reporting that OneCare is deleting Microsoft Outlook user files! It seems that this issue has been known since late January and Microsoft only issued an official response yesterday according to Fulton. For something as important as a user's entire email database and all their contact information, some urgency would seem to be in order.[/i]
I'd call the destruction of clients' user data a rather egregious faux paus, one that could have been prevented with a modicum of in-house testing between their own MAINLINE products. Do none of their testbeds load these applications side by side? Were they not expecting a healthy slice of the public to be running these popular and heavily pushed products at the same time? Makes you wonder if Redmond East (Office) interacts in any way with Redmond West (OneCare) on that sprawling corporate metropolis they maintain. Beyond the lack of clean and snag-free interaction between their own offerings, it sort of suggests no one really makes much use of OneCare even at Microsoft itself! At least among the guys who know best, the engineers! lol
[i]This has nothing to do with Office or Vista. It's about OneCare; the company Microsoft bought a few years ago that's having a hard time producing a good AV package. [/i]
The MS OneCare initiative began back in 2003 when Microsoft began testing their ?PC Satisfaction? service, which included antivirus, firewall, backups, and PC diagnostics in early beta forms - all features now included in Windows OneCare. Soon after that they acquired GeCAD?s RAV, a Romanian antivirus company, and then Israeli-based Pelican Security. Late in 2004 they went for broke and scooped up Giant Software, and we soon saw the first public beta of Microsoft AntiSpyware. According to Microsoft press room releases, the initial trials of OneCare began internally among their own employees before they chose to unleash a series of public betas and final releases.
So here we are in 2007. How long do you suggest we give them before they should be capable of producing something as important as a AIO security suite in "prime time ready" mode? It's one thing to scoff at 3rd party companies like Symantec and McAfee over their protestations that MS was less than forthright in furnishing critical API code before the Vista OEM ship date, but it's another thing to watch MS - even possessing all the homebaked goods [API's] in their own clutches - spinning out half baked goods. According to the independent antivirus test group you cited from the UK, Symantec continues to kick their butt on virus detection effectiveness even in Vista! Beyond the issue of zapping Outlook user data and contacts, what does that tell you about the "MS way"?
Like everything else done a la MS, Redmond invariably throws two things at every thorny issue that arises until they get it "right": 1) a bucketload of money from their bottomless coffers and 2) a plethora of unsuspecting guinea pigs known as Joe and Jane Public to do much of the requisite "live and learn" dirty work. In the meantime, Gates will no doubt remind his hapless guinea pigs: Back up your personal data if it means anything to you kids! Basically this now means we will need to look past the chief culprits of the past - malware and HDD crashes - and be wary of MS security products destroying our precious keep! Lesson learned on the value of backups Bill! Thank you for the painful but heady lesson learned the hard way -- er, the MS way!
[i]You were clearly trying to change the subject to slam other Microsoft products because of this one truly bad product they bought.[/i]
Why are you overreacting to that synopsis from bportlock anyway? Can you not see the size of the egg that is all over the MS collective face on this latest boner? Neither of us were going out of our way to slam Vista or Office. It was more along the lines of what Intel's Otenelli prudently invoked recently: tread carefully before jumping in prematurely with mainline MS products. That often equates "prime time" to service pack 1 time. So how is all this "clueless"?
This has nothing to do with Office or Vista
This has nothing to do with Office or Vista. It's about OneCare; the company Microsoft bought a few years ago that's having a hard time producing a good AV package.
The video codec problem is a quality issue with widescreen DVDs, so it's kind of hard to consider that a show stopper especially since XP had no DVD playback. But it's clear you're trying to turn every Microsoft issue regardless of whether it's related or not in to an anti Vista/Office argument.
Maybe I was not clear enough
Microsoft, at the moment, has all the signs of a company doing "rush jobs". From the outside it looks chaotic.
No you were clear, that's the problem
No I wasn't clear enough....
At present it looks like everything Microsoft is releasing is half-baked and half-finished. That does not make Microsoft look good.
[i]"You were clearly trying to change the subject"[/i]
No I was not changing subjects. I was pointing out that across a whole range of recently released/updtaed software there are major defects that, IMO, should have been found in testing. These defects, in any of these tools/products, are not difficult to replicate, hard to find bugs.
George caught you on this one!
Perception is reality
The OneCare problem is bad, but it is a OneCare problem
[i]"...to paint all of Microsoft's products as not being well tested"[/i]
I listed a number of problems (though not all of them) with Vista and Office. IMO these problems should have been caught in testing. They are NOT obscure problems.
I believe the same is true of the OneCare problem.
[i]"I have not experienced any problems with any of the three"[/i]
Good - I wouldn't wish these problems on to people.
[i]"I'm not saying that problems don't exist only that in normal every day use they don't impact many users."[/i]
I'm glad you're prepared to admit that. The ultimate truth is that the people who matter are not you, me or George. The people who matter are those with the cheque books who I KNOW are reading reviews and news reports about problems with Vista, problems with Office and now problems with OneCare [i]and the perception that these people have is that Microsoft has dropped the ball[/i]. They have told me this.
George and yourself can argue with me all you like, George can talk Microsoft up as much as he likes but as long as the people who buy stuff are worried don't expect them to buy.
In the end-user community the perception that Microsoft is losing it is as effective as if it was actually happening. People judge by what they see.
You seem to be the only fished being reeled in here
I've been using MS products from their (relatively) early days. I earn part of my living from it, so I naturally find value in many of their offerings. MS as a technology company most certainly has its value and I never go out of my way to sucker punch their goods. But as for the longstanding "MS way", that's a completely different matter. If you can't laugh at some of the boners they pull with amazing regularity, along with generous spoonfuls of audacity and hypocrisy on the parts of their leadership cadre, then bless your pointed little head.
RE: Klumper
RE: bportlock
Re: Shadetree
I'm not getting positive feedback. Now I'll grant you that Vista will sell - because if you are buying Microsoft you have little choice. I'll also grant you that satisfied customers don't moan, but the point is I'm hearing levels of moaning that weren't present when W2K and XP where launched.
Re: ShadeTree
Ou: [i]This has nothing to do with Office or Vista. It's about OneCare; the company Microsoft bought a few years ago that's having a hard time producing a good AV package.[/i]
That response is not entirely accurate. While he can claim OneCare "has nothing to do with Vista", I tend to see it as TG2 does in that Microsoft recommends the use of this MS security package with Vista, the implication clearly being that it was designed to work effectively and cleanly with that OS. Then George goes on to state: "It's about OneCare; the company Microsoft bought a few years ago that's having a hard time producing a good AV package." Not exactly accurate again. Microsoft never bought a company called OneCare. They assembled the OneCare security suite on their own beginning in 2003 by fusing together security product acquisitions from GeCad Software, Pelicon Security and GIANT Company. They then fused that with their own ?PC Satisfaction? service they had in beta development. They also added Sybari Software in 2005 to make use of their Antigen product lines for employment in server-level, enterprise security (though not directly related to OneCare).
You know when Microsoft chose to enter the security market, they did so with no special credibility, in fact if anything, they did so WITH an age-old credibility problem. These latest developments hardly paint that picture any the better. You must feel very confident to know that according to a recent test conducted by Austrian antivirus analyst Andreas Cleminti, the oft ridiculed Symantec AV delivered a 97% rating score, while your darling Microsoft OneCare came in last place among the pack of 17 vendors with an abysmal 82% detection effectiveness rating. With detection and prevention scores like that, you may be rooted, keylogged or trojaned and not even know it! Take a free bit of advice here: If your rig starts phoning Eastern Europe or Nigeria randomly, be wary. MOST wary.
I also have to wonder if you'd be singing a different tune if you were one of the unfortunate pawned ones who lost personal data simply because of the line of security software you chose to emply. You know, by shuffling along the ol' tried and true MS way and using the much ballyhooed Windows OneCare solution. I'm sure you'd take it all in good stride, right? Grin n bear it like a faithful MS trooper, as long as the faux paus flies under the "MS Way" banner. Hardly a need to blow any fuses now, correct? Yeah right. If you expect me to buy into that, let me know when you're ready to take possession of that beachfront property I'm selling for cheap in the Rockies.
PS. I still like George for his personality and tech smarts, but nobody's perfect.
re: Klumper
Re: ShadeTree
You're losing me - and this battle - fast. I was pointing out how absurd your contention was (is) that you have to experience something (anything) first hand to deem it real. You know, that pesky thing we call reality. You're now trying to make your own silly hypothesis mine. That's a new one. Note to self: Pinch me, I know I'm real.
[i]Just because George states that it is a problem that has been reported does not make it so or even an accurate assessment of the issue. Often times problems are reported as being caused by one thing when in fact the real cause is something else entirely. Perhaps the issue is a trojan that is cleverly disguised to be a problem caused by OneCare.[/i]
Did you even bother to look into what you're now boohooing? Try Google it for Christ's sake. Or try this, the very link Ou provided:
[b]OneCare Deletes Users' Outlook Files[/b]
By Scott M. Fulton, III, BetaNews March 9, 2007
[i]A rash of users of Microsoft's new Windows Live OneCare service, launched last January 30, have been reporting on Microsoft's support forums that virus scans performed by the service have resulted in the deletion of their OUTLOOK.PST files - the local, centralized repositories of e-mail, scheduling, and collaboration data used by Outlook.[/i]
Link: http://www.betanews.com/article/OneCare_Deletes_Users_Outlook_Files/1173474996
Note key words: "rash of users" + "Microsoft's support forums"
[i]It seems that because George has written a blog saying that this issue has been reported you now take it as gospel that the problem does exist.[/i]
So are we now to trust NOTHING in print? Until what, we put the text in our mouths and taste it to be sure? So George Ou is now an unreliable no-go? Scott Fulton is an unreliable no-go also? Microsoft's own support forum posters are a bunch of unreliable no-go's likewise? Should Google search results mean anything? While you're enjoying your fantasy-land contentions, are you sure we aren't on the yellow brick road with Dorothy and Toto? Maybe ZDNet is in reality the Land of Oz. That makes George the Wizard!
[i]Do you take the same stance when it comes to George's blog on Maynor and the security issue concerning the wireless on the Mac. Do you assert with equal fervor that Maynor did notify Apple of the flaw and that an exploit truly exists? If not why not? Could it be that this blog suites a preconceived notion you have and the Maynor piece does not?[/i]
I have no idea how this relates to the story at hand - and don't really care - but I won't question how you got there at this point either.
PS. Re that cleverly disguised trojan
You wrote: "Perhaps the issue is a trojan that is cleverly disguised to be a problem caused by OneCare."
Well if that were the case (and it isn't), how the hell did it get there with Windows OnceCared in place, the very security program you're bending over defending! Please, you do see the absurdity of what you're putting forth, right? Tell me the Yellow Brick Road is not in actuality the MS Way! If it is, we damn well better cast Bill as the Wicked Warlock of the West, cuz I know for sure he ain't the friggen Wizard!
It seems that OneCare was not nuking the files after all.
Read up on it more and don't be foolish
[i]Microsoft already issued the required OneCare patch with no fanfare on March 11.
As noted by various Microsoft watchers, the OneCare-Outlook problems are not new. A number of customers have been reporting "OneCare ate my e-mail" problems since late January.[/i]
Per a Microsoft Windows Live spokeswoman:
[i]"On Sunday March 11, the Windows Live OneCare team released a new anti-malware engine that will fix the issue of OneCare erroneously quarantining certain Outlook .pst or Outlook Express .dbx files when infected files were detected within them. Windows Live OneCare customers whose PCs are connected to the Internet will automatically get this fix. We apologize for any inconvenience this has caused our customers.[/i]
A [b]new anti-malware engine[/b] that will fix the issue -- is it any wonder why? ShadeTree you're no dummy, but why do you feel the need to defend or mitigate these kinds of road apples anyway? Where is the attention to detail, test validations and quality assurance that Microsoft likes to tout to the heavens in all this? If MS can't get it right between two of its mainline products (one being their security flagship offering), what is there left to defend?