Microsoft criticises third party code for Windows crashes

ZDNet Australia ^ | 2003/08/13 | Brendon Chase

[TechJunkYard]

Microsoft has laid the blame for half of all Windows crashes on third-party code.

Scott Charney, chief security strategist at Microsoft, told developers at the TechEd 2003 conference in Brisbane, that information collected by Dr Watson, the company's reporting tool, revealed that "half of all crashes in Windows are caused not by Microsoft code, but third-party code".

Charney's comments come as the company highlights the rigour with which it tests its own products before release. Microsoft emphasised that products such as Yukon and Exchange Server were undergoing thorough testing -- both internally and via independent third parties -- prior to their release to the market.

The company is employing root cause analysis and event sequence analysis procedures to scrub out the creation of sloppy code. The result is that individual developers have a high degree of accountability for the code they produce, while the systems and processes associated with code development are rigorously monitored.

Root cause analysis enables the company to check closely the work of individual developers. If a developer has written vulnerable code, then we look at what else that developer has written and check it, Charney said

Event sequence analysis takes this further, analysing the reasons why the vulnerable code was written. Charney said it was not necessarily so they can sack whoever is writing vulnerable code, but find out the reasons why and how Microsoft improve their staff with training or more efficient processes.

As Charney made his remarks, Charles Sturt University announced they would be offering a Master of Information Systems Security degree including MCSE:Security industry certification.

Charney's also reinforced Microsoft's message to developers and network administrators that they needed to build secure applications and networks "from the ground up".

The chief security strategist's remarks have come at an unfortunate time, as mainstream and niche media outlets produce heavy coverage of the impact of the MSBlast worm, which has infiltrated corporate and enterprise networks worldwide.

Brendon Chase travelled to Tech Ed as a guest of Microsoft.

[TechJunkYard]

So... only half of Windows crashes are caused by Microsoft code.

Then again, depending on the meaning of the word "crash" of course, considering that operating systems should not actually allow applications to "crash" them, maybe all of the "crashes" are the fault of Microsoft code?

[HiTech RedNeck]

"This traffic bridge on Main Street was not built for SUVs!!"

[HiTech RedNeck]

pathetic microshaft excuses bump

[xm177e2]

considering that operating systems should not actually allow applications to "crash" them

It's hard enough to idiot-proof a computer program so people clicking on the GUI interface can't screw it up if they do something really dumb--can you imagine how hard it would be to accomplish idiot-proofing an OS from applications that interact with it in a much more complicated manner? In any case, the vast majority of the time a program crashes on me, it doesn't crash my computer.

[danneskjold]

A little early in the morning for proselytizing, isn't it?

[mhking]

Anything not to accept blame for their own mess...

[TechJunkYard]

What? It's almost lunch time on the east coast!

[js1138]

I don't understand how an OS can prevent a program from crashing. I have a number of third party programs that misbehave, but it's been ages since I've had to reboot Win2000 or XP due to a software problem.

[SolutionsOnly]

It has the Microsoft Logo on it, therefore it is a Microsoft problem.

[RS]

So you think that it would be theoretically possible to build a usefull OS that is incapable of being crashed ?

[Agnes Heep]

I don't know why it is, but I never seem to experience the problems with Windows that others complain about ... not only in home use, but with the servers I manage at work. Maybe it's because I'm really picky about the number and kind of services I allow to run on the system. My rule of thumb is that if you don't need it running in the background, don't start it until it's needed.

[HiTech RedNeck]

Win2k is far more robust than 95-98-ME. They (mostly) fixed a problem that UNIX fixed 20 years earlier.

[kevkrom]

Microsoft has laid the blame for half of all Windows crashes on third-party code.

Now that is some spin. As you pointed out, looking at it the other way shows that Microsoft code is responsible for half of Windows crashes. If I had ever thought about it before, I would have expected a much lower (Micorosoft) percentage than 50%..

[TechJunkYard]

I don't understand how an OS can prevent a program from crashing.

It can't. That's the app's fault. But the OS can and should prevent a rougue app from taking the whole system down with it.

And I have seen this happen with Win2000.

[Hans]

Laughable.

[krb]

I don't understand how an OS can prevent a program from crashing.

An OS can't prevent that, of course. In fact, Microsoft has included several features in the OS that many developers don't use. So many problems in user space would be solved if people used smarter memory management techniques and installed unhandled exception handlers, all very straightforward, if not downright easy.

[danneskjold]

So you think that it would be theoretically possible to build a usefull OS that is incapable of being crashed ?

<sarcasm>Sure...and you could name it Utopia...</sarcasm>

[TechJunkYard]

So you think that it would be theoretically possible to build a usefull OS that is incapable of being crashed ?

Yup... it's been done. OS/370, OS/390, OS/400. They don't crash unless the system operator wants them to crash.

[KellyAdmirer]

Microsoft should consider that it is because of that third-party code that most people buy their product. If all there was to run on Windows was Microsoft products, who would want to spend money for that?

[Psycho_Bunny]

Half?  It's way more than half.  Probably upwards of 95% or more.  I actually can't think of the last time I've had a virgin install of Windows, running purely MS products, crash.  Neither my NT domain server, Exchange server nor SQL server ever crash. 

As a matter of fact, I should probably re-boot that SQL server sometime this year.

On the other hand my gamming machine crashes once or twice a week but considering how I have the FSB and Radeon 9700 overclocked, I'm practically begging for it to lock up.  Mostly, I'm just surprised it isn't actually on fire.