Exponential Algorithm In Windows Update Slowing XP Machines 413
jones_supa writes "An interesting bug regarding update dependency calculation has been found in Windows XP. By design, machines using Windows Update retrieve patch information from Microsoft's update servers (or possibly WSUS in a company setting). That patch information contains information about each patch: what software it applies to and, critically, what historic patch or patches the current patch supersedes. Unfortunately, the Windows Update client components used an algorithm with exponential scaling when processing these lists. Each additional superseded patch would double the time taken to process the list. With the operating system now very old, those lists have grown long, sometimes to 40 or more items. On a new machine, that processing appeared to be almost instantaneous. It is now very slow. After starting the system, svchost.exe is chewing up the entire processor, sometimes for an hour or more at a time. Wait long enough after booting and the machine will eventually return to normalcy. Microsoft thought that it had this problem fixed in November's Patch Tuesday update after it culled the supersedence lists. That update didn't appear to fix the problem. The company thought that its December update would also provide a solution, with even more aggressive culling. That didn't seem to help either. For one reason or another, Microsoft's test scenarios for the patches didn't reflect the experience of real Windows XP machines."
Re:No Sympathy (Score:5, Informative)
They should have been off Windows XP long ago.
Indeed. But it will stay for very very long I'm afraid. Lot's of systems still runs on XP with no available migration path. They just recently upgraded the security system where I work to XP. I don't want to think about what it ran before that.
When I saw this, I didn't know what it was (Score:3, Informative)
I saw this during video playback, checked to see why the video was barfing and saw the svchost.exe chewing up 100% just like they say. It didn't happen on boot. I think it can happen whenever Windows Update scans for updates.
However, when I killed the svchost just to watch my video, I lost sound which made me think it had to be Media Player.
Well, maybe it was; but eventually I found out about this bug and realized I had to just sit through it.
The questions for me are "WTF does it do?", "Why does it have to walk this tree, and what is so bloody CPU intensive about it?" followed by, "Why does an update have to care what patches are superseded? As long as you're up to the latest patch level, it should be all good".
I think the whole thing is fundamentally broken. You have your current version of $Thing, it depends on N other things which must be of a given version. When you upgrade $Thing you just check to make sure the things it depends on are there and if they aren't, then you get them. The old stuff? You just check to see what depends on it, and if there is no longer anything depending on it you can quarantine it. If anything tries to access a quarantined dependancy, then your dependencies are broken and you need to patch the app that tried to do that.
I know I'm glossing over some things, and package management is not trivial; but there's no excuse I can see for exponentially growing scan algorithms.
Ah that explains it (Score:4, Informative)
I just put XP on an old laptop to run some specialized automotive software. This svchost bug has been bothering me ever since. If you kill the process it also takes out other services (like wifi).
Re:When I saw this, I didn't know what it was (Score:5, Informative)
to isolate windows update so you can kill it safely, do
sc config wuauserv type= own
next time service manager starts wuauserv, it will get its own private instance of svchost.exe, which you can kill with impunity :)
Re:When I saw this, I didn't know what it was (Score:5, Informative)
Past abuses of Unicode (5:erocS) (Score:4, Informative)
And how exactly does Slashdot not have full Unicode support?
Slashdot used to have at least some level of Unicode support. Then vandals discovered directionality override characters [slashdot.org] and used them to break the layout and spoof moderation. The admins responded by instituting a strict code point whitelist to prevent the use of directionality overrides and the use of characters that are more useful for Unicode art (the successor to ASCII art) than for English text.
Re:Remove, replace with apt (Score:4, Informative)
The current way it works now, is the client downloads wsusscn2.cab, which in turn contains package.cab (among many others), which contains package.xml. Package.xml contains the updates in such a way that is flexible in that it can address more than one OS/platform/application/etc per patch, or more than one patch per update, or more than one file per patch, and so on. The Update nodes only point to categories/patches/files/locations/prerequisites/revision/etc via ids which have to be looked up deep in the file. Right now, that xml file is over 65MB. It would have made this easy if it were stored in a relation database, instead of an xml file, but it isn't and like I said, the API was built around the source of the information being an xml file, among other things.
Re:Upgrade? Win7 and 8 have their own update issue (Score:4, Informative)
Re:Best way to force an upgrade (Score:2, Informative)
It was huge market in the DOS days: dBase, Paradox, FoxPro, etc.
On Windows, Access won mostly because it was bundled with Office. I guess FileMaker is still around.
Re:Best way to force an upgrade (Score:4, Informative)
No, not really. Windows 7's - and for that matter Linux's - security model is centered around users rather than applications. It's designed for multi-user central computers of old, not modern single-user desktops that run random code downloaded from the Internet. It protects the system from user-level code, but your personal files are screwed, should any of it be malicious. And not even the system is really safe: a program asks for administrative privileges, and you have no option to give it "fake" permissions in its own little sandbox or even any way of knowing what it has done, even after the fact.
Android comes closer, but still has the problem of not allowing you to fake permissions. I doubt that will change, it ultimately being a glorified data mining and ad delivery platform for Google.
As for a better security model, I'd really like to see a "tree" of virtual machines, with every program running in its own leaf it can mess to its digital heart's contents and any changes being merged into upper-level machine only at the approval of said upper level. That way you could do away entirely with the concept of administrator - since every program is the master of its own virtual machine - and try out new programs safely, since no matter what devastation they cause it's limited to their own playpen.