KB925902 - whose mistake was it, really?

[Guest]

I was reading through some of the stuff about this yet again, and found this
in KB935448.

"This problem may occur after you install security update 925902 (MS07-017)
and security update 928843 (MS07-008). The Hhctrl.ocx file that is included
in security update 928843 and the User32.dll file that is included in
security update 925902 have conflicting base addresses. This problem occurs
if the program loads the Hhctrl.ocx file before it loads the User32.dll file."

There's no mention here of RealTek writing the wrong kind of code. Rather,
Microsoft are saying they've introduced an inconsistency into two of their
security patches. It's an academic point - but does anyone know the truth of
the matter?

[Incidentally, and completely OT, posting to this newsgroup from a browser
is becoming increasingly difficult - a post nearly always fails, for me, on
the first attempt.]

 

[Robinb]

why don't you use oe?
that is what i use
I also find when posting to the browser ie7 locks up from time to time
robin

 

[Anonymous Bob]

I was reading through some of the stuff about this yet again, and found this
in KB935448.

"This problem may occur after you install security update 925902 (MS07-017)
and security update 928843 (MS07-008). The Hhctrl.ocx file that is included
in security update 928843 and the User32.dll file that is included in
security update 925902 have conflicting base addresses. This problem occurs
if the program loads the Hhctrl.ocx file before it loads the User32.dll file."

There's no mention here of RealTek writing the wrong kind of code. Rather,
Microsoft are saying they've introduced an inconsistency into two of their
security patches. It's an academic point - but does anyone know the truth of
the matter?

[Incidentally, and completely OT, posting to this newsgroup from a browser
is becoming increasingly difficult - a post nearly always fails, for me, on
the first attempt.]

http://msmvps.com/blogs/spywaresucks/archive/2007/04/11/779419.aspx
Note that CrystalXP and LAN-Fax are not listed in the KB - there is an
update for LAN-Fax due for release today that fixes the problem - CrystalXP
are still recommending that MS07-017 be removed (**bad** advice) and report
that they're "working on a solution - maybe more then microsoft, I don`t
think they will fix this problem right now, maybe later". Remembering that
CrystalXP apparently replaces shell32.dll with its own special copy, I fail
to see how "fixing" CrystalXP's problems are somehow Microsoft's
responsibility - if you hack a system DLL you run the risk of hitting
problems at any time.

Bob Vanderveen

 

[Guest]

why don't you use oe?

Long story. When I first found this newsgroup I had no idea how to set up
OE. Eventually, with a heap of help from the usual suspects in the newsgroup,
I was able to set it up to READ the posts. It took me about ten years to get
that far. Ten years after that, I still hadn't figured out how to get it to
send posts; so I gave up, because y'know, life was passing me by. Instead, I
simply switch between the two: OE to read, IE to post.

[Times scales slightly exaggerated to achieve suitably dramatic effect...]

 

[Guest]

I fail
to see how "fixing" CrystalXP's problems are somehow Microsoft's
responsibility - if you hack a system DLL you run the risk of hitting
problems at any time.

But the key part of the KB that puzzles me, Bob, is this: "The Hhctrl.ocx
file that is included in security update 928843 and the User32.dll file that
is included in security update 925902 have conflicting base addresses."
Regardless of what Crystal, RealTek etc may have done - this does read like
a Microsoft mistake, to me; implying that the problem would never have arisen
if the two updates had not been in conflict. (That's what it reads like. What
it actually means is, of course, completely beyond me!)

 

[Anonymous Bob]

But the key part of the KB that puzzles me, Bob, is this: "The Hhctrl.ocx
file that is included in security update 928843 and the User32.dll file that
is included in security update 925902 have conflicting base addresses."
Regardless of what Crystal, RealTek etc may have done - this does read like
a Microsoft mistake, to me; implying that the problem would never have arisen
if the two updates had not been in conflict. (That's what it reads like. What
it actually means is, of course, completely beyond me!)

Admittedly, there's a certain "Pay no attention to the man hiding behind the
curtain" quality to this fiasco. Still, the vast majority of users had no
problem. The problems that did occur can be narrowed down to a very small
set of third party applications either that hacked Microsoft's software
and/or loaded a dll into a memory area that's reserved for system use. I
know of no problems relating to 928843 (February 2007) before the more
recent 925902 (April 2007). It's altogether possible, and not terribly rare,
that a change can expose problems in an other area. When all third party
applications are thrown into the mix, we find ourselves dealing with the law
of large numbers. <g>
http://en.wikipedia.org/wiki/Law_of_large_numbers

Bob Vanderveen

 

[Robinb]

sending a post in Oe
Highlight the post and double click it- a seperate box will popup. It will
show the news server as privatenews.microsoft.com
it will show the newsgroups:
microsoft.private.security.spyware.announcements

it will show the subject:

Re: KB925902 - whose mistake was it, really?

type what you want to say like i am doing now
Click on "send"
it is that easy
robin

why don't you use oe?

Long story. When I first found this newsgroup I had no idea how to set up
OE. Eventually, with a heap of help from the usual suspects in the
newsgroup,
I was able to set it up to READ the posts. It took me about ten years to
get
that far. Ten years after that, I still hadn't figured out how to get it
to
send posts; so I gave up, because y'know, life was passing me by. Instead,
I
simply switch between the two: OE to read, IE to post.

[Times scales slightly exaggerated to achieve suitably dramatic effect...]

 

[Robinb]

ooops i forgot one thing- after you highlight and double click you will get
a box that says"
Reply to Groups"- Click that first
then you will see the rest and how to send
robin

sending a post in Oe
Highlight the post and double click it- a seperate box will popup. It
will show the news server as privatenews.microsoft.com
it will show the newsgroups:
microsoft.private.security.spyware.announcements

it will show the subject:

Re: KB925902 - whose mistake was it, really?

type what you want to say like i am doing now
Click on "send"
it is that easy
robin

why don't you use oe?

Long story. When I first found this newsgroup I had no idea how to set up
OE. Eventually, with a heap of help from the usual suspects in the
newsgroup,
I was able to set it up to READ the posts. It took me about ten years to
get
that far. Ten years after that, I still hadn't figured out how to get it
to
send posts; so I gave up, because y'know, life was passing me by.
Instead, I
simply switch between the two: OE to read, IE to post.

[Times scales slightly exaggerated to achieve suitably dramatic
effect...]

 

[Guest]

I
know of no problems relating to 928843 (February 2007) before the more
recent 925902 (April 2007).

No Bob - but Microsoft clearly knew of one:"The Hhctrl.ocx file that is
included in security update 928843 and the User32.dll file that is included
in security update 925902 have conflicting base addresses."

I grant you the third party problem, but that still reads like a Microsoft
mistake to me.

 

[Guest]

the vast majority of users had no
problem.

I don't think this lets MS off the hook. We don't know how many unreported
problems there are out there, but I suspect there are a lot of RealTek HD
audio users.

And the thing that I really don't understand is that despite the fact that
MS already knew of the RealTek conflict, there was no advance warning about
the consequences of using the patch on a RealTek system. All it needed was a
clear warning "Do not install this patch unless you have updated your RealTek
HD Audio driver."

 

[Anonymous Bob]

I don't think this lets MS off the hook. We don't know how many unreported
problems there are out there, but I suspect there are a lot of RealTek HD
audio users.

And the thing that I really don't understand is that despite the fact that
MS already knew of the RealTek conflict, there was no advance warning about
the consequences of using the patch on a RealTek system. All it needed was a
clear warning "Do not install this patch unless you have updated your RealTek
HD Audio driver."

http://support.microsoft.com/kb/925902
In bold red letters:

Known issues
After you install this security update on a Windows XP Service Pack 2
(SP2)-based computer, certain third-party applications may not start.
Additionally, you receive an error message that resembles the following:
application_executable_name - Illegal System DLL Relocation
The system DLL user32.dll was relocated in memory. The application will not
run properly. The relocation occurred because the DLL
C:\Windows\System32\Hhctrl.ocx occupied an address range reserved for
Windows system DLLs. The vendor supplying the DLL should be contacted for a
new DLL.

None the less, your point is taken. Very few people would have seen that
before their systems automatically updated.

Microsoft makes money from corporate sales and mass market providers such as
Dell. Their support effort for the average home user is minimal. One aspect
that shines brightly in this area is the MVP program. However, the home user
has to make an effort as well. Access to those MVP's (bless them all) can be
had through their blogs and newsgroups such as this one.

Alan, all I can say is that you're on the right track.<g>

Bob Vanderveen

 

[Guest]

(Replying in sequence)

Just to say at the outset, Bob, that I'm not interested in apportioning
blame, as such. I'm NOT knocking Microsoft in general, and like you I think
the MVPs are tremendous guys. But I AM interested in saying to Microsoft, in
a positive not a negative spirit - "Look, this aspect of things is not
working and you don't even seem to be aware of it. Can you please improve it?
And here are some suggestions how it might be done."

http://support.microsoft.com/kb/925902
In bold red letters:

No use having a warning in red letters if you then hide it in a cellar
without telling people it's there. Which they may as well have done, for the
majority of users. But it's a simple matter to put this kind of warning in
the drop-down info that you see when you check the available Windows updates.
If they'd done that, and said it in clear English (see below), I and many
others would have been saved a lot of hassle.

Known issues
After you install this security update on a Windows XP Service Pack 2
(SP2)-based computer, certain third-party applications may not start.
Additionally, you receive an error message that resembles the following:
application_executable_name - Illegal System DLL Relocation
The system DLL user32.dll was relocated in memory. The application will not
run properly. The relocation occurred because the DLL
C:\Windows\System32\Hhctrl.ocx occupied an address range reserved for
Windows system DLLs. The vendor supplying the DLL should be contacted for a
new DLL.

To 99% of users, this message will be meaningless gibberish, and so they
will ignore it. Why not say in plain language - "If you have a RealTek HD
Audio panel (click on this link for instructions to find out whether you have
one), DO NOT install this update until you have updated your RealTek driver."
That's all the information that those 99% need. They will understand it.
(Even better, I will understand it.)

Do you see? My point is that with almost no effort at all, except a simple
realisation that messages have to be clearly displayed intelligible, a great
deal of unnecessary mess can be avoided.

 

[Anonymous Bob]

(Replying in sequence)

Just to say at the outset, Bob, that I'm not interested in apportioning
blame, as such. I'm NOT knocking Microsoft in general, and like you I think
the MVPs are tremendous guys. But I AM interested in saying to Microsoft, in
a positive not a negative spirit - "Look, this aspect of things is not
working and you don't even seem to be aware of it. Can you please improve it?
And here are some suggestions how it might be done."



No use having a warning in red letters if you then hide it in a cellar
without telling people it's there. Which they may as well have done, for the
majority of users. But it's a simple matter to put this kind of warning in
the drop-down info that you see when you check the available Windows updates.
If they'd done that, and said it in clear English (see below), I and many
others would have been saved a lot of hassle.


To 99% of users, this message will be meaningless gibberish, and so they
will ignore it. Why not say in plain language - "If you have a RealTek HD
Audio panel (click on this link for instructions to find out whether you have
one), DO NOT install this update until you have updated your RealTek driver."
That's all the information that those 99% need. They will understand it.
(Even better, I will understand it.)

Do you see? My point is that with almost no effort at all, except a simple
realisation that messages have to be clearly displayed intelligible, a great
deal of unnecessary mess can be avoided.

Microsoft simply doesn't support systems purchased from Dell, HP and like
vendors. The reduced cost of the operating system from these vendors is
offset by the fact that the vendor is required to support their customers.
They don't do it well.

While I wouldn't want an internet appliance on my desk, such a system might
be more appropriate for some users. Memory technology has *almost* reached
the point that we could have an inexpensive incorruptible solid state device
that would provide an instant on virgin operating system with every restart.

I'm optimistic but getting off topic. Then again, Kurt Vonnegut died
Wednesday. So it goes.

Bob Vanderveen

 

[Alan D]

OK let's see what happens. I clicked on 'Reply Groups'. Now I'll click on
'Send'...
Holding my breath.....

 

[Alan D]

My goodness Robin - it worked! Thank you!

It never occurred to me that 'reply group' was the button to try! (The other
one never got me anywhere.)

 

[Dave M]

....and another way of replying in OE... right click the Subject Header and
pick Reply to Group
Now take a deep breath, as it seems to have worked.

 

[Guest]

Microsoft simply doesn't support systems purchased from Dell, HP and like
vendors. The reduced cost of the operating system from these vendors is
offset by the fact that the vendor is required to support their customers.
They don't do it well.

But this doesn't have anything to do with the constructive criticism I'm
making, Bob. If MS are going to go to the trouble of giving a warning about a
possible conflict (as they did, in fact, do, albeit obscurely), then they may
as well
(a) say it clearly and plainly; and
(b) include the information WITH the update being offered instead of hiding
it away somewhere.

I don't really understand your comment about vendors such as Dell - I don't
think that has anything to do with what I'm saying. However, my machine
wasn't made by any of the vendors you mention. The operating system is
standard XP with SP2.
But it does have a (presumably quite common?) MSI mainboard with a built-in
RealTek HD audio device - hence this issue.

 

[Alan D]

Dear Dave M.

It gives me great pleasure to respond to your post using Outlook Express by
right-clicking on the header, as per instructions. Here is the proof that it
works.

All this time .... (shaking my head...)
Y'r. ob'd't. serv't.
Alan D

 

[Dave M]

Cool, I'd actually forgotten that you had those problems with OE a year ago
until you brought it up again. I still find myself using the browser
interface to supply links in here, since that's what most casual forum
readers use, and it's far easier for them to click on a browser link than a
newsreader reference. Don't give up entirely on that browser.

 

[Anonymous Bob]

But this doesn't have anything to do with the constructive criticism I'm
making, Bob. If MS are going to go to the trouble of giving a warning about a
possible conflict (as they did, in fact, do, albeit obscurely), then they may
as well
(a) say it clearly and plainly; and
(b) include the information WITH the update being offered instead of hiding
it away somewhere.

I don't really understand your comment about vendors such as Dell - I don't
think that has anything to do with what I'm saying. However, my machine
wasn't made by any of the vendors you mention. The operating system is
standard XP with SP2.
But it does have a (presumably quite common?) MSI mainboard with a built-in
RealTek HD audio device - hence this issue.

My point, vaguely, was alluding to the fact that Microsoft doesn't support
home users well. I am in no way disagreeing with you. It will require a
major paradigm shift on the part of Microsoft to change that and hardware
advances may allow that to happen (some day).

Bob Vanderveen