The Black Screen Syndrome, or, Tech news in search of the apocalypse
Was the "Black Screen of Death" issue (KSoD) covered by Betanews earlier this week a real story? This is a serious question, especially in the wake of security firm Prevx's admission that it was very premature in its conclusions that KSoD incidents had been triggered by last month's round of Patch Tuesday updates.
Let's discuss this rationally. Although it does not appear to be an exploitable security problem by malicious users, and we have reason to believe it cannot become one, the KSoD problem (differentiated from BSoD, the "Blue Screen of Death," something else entirely) is a strange symptom that has cropped up on some machines over the years -- in our experience, some Vista-based systems. Some. It is a significant enough problem that when Betanews encountered it first-hand last June, and I discovered a way for users to fish themselves out from being stuck with it (without installing any new software), I wrote about it and presented a solution that, at least, worked for me.
A very fair question to ask, then, is this: What exactly did Prevx do last Friday that was any different from what Betanews did last June? In essence, it was Prevx that encountered the problem on its own systems, and that discovered a solution that may, possibly, work for consumers. It produced an .EXE that automates what appeared to be Prevx's solution; by comparison, I had the user go through several steps. But in that respect, we were quite alike. You might expect a security company to encounter problems such as KSoD during its research and offer solutions, whereas one might not necessarily expect such a discovery from a Web site with a big list of beta downloads and a news feed alongside it.
What made Prevx's situation very different from ours, in the end, were the following events:
Prevx suggested the problem had become widespread, calling it a "crop" that "could affect millions," without any evidence to prove that it was ever that widespread or could become so. Betanews reported the KSoD as affecting "a small number of Vista users since the system's debut three years ago, though that number appears to be growing steadily" -- an assertion for which we had obtained evidence.
Prevx made a guess as to the cause, and presented that guess as its professional analysis of that cause.
Prevx's explanation of its guess made no sense. Submitted for your review: "By the way - the cause of this recent crop of Black Screen appears to be a change in the Windows Operating Systems lock down of registry keys. This change has the effect of invalidating several key registry entries if they are updated without consideration of the new ACL rules being applied."
PrevX blamed Microsoft for the extent to which its guess made no sense. Apparently there was some rule change, and the fact that no one knows about it meant, from PrevX's perspective, that Microsoft forgot to tell us about it: "For reference the rule change does not appear to have been publicized adequately, if at all, with the recent Windows updates." (Microsoft's remarkable ability to be cited as having said something by virtue of having not said it, crops up again later.)
PrevX denied responsibility for its own actions. In a blog follow-up post yesterday, Prevx's Mel Morris wrote, "Referring back to the original post where the issue was first highlighted, we stated that there 'appear' to be many causes to the black screen issue...At no time have we categorically stated that these patches are the cause of the Black Screen problem...The emergence of this issue coincided with the recent set of Windows updates, therefore our investigations were focused on identifying if any of these could have been the cause of the problem."
Referring back to that original post, as Morris suggests, I notice "the cause" (singular), "recent crop" (collective plural), and "appears" (singular). I also see a reference to something called "the new ACL rules," which is something that we now know to be mythical. And as we all know, any change to Windows operating systems (plural) that takes place all at once, happens on account of a patch.
This reminds me of how local TV news "covers" a local lawmaker for "possible allegations," for example, of "possibly criminal corruption" connected with some "bizarre confluence of events" that "may have occurred." Rather than wait for a final report, a newscast will state, "Our investigation is ongoing...and we'll let you know what we find out."
One of these things is not like the others. One of these things doesn't belong.
However...PrevX's responsibility for the scare stops there. PrevX could have presented the issue in a more realistic light: "We encountered the KSoD ourselves, we fiddled with it, we've automated the script for a solution that fished our machines out of the mess, try it yourself if you get in a jam." By anyone's measure, that would have been a security company doing a responsible job of protecting the interests of its current and future customers.
But let's face an unfortunate reality that makes me, to borrow a phrase from Paddy Chayefsky's character Howard Biehl, "mad as hell:" All PrevX really did to start the firestorm brewing was post a blog entry with the headline, "Black Screen woes could affect millions on Windows 7, Vista and XP." That was the bait. Very little, if any substance, was necessary; and Microsoft's acknowledgement that it was looking into the issue was taken by the press as a confirmation that the problem was as bad as PrevX characterized it.
Next: Taking the deflated ball and running with it anyway...