I find it incredible that Microsoft would allow OEMs to preload software like this. The end user experience and impression of Windows 8 takes a brutal hit.
Microsoft does work at eliminating this kind of thing. They clearly just missed this one.
Microsoft's main source of control over OEMs is the logo program. All laptops that want to get the "Designed for Windows" sticker (logo) have to pass a minimum bar set by Microsoft, which includes things like "must boot within X seconds" or "must sleep within Y seconds", "must output the correct audio frequencies", etc. My guess is none of the logo tests invoke the accelerometer which is why this got missed.
The logo program is great in theory, but in practice it doesn't work too well since consumers don't care about the sticker. Therefore, if Microsoft makes the requirements too high, OEMs will simply stop trying and just sell their laptops without a sticker.
I care about that sticker; I don't like it. Especially with laptops, those stickers (you may get a 'Intel inside' one, too) look ugly. Removal also typically is hard, as the stickers are designed to look good for years.
B the way, I remember reading somewhere that Dell at a time compared the benefits of being in such a program with the cost of applying such a sticker, and found it wasn't worthwhile to take part in that sticker program. Anybody know whether that is true?
I don't know, but my dell box has a windows 7 sticker on (running Ubuntu, of course), so someone somewhere in Dell/Microsoft clearly made it worthwhile...
It's hard to imagine another policy without making it excessively difficult for vendors to add new features. For example, a button on a laptop that changes Wifi configuration might need a similar driver program.
Hardware vendors are generally expected supply their own drivers for all but the most common built-in devices. This can include user-mode applications. The driver certification process has greatly improved the quality of 3rd party kernel drivers. In my experience BSODs are really rare these days.
But obviously there can still be quality-of-implementation issues. This sounds like a question of "is this really a good use of RAM from the users' cost/benefit perspective?"
Disclosure: I'm new at Microsoft but my role has basically nothing to do with this stuff. Just my personal opinion as a long time developer and industry-watcher.
What you already know, but need to be reminded, is that there is not one, uniform "Microsoft", who has the power to allow or disallow something. Even in the highest levels of the corporate hierarchy, it takes a great deal of effort to influence the direction of the ship (never mind intentional steering). In the case of OEM shovelware, there were quite a few people who worked very hard to get rid of it. However, Dell alone has substantial influence over this decision through their sheer volume of sales of Windows. When you consider existing contracts, OEM motivations, and internal politics, it's no longer that incredible that this preloaded nonsense persists. What's incredible is that the concerted effort to regain control of the ship doesn't seem to be having much effect.
Agreed, there's no uniform "Microsoft" that controls anything. They're blameless in this.
Now, on to more interesting topics. Why should I, as a consumer, care about that? I see "Windows 8" in a commercial, it looks like there's a "Microsoft", but then I do my diligence, and I find out about weird rubbish as described in the article. It makes all the different, patchwork quilt of Microsoft's look really bad, even if "Spacer" did it. It looks to me, a consumer, as if there's a (possibly inadvertent) effort to shaft people. Maybe all those rumors about Windows slowing down when a new version is released are true. After all, a shaken tablet uses up memory, apparently without bound, which will cause problems eventually.
Why are you asking for some or all of the Microsofts to be given a break? That's really anti-free market.
Very neat discovery and great write-up about it! Were you able to get in touch with somebody at "Spacer" to let them know about the mistake? If so, are they going to correct it?
[author here] I'm not supposed to directly call out corporations for mistakes in public because then their feelings will be hurt and they won't be a customer in the future ;)
I was kind of expecting someone to tell me "Spacer" was too obvious and to obfuscate it some more, but they let it slide - probably because this is not a security flaw like I'd usually be dropping, just a general oopsie.
In a sense Windows (Vista) and 7 and 8 have encouraged targeting user-mode processes. The garden variety IRC bots that ship with the "hacking tools" available through various YouTube channels all run in user-mode.
The most common (at least based on my ~10 instance) technique is malware that installs itself into %APPDATA% and sets itself to start on boot. The executable then launches some process (like services.exe) and injects its own code (known as RunPE).
I'm not sure how prolific exploitation of user-mode binaries is, but the damage that can be done from user-mode is non-trivial.
If they're configured to run as administrator, they can get up to a lot of mischief even without running in the kernel. For example, they can open ports to the internet and add firewall rules...
More importantly, if they're installed on a large number of machines, they become an easy target for malware authors - observe the number of exploits targeting vulnerable link handlers like steam and uplay's, where it was possible to invoke an arbitrary executable from a hyperlink.
I work with a guy who left some scathing comments in the code about the incompetence of the vendor he was forced to work with. Interesting times ensued when our company was bought by theirs and they started looking through the source.
Interesting article. There are better ways of looking at memory allocations in .NET code, however, including CLR allocation profiler, WinDBG, VMMap, and tools from Telerik, Jetbrains, ANTS etc that take away a lot of the guess work. Still, kudos to the author for not doing an immediate re-pave.
To the author: Saw this on comex's Twitter and got a good kick out of it. My first surprise was that HN didn't already have this submitted. My second was it reaching first page in 3 hours.