By Scott M. Fulton, III, Betanews
Was the "Black Screen of Death" issue (KSoD) covered by Betanews earlier this week a real story? This is a serious question, especially in the wake of security firm Prevx's admission that it was very premature in its conclusions that KSoD incidents had been triggered by last month's round of Patch Tuesday updates.
Let's discuss this rationally. Although it does not appear to be an exploitable security problem by malicious users, and we have reason to believe it cannot become one, the KSoD problem (differentiated from BSoD, the "Blue Screen of Death," something else entirely) is a strange symptom that has cropped up on some machines over the years -- in our experience, some Vista-based systems. Some. It is a significant enough problem that when Betanews encountered it first-hand last June, and I discovered a way for users to fish themselves out from being stuck with it (without installing any new software), I wrote about it and presented a solution that, at least, worked for me.
A very fair question to ask, then, is this: What exactly did Prevx do last Friday that was any different from what Betanews did last June? In essence, it was Prevx that encountered the problem on its own systems, and that discovered a solution that may, possibly, work for consumers. It produced an .EXE that automates what appeared to be Prevx's solution; by comparison, I had the user go through several steps. But in that respect, we were quite alike. You might expect a security company to encounter problems such as KSoD during its research and offer solutions, whereas one might not necessarily expect such a discovery from a Web site with a big list of beta downloads and a news feed alongside it.
What made Prevx's situation very different from ours, in the end, were the following events:
Prevx suggested the problem had become widespread, calling it a "crop" that "could affect millions," without any evidence to prove that it was ever that widespread or could become so. Betanews reported the KSoD as affecting "a small number of Vista users since the system's debut three years ago, though that number appears to be growing steadily" -- an assertion for which we had obtained evidence.
Prevx made a guess as to the cause, and presented that guess as its professional analysis of that cause.
Prevx's explanation of its guess made no sense. Submitted for your review: "By the way - the cause of this recent crop of Black Screen appears to be a change in the Windows Operating Systems lock down of registry keys. This change has the effect of invalidating several key registry entries if they are updated without consideration of the new ACL rules being applied."
PrevX blamed Microsoft for the extent to which its guess made no sense. Apparently there was some rule change, and the fact that no one knows about it meant, from PrevX's perspective, that Microsoft forgot to tell us about it: "For reference the rule change does not appear to have been publicized adequately, if at all, with the recent Windows updates." (Microsoft's remarkable ability to be cited as having said something by virtue of having not said it, crops up again later.)
PrevX denied responsibility for its own actions. In a blog follow-up post yesterday, Prevx's Mel Morris wrote, "Referring back to the original post where the issue was first highlighted, we stated that there 'appear' to be many causes to the black screen issue...At no time have we categorically stated that these patches are the cause of the Black Screen problem...The emergence of this issue coincided with the recent set of Windows updates, therefore our investigations were focused on identifying if any of these could have been the cause of the problem."
Referring back to that original post, as Morris suggests, I notice "the cause" (singular), "recent crop" (collective plural), and "appears" (singular). I also see a reference to something called "the new ACL rules," which is something that we now know to be mythical. And as we all know, any change to Windows operating systems (plural) that takes place all at once, happens on account of a patch.
This reminds me of how local TV news "covers" a local lawmaker for "possible allegations," for example, of "possibly criminal corruption" connected with some "bizarre confluence of events" that "may have occurred." Rather than wait for a final report, a newscast will state, "Our investigation is ongoing...and we'll let you know what we find out."
One of these things is not like the others. One of these things doesn't belong.
However...PrevX's responsibility for the scare stops there. PrevX could have presented the issue in a more realistic light: "We encountered the KSoD ourselves, we fiddled with it, we've automated the script for a solution that fished our machines out of the mess, try it yourself if you get in a jam." By anyone's measure, that would have been a security company doing a responsible job of protecting the interests of its current and future customers.
But let's face an unfortunate reality that makes me, to borrow a phrase from Paddy Chayefsky's character Howard Biehl, "mad as hell:" All PrevX really did to start the firestorm brewing was post a blog entry with the headline, "Black Screen woes could affect millions on Windows 7, Vista and XP." That was the bait. Very little, if any substance, was necessary; and Microsoft's acknowledgement that it was looking into the issue was taken by the press as a confirmation that the problem was as bad as PrevX characterized it.
Next: Taking the deflated ball and running with it anyway...
Taking the deflated ball and running with it anyway
It was the BBC which gave undeserved legitimacy to the whole KSoD affair by running with the headline, "Windows 7 faces 'screen of death.'" The evidence of that story's existence is now waning outside of Google's indexes, as apparently the BBC's idea of a "retraction" is simply to erase its history.
Even though the source of the original story, Prevx, effectively killed the body of the story by apologizing for having started it, it still had legs, so other sources ran with it. And kept running. When there was nowhere left to run.
As the London Daily Mail published yesterday, a whole day after the story was completely debunked, "Frustrated Windows 7 users are facing 'black screens of death' after logging on to their computers, Microsoft have confirmed. The software giant said they were investigating a disabling glitch that seems to particularly affect its latest operating system."
This adjacent to a mosaic assembly of pictures of computer screens, that forms the face of Microsoft CEO Steve Ballmer sticking his tongue out.
Particularly...Windows 7. Where exactly did that come from? PrevX said the problem affected systems going back to Windows NT (architecturally speaking, extremely unlikely). And Microsoft's responses to us, both formal and informal, indicated it had never indicated to anyone that Windows 7, particularly, was at fault.
The Mail's version of an "update" to this article, once it apparently came across the debunking evidence, was to add a paragraph toward the bottom basically stating, everything you just read next to the Ballmer tongue photo is false: "However, they [PrevX] have since retracted this claim and suggested malware could be the culprit."
The London Telegraph then followed up to this already ballooning myth with the headline "Windows 7 Black Screen of Death blamed on malware." That story suggested that, by Microsoft's having stated its investigations to have determined its Patch Tuesday updates did not trigger the condition, by process of elimination, Microsoft implied that malware was to blame.
In other words, quite literally, what Microsoft did not say must therefore be what it meant to say, and thus, is what it did say.
The BBC -- which lent a lot of hot air to this balloon in the beginning -- ended up replacing its original headline with this substitute, headed "Malware suspected of 'black screen' issue," apparently following after the Telegraph. But having evidently been unable to confirm that it was Microsoft doing the suspicion, the BBC left the headline in passive voice -- not actually saying who, if anyone, suspected the existence of some malware out there. "Malware has been blamed for a problem with the Windows 7 operating system," the BBC's (replaced) story begins, now making the following assumptions: 1) Somebody found a piece of malware out there; 2) somebody investigated the malware and has concluded it caused the problem with Windows 7; 3) there's a problem with Windows 7.
Therefore, Microsoft's having stated it wasn't Patch Tuesday that caused the (non-existent) problem, must mean by implication it must be malware. So now there's a rampant virus targeting Windows 7.
How many folks out there have the (non-existent) virus? As of a few hours ago, we have a firm (non-existent) estimate: A major tech news service reports that some 50,000 PCs have encountered the KSoD problem. This having been gleaned from PrevX's recent statement on its blog that its maybe-it-will-maybe-it-won't fix for the problem was downloaded by 50,000 users.
A quick check of our own Fileforum shows that millions of Windows users have downloaded anti-virus utilities from us. By that same logic, millions of Windows PCs must be infected with viruses this very moment. My God! It's the Black Plague of Doom! (KPoD)
Although Betanews has seen reports from individual users of troubles with Windows 7, we have not uncovered even a single credibly verified incident of a Windows 7 user -- as opposed to a Vista user -- encountering the KSoD issue. Not one. And for those who would conclude that by "not one" we mean "one million," "not one" means "zero." Naught. Bupkus.
Will somebody please inform me: At what time in the history of media did it become acceptable, or even preferable, for "the truth" to become defined as something validated through repetition and amplified by nervous anxiety? The way Internet-driven media has evolved, it appears that the definition of a viable story is anything that advances what someone else has already published, regardless or even in spite of the facts.
If the Black Screen problem was small to begin with, a fair question to ask is, why did we report on it in June? My personal belief, as Managing Editor of this publication, is that our job is to help information professionals make better sense and better use of their computers, their software, their environment, and their workplace. Our June story became a story the moment I found a prospective solution. In fact, that's what the story was really about: a possible fix to a problem that anyone could encounter, probably through no fault of his own. So no, we weren't sensationalizing the problem, although we did have "black" and "death" in our headline.
If there is no "crop" of KSoDs (regardless of what the alternate universe says), then the continued existence of the problem was not a newsworthy event in itself. But a potential solution to the problem, regardless of its relatively sparse dissemination, is a newsworthy event.
However...and here's the sad part...It has become the duty of anyone who would dare to continue to bear the moniker "journalist," to report the fact that a widely reported news story is largely false. And therefore it also becomes the sad responsibility of any journalistic publication to take the heat for giving further weight and volume to a story, in the act of trying to diffuse it and remove weight from it. The essence of the complaints we received boiled down to this: Betanews is guilty for perpetuating a story that's not worth perpetuating. We legitimized the issue by elevating it to a Betanews headline, for a story that ostensibly pointed out its illegitimacy. In short, it's all our fault.
I offer great thanks today to my friend and colleague, ZDNet blogger Ed Bott, for giving credit to Betanews for reporting the Prevx story as accurately as we could, in the face of the dust storm of falsehood. As Ed wrote this morning, "If someone had exercised even a basic set of journalistic skills, this story might never have taken off. But someone decided that this sensationalist report was worth a lot of page views and hit the Publish button when it was half-baked."
Thank you so much, Ed. It's good to know we're not alone in this fight.
There may have been a lot of publications that did exercise a basic set of journalistic skills, right off the bat -- they may have read through the PrevX blog post and found it lacked merit. But we'll never know who they were, because the headline, "Blog Post From Little-Known Security Company Lacks Merit," isn't worthy of a story either...at least, not until after the news from the alternate universe makes its way here, and is all over Twitter.
The real nightmare here, the new and fundamental reality that looks more like Utopia to Arianna Huffington, is that Internet services are now building their news services into repetition farms intentionally designed to perpetuate and amplify stories that seem true enough. Silcon Valley Insider's Nicholas Carlson did the world a service Tuesday by publishing the new Aol's news guidelines for its prospective news amplification farm of what may very well be some 2,500 (not making up this number) prospective freelancers, each of whom will likely be paid very little.
Journalism is apparently no longer a requirement there. As the editor of Aol's new RendedSpaces.com blog advises writers, "All we want to know for a pitch is: what's the story, who broke it (AP, NYT, BW, Bloomberg, etc.), and how you will advance the story if you are following someone else's reporting."
We have enough repeater services; and as was found to be the case with the Black Screen story, repetition is the driving force behind the news problem. At the risk of sounding like Rupert Murdoch, the aggregation of non-news gave it the legitimacy of a story produced by actual journalists. But in the absence of a solution to the bigger problem of earning enough revenue to pay real journalists to produce actual news, online publishers are resorting to merely "advancing" whatever story generates the most excitement, embellishing it with implied non-realities along the way.
This is the malware whose viral impact is eating the news business alive. When the BBC cannot distinguish fact from fabrication, we are all truly endangered.
Copyright Betanews, Inc. 2009