Closed Bug 1046382 Opened 10 years ago Closed 10 years ago

DLL block request:dtwxsvc.dll

Categories

(Toolkit :: Blocklist Policy Requests, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED
Tracking Status
firefox32 + wontfix
firefox33 + fixed
firefox34 + fixed
firefox35 + fixed

People

(Reporter: mz_mhs-ctb, Assigned: away)

Details

(Whiteboard: [dll])

Crash Data

Attachments

(1 file)

DLL name: dtwxsvc.dll
DLL versions to block: Unversioned
Applications, versions, and platforms affected: Windows

Homepage and other references and contact info: 

Reasons: Malware, topcrash
any news here? this is still a major pain point...
Attached patch blockSplinter Review
I looked around and it's always the same file. Let's block it by timestamp.
Attachment #8490507 - Flags: review?(benjamin)
[Tracking Requested - why for this release]: #7 crash on release, #32 on beta, negligible on aurora and nightly. Probably has to do with the different types of users on those channels.

Given those volumes we won't be able to confirm this fix until it spends a couple days on beta.
Malware, tracking.
Assigning to David since it seems he is working on it.
Assignee: nobody → dmajor
[Tracking Requested - why for this release]:
As it looks we are doing a 32.0.2, adding a DLL blocklist is pretty trivial and this is the #8 crash with >1% of all our crashes on 32.0.1, we might want to take this one as a ridealong.
Attachment #8490507 - Flags: review?(benjamin) → review+
We can take this as a ridealong but will need to know that the patch is ready very soon.
Comment on attachment 8490507 [details] [diff] [review]
block

I'm approving this for release in order to get a build going in case we do want to include this in 32.0.2. If we decide not to take this, we can back out the patch on mozilla-release and go to build with the build that is already spinning for bug 1063052.
Attachment #8490507 - Flags: approval-mozilla-release+
The only version of this app that I could find doesn't use this particular DLL, so I haven't been able to test the patch myself. There's a chance that the app does devious things such that this block wouldn't work. There's also a chance that some other part of the app would react poorly to this DLL going missing. I don't see any companion modules in the dumps, so this ought to be alright, but without seeing for myself, I can't promise 100% success.
dmajor and I spoke on irc. As this bug is not severe enough to be a driver for a point release and we haven't been able to test the fix and there is some chance that the block may make things worse, I don't think we should take this fix in 32.0.2. We can test and ship the fix in 33.

Ryan - Can you please back this fix out of mozilla-release when you have a chance. (Sorry about the churn.)
Flags: needinfo?(ryanvm)
https://hg.mozilla.org/mozilla-central/rev/35fe397259e6
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Comment on attachment 8490507 [details] [diff] [review]
block

Approval Request Comment
[Feature/regressing bug #]: External app
[User impact if declined]: Top crash
[Describe test coverage new/current, TBPL]: We can't really test this until it reaches the beta audience
[Risks and why]: Low risk (for beta)
[String/UUID change made/needed]: None
Attachment #8490507 - Flags: approval-mozilla-release+
Attachment #8490507 - Flags: approval-mozilla-beta?
Attachment #8490507 - Flags: approval-mozilla-aurora?
Attachment #8490507 - Flags: approval-mozilla-beta?
Attachment #8490507 - Flags: approval-mozilla-beta+
Attachment #8490507 - Flags: approval-mozilla-aurora?
Attachment #8490507 - Flags: approval-mozilla-aurora+
Is there a reason that the developer wasn't reached out to for this to help solve the crashes? Who decided that it was malware?

http://desktoptemperaturemonitor.com/ is the developer.

Apparently by blocking the DLL, anyone that has the application installed, Firefox is simply broke for them.

That doesn't seem like a great experience.
Can someone please tell me how it was decided this was malware?
Michael Shuen would be able to speak to the malware assessment, but I don't think it's really relevant. The block was based on crash volume (comment 6) and not the nature of the software. The stability team actively blocks addons that frequently cause Firefox to crash.

Note that in this case, it was a one-off block of a particular timestamp of file. If the developer releases a newer version, it will work again. KaiRo/bsmedberg/I can assist if the developer needs help investigating crashes. It would also be useful to have some contact information on file in case we need to reach out about future crashes.
My concern is that no one attempted to contact the developer to help figure out the crashes. It was marked as malware and simply blocked.

The developer (not me) is more than happy to work to figure out the crashes, but didn't even realize there was a problem until Firefox 33 was already released and they started getting reports of broken Firefox from all their users.
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.