LockedSONAR X1 still using outdated, unsupported, buggy MSVC++ 2005 redistributable

If you have a 64-bit Windows OS, after installing SONAR X1 you'll likely see a file named msdia80.dll in the root of the hard drive from which you installed the product. Why? Because Roland is still using an old, buggy, unsupported version of the Microsoft Visual C++ 2005 redistributable, installing it even if you already have the later version of your system. Besides the fact that this version will put your computer at risk, its installer is notorious for not putting its DLL in the correct place.

To fix this after installing SONAR:

1. Go into your Windows Control Panel and remove the "Microsoft Visual C++ 2005 Redistributable (x64)" version 8.0.56336.
2. Download and install the Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package ATL Security Update, which should show up as "Microsoft Visual C++ 2005 Redistributable (x64)" version 8.0.59192.

This has been a known, reported issue since SONAR 6 back in 2007.

Thank you! There you go installing the latest drivers, setting up everything nicely in order to have an up to date, smooth running System and then Sonar comes installing some old crap from the back door

Hehehe, those was exactly my thoughts while installing SONAR X1.

Why the heck are they still using the Microsoft Visual C++ 2005 Redistributable? :-)

Jose7822


Hehehe, those was exactly my thoughts while installing SONAR X1.

Why the heck are they still using the Microsoft Visual C++ 2005 Redistributable? :-)

Nobody bought the upgrade?  ;)

LOL Dave :-)

Maybe they're being sentimental? Maybe they're trying to make old Customers happy by porting old bugs across the new Age. Now that X1 is changing everything, people might confuse it with Protools otherwise 

I'm really glad that there are people here who point out the relevant info. Thanks man.

I saw X1 installing the C++ 2005 redistributable, but then a moment later, it also showed it was copying "2010" files. Are the two unrelated, and the 2005 version still needs updating?
 
Also, are you recommending the update for SONAR's sake, or for the sake of other apps on the system? Hard to believe the Bakers wouldn't be doing what's best for SONAR with something so essential.
 
I might have to wait for Mr. Borthwick et al. to weigh in on this.  (Here's hoping/exepecting he Googles his name on the forum once in a while to see who's using it in vain).

Many thanks for this helpful important info!

Microsoft has pretty much abandoned C++ in favor of C#/.NET. MSVC 2005 was actually one of the last decent C++ redistributables that doesn't pull in all the .NET crap.

I saw X1 installing the C++ 2005 redistributable, but then a moment later, it also showed it was copying "2010" files. Are the two unrelated, and the 2005 version still needs updating?

 
They are unrelated and are two different redistributables. We would love not to install that POS :-) There are however older 3'rd party plugins that we do not build ourselves that rely on that installer hence we need to continue to install it for now. Otherwise they would not run on a new Windows install.

SONAR itself and all the newer stuff we build uses the latest generation compiler and requires the VS2010 redistributable.
 

Microsoft has pretty much abandoned C++ in favor of C#/.NET. MSVC 2005 was actually one of the last decent C++ redistributables that doesn't pull in all the .NET crap

 
That's not true. While they favor .NET development they are still doing C++ tools. Visual Studio 2010 has many C++ enhancements and SONAR X1 is built using it. The .NET stuff is optional and we don't use it yet.
 

Noel, I understand why you are installing the VC++ 2005 redistributable, and I don't mind so much.

But do you want to comment on why you are forcing an install of an outdated, unsupported version of that redistributable, which contains a security risk, and ignoring whether our system already has an updated version of the VC++ 2005 redistributable? (See my original post for the references.)

Will the upcoming X1 patch have an updated VC++ 2005 redistributable, or will I once again have to clean up after SONAR's installer just to remove the security risks and the DLL littering the root directory of my hard drive?

^ Exactly! 

If the old 2005 version needs to be used then at least use the latest patch, and don't force an install if it was already in the system.

We have no control over what the Microsoft installer does unfortunately - all we do is launch it. There is no Microsoft documented way to determine whether the component is installed either. In theory the installer should do that check and do nothing. We'll look into using the updated redist.
Regarding the upcoming update, updates typically do not install redist's since the main application is already installed. So you shouldn't have to repeat what you did.

The installer apparently attempts to dial home. I wonder what happens if there is no internet?
Bill B

bvideo


The installer apparently attempts to dial home. I wonder what happens if there is no internet?
Bill B

Microsoft doesn't know about you, your wife, your first born, that pirated copy of Win95 you still have laying around etc....

Not sure what I'm doing wrong, but that update doesn't show in my program list. I removed "Microsoft Visual C++ 2005 Redistributable (x64)" version 8.0.56336, downloaded vcredist_x64.exe and installed it, but it's not appearing in my program list. Do I need to install/uninstall something else first?

Noel Borthwick [Cakewalk
]

I saw X1 installing the C++ 2005 redistributable, but then a moment later, it also showed it was copying "2010" files. Are the two unrelated, and the 2005 version still needs updating?

 
They are unrelated and are two different redistributables. We would love not to install that POS :-) There are however older 3'rd party plugins that we do not build ourselves that rely on that installer hence we need to continue to install it for now. Otherwise they would not run on a new Windows install.

SONAR itself and all the newer stuff we build uses the latest generation compiler and requires the VS2010 redistributable.
 

You don't have to install the redistributables at all.

If you avoid using the shared MSVCxxx.dll for runtime, and use linked in runtimes (/MT switch) you do not need the redistributables.

So it's a choice you can make.

--well, now I'm so totally confused by the info and counter-info on this thread, I have no idea what to do.  Decision - I'll do nothing. - I guess?---

RB

I've checked and its already installed that update of the file on my system - It's dated today, same day  I installed X1 so its either dialled home or the new distributable was included in the SONAR files.
 
so it might pay to have a look at your system in Programs and features in WIN 7. Don't forget to click view Installed Updates so that it becomes visible in the window.

garretwilson




To fix this after installing SONAR:

1. Go into your Windows Control Panel and remove the "Microsoft Visual C++ 2005 Redistributable (x64)" version 8.0.56336.
2. Download and install the Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package ATL Security Update, which should show up as "Microsoft Visual C++ 2005 Redistributable (x64)" version 8.0.59192.

This has been a known, reported issue since SONAR 6 back in 2007.

Ok, BOTH are installed. Should I simply uninstall the one that is part of the problem???????

If you find C++ 2008 on your machine after the X1 install, you might just go ahead updating those as well.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=2051a0c1-c9b5-4b0a-a8f5-770a549fd78c


@chrisharbin: I'd uninstall both, then reinstall the new.

Don't forget that yo may have both x86 and x64 versioin if you're running SONAR (or other) 32 bit programs as well as 64 bit

Thanks "Yes", update to SP1 make many graphical bugs fixed in X1, but not all graphic bugs..


Its bad that they have continue use this old pack...why don't they include and use the new 2010 version instead? AFAIK it include exactly the same building blocks just updated version of it.



Regards
Freddie

I think it would be nice if someone from Cakewalk could chime in and clear this up.  Can we uninstall and/or update these older packs or what?

I'd hate to uninstall something that doesn't need to be uninstalled.  But if there are more up-to-date versions that are better and X1 will still run just the same or better then I think I'd rather go that route.

I dunno...second guessing the developers might introduce untested variables into the system and make X1 unstable.

I used to be a Windows developer and nothing is worse than someone upgrading the OS, language, dll's and or drivers that haven't been tested.

There is more to X1 than a pretty face and Cakewalk are reasonably well connected to Intel and Microsoft. I'm leaving the heavy lifting to them.

bladetragic


I think it would be nice if someone from Cakewalk could chime in and clear this up. 

 wat?

sdpate


I dunno...second guessing the developers might introduce untested variables into the system and make X1 unstable.

I used to be a Windows developer and nothing is worse than someone upgrading the OS, language, dll's and or drivers that haven't been tested.

There is more to X1 than a pretty face and Cakewalk are reasonably well connected to Intel and Microsoft. I'm leaving the heavy lifting to them.

Yeah I'm a little uneasy about it as well so I think I'll sit tight on this one until official word comes down the pipeline.

Wow talk about nitty gritty-

The first DAW to bring us 64 bit version and engine probably would do it different if it was necessary and/or beneficial.

--well, now I'm so totally confused by the info and counter-info on this thread, I have no idea what to do.  Decision - I'll do nothing. - I guess?---

I'm not sure what the "counter-info" is of which you speak. The post before yours said, "You don't have to install the redistributables at all. If you avoid using the shared MSVCxxx.dll for runtime, and use linked in runtimes (/MT switch) you do not need the redistributables. So it's a choice you can make." But that comment was directed at the developers of SONAR. It a technical programming comment, saying that Cakewalk wouldn't even need to distribute these DLLs if they did something called "static linking".

Whether or not I agree with that recommendation for the SONAR developers, it remains that SONAR X1 does currently distribute the MSVC++ 2005 DLLs, and the version it distributes is one that Microsoft no longer supports and one that Microsoft says brings security issues to your computer. Furthermore, there exists a later version of this distributable that SONAR could be using, which does not have these issues and which doesn't put its DLL in incorrect folders. Is there anything in this paragraph that is disputed by anyone?

I dunno...second guessing the developers might introduce untested variables into the system and make X1 unstable.

I used to be a Windows developer and nothing is worse than someone upgrading the OS, language, dll's and or drivers that haven't been tested.

There is more to X1 than a pretty face and Cakewalk are reasonably well connected to Intel and Microsoft. I'm leaving the heavy lifting to them.

X1 is unstable anyway.

In my experience, this has nothing to do with "well connected to Intel and Microsoft"---in fact, Cakewalk is probably no more connected to Microsoft than you are, except that they probably pay more for an MSDN license. And MSDN would have told them to upgrade the MSVC++ distributable.

What it comes down to, again in my experience, is that the developers are so hard-pressed by marketing to bring out a new fancy feature set, and then marketing keeps adding features until practically the shipping date, and then there are last-minute bugs and bugs that they were never given time to fix, and then there is the pesky release date marketing says they need to hit to out-flank the competition---that management never gives them time to go back and do housekeeping details such as make sure all the redistributables are up-to-date.

I believe Noel promised that he would look into using an updated redistributable.

I believe Noel promised that he would look into using an updated redistributable.

You're right. In responding to the other posts I neglected to give thanks where thanks is due.

Thanks, Noel!

G

garretwilson

I'm not sure what the "counter-info" is of which you speak. The post before yours said, "You don't have to install the redistributables at all. If you avoid using the shared MSVCxxx.dll for runtime, and use linked in runtimes (/MT switch) you do not need the redistributables. So it's a choice you can make." But that comment was directed at the developers of SONAR. It a technical programming comment, saying that Cakewalk wouldn't even need to distribute these DLLs if they did something called "static linking".

Whether or not I agree with that recommendation for the SONAR developers, it remains that SONAR X1 does currently distribute the MSVC++ 2005 DLLs, and the version it distributes is one that Microsoft no longer supports and one that Microsoft says brings security issues to your computer. Furthermore, there exists a later version of this distributable that SONAR could be using, which does not have these issues and which doesn't put its DLL in incorrect folders. Is there anything in this paragraph that is disputed by anyone?

Oo! Someone has used a compiler before! <Thumbs Up>

Yikes this a bit confusing to me also. Take a look at this....should I get rid of any of these and will it effect other programs that may rely on it? I checked to see if anything is on my boot drive and it looks ok. I see the file where it's supposed to be in program files\common\msshared\vc

Any guidance would be appreciated. Thanks!

This is funny. Are we now actively looking for trivial things to complain about?

If you already have newer versions of these files, the installer will not overwrite them with older ones. You'd probably be surprised by how many applications you have that rely on older libraries, including some Windows components and utilities.

Garret, can you cite a specific C++ runtime bug that might affect SONAR users?

The first link in your initial post points to a problem with the installer copying msdia80.dll into the wrong location. This file is not a dependency of SONARPDR.EXE, so how is that relevant? The second link describes a security vulnerability in the Active Template library, which the CW devs probably do not use. Again, not relevant to SONAR. Maybe you think some bad guys will figure out how to use SONAR to execute rogue programs?

Granted, CW should make a point of keeping up-to-date with distributed third-party components. But this really is a molehill->mountain scenario.

THANK YOU, Bitflipper - This thread has been making very little sense to me, and your post is a good antidote to the confusion it's been causing.  Until there's official word from Cakewalk that we have to do some mucking around with our systems as has been suggested on this thread, I shall continue to do Nothing.  Thanks again.

RB

This is funny. Are we now actively looking for trivial things to complain about?

If you already have newer versions of these files, the installer will not overwrite them with older ones. You'd probably be surprised by how many applications you have that rely on older libraries, including some Windows components and utilities.

Garret, can you cite a specific C++ runtime bug that might affect SONAR users?

The first link in your initial post points to a problem with the installer copying msdia80.dll into the wrong location. This file is not a dependency of SONARPDR.EXE, so how is that relevant? The second link describes a security vulnerability in the Active Template library, which the CW devs probably do not use. Again, not relevant to SONAR. Maybe you think some bad guys will figure out how to use SONAR to execute rogue programs?

Granted, CW should make a point of keeping up-to-date with distributed third-party components. But this really is a molehill->mountain scenario.

bitflipper, I don't want to promote an argument into a rathole. But you specifically asked me some questions, so let me respond.

I already pointed to a Microsoft security bulletin. You say that "the CW devs probably do not use" the ATL. What---are you guessing? And if you're guessing, why would you guess that they don't instead of that they do? You don't think they use COM objects or ActiveX components---isn't it possible that they are using the ATL? (If you've ever written COM objects by hand you'll be crying for the ATL.) Or one of their monstrous pile of libraries they are dependent on might use ATL?

But whether they use the ATL is missing the point. The whole point of a C++ runtime library is that it is installed globally and used by the whole system! The whole point of COM/ActiveX is that it provides UUIDs that identify components, and these components are registered globally for use by the whole system. Any other programs that use these COM/ActiveX interfaces automatically get these security vulnerabilities as well. So you know what? You could uninstall SONAR from your system, and if you leave the outdated MSVC++ runtime on your machine your other apps that use it are still vulnerable, even with SONAR gone. (Granted, most of my other apps are not still using the 2005 runtime.)

As Proteinshake indicated, what ticks me off is that I spend so much time getting my system in pristine working order with the latest patches, and some program I pay $199 for the day it comes off the presses has to go and litter my system with vulnerabilities---which the company knew about and should have fixed in 2007!

We all agree that Cakewalk should use the latest redistributable. Noel said he is looking into it. I'm going to try to leave it at that.

Noel Borthwick [Cakewalk
]

 There are however older 3'rd party plugins that we do not build ourselves that rely on that installer hence we need to continue to install it for now. Otherwise they would not run on a new Windows install. 

As important as project compatibility is...wouldn't it be better to just drop support for said 3rd plugins? Seriously, if having some 10 year old plugin that I don't use to begin with, could put my system or overall system/program stability at risk, then I'd prefer that said plugin was just dropped. Even if I did use it in an old project, I'd find a replacement.


Apple does stuff like that all the time. There will be 5 people will complain, then they'll accept it and move on.

I completely agree with Funkybot.

Being that X1 is the "new" generation of Cakewalk's flagship product and that these plugins are obsolete (since Cakewalk can't be updated them anymore), then the most logical step, given the circumastances, would be to discontinue these plugins.  The people who'd want them can install these plugins from an older version of SONAR if they so choose to.  Cakewalk needs to realize there's a point where the company has to move forward and make these type of decisions.

This is probably all great info for Cakewalk as they put out their X1 update (which I understand is fairly soon.)

How I solved the Runtime Error in X1 that was also affecting 8.5.3....System Restore ....to the day before I installed X1...I will wait til they get this mess together...I paid for X1...I'll just wait until its actually safe to use it!!!! I have clients to deal with and the buggy upgrade is not cool~~~at all~~~ When a system crashes every time you open it ..there is something seriously not right here!!!!

garretwilson


What it comes down to, again in my experience, is that the developers are so hard-pressed by marketing to bring out a new fancy feature set, and then marketing keeps adding features until practically the shipping date, and then there are last-minute bugs and bugs that they were never given time to fix, and then there is the pesky release date marketing says they need to hit to out-flank the competition---that management never gives them time to go back and do housekeeping details such as make sure all the redistributables are up-to-date.

Cakewalk definitely doesn't work in the way you describe re: marketing vs. development. There's also a Product Management department that falls in there somewhere too.

When a system crashes every time you open it ..there is something seriously not right here!!!!

I think you may have some other problems with your system.  I've got X1 working stable in my studio, and I've not yet had any crashes.

I think were making a mountain out of a molehill here. There is no damage being done to anyones systems by this older Microsoft redist. Only a hypothetical "security issue" due to the file in the root folder. Seriously we have far worse issues to look into that affect a much larger user base for our patches. I have already said that we would look into using the new redist in the future.
 
Also to answer some other queries, do NOT uninstall this update unless you manually install the updated redist immediately after, or some plugins or older components will stop working or crash. IOW no action is required on your part.
 
Regarding the static libraries approach this is generally considered a bad approach when dealing with Microsoft redistributables.
1. Microsoft releases updates to these sometimes via windows update that address security issues or vulnerabilties. Statically linking prevents this which is bad.
2. Statically linking creates bloat of the application exe and increases load time of the application. This would bloat the size of other components we install as well.
 
So please, this thread is just unnecessarily causing undue confusion for everyone.

Nope...My system is running like a charm now that I've done a system restore....Sonar 8.5.3 is running quite well now that X1 is on the back burner for now! No issues with crashes...no C++ crap...and Noel...read back what you wrote..Seriously dude..if this DAW was really ready..and you guys did some coordinating with Microsoft off the top...you would never have had to type that mountain out of a molehill stuff. Look..here's an interesting solution. How about utilizing the same MSVC++ that you used in Sonar 8.5.3  in X1 by eliminating the 2005 version from the download all together? Trust me..it's worth a shot instead of trying to cover up for the guys that pay you. Ya Think?

@THUGonyx, and I ASSume your system is running AT LEAST 25 to 40% faster ...

...I just realized you remind me of another poster from the past ... lol

Noel Borthwick [Cakewalk
]


...this thread is just unnecessarily causing undue confusion for everyone.

Noel, couldn't this thread just be quietly put out of its misery?  It's totally confusing and I think bogus.  A company has the right to delete posts on its own Forums when a thread is found to be pointless.

Randy B.

Is this why X1 keeps crashing halfway through a project? I actually went and did a system restore to remove X1 ..and went back to 8.5.3 because the crashes really mess with the creative process. To make matters worse the admin's are trying to make it look like this issue is trivial..and there are all these suggestions about how Microsoft is to blame because of their redistribution of C++ 2005..2008...2010.BLAH BLAH BLAH..and its ridiculously confusing. I want a nice compact DAW with careful attention paid by Cakewalk of what Microsoft does that will affect the way X1 runs. I don't want to have to hack into my computer to get it to work right..Dudes ..that's your job at Cakewalk to deal with before WE purchase it.  I don't mind a few bugs but this one is of the charts. And Noel? YES IT IS IMPORTANT..BECAUSE YOU SHOULD KNOW BETTER...the Great thing about Cakewalk up to Sonar 9 was the creative flow! That is now thrown completely out the window when halfway through the creative process something pops up on the screen to tell you about some ridiculous C++ run-time error!!!! Grrrrr!!!!!  Ps..the reason I did a system restore is because this thing also affects Sonar 8.5.3 as well and the only way to get back to work was to wipe X1 off the computer with a system restore prior to the date of the X1 intallation.