Domain: microsoft.com
Stories and comments across the archive that link to microsoft.com.
Comments · 34,132
-
I must laugh!
The judge rejected the argument. "The fallacy in the argument is that if the bank does not accept the EULA [licence] terms [by operating the software and agreeing the terms], it receives no licence. Thus it can confer no licence for the use of any Microsoft software by passing on the COA (certificate of authenticity), nor can the COA be evidence of, or itself confer, such a licence. Thus, provided that the licensing system is enforceable in law, the circumstances exemplified cannot give rise to a legitimate trade in COAs."
-----------
Let's break it down, shall we? The original purchaser receives software. She has no intention to every use it, and further never installs, operates, or agrees to terms, she cannot "pass on the license" as an offer. Never opened, and yet useless.
Interesting, and so I checked the Microsoft EULA FAQ. Googled "microsoft eula faq", first hit doesn't exist, second is:
http://www.microsoft.com/piracy/activation_faq.msp x
the section of interest is
"Licenses for Office XP or Office 2003 acquired preinstalled on a new PC are single-PC licenses that cannot be transferred or installed a second time on another PC or laptop computer".
I couldn't be bothered digging down further.
So, such software is "locked" to a specific CPU, and is not transferable. Of course, I may not have known that, and re-sold what I had received (and I did so, once. Bought a cheap computer for a BSD project. They wouldn't sell it WITHOUT around 15 CDs of useless, to me, software. Turned around and sold the lot "over $500 worth of software included!" to someone for $50 and a beer). It wasn't Office XP or Office 2003, and I have no idea what the license would say.
Crap; I may guilty of breaking the law! Who the fuck reads EULAs for software you are NOT going to install? And, what if the EULA DOESN'T show up UNTIL you install it? Isn't that Catch-22?
Ratboy -
Re:Perhaps not watertight, but not a sieve, eitherFrom the article:
Any application program can send messages to any other application program. There is nothing in the Win32 interface that provides any type of protection.
Bzzzt, wrong. As I said before, desktop objects are the security barrier between windows (and their messages). Every window is owned by a thread; messages to the window are posted to that thread's message queue. Every thread that can participate in window messaging is associated with a desktop object. A thread can only send or recieve messages to and from windows on the same desktop it is associated with. A window message cannot be sent without a destination window on a specific desktop. A thread can only be associated with a desktop if that desktop has been opened with sufficient access. The process of opening a desktop includes a check against the desktop's security descriptor. Microsoft guidelines have always warned against putting windows of different privilege levels on the same desktop because of the possibility of the harmful interaction it allows. As long as apps are following those guidelines, there is no way for a unprivileged malicious program to send arbitrary messages to a privileged process.
The most a process could be expected to be tolerant of is arbitrary user input, but even then the security model doesn't require a user's applications running with that user's authority to be protected from the user himself. The only programs that need to be immune to user input are ones that are trusted by the OS, yet interact directly with the user. Winlogon is the only process that fits that description. (Note that Winlogon has its own desktop to protect itself from any messages coming from the user's processes.)
There's no argument that Win32's messaging system is old and quite ugly, but to say it's an inescapable security hazard isn't true. When used properly, there's no vulnerability. Win32 is not X-Windows.
Look up shatter attacks. It's the same idea, and they're inaccurate for the same reasons.
A few choice quotes:Messages can be sent only between processes that are on the same desktop. In addition, the hook procedure of a process running on a particular desktop can only receive messages intended for windows created in the same desktop. Desktops
Warning There is a significant security risk for any service that opens a window on the interactive desktop. By opening a desktop window, a service makes itself vulnerable to attack from the logged-on user, whose application could send malicious messages to the service's desktop window and affect its ability to function. SetThreadDesktop
For the Windows user interface, the desktop is the security boundary. Any application that is running on the interactive desktop can interact with any window that is on the interactive desktop, even if that window is not displayed on the desktop. This behavior is true for every application, regardless of the security context of the application that creates the window and regardless of the security context of the application that is running on the desktop. The Windows message system does not allow an application to determine the source of a window message.
Because of these design features, any service that opens a window on the interactive desktop is exposing itself to applications that -
Re:Perhaps not watertight, but not a sieve, eitherFrom the article:
Any application program can send messages to any other application program. There is nothing in the Win32 interface that provides any type of protection.
Bzzzt, wrong. As I said before, desktop objects are the security barrier between windows (and their messages). Every window is owned by a thread; messages to the window are posted to that thread's message queue. Every thread that can participate in window messaging is associated with a desktop object. A thread can only send or recieve messages to and from windows on the same desktop it is associated with. A window message cannot be sent without a destination window on a specific desktop. A thread can only be associated with a desktop if that desktop has been opened with sufficient access. The process of opening a desktop includes a check against the desktop's security descriptor. Microsoft guidelines have always warned against putting windows of different privilege levels on the same desktop because of the possibility of the harmful interaction it allows. As long as apps are following those guidelines, there is no way for a unprivileged malicious program to send arbitrary messages to a privileged process.
The most a process could be expected to be tolerant of is arbitrary user input, but even then the security model doesn't require a user's applications running with that user's authority to be protected from the user himself. The only programs that need to be immune to user input are ones that are trusted by the OS, yet interact directly with the user. Winlogon is the only process that fits that description. (Note that Winlogon has its own desktop to protect itself from any messages coming from the user's processes.)
There's no argument that Win32's messaging system is old and quite ugly, but to say it's an inescapable security hazard isn't true. When used properly, there's no vulnerability. Win32 is not X-Windows.
Look up shatter attacks. It's the same idea, and they're inaccurate for the same reasons.
A few choice quotes:Messages can be sent only between processes that are on the same desktop. In addition, the hook procedure of a process running on a particular desktop can only receive messages intended for windows created in the same desktop. Desktops
Warning There is a significant security risk for any service that opens a window on the interactive desktop. By opening a desktop window, a service makes itself vulnerable to attack from the logged-on user, whose application could send malicious messages to the service's desktop window and affect its ability to function. SetThreadDesktop
For the Windows user interface, the desktop is the security boundary. Any application that is running on the interactive desktop can interact with any window that is on the interactive desktop, even if that window is not displayed on the desktop. This behavior is true for every application, regardless of the security context of the application that creates the window and regardless of the security context of the application that is running on the desktop. The Windows message system does not allow an application to determine the source of a window message.
Because of these design features, any service that opens a window on the interactive desktop is exposing itself to applications that -
Re:Perhaps not watertight, but not a sieve, eitherFrom the article:
Any application program can send messages to any other application program. There is nothing in the Win32 interface that provides any type of protection.
Bzzzt, wrong. As I said before, desktop objects are the security barrier between windows (and their messages). Every window is owned by a thread; messages to the window are posted to that thread's message queue. Every thread that can participate in window messaging is associated with a desktop object. A thread can only send or recieve messages to and from windows on the same desktop it is associated with. A window message cannot be sent without a destination window on a specific desktop. A thread can only be associated with a desktop if that desktop has been opened with sufficient access. The process of opening a desktop includes a check against the desktop's security descriptor. Microsoft guidelines have always warned against putting windows of different privilege levels on the same desktop because of the possibility of the harmful interaction it allows. As long as apps are following those guidelines, there is no way for a unprivileged malicious program to send arbitrary messages to a privileged process.
The most a process could be expected to be tolerant of is arbitrary user input, but even then the security model doesn't require a user's applications running with that user's authority to be protected from the user himself. The only programs that need to be immune to user input are ones that are trusted by the OS, yet interact directly with the user. Winlogon is the only process that fits that description. (Note that Winlogon has its own desktop to protect itself from any messages coming from the user's processes.)
There's no argument that Win32's messaging system is old and quite ugly, but to say it's an inescapable security hazard isn't true. When used properly, there's no vulnerability. Win32 is not X-Windows.
Look up shatter attacks. It's the same idea, and they're inaccurate for the same reasons.
A few choice quotes:Messages can be sent only between processes that are on the same desktop. In addition, the hook procedure of a process running on a particular desktop can only receive messages intended for windows created in the same desktop. Desktops
Warning There is a significant security risk for any service that opens a window on the interactive desktop. By opening a desktop window, a service makes itself vulnerable to attack from the logged-on user, whose application could send malicious messages to the service's desktop window and affect its ability to function. SetThreadDesktop
For the Windows user interface, the desktop is the security boundary. Any application that is running on the interactive desktop can interact with any window that is on the interactive desktop, even if that window is not displayed on the desktop. This behavior is true for every application, regardless of the security context of the application that creates the window and regardless of the security context of the application that is running on the desktop. The Windows message system does not allow an application to determine the source of a window message.
Because of these design features, any service that opens a window on the interactive desktop is exposing itself to applications that -
Re:Perhaps not watertight, but not a sieve, eitherFrom the article:
Any application program can send messages to any other application program. There is nothing in the Win32 interface that provides any type of protection.
Bzzzt, wrong. As I said before, desktop objects are the security barrier between windows (and their messages). Every window is owned by a thread; messages to the window are posted to that thread's message queue. Every thread that can participate in window messaging is associated with a desktop object. A thread can only send or recieve messages to and from windows on the same desktop it is associated with. A window message cannot be sent without a destination window on a specific desktop. A thread can only be associated with a desktop if that desktop has been opened with sufficient access. The process of opening a desktop includes a check against the desktop's security descriptor. Microsoft guidelines have always warned against putting windows of different privilege levels on the same desktop because of the possibility of the harmful interaction it allows. As long as apps are following those guidelines, there is no way for a unprivileged malicious program to send arbitrary messages to a privileged process.
The most a process could be expected to be tolerant of is arbitrary user input, but even then the security model doesn't require a user's applications running with that user's authority to be protected from the user himself. The only programs that need to be immune to user input are ones that are trusted by the OS, yet interact directly with the user. Winlogon is the only process that fits that description. (Note that Winlogon has its own desktop to protect itself from any messages coming from the user's processes.)
There's no argument that Win32's messaging system is old and quite ugly, but to say it's an inescapable security hazard isn't true. When used properly, there's no vulnerability. Win32 is not X-Windows.
Look up shatter attacks. It's the same idea, and they're inaccurate for the same reasons.
A few choice quotes:Messages can be sent only between processes that are on the same desktop. In addition, the hook procedure of a process running on a particular desktop can only receive messages intended for windows created in the same desktop. Desktops
Warning There is a significant security risk for any service that opens a window on the interactive desktop. By opening a desktop window, a service makes itself vulnerable to attack from the logged-on user, whose application could send malicious messages to the service's desktop window and affect its ability to function. SetThreadDesktop
For the Windows user interface, the desktop is the security boundary. Any application that is running on the interactive desktop can interact with any window that is on the interactive desktop, even if that window is not displayed on the desktop. This behavior is true for every application, regardless of the security context of the application that creates the window and regardless of the security context of the application that is running on the desktop. The Windows message system does not allow an application to determine the source of a window message.
Because of these design features, any service that opens a window on the interactive desktop is exposing itself to applications that -
Re:Perhaps not watertight, but not a sieve, eitherFrom the article:
Any application program can send messages to any other application program. There is nothing in the Win32 interface that provides any type of protection.
Bzzzt, wrong. As I said before, desktop objects are the security barrier between windows (and their messages). Every window is owned by a thread; messages to the window are posted to that thread's message queue. Every thread that can participate in window messaging is associated with a desktop object. A thread can only send or recieve messages to and from windows on the same desktop it is associated with. A window message cannot be sent without a destination window on a specific desktop. A thread can only be associated with a desktop if that desktop has been opened with sufficient access. The process of opening a desktop includes a check against the desktop's security descriptor. Microsoft guidelines have always warned against putting windows of different privilege levels on the same desktop because of the possibility of the harmful interaction it allows. As long as apps are following those guidelines, there is no way for a unprivileged malicious program to send arbitrary messages to a privileged process.
The most a process could be expected to be tolerant of is arbitrary user input, but even then the security model doesn't require a user's applications running with that user's authority to be protected from the user himself. The only programs that need to be immune to user input are ones that are trusted by the OS, yet interact directly with the user. Winlogon is the only process that fits that description. (Note that Winlogon has its own desktop to protect itself from any messages coming from the user's processes.)
There's no argument that Win32's messaging system is old and quite ugly, but to say it's an inescapable security hazard isn't true. When used properly, there's no vulnerability. Win32 is not X-Windows.
Look up shatter attacks. It's the same idea, and they're inaccurate for the same reasons.
A few choice quotes:Messages can be sent only between processes that are on the same desktop. In addition, the hook procedure of a process running on a particular desktop can only receive messages intended for windows created in the same desktop. Desktops
Warning There is a significant security risk for any service that opens a window on the interactive desktop. By opening a desktop window, a service makes itself vulnerable to attack from the logged-on user, whose application could send malicious messages to the service's desktop window and affect its ability to function. SetThreadDesktop
For the Windows user interface, the desktop is the security boundary. Any application that is running on the interactive desktop can interact with any window that is on the interactive desktop, even if that window is not displayed on the desktop. This behavior is true for every application, regardless of the security context of the application that creates the window and regardless of the security context of the application that is running on the desktop. The Windows message system does not allow an application to determine the source of a window message.
Because of these design features, any service that opens a window on the interactive desktop is exposing itself to applications that -
Right to Use
I'm sorry, my use of capitals has suggested too much weight given to the letter of the law as opposed to the concepts.
When you purchase an intrinsically physical item such as a book, the valuable commodity purchased is (mostly) the physical item itself. The user commonly derives the benefit of the book by reading it but there are other valuable uses: doorstop and table leg leveller being the obvious ones.
When you purchase a piece of software there are only two valuable uses: using it and learning from it. Some learning uses are simply by-products of normal use and can be treated as normal use; other techniques such as reverse engineering are generally outlawed one way or another.
Microsoft Windows XP Professional retails at $299. http://www.microsoft.com/windowsxp/pro/howtobuy/pr icingretail.mspx/ It's hard to imagine that the physical media might be worth that or anyone might pay that to merely "own a copy". The only reasonable commodity trade surely is the right to use the software. -
Re:So I buy a Dell...
Um, no. You are fine if you buy a computer from an authorized reseller. Dell is authorized by Microsoft to sell OEM licensed systems. Want to resell Microsoft software? Check out oem.microsoft.com. Selling used computers has been grey market for years because of Microsoft's OEM license.
MS actively discourages manufacturers sending out CDs.
Um, no. Just the opposite in fact. Only the largest resellers are allowed to resell Microsoft software without a holographic CD. The only reason they can is because they leverage their sales numbers.
Basically, the COA, the receipt, and the ELUA are just measures to help restrict illegal trading. None of them are proof of license. Why? Because it is against the license to resell the software without authorization from Microsoft. An illegally sold piece of software is still illegal, even with COA, CD, and receipt.
If you don't like Microsoft's restrictive licenses, don't buy Microsoft. It's one of the reasons Linux has so much support from large corporations.
-
corrected link
dunno wtf. happened to that url, should have been:
http://www.microsoft.com/piracy/partners/YourPC_do .mspx -
Re:Well, duhHere's the text describing what the COA is (in Microsoft's mind, anyway):
A Certificate of Authenticity (COA) is a label that helps you identify genuine Microsoft software. A COA is not a software license it is a visual identifier that assists in determining whether or not the Microsoft software you are running is genuine. However, without it, you will not have a legal license to run Microsoft software. A COA should never be purchased by itself without the software it authenticates.
The above quote is from http://www.microsoft.com/resources/howtotell/en/c
o a.mspx -
Re:Well, duh
"If you want to make sure that your software is licensed properly and not pirated, you need to check your COA, according to Microsoft."
Actually I think their Windows Genuine Advantage http://support.microsoft.com/?scid=kb;en-us;892130 crap you need to install to get updates is what is used to determine if you are using non-pirated software... -
Re:Well, duh
Because Microsoft itself seems to imply that the COA will be your guarantee that you are using a non-pirated version of Windows. If you want to make sure that your software is licensed properly and not pirated, you need to check your COA, according to Microsoft.
-
Re:Unfair bashingAll previous Microsoft products (and their quirks) aside, Microsoft simply doesn't have any experience here. All they have is Windows Automotive, which doesn't seem to be anyting but (G)UI to higher level functions, but nothing in the way of motor management or breaks, gearbox etc.. Nor do they have the actual hardware, they are going to buy that from someone who has experience in he field.
IOW this is just PR.
-
I work on the antimalware team at Microsoft
There have been a lot of views expressed in the comments and I'd like to just throw another viewpoint out there =) We recently released a whitepaper detailing the data we have collected from our Malicious Software Removal Tool. I'll let our whitepaper speak for itself. =)
-
I work on the antimalware team at Microsoft
There have been a lot of views expressed in the comments and I'd like to just throw another viewpoint out there =) We recently released a whitepaper detailing the data we have collected from our Malicious Software Removal Tool. I'll let our whitepaper speak for itself. =)
-
Re:Why do people buy into this nonsense?
And more recently, Allchin. =)
-
Re:Perhaps not watertight, but not a sieve, either
MacOS/X has a much more stable and mature core Operating System base (Mach). Mach is MUCH older (circa 1985) than the windows NT core (circa 1993), and has been changed less. For example NextStep, released in 1989, was based on Mach, and already did much of what MacOS/X does.
If you want to go back to the OSes NT and OSX are based on, the NT core is based on VMS's design (almost as much as OSX from Mach, though OSX actually uses code from Mach, whereas NT has VMS's developers) and VMS was first released in 1978. Since NT was released, its core has undergone almost no changes. The biggest one was with Plug+Play supplementing device detection and power management.
Mach (the underlying OS) was designed with security in mind. Note however, the Mach layer doesn't define security policy, it just gives you tools with which to implement such policies.
NT was designed with security in mind. Note that the NT core itself doesn't define a security policy, it just gives you the API to implement such policies. I'll admit that Microsoft has been known to have somewhat crappy defaults for security and sometimes bad tools for fixing it. This isn't really a design problem in the OS, though.
Contrast that with Windows which has serious design flaws in its interprocess communication mechanism.
There are 3 places (at most) that applications can put their files in order to be following the rules that Microsoft has been publishing since at least NT 3.1:
- The application directory. Since Win95, the standard location for these are in <system drive>\Program Files, before that <system drive>, but otherwise wherever the user picks.
- The user's profile (or home directory pre Win95) for the user's own files.
- Optionally, the system directory (<windows>\System32) for shared libraries. These can also go in the app directory (but won't be shared).
This is similar to the unix policy, except that unix usually specifies a specific dir for application binaries. I don't see how this is 'all over your system'. Doesn't OSX have any shared libraries? How are these installed? Besides, since at least the year 2000, the Windows Installer has been the standard (and recently the only MS sanctioned way) to install, which hides all these details, and allows unprivileged installation. Domain admins can even publish
.msi packages on the domain which unprivileged users can install at their option (that or the admins can make installation mandatory and unattended). IIRC, the designed for Vista logo will only be possible for apps that can install unprivileged (unless they are administration type tools useless to normal users). If the article is referring to misbehaving apps, then that's hardly Microsoft's fault. Microsoft has long published 'designed for' logo requirements that are not unreasonable for their OSes.
I'm not sure how installation conventions are related to inter-process communication, though. Processes create named objects for IPC and specify their own security descriptor at that time. Any other process that wants to open that named object must be granted access according to the SD specified by the object's creator. Every type of IPC is ultimately protected by a security descriptor. Even windows, which recieve window messages exist in a desktop object which the calling process must be granted access to according to t -
Re:Perhaps not watertight, but not a sieve, either
MacOS/X has a much more stable and mature core Operating System base (Mach). Mach is MUCH older (circa 1985) than the windows NT core (circa 1993), and has been changed less. For example NextStep, released in 1989, was based on Mach, and already did much of what MacOS/X does.
If you want to go back to the OSes NT and OSX are based on, the NT core is based on VMS's design (almost as much as OSX from Mach, though OSX actually uses code from Mach, whereas NT has VMS's developers) and VMS was first released in 1978. Since NT was released, its core has undergone almost no changes. The biggest one was with Plug+Play supplementing device detection and power management.
Mach (the underlying OS) was designed with security in mind. Note however, the Mach layer doesn't define security policy, it just gives you tools with which to implement such policies.
NT was designed with security in mind. Note that the NT core itself doesn't define a security policy, it just gives you the API to implement such policies. I'll admit that Microsoft has been known to have somewhat crappy defaults for security and sometimes bad tools for fixing it. This isn't really a design problem in the OS, though.
Contrast that with Windows which has serious design flaws in its interprocess communication mechanism.
There are 3 places (at most) that applications can put their files in order to be following the rules that Microsoft has been publishing since at least NT 3.1:
- The application directory. Since Win95, the standard location for these are in <system drive>\Program Files, before that <system drive>, but otherwise wherever the user picks.
- The user's profile (or home directory pre Win95) for the user's own files.
- Optionally, the system directory (<windows>\System32) for shared libraries. These can also go in the app directory (but won't be shared).
This is similar to the unix policy, except that unix usually specifies a specific dir for application binaries. I don't see how this is 'all over your system'. Doesn't OSX have any shared libraries? How are these installed? Besides, since at least the year 2000, the Windows Installer has been the standard (and recently the only MS sanctioned way) to install, which hides all these details, and allows unprivileged installation. Domain admins can even publish
.msi packages on the domain which unprivileged users can install at their option (that or the admins can make installation mandatory and unattended). IIRC, the designed for Vista logo will only be possible for apps that can install unprivileged (unless they are administration type tools useless to normal users). If the article is referring to misbehaving apps, then that's hardly Microsoft's fault. Microsoft has long published 'designed for' logo requirements that are not unreasonable for their OSes.
I'm not sure how installation conventions are related to inter-process communication, though. Processes create named objects for IPC and specify their own security descriptor at that time. Any other process that wants to open that named object must be granted access according to the SD specified by the object's creator. Every type of IPC is ultimately protected by a security descriptor. Even windows, which recieve window messages exist in a desktop object which the calling process must be granted access to according to t -
Re:Perhaps not watertight, but not a sieve, either
MacOS/X has a much more stable and mature core Operating System base (Mach). Mach is MUCH older (circa 1985) than the windows NT core (circa 1993), and has been changed less. For example NextStep, released in 1989, was based on Mach, and already did much of what MacOS/X does.
If you want to go back to the OSes NT and OSX are based on, the NT core is based on VMS's design (almost as much as OSX from Mach, though OSX actually uses code from Mach, whereas NT has VMS's developers) and VMS was first released in 1978. Since NT was released, its core has undergone almost no changes. The biggest one was with Plug+Play supplementing device detection and power management.
Mach (the underlying OS) was designed with security in mind. Note however, the Mach layer doesn't define security policy, it just gives you tools with which to implement such policies.
NT was designed with security in mind. Note that the NT core itself doesn't define a security policy, it just gives you the API to implement such policies. I'll admit that Microsoft has been known to have somewhat crappy defaults for security and sometimes bad tools for fixing it. This isn't really a design problem in the OS, though.
Contrast that with Windows which has serious design flaws in its interprocess communication mechanism.
There are 3 places (at most) that applications can put their files in order to be following the rules that Microsoft has been publishing since at least NT 3.1:
- The application directory. Since Win95, the standard location for these are in <system drive>\Program Files, before that <system drive>, but otherwise wherever the user picks.
- The user's profile (or home directory pre Win95) for the user's own files.
- Optionally, the system directory (<windows>\System32) for shared libraries. These can also go in the app directory (but won't be shared).
This is similar to the unix policy, except that unix usually specifies a specific dir for application binaries. I don't see how this is 'all over your system'. Doesn't OSX have any shared libraries? How are these installed? Besides, since at least the year 2000, the Windows Installer has been the standard (and recently the only MS sanctioned way) to install, which hides all these details, and allows unprivileged installation. Domain admins can even publish
.msi packages on the domain which unprivileged users can install at their option (that or the admins can make installation mandatory and unattended). IIRC, the designed for Vista logo will only be possible for apps that can install unprivileged (unless they are administration type tools useless to normal users). If the article is referring to misbehaving apps, then that's hardly Microsoft's fault. Microsoft has long published 'designed for' logo requirements that are not unreasonable for their OSes.
I'm not sure how installation conventions are related to inter-process communication, though. Processes create named objects for IPC and specify their own security descriptor at that time. Any other process that wants to open that named object must be granted access according to the SD specified by the object's creator. Every type of IPC is ultimately protected by a security descriptor. Even windows, which recieve window messages exist in a desktop object which the calling process must be granted access to according to t -
Re:Perhaps not watertight, but not a sieve, either
MacOS/X has a much more stable and mature core Operating System base (Mach). Mach is MUCH older (circa 1985) than the windows NT core (circa 1993), and has been changed less. For example NextStep, released in 1989, was based on Mach, and already did much of what MacOS/X does.
If you want to go back to the OSes NT and OSX are based on, the NT core is based on VMS's design (almost as much as OSX from Mach, though OSX actually uses code from Mach, whereas NT has VMS's developers) and VMS was first released in 1978. Since NT was released, its core has undergone almost no changes. The biggest one was with Plug+Play supplementing device detection and power management.
Mach (the underlying OS) was designed with security in mind. Note however, the Mach layer doesn't define security policy, it just gives you tools with which to implement such policies.
NT was designed with security in mind. Note that the NT core itself doesn't define a security policy, it just gives you the API to implement such policies. I'll admit that Microsoft has been known to have somewhat crappy defaults for security and sometimes bad tools for fixing it. This isn't really a design problem in the OS, though.
Contrast that with Windows which has serious design flaws in its interprocess communication mechanism.
There are 3 places (at most) that applications can put their files in order to be following the rules that Microsoft has been publishing since at least NT 3.1:
- The application directory. Since Win95, the standard location for these are in <system drive>\Program Files, before that <system drive>, but otherwise wherever the user picks.
- The user's profile (or home directory pre Win95) for the user's own files.
- Optionally, the system directory (<windows>\System32) for shared libraries. These can also go in the app directory (but won't be shared).
This is similar to the unix policy, except that unix usually specifies a specific dir for application binaries. I don't see how this is 'all over your system'. Doesn't OSX have any shared libraries? How are these installed? Besides, since at least the year 2000, the Windows Installer has been the standard (and recently the only MS sanctioned way) to install, which hides all these details, and allows unprivileged installation. Domain admins can even publish
.msi packages on the domain which unprivileged users can install at their option (that or the admins can make installation mandatory and unattended). IIRC, the designed for Vista logo will only be possible for apps that can install unprivileged (unless they are administration type tools useless to normal users). If the article is referring to misbehaving apps, then that's hardly Microsoft's fault. Microsoft has long published 'designed for' logo requirements that are not unreasonable for their OSes.
I'm not sure how installation conventions are related to inter-process communication, though. Processes create named objects for IPC and specify their own security descriptor at that time. Any other process that wants to open that named object must be granted access according to the SD specified by the object's creator. Every type of IPC is ultimately protected by a security descriptor. Even windows, which recieve window messages exist in a desktop object which the calling process must be granted access to according to t -
Re:Huh? Wanna say that again?No, the Aero Glass requirements aren't THAT demanding. At least, not for the sort of user who considers upgrading the OS himself (and, importantly, excluding crappy laptop integrated graphics, which will probably start fading away fast after Vista). Here's the requirements for Vista Premium, from Microsoft's site:
- 1 GHz x86 or x64 processor
- 1 GiB RAM
- DirectX 9.0 compatible video card with shader model 2.0 and 128 MiB VRAM.
Note that the actual VRAM requirements are variable. For resolutions of 1280x1024 and below 64 MiB will suffice. Mostly every laptop with a dedicated graphics card will fit the 64 MB or more, under 1280x1024 total pixels bracket. 1280x800 or 1440x900 are popular resolutions nowadays, and are both beneath that amount of total pixels.
This said, the requirements are above and beyond those of OS X's Quartz Extreme. A 64 MiB card like the geforce 5200 Ultra in the powerbook 12" can and will drive a 1024x768 panel (built-in) and a 23" apple panel (the 20" ones are 1680x1050, so scale it appropriately). That's a lot more bang for buck. But it still doesn't make the hardware demands that tough. Who here has a big, beefy screen without a correspondingly beefy video card? Who can you imagine actually upgrading the OS in their boxes that doesn't have a suitable video card? I'm not going to go into the RAM and CPU requirements (note that the basic vista version only demands 512 MiB, rather than the full 1 GiB for Premium), which I don't think are over the top. Except for some odd low-voltage offerings (I'm not even aware of any, but I can conceive them existing) I can't see anyone having trouble meeting the 1 GHz requirement, and 1 GiB RAM isn't really a big deal nowadays.
-
Re:I apologize in advance...
It won't happen. EVE Online / CCP is quite solidly in Microsoft's pocket. From the bottom up, the system is based off MS tech. From Microsoft SQL Server 2005 to DirectX integration, the game is entirely powered on MS Opperating systems. The fan-base has been asking for *nix/OSX support for years, but there's no chance of it happening. Some have managed to get it running on Cedega in the past though. The CCP dev team was sponsored by the DX project as well, hindering our bid. If you go to the DX site, there's an EVE-Online advert: http://www.microsoft.com/windows/directx/default.
m spx The game is good, long and there's always something to do. The skill system really redeems it for those players who aren't able to clock long hours a week playing, but to get anywhere, you'll require boat-loads of time mining or hunting to get any funds together as to buy new ships. The graphics are to be re-done in the next expansion which should be released Soon(tm). It's not for everyone, I'll give you that, though. -
Re:Why some OSes are more resistant
It's in large part inherent system design. The basic design point: the seperation between ordinary users and the administrative user (root). That seperation means that, even if you do get infected with malware, the malware can't spread into the system itself. It can't tie into system libraries, it can't have itself started at system startup, it can't disable system services (like the firewall or the malware scanner) and it can't hide itself from the administrative user. This provides a two-layer defense similar to the layout of a medieval castle: once the attackers break through the outer wall, they have to start all over again breaking through the defenses of the inner keep (while being stuck in the yard between the keep and the wall, easy prey for the defenders in the keep). Changes in market share and declining user sophistication won't have any effect on this aspect of things.
Yes. Security in rings means doing things right on every layer. In past Microsoft has had to apply security to where things should have been secure to begin with. If UAC (aka gui sudo/runas)is enabled by default in vista with the default user a standard user their security planning *might* be pointed in the right direction. -
Already Exists?
Looks kind of like this...
http://www.microsoft.com/windowsmobile/media/gigab eat.mspx -
Re:Taking bets...
Wow. This was modded Insightful? Who wasted mod points on that?
MS has already stated publicly on their web site that they are making OpenXML available to the world at large for free. They've also started the standardization process with ECMA. See http://www.microsoft.com/office/preview/itpro/ecma faq.mspx. So there is no "proprietary format/structures of MSopen XML."
"f you'd like to convert your existing proprietary formatted MS-word document formats then you'll have to move them to MSopen XML first and THEN to ODF"
Wrong. Try reading the blog that was linked in the post. Here is what it says: "There will be a menu item in the Office applications that will point people to the downloads for XPS, PDF, and now ODF. So you'll have the ability to save to and open ODF files directly within Office (just like any other format)."
"And if you want MSopen XML then you'll have to get a future version of MS Office( 2007 ) and it's likely you'll also need another version of Microsoft Windows to run that, and you'll probably need a new computer to run that."
Wrong again. MS is already working on OpenXML native import/save/open for Office 2003, XP, and 2000. Also, Office 2007 is spec'd for something like WinXP SP2 and higher. Of course if you're still on Win98 you won't be able to load Office 2007 but if you are still on Win98 you should move to an OS that isn't 8 years old.
"So good luck trying to fix any of this without reverse engineering Microsofts patented structures, purchasing all that new software, and hardware to do this and still be doing this with possible legal threats from MSFT."
Wrong, wrong wrong. Try learning something about what you're posting isntead of having the standard /. knee-jerk reaction.
Yeah, good luck with that. -
Re:More Speculation
Apple's decision to use OWA/DAV probably has more to do with the fact that Microsoft is encouraging developers to do that. OWA makes heavy use of DAV and allows you to access messages, contacts, etc. directly as a HTTP/DAV resource. This was done because of the problems with running MAPI over the Internet (won't work over any properly setup firewall) and to support mobile devices which often go through a proxy.
http://www.microsoft.com/technet/community/chats/t rans/exchange/exc0428.mspx
Despite the fact that Microsoft is a lumbering giant they do have some fairly sharp people working for them and they have picked up that MAPI is a dead horse. Exchange now uses SMTP for transport between exchange servers and OWA/DAV is being pushed. MAPI is still used extensively and is supported over the Internet by RPC over HTTP (a godsend for consultants at customer sites) but casting Apple's decision to use OWA as a screen-scraping hack to get around the big evil is wholy inaccurate. The Mail.app guys are good developers who read their Microsoft Tech Notes.
And... btw... I used to reverse engineer the Mac Toolbox so we could port Mac games to DOS and Windows, so I have a little bit of experience with this whole thing. (Yes, yes... someone was that foolish, look up "V for Victory" and "Close Combat" by Atomic Games... both series were written on the Mac and ported over.) Any time the Mac lead and I got into the whole fanboy thing the owner of Atomic would ask us if we hung our toliet paper with the loose end in front of the roll or behind the roll.
Invariably we were told our answer was wrong. -
Re:But will it use their OS?
I don't know if this is relevant, but a quick google search brought Windows Automative up.
-
Re:What does Microsoft use for embedded systems?
I doubt you've ever even used WinCE (called Windows Mobile now btw). Seems like your comment is just MS-bashing FUD.
Windows Mobile is a "platform" based on WinCE. It's what they used to call Pocket PC. Basically it's a CE core, Windows Media Player, Internet Explorer, and the Pocket PC UI and control panel (there's a few more things that I forget). People who aren't doing PDAs (like, oh, those doing engine control systems), use WinCE.
Now, what do you suppose the difference is between running CE in a cash register (which, in my opinion, is a good idea), versus running it in an automobile (not such a good idea, again, in my opinion)? I know, for example (being a WinCE user), that WinCE 5.x uses a shared single virtual memory space, divided into slots for the application. And that the code segment is mostly unprotected from write access (in a supposedly modern OS, can you believe it?), and that it has no security model whatsoever, and that all apps run in kernel mode and can, if they feel like it, capture the processor and stop all preemption and interrupts. Because of this, I'm not worried running WinCE on a cash register, but I am a bit more fearful in the case where lives are involved. -
Re:What does Microsoft use for embedded systems?
I doubt you've ever even used WinCE (called Windows Mobile now btw). Seems like your comment is just MS-bashing FUD.
Windows Mobile is a "platform" based on WinCE. It's what they used to call Pocket PC. Basically it's a CE core, Windows Media Player, Internet Explorer, and the Pocket PC UI and control panel (there's a few more things that I forget). People who aren't doing PDAs (like, oh, those doing engine control systems), use WinCE.
Now, what do you suppose the difference is between running CE in a cash register (which, in my opinion, is a good idea), versus running it in an automobile (not such a good idea, again, in my opinion)? I know, for example (being a WinCE user), that WinCE 5.x uses a shared single virtual memory space, divided into slots for the application. And that the code segment is mostly unprotected from write access (in a supposedly modern OS, can you believe it?), and that it has no security model whatsoever, and that all apps run in kernel mode and can, if they feel like it, capture the processor and stop all preemption and interrupts. Because of this, I'm not worried running WinCE on a cash register, but I am a bit more fearful in the case where lives are involved. -
Re:I just wanna know...
Windows CE is NOT a real-time operating system, no matter what Microsoft claim.
I'm much more apt to trust publications, case studies, and third party reviews than I am to trust an unsubstantiated claim. -
Re:WinCE is impressive in automotiveThey've also got a lot of experience in Monster Trucks, too.
And just like the game, they probably didn't write it themselves, either.
DT
-
WinCE is impressive in automotive
MS has been active in the Automotive sector for quite some time now, and is one of the biggest players in the market. They have a full fledged Automotive Division, and some of their systems based on CE go into Fiat, Volvo and others I dont know.
So if you think they just jumped into it, well no. They've been there for a long time now. And seem to be doing quite well. This will buy them lots of publicity.
And anyway, safety on F1 cars are multiple times redundant and even if the software fails there is a mechanical framework protecting the driver. The software largely handles monitoring tasks, warnings and such. -
FAQ Regarding Microsoft Protocol License Agreement
And I quote...
Q: Why can't I distribute my implementation in source code form? And why does Microsoft care about "other licenses?"
A: The specifications used to create your protocol implementations are confidential and, along with the source code of those implementations, include Microsoft trade secrets. However, because other MCPP licensees have agreed to MCPP license terms (including distribution and confidentiality provisions), you can distribute the source code of your implementation to them. The license agreement also permits you to allow others to view the source code of your implementations on-site at your place of business for evaluation purposes, under suitable non-disclosure agreements.
In addition to not disclosing your source code directly (other than as just described), you also need to make sure not to subject your implementation to any other licenses that would require such source code disclosure. For example, under certain circumstances, other licenses may require your implementation to be disclosed in source code form when you distribute your implementation with other technology that is already subject to that other license. In short, you can't subject your authorized implementations to any license that requires you do things that are contrary to the scope of your license and your obligations under the license agreement.
http://members.microsoft.com/consent/info/Licenseo verview.aspx -
Re:True story...
The support guy was telling him to do this, apparently. I can't fault the user -- I'd never heard of it until now, and would have thought he was asking me to open a ticket.
-
Defenseless?
The first and foremost thing MS should do to make Windows more secure is to disable the call home when installing WinXP. From the moment it logs in, it is prone to attack and the user is left defenseless upto the moment installation is completed and a zillion trojans have had ample time to install. Atleast make it so the call home is performed AFTER I had the chance to install a virusscanner and firewall.
You're doing installs with the hardware hooked up to a public network? I don't think the problem is with Microsoft's plan here.
Install with the net and phone wires unplugged. Or, if you have the tech chops, install with the network wire plugged into a private secure network containing only a WSUS server and pull your updates right away.
I hate the whole concept of software that automatically "calls the mothership" anyway, but that's a different rant... -
Re:so?
Ever heard of Shadow API's?? Microsoft got in trouble for this because they told companies how to work with their products through one API and in secret had their OWN products using different API's. The outcome? Their products ran faster.
This is a myth.
While Microsoft did indeed have some undocumented APIs that were used by Microsoft applications, they certainly were not designed to make products "run faster". They're just a ragtag bunch of random helper functions and low-level interfaces of extremely limited utility. See this for the documentation they were forced to release as part of the antitrust settlement in the USA.
I cannot find a single example in that lot of anything that is merely a faster equivalent of an existing Win32 function. -
Re:so?
So
... do you think Microsoft has gathered all it's employees and instructed them to collectively deceive the public ?
It's not like they have done nothing, they have actually gone to some expense to comply with many of the anti-trust rulings, and information they have been required to produce is available, just not to the satisfaction of the EU's technical/legal advisors.
You can find info on Microsoft's Communication Protocols here
There's also a program which gives access to source code specifically trying to appease the EU here
I mean it's pretty hard for Microsoft to defend themselves in this circumstance, where the group they are in dispute with is also the judge and jury.
Have you thought perhaps maybe just maybe the EU has decided it'd like a slice of Microsoft war chest and has just decided it'll make up whatever excuse and take some. -
Re:so?
So
... do you think Microsoft has gathered all it's employees and instructed them to collectively deceive the public ?
It's not like they have done nothing, they have actually gone to some expense to comply with many of the anti-trust rulings, and information they have been required to produce is available, just not to the satisfaction of the EU's technical/legal advisors.
You can find info on Microsoft's Communication Protocols here
There's also a program which gives access to source code specifically trying to appease the EU here
I mean it's pretty hard for Microsoft to defend themselves in this circumstance, where the group they are in dispute with is also the judge and jury.
Have you thought perhaps maybe just maybe the EU has decided it'd like a slice of Microsoft war chest and has just decided it'll make up whatever excuse and take some. -
Re:Off topic, but...
They do have an option, but they don't do a particularly good job of advertising or documenting it. Instructions are available at this link. I believe access to reports is free, but you need a certificate to get access, which costs several hundred dollars.
I'm not saying this system is ideal - only that it's available if you're looking to pursue it. -
Re:I tried to switch, but...
Second... I discovered that the oh-so-lovely disk partitioner has the added feature that on some systems (including mine) it borks the MBR of the resized Windows partition in such a way that Windows will refuse to boot. Even after uninstalling Ubuntu. And even after applying various fixes via UBCD and friends. (Right now this system is sitting disconnected under my desk because I refuse to reinstall Ubuntu, but reinstalling Windows is a horrible half-day affair on its own...)
That sucks about your MBR. :(
No need to reinstall windows or go through anything involving boot disks to fix the MBR. So just boot from your XP cd, go into repair mode / recovery console, use the command prompt console (that's close to what it is called, but perhaps not exactly the right name). Then just use the fixmbr command and presto, your MBR is fixed and windows will boot (although it will likely wipe out your Linux boot loader GRUB).
http://www.microsoft.com/resources/documentation/w indows/xp/all/proddocs/en-us/bootcons_fixmbr.mspx? mfr=true
First... this is an nForce2 machine with built-in video, and the default config refused to let me select a screen-res larger than 1024x768.
As someone else mentioned, you have to download and install a driver from nVidia to get nice video and 3d acceleration. At least while you're downloading and installing your divers you have serviceable video, which is a bit better than Windows I guess. :) Unfortunately, the video card manufacturers (nVidia / ATI) are pretty adament about not providing specs on their cards so people can write drivers for Linux (or any other OS). So we have to resort to downloading drivers from nVidia. It pretty much sucks, but not much can be done at the moment. Perhaps when Linux becomes more popular, Linux will have more clout and perhaps be able to get some traction on this issue (ok, I can dream :).
I would advise you to use a LiveCD when checking out new Linux distros. Sure, it is a bit slower, but you can kick the tires first, before reconfiguring your box. -
Re:Network Magic?
I want to help you troubleshoot this. Windows networking *can* work reliably, I swear.
* Sometimes network browsing can be fragile if you don't have a domain controller, even though the computers *can* actually talk to each other. Have you tried manually typing the computer's name (or IP address) into Explorer's address bar? ie: "\\WorkstationB\" or "\\10.0.0.2" (or whatever the IP address is, double-check by running "ipconfig" at the command line).
* If that still doesn't work, I'd suggest a minor rebuild. Run Windows Update and make sure you have ALL the latest patches (if you have pirate copies of Windows that don't have service pack 2 installed - this could be the cause of the problem). Reinstall the network drivers, re-do the entire network configuration (don't forget firewalls) to make sure there's not a single lone setting somewhere that's messing things up for you.
If you're still out of luck, there are two alternatives - at least for file transfers:
* The simplest would be FolderShare - which is private file sharing that works over a LAN or the internet. Although you have to open a port for best performance when running over the internet, it is intelligent enough to figure out when two machines are on the same subnet and does direct transfers over the LAN instead. You set up a shared folder, and anything you drop in there is automagically replicated on the other computers. I have three computers using Foldershare (my XP machine at home, my XP machine at work, and my Mac notebook which roams) - and it works brilliantly.
* You can also try going the Unix route, with Windows Services For Unix. In short: try NFS. I have a FreeBSD server at home which I connect to from my XP desktop using NFS - and it works fine. I'm assuming that if you installed NFS server software that it would also work well when used Windows to Windows.
Best of luck getting this figured out - I know it's a pain sometimes... -
Re:"We can't turn off your computer"
It is patently obvious that very few people (journos included). Have actually bothered to take 2 mins to read any of the documentation MS provides.
You can still disagree with the principle, but at least argue it from a perspective of someone who has done their homework and not the normal slashdot lemming kneejerk responses...
http://www.microsoft.com/genuine/downloads/FAQ.asp x?displaylang=en http://www.microsoft.com/genuine/AboutNotification s.mspx
http://support.microsoft.com/kb/905474
http://www.microsoft.com/genuine/default.mspx?disp laylang=en -
Re:"We can't turn off your computer"
It is patently obvious that very few people (journos included). Have actually bothered to take 2 mins to read any of the documentation MS provides.
You can still disagree with the principle, but at least argue it from a perspective of someone who has done their homework and not the normal slashdot lemming kneejerk responses...
http://www.microsoft.com/genuine/downloads/FAQ.asp x?displaylang=en http://www.microsoft.com/genuine/AboutNotification s.mspx
http://support.microsoft.com/kb/905474
http://www.microsoft.com/genuine/default.mspx?disp laylang=en -
Re:"We can't turn off your computer"
It is patently obvious that very few people (journos included). Have actually bothered to take 2 mins to read any of the documentation MS provides.
You can still disagree with the principle, but at least argue it from a perspective of someone who has done their homework and not the normal slashdot lemming kneejerk responses...
http://www.microsoft.com/genuine/downloads/FAQ.asp x?displaylang=en http://www.microsoft.com/genuine/AboutNotification s.mspx
http://support.microsoft.com/kb/905474
http://www.microsoft.com/genuine/default.mspx?disp laylang=en -
Re:"We can't turn off your computer"
It is patently obvious that very few people (journos included). Have actually bothered to take 2 mins to read any of the documentation MS provides.
You can still disagree with the principle, but at least argue it from a perspective of someone who has done their homework and not the normal slashdot lemming kneejerk responses...
http://www.microsoft.com/genuine/downloads/FAQ.asp x?displaylang=en http://www.microsoft.com/genuine/AboutNotification s.mspx
http://support.microsoft.com/kb/905474
http://www.microsoft.com/genuine/default.mspx?disp laylang=en -
Re:try this one on for size...
Did you actually just link to wiki for your source for worldwide console sales numbers???
Sure, but not before I checked out their sources, which are listed at the bottom of the article. All you need to do to find out that your Xbox number is absolutely incorrect is go look at Microsoft's quarterly investor report from last quarter. It explicitly mentions having an installed base of 24 million Xbox (version 1) consoles (it's on slide 14 of the deck). So even if your GameCube number is right, Xbox is still ahead of them. Add to that the fact that Nintendo's quarterly investor report explicitly calls out having sold 20.85 million consoles over the life of the console through the end of March, and we're having an argument where you don't have any facts on your side.
You can find the slide deck for Microsoft's quarterly report in the wikipedia article, or you can get it straight from Microsoft. Likewise, you can get Nintendo's straight from Nintendo.
I'm happy to have a discussion about which console is better, and which one will win the next generation, but being told that the sales numbers each company has made public are incorrect doesn't fly for me. You can argue the emotional side, or argue about the future, but arguing about facts that are in the past isn't productive. -
Newsgroup
I'll give you the benefit of a doubt, but that's pretty close to a flame. MS is losing IE market share, mostly to Firefox, and they don't like that. They are most definitey giving a damn about what people want. Many, MANY features now found in IE7 - some of which, like where tabs open and the order in which they close, are still not available in OOTB Firefox - are directly from the user-driven newsgroup requests.
-
I guess it could be warrantless surveilanceThis story sounds a little overreacted.
From the article:The NSA initiative, code-named ``Pioneer Groundbreaker,'' asked AT&T unit AT&T Solutions to build exclusively for NSA use a network operations center which duplicated AT&T's Bedminster, New Jersey facility, the court papers claimed.
That plan was abandoned in favor of the NSA acquiring the monitoring technology itself, plaintiffs' lawyers Bruce Afran said.
The NSA says on its Web site that in June 2000, the agency was seeking bids for a project to ``modernize and improve its information technology infrastructure.'' The plan, which included the privatization of its ``non-mission related'' systems support, was said to be part of Project Groundbreaker.
Mayer said the Pioneer project is ``a different component'' of that initiative.The groundbreaker program is well known, in fact its infamous... in being a really really expensive network upgrade. The kind of thing with rewiring offices and buying lots of bandwidth from the likes of AT&T.
And I mean a lot of bandwidth. A lot of the DoD bandwidth contracts currently up for grabs are of course available online for anyone to see. (But shame on the nytimes, shame shame shame!) How did you think intercepted traffic came from all over the world back (But especially big telco sites) to Maryland? Still wonder why companies like AT&T want to do everything to help the NSA?
And of course groundbreaker is over budget and insecure.
So what is this secret new thing that is being claimed? The hints are:- Its mentioned on the NSA website
- Its "non mission related"
- Its a component of a network upgrade
- And its called a "network operation center"
It makes sense that the NSA would want a new but ordinairy "network operation center" with its new network. You really really need one of those to show politicians around (scroll to "nsa loads nmap" for a good laugh). Especially the ones who know nothing about intelligence except what they have seen on 24. (I would be funny if there werent so many schools planes trains and subways blown up around the world after 9/11)
Guiding them past the movie theater and showing the huge list of languages in which movies are shown isn't glamorous, though it should get the point across of sigint being of no use without humans to read and hear it... It might also show why having computers that can display bidirectional text isn't some fancy feature nobody uses. (Its usefull for such obscure languages as say Arabic, just to name something random of the top of my head.) I guess the lack of lighting the 24 set designers came up with for dramatic effect makes these NOC places a little cheaper to run than hiring qualified analyst though.
Sure it could also be a top secret surveillance program advanced beyond anything ever seen before, possible including extra terrestrial technology and tinfoil hat countermeasures... I mean in theory you could call that a NOC I guess.
This possible hype reminds me of the echelon story. After unspecific press accounts surrounding a big and sloppy EU investigation about "echelon" people assumed the worse and the hype started to build and build.
Now some time has passed historians have been able to figure out exactly what component is codenamed echelon, and it looks a little like this. (Thats an 70`s VAX 11/780, for those who couldn't tell, shame on you) -
Re:They might not be a nice company
You need to download the Upgrade Advisor Tool.
-
Re:I'm one of those .001%
Actually failing WGA will still allow critical updates to be downloaded, according to this kb article at least:
" Note The Automatic Updates feature is not affected by the WGA validation check. Therefore, you can use the Automatic Updates feature to make sure that you receive critical Windows updates."
They also have some useful forum posts about how to resolve issues in their WGA activation forum
I can fully understand that you'd be annoyed though...