Slashdot Mirror
Microsoft Security Updates for Pirated Windows?
zachlipton writes "DSL Reports has an interesting question posted: should users with pirated copies of Windows be allowed to download security updates, such as for Sasser? Apparently, without a valid CD key, users cannot download these updates. Do they get what they deserve, or should they be allowed these updates through Windows Update in order to reduce the impact of these worms on the rest of the net? Should security updates only for worms be made available to pirated users, or also updates for issues that while not posing a risk to other internet users, would open the pirate up to a security hole?"
Bull. I update my pirate copies of XP all of the time.
I've seen several "corporate" XP cds floating around, as well as some beta versions which contain all XP functionality once patched through Windows Update.
Microsoft disables some CD keys already which are known to be pirated, but I wonder how many valid corporate group cd key installations there are which have been pirated. In that case, it really wouldn't be feasible for MS to disable that cd key, as it would disable that entire company, etc.
"Sed Quis Custodiet Ipsos Custodes?" -Juvenal
It's probably in everyone's interest to give out patches to all, even those that Micro$oft knows are illegal copies, as it probably impacts the spread of viruses such as Sasser more than it does their pocketbook.
no.
XP and Longhorn-beta are special that way. Most other packages (2000 included) have generic MSDN keys.
I write code.
The latest build( released in the last 4 days ) of the xp service pack2 beta, blocks a whole range of keys. People who have been using the corporate version of xp, using a keygen will find it will find it needs activating when the apply service pack 2.
The keygen(a very very very popular one) generates product keys in the range 640-645. SP2 turns activation back on when it detects this.
I'm pretty sure that most copies of pirated XP floating around (the keyless corporate versions) will let users install everything but service packs. I don't know a lick about international piracy, but I imagine it's the same software.
I downloaded the patch to Win XP against Sasser, and it never even asked me for a CD key. (Which, given that I don't know where mine has gotten to now, is a good thing.)
Editor Emeritus and Senior Writer, TeleRead.org
It does require a CD key, it's just that Microsft blacklisted some some well known cd keys, like the one starting with FCK...
You would be wrong.
Last time I had an MSDN sub, all the products that required activation off the shelf also required activation when installed from the MSDN CDs. That includes Windows XP, Office XP, Visio 2002 and Windows Server 2003. IIRC, even VS.Net requires activation.
Microsoft ships you all of thier patches with the MSDN update CDs too, so you can test your application and find out what thier latest patches broke and why.
As I said, I haven't had access to MSDN for a couple of years, but I imagine this would still be the case.
Soko
"Depression is merely anger without enthusiasm." - Anonymous
They can still download security updates from download area. You don't have to use windowsupdate.com to get updates. Go to technical bulletins, select one that you want to patch, download stand-alone fix.
MSDOS: 20+ years without remote hole in the default install
Even better than that is "Reset5". Updates are allowed for unactivated XP installs that are still in the first 30 days. Reset5 is a little service that runs at startup and magically keeps that 30 day grace period timer set at 30 days. This is actually more than just a handy tool for pirates. I personally use it on my legitimate copy of XP Pro because the stupid piece of crap DE-ACTIVATES ITSELF if I change more than a couple pieces of hardware (something I do with remarkable frequency).
If a job's not worth doing, it's not worth doing right.
Go to the Microsoft download center. Use the Microsoft Network Security Hotfix Checker Tool
Or better yet, use the Microsoft Security Baseline Analyzer Tool which includes Hfnetchk.exe.
Windows Update actually deletes downloaded updates once they're installed. You can try to retrieve them before they're installed. But it's easier to just download them from the download center. That way you can qchain 'em if you do a reinstall.
I know people with pirated windows, and they download all the security updates, straight frmo microsofts site. MS makes them available to everyone. You just can't get them off windows update. You can still find them by searching through the site the old fashoined way though.
http://www.microsoft.com/technet/security/tools/mb sahome.mspx
"I'm Feeling Lucky", even.
It all depends on where you live, in Australia we have a law which says that all terms and conditions must be presented before or at point of sale and that any thing after that is entirely null and void, the M$ EULA fits entirely into this category. The question is do you want to take them to court over it? if 14 states and the DOJ failed what makes you think you stand a hope in hell..
I can confirm this. I've been paid to perform hundreds of installations of pirated Windows, along with providing the pirated CD. My work is cheaper than paying for the legit service and provides the same result. The commoners and technophobes could care less about the details other than a cost-benefit analysis, so they eat it up and I turn a tidy profit eating into Microsoft's bulging one.
even VS.Net requires activation
Not true for VS.NET. Not for VS.NET 2002 and VS.NET 2003 at least...
Since when is it their responsibility?
Since they started distributing software that interferes with the stability of everyone else's networks, of course.
If you're a zombie and you know it, bite your friend!
Pirate doesn't equal stupid, it just equals "too cheap to buy a version of Windows". As other posters have stated: Microsoft owes *a lot* to pirates. Imagine what would have happened if Windows 95 would have had "real" copy protection. The migration would have happened a lot slower. Heck, I only "upgraded" to Windows 95 in 97. From OS/2 that is. I loved OS/2. *sniff*
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
Corporate versions are easy to find. I use one at work constantly. Although we have a valid license for every system (who knows when the BSA may come knocking), I keep it for upgrades to the systems or re-installs. Wasting my time for 1/2 hour to get a new registration number is just not productive.
Funny thing about that: although Microsoft claims that they will allow 2 (or 3??) automatic registrations over the 'net without calling, I have found that not to be the case. Since XP was released, reg process for win2k or office2k always reports server down or too busy and then I must call. I haven't gotten any flack from the flunkies passing out reg numbers, but the 1/2 hour wasted is a pain. Microsoft has forced me to pirate a copy of their software to use valid licenses.
Which is why there is a Key Generator available on the internet so you can get a non-blacklisted key.
95% of Windows installations here in Latvia are from pirated CD. WindowsUpdate works fine for them. Installing and updating of pirated software is eevryday duty of 95% of IT-people in eastern europe.
It isn't. It's called Corporate Pro, and was pirated by Devilsown about a month and a half before Windows XP Launched. You think the Warez community would bother with anything less than the best? Remember, money is (literally) no object to them.
The few pirates I know are all running Advanced Server and Datacenter when they feel like running Windows.
I'd like to point out to everybody that this is a moot point. You CAN get the update regardless of version a regardless of whether you have pirated your copy of XP. Just see: this to download the appropriate version of the update.
Who modded this flamebait tripe as "insightful"?
Perhaps you were ignorant of the fact, but:
- according to the Business Software Alliance.The list of MSDN products that require activation are:
FrontPage Professional 2003
Office 2000 Premium (Brazil & Chinese Versions)
Office 2003 Proofing Tools
Office Professional Enterprise Edition 2003
Office XP Suite (Retail)
OneNote 2003
Project Professional 2002
Project Professional 2003
Project Standard 2003
Publisher 2002
Publisher 2003
Small Business Server 2003
Visio 2002 Professional
Visio 2002 Professional (Chinese Versions)
Visio Professional 2003
Windows "Longhorn" Client Preview
Windows Server 2003 Enterprise Edition
Windows Server 2003 Enterprise Edition (64 bit)
Windows Server 2003 Standard Edition
Windows Server 2003 Web Edition
Windows XP Home Edition (Retail, MSDN)
Windows XP Media Center Edition
Windows XP Professional (64 bit)
Windows XP Professional (Retail, MSDN)
Windows XP Tablet PC Edition MSDN
BTW - retail just means you can use the product for real, and not just for test purposes (this comes with the MSDN universal licence). You are limited to an initial 10 installations (but you don't have to activate every install - 60 days for OS and 50 users for office products). If you use up your 10 uses you can get more activations (I believe - I've not actually tried this).
I do so like arguing with people whose sole experience with Linux is based on hearsay and what they read on the Internet. :-)
Anyway, to correct you - you can download free versions of SuSE, Red Hat, Mandrake, etc. from the appropriate web sites; you can then download (probably limited) updates from their sites or get what you need elsewhere on the Internet.
You can also pay these companies for service contracts and get everything you need from them that way. The choice is yours because that's how it is with Linux.
But it would bring a bit more honesty to the debate of the cost of running Windows vs. Linux/BSD ;-)
There is no debate because debate assumes two sides interested in arguing a point. The Linux community does not care about "TCO" because there are far too many variables to put forward a valid comparison anyway - for example, what you spend on supporting any OS depends on what in-house skills you do or do not have.
"Cost of running" is simply a Micrsoft marketing ploy to sell more of their products, nothing more. Let's face it, they can hardly make Windows - Linux comparisons on the security or stability issues, so they might as well go for the "Windows is cheaper" option :-)
SuSE is (currently) very lax with regards to the licensing of their Enterprise-products. They have a "We trust you not to do silly things"-attitude.
SuSE does not make money making a Linux distro, it makes money from support contracts and Linux deployments. It therefore does not have too many concerns about who runs their distro unless they can sell services with it. Standard business practice.
Linux lesson ended for today - thank you for your time...
Gentoo Linux - another day, another USE flag.
You HAD to do nothing. You SHOULD have bought your laptop elsewhere and explained to the original vendor you were not buying their product because XP Home was installed and you did not want to pay for XP Home. Then, if a lot more people did that, the laptop vendor would realise that to stay in business, he needs to give his customers what they want.
Instead, what you did, was got screwed over by the laptop maker and Microsoft because most other people do exactly the same thing you do.
Things change for the better because you take direct positive action BEFORE handing over your money rather than whining AFTER you've handed it over.
Gentoo Linux - another day, another USE flag.
Won't work... the keys on preinstalled windows are OEM keys. They won't work on a copy of windows that you install from a retail disk, or indeed, install at all. They only work with "restore discs" from your manufacturer.
I've had an MSDN subscription for years and it has never been a pain in the ass. For temporary test farms you do not even need to activate windows, and that is clearly spelled out in your MSDN agreeement. I know I've activated permenant development machines probably 30-40 times, and again, it has never once been any effort at all. Quit blowing smoke.
slashdot troll = you make a compelling argument I do not like the implications of.
You've never been to Asia, apparently. I've talked to several people who have been there, and they were just amazed. There are stores operating openly in malls there that carry NOTHING but pirated software and music. They say everything's a buck a disc. You want The Matrix DVD? $1. Microsoft Office? $1. A music CD? $1.
I've seen articles where they interviewed shop owners, and they just didn't understand what the problem was. They considered the *DISCS* to be the product, not the content, and said they didn't understand, they bought the discs for x, they sell them for x*2, they're doing nothing wrong, what's the problem?
Another friend said it's about the same in Russia, though less open. For about $15, you can buy a CD pack containing Windows, Office, and a selection of games and stuff. Even when someone has the legitimate software, they sometimes use the "pirate pack" because the pirates take the time to have the properly localized versions of everything already set up. I think the Russians know that what they're doing isn't considered "right" though.
Certainly there are big pirating operations everywhere, but in some countries, pirating is the norm, and nobody thinks twice about it.
too true, but not anymore... the guys at SRF seemed to come to their senses and released
a java version of the proggie this year (IRPF2004). Runs on OsX, Solaris, Linux, anywhere
that the sun JDK runs. Used it this year and it is very nice. Check it in 2005.
cheers.
``If a program can't rewrite its own code, what good is it?'' - Mel
However, there is a limit to the number of different/reconfigured PC's you can install to using the provided key, and yes tracking that can be a pain in the ass. I've worked on projects where we needed to test on lots of PC's over a multiple month period, and we ended up having to basically make a pool of keys from multiple subscriptions so that people with more extreme requirements (like the device driver guys) wouldn't run out of activations.
Yes, we could have constantly reinstalled without activating or kept calling MS tech support, but both of those also qualify as a pain in the ass in my book.
Suck your own smoke.
I write code.
My textbook says, "In one form of dumping, a company sells products abroad at prices below its cost of production. In another, a company exports a large quantity of a product at a lower price than the same product in the home market and drives down the price of the domestic product." (Contemporary Business, 11e). Dumping is an illegal pratice. Of course, that's never stopped Microsoft before. They come from the school that believes laws are just "guidlines" and use their huge cash reserves to pay off any indiscretions.
So right off the bat the EULA is lying. You already have the right to install and use your copy of the software; Microsoft can't grant you what you already have. Now, nothing says you can't give up this right in a binding contract, so MS would have to successfully argue before a judge that the EULA is a binding contract in order to hold you to its terms.
Fat chance, says I. I can think of a couple of defences right off the bat: coercion (if I don't want to agree to the EULA but exercise my statutory right anyway, the software gives me no means to do so), no consideration (MS doesn't give me anything in exchange for agreeing to its terms), and some take on first-sale doctrine (I bought my copy from a third party, not MS; MS shouldn't get to impose additional terms on me after a sale it wasn't even involved in).
MS has never even taken an end-user to court to attempt to enforce its terms, either, to my knowledge. They came up with product activation instead to act as their own judge.
Two notes: this scenario wouldn't apply to commercial use of the software, especially for firms that sign license agreements before any copies of software change hands; and this assumes you could afford to fight off the MS-megabuck lawyers in the first place.
(Insert usual IANAL disclaimer here.)
-1, Clueless.
That isn't a point of contention, read at *least* the summary before going off the handle. This is not about security updates for the benefit of the pirate end user, but the impact of having pirate end users incapable of getting security updates propogating worms that make the rest of the good community suffer.
On remote-exploit security updates, now that I see this circumstance, I think they should apply no matter what. Now feature enhancements and reliability fixes for the end user, those should be denied. Those fixes not being applied are far more annoying to the typical end user anyway, so MS would improve the community by fixing even the pirate systems in the ways that impact the community, but keep things hard for the pirate users by leaving their system extra buggy (even above and beyond the normal Windows experience).
XML is like violence. If it doesn't solve the problem, use more.
I wiped the XP offering from this box too (with Debian). So here's my useless key for you to enjoy:
XVJW8-DB93F-2R2XD-XGB3D-3788D
To illustrate how crap things have become with preinstalled doze, my Sony didn't even come with a CD!
Okay, here, I'll slow it down a bit for those that don't grok the problems here...
Say I want to test a piece of software with 10 PC's simultaneously for 3 months without reformatting them. That's fine by the license - just activate each and go for it.
Now say I get two new machines in with completely different hardware that is supposedly having an incompatibility with the product. I remove XP on two of the old machines that have proven to work well with the product and do a format, then send them off to IT to be used for whatever. The licensed software has been removed - you'd think one could install it on the two new machines now and run for three more months without problems, yes? No, because of the stupid activation limitations. That's scenario 1.
Now, howabout a situation where there are 2 developers, each with his own MSDN license. Both are working on a single project, but their testing needs are different. Developer A needs to do a lot of different OS/configuration testing, but the actual hardware doesn't matter that much - let's say he's the apps guy. Developer B needs to test on every variation of hardware he can possibly get his hands on, because he's the driver guy working on a USB device. Because of the large variety of USB implementations out there (many of which are flawed in their own special way), he really needs to do hard-core, long term testing on several different machines. So, Developer A and Developer B pool their resources - both are working on the same project within a single room, so it makes sense that they should be able to do that. A gets 5 machines, B gets 15.
Now, combine the two situations and add more developers over a longer period of time. What you have now is a clusterfuck. Despite the fact that your team has legitimately purchased enough licenses to run on all the machines they have at any one time, you now have a definite possibility of a license shortage and you're forced to keep a list of all of the developer keys with tallies on how many times each has been used so you'll have known keys available when it comes time to remove old/broken/obsoleted test machines and bring in new ones.
Now, to add another issue in the mix - if you renew your subscription, you keep the same key and don't get additional reinstalls. So, either you beg your representative to refresh your key or give you a new one, or you're even more limited on test machines unless you cancel your MSDN subscription and buy a new one - getting 10 more installs in the process.
Got it?
I write code.
You cannot install service packs without a valid CD key, neither from windows update, or downloaded. If you have one of the infamous 'corporate' xp keys, it will not let you complete the install. There is a workaroud, however. You can generate a CD-Key and modify your installation's key with simple software tools and a few minutes.
Microsoft have, um, a bit of a reputation problem as it is :-) and I can't imagine it'd get any better if it became public knowledge that their security updates sometimes deleted the operating system.
Yeah, like that hasn't happened several times already.
p
In Korea, long hair is for old people!
It's actually a little more complicated - at one time (I don't know if this is still true), EVERY major OEM and most minor ones had Windows OEM licenses. The agreement for that license (which got you Windows priced cheap enough to be competetive) required that you pay MS for every PC you sold, whether Windows was shipped with it or not. Therefore, the price for pretty much every PC you could buy included the price for an OEM copy of Windows. THAT was the "Windows Tax" and it was an issue in the antitrust case.
There was anther (or this may be the same one you're thinking of) involving adobe, where a company bought bundles of Adobe software, cut them open and resold the individual titles. Adobe got pissed off and sued, but the court decided that right of first sale and lack of a formal agreement basically meant that Adobes EULA didn't apply. This was in a CA district court, not federal.
That is the key tenet of this argument - MS is not guilty of dumping when the actual cost of *production* per CD is quite low.
/. name - just cant remember the d*mned thing.....
Software created (lets just say once) and then put into production - millions of CDs are stamped with the SAME code!!
Therefore cost of production is eXtremely LOW!!
-
I have a
If you accept the EULA, you are not prohibited from selling your copy of Windows -- you have an inalienable right to do that; just like selling a used book, CD or video cassette. It is an offence for anyone to try to persuade you that you do not have that right.
You are actually wrong about this. You don't buy a copy of Windows. You buy the media and manual, and pay for the rights to use Windows (ie. LICENSE). So you don't actually own it to sell. Non-transferable rights are everywhere to be seen, and enforced many times over on different courts all around the world.
If you don't agree with the EULA, you still can't resell it. You can, however, return it for a full refund. I know of many people who did this: got a computer with windows, and returned the windows license to Microsoft (or an authorized office) for a full refund. This is, so far, the only legal alternative. If someone know of any court rulling otherwise, I would be happy to receive a link to the rulling.
Unless someone whats to take the pain to go to court, and prove that this is wrong, this is how it works.
morcego
Great and all, but that is just another key that MS will ban when SP2 comes out.
Just remember: it's not that Microsoft thinks it can get away with breaking the law; rather, Microsoft realizes it can get away with breaking the law.