Slashdot Mirror
Microsoft Security Updates for Pirated Windows?
zachlipton writes "DSL Reports has an interesting question posted: should users with pirated copies of Windows be allowed to download security updates, such as for Sasser? Apparently, without a valid CD key, users cannot download these updates. Do they get what they deserve, or should they be allowed these updates through Windows Update in order to reduce the impact of these worms on the rest of the net? Should security updates only for worms be made available to pirated users, or also updates for issues that while not posing a risk to other internet users, would open the pirate up to a security hole?"
Pirates should get updates as much as they get support from any other product they stole: Zero.
Want software without paying for it? Use Free Software. Theres heaps of it.
If they can pirate the operating system, why can't they just pirate the patches too?
Hear recorded Slashdot headlines on your phone! New service beta testing. Just call (248) 434-5508
the EULA attached to the security patches, even when you are legitimate owner of a copy of Windows!
Why should it have to pay for the bandwidth to support pirated copies? There is no benefit to them.
Most if not all infected Sasser users around here had legit but hadn't bothered to update. Real crackers use the corporate version of Windows that apparently doesn't require a CD key for updates.
Trollem mirabilem hanc subnotationis exigiutas non caperet
Although if your smart enough to pirate windows
A great deal of windows piracy is by people who have absolutely no idea what they're doing. Other people do the pirating for them, and they just use the OS the same as if they had bought it.
"as if nothing were solid...and that would be the end of the world, not fire and brimstone, but goo."--Rand
The simple answer is yes.
For the common good of the internet, as well as for the sake of protecting Microsoft's already spotty image, they should be allowed to download hotfixes... after all, they wouldn't need them if Micrsoft had done it right in the first place.
The corporate answer is no.
They didn't pay for the software and are therefore ineligible for updates.
My opinion?
For the common good, Windows should go away. But until then, everyone running it, legally or not, needs to have access to emergency patches and fixes.
-- This sig for rent.
Of course the initial response is to think that those who have pirated copies must not receive updates.
As with all things though it's seldom that simple.
When a company such as Microsoft gain a significant share of the market (yes... monopoly), then the damage that saying no could be could actually threaten the stability of that society were their software to fail sigificantly.
i.e. If machines cannot be patched with at least the bare security updates, and those machines then assist in the even wider propagation of a virus or worm such that it affects the infrastructure of the Internet as a more general thing.
Then in those cases, would it not have been a civic duty upon the company to protect the wider Internet and society (of their original shortcomings in allowing the vunerability to exist) regardless.
So I'm more of the opinion that No should be the answer for all bells and whistles things... such as Media Player. But that all security patches should be installed on every machine possible... regardless of whether that is a machine without a legit key or not.
Interesetingly, this is probably opposite Microsofts view. As to be able to manipulate market forces they need critical mass in areas suh as Media Player. So I think from their perspective they would probably wish to allow the whistles, but to encourage/force the upgrade to a legal version would probably wish to disallow stability patches (read: security) so that legit systems are more stable.
On the one hand there is piracy. Even if you say it's an advantage for Microsoft because of more dependency, the truth is that it isn't what they want people doing with their product, and it is illegal. If you want the support you should fork over for the product; after all Windows is about as Not-Free-Software as you can get. Perhaps if it wasn't such as widespread, costs to cover piracy would come down, and Windows would be cheaper and thus more easily availible. A rock and a hard place, people will need to buy before they can afford, and the numbers on actual piracy are way out of the realm of possible statistical analysis.
That being said, not getting security updates can cause problems for the Internet as a whole, not to mention for valid Windows users as pirate machines which can't be patched propigate viruses. That is more than just a problem for the people with bootleg'd copies themselves, that causes network congestion and performance problems for valid users as well. I know my Apache logs are still crammed with exploit attempts...
It's a question of responsibility vs. assisting lawbreakers. My (personal, humble) opinion is that Microsoft should allow security patches to all copies of Windows as it defeats expliots and worms/virii much quicker, but as for feature upgrades and bug fixes which are not a security issue, Microsoft should withold those unless the user has a valid serial key. True seriousness about security means defeating the problem for more than just customers, it means providing a better enviroment for everyone. This, I believe, is the root of the problem in the Microsoft attitude, and it's kind of sad that the largest software company on Earth can't see far enough past their bottom line to make such a move.
No one is (or should) ask them to give away anything more than saftey.
CAn'T CompreHend SARcaSm?
How, excatly speaking, can an ISP know which app generated which packet in a remote machine ?
And ISP-level port blocking is the foulest evil an ISP can commit, far worse than asymmetric connections or hidden monthly usage limits. Port blocking prevents your computer from being used as anything except a simple surf station; even some FTP sites refuse to work. There is absolutely no justification for this.
Internet was designed to be a P2P network. Do not break it. Especially just because some people insist on using computers without bothering to learn to maintain them (or hiring someone else to do so).
Yes, it's so simple and straightforward to tell a good packet from a bad. All it requires... is checking the evil bit !
An ISP is just a traffick carrier. In no way, shape or form, should they be responsible for the actions of their users. If they are, it will be an additional incentive for them to block all the ports from incoming connections, reducing the value of Internet for all and making interesting and important applications like Freenet impossible. But even if they block all the incoming ports, it still won't stop the worms from spreading (by e-mail), it will simply give them an excuse for the Courts ("Hey, we did our best !"). All pain, no gain.
As this is self-obvious, I must ask: Are you a RIAA mole, trying to destroy the P2P networks ? Or are you a government mole, trying to destroy the capacity of Internet for applications like Freenet ? Or are you just a particularly clever troll who got modded insightfull by a not-so-clever moderator ?
Inquiring minds want to know ?-)
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
I run XP unpatched with no Antivirus and no problems.
You sound like the people in the porn industry who try to justify having sex without condoms.
If you have no antivirus software, how can you be so sure that there are no viruses?
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
Restricting patches guarantees hackers a healthy number of drones to use in DDoS attacks, and runs counter to all the other efforts focused on getting users to keep their systems up to date.
Wow. All or nothin', eh?
Really. Given the choice between 90% of users being able to use the net, or 100% of users being unable to use the net, which do you choose?
It's perfectly reasonable to block certain types of packets during times of need. Is it desirable? No - but it's also not desirable to have worms, viruses, trojans, and other malware in the first place.
Get over it. Idealism on the 'net ended when it became a commercial entity. Now pragmatism is the rule of order.
If your ISP blocks ICMP during a ping storm (as the grandparent examples) in order to preserve some semblance of service, and you are offended by that, get another ISP.
And while you are getting over it, get real, too. Freenet is cool, but it's not going to save mankind, and not everybody in favor of pragmatic use of private resources is a fan of the Record Industry Association.
I have no problem with your religion until you decide it's reason to deprive others of the truth.
Yeah infected computers hurt others but most themselves. I don't give a damn if my neighbor's Windows XP is falling apart because
a) He either doesn't give a damn about security and hasn't updated OR uses an illegal copy which can't be updated
b) My own systems are well protected (or perhaps run Linux, etc.).
Microsoft has no obligation whatsoever to provide any freebies to folks with illegally copied (the P word - "pirated" - seems to be politically incorrect here at Slashdot) versions of Windows. People are not _supposed_ to use such software anyway - Linux and Mac have been viable long before 2001 (Windows XP), I don't see how anyone could have been "locked" into using an illegal copy of Windows XP.
I propose that Slashdotters who care buy Windows licenses for the underprivileged, the stingy, or the lazy (lazy to learn Linux). Or provide them with free migration (Win->Lin) service.
(Speaking of updates - if Windows updates should be free, why aren't Red Hat Enterprise Linux security updates free? That's even more critical because it's mostly servers than run this OS. So much for balanced reporting on Slashdot).
So: Would we treat somebody in a hospital because he caught an infectious disease while doing something illegal? Yes. Then, the same should be true for patches.
Yeah, but Microsoft is a corporation. Wise != Profitable.
Alas, this is only becuase of Microsoft's interesting position where security or safety flaws in their products never have any consequences whatsoever for Microsoft, only for Microsoft's customers. If only Microsoft were in some fashion accountable for the messes their products made on the internet, then acting wisely would be profitable...
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
And you are VERY wrong if you think that piracy will shrink their market share. I personally would be very happy if Microsoft stamped out EVERY pirate version, because their market share would be pretty small. Microsoft grew based on the piracy, and they know it. Now they are reaching the saturation point, and really only now have they started trying to make the pirates pay, because they are no longer contributing to the increase in profits, because the market share is so relatively high. They have known in the past that they can't stomp too hard or they would lose market share, but now they no longer care, and they can pull out the "the soul-stealing demonic copyright infringing people" (or pirates) sympathy/stupid-law-making card out.
I used to live in SE Asia. I have experience with the warez shops there. While I personally was running Linux (it took me over a week to download a set of Debian ISOs!), just about everything and everyone around me was running Warez. It's hard to find anyone in Viet Nam who can afford legitimate, licensed copies, and even harder to find anyone who sells them, unless you buy a new machine (Dell is there, IBM is there, I think HP is too) from a major foreign vendor.
The warez version of XP Pro for about a buck any software shop will install most XP patches, but will not install SP 1. SP 1 recognizes the key as bogus and refuses to install.
In any case, it hardly matters. People are on slow and unreliable dial-up connections. DSL is almost unknown. ISDN is not available at all, as far as I could tell. Hardly anyone has the bandwidth to actually patch their machines, and even fewer people have the knowledge or interest (even fewer than here). There are some really great programmers and admins in Viet Nam, but just like there, those highly knowledgeable people are a tiny minority. Most people with computers neither know nor care about anything like keeping them secure.
So even if MS made all patches available to warez versions of Windows, it would hardly matter in many parts of the world, because the people running them couldn't and/or wouldn't apply the patches anyway.
Comment removed based on user account deletion
Differences being
a) there's not only one company that makes seatbelts, and won't sell you any if you don't install them on every seat
b) you don't have to pay for 5 seatbelts if you get a 2-seater sports car
c) that seatbelts are mandated by government, not by some corporation that makes them but does not make cars
So actually it's nothing like it at all.
You don't get out much do you?
Ever noticed the amount of spam and worm traffic that comes out of Asia, Russia and South America?
Do you have any idea how pervasive warez are in China, Thailand and other countries?
Maybe you haven't noticed all that spam and virii.
I for one have firewalled, installed spam assassin, razor, run a second set bayesian filteres on my email client and STILL get spam in my inbox and see funky crap in my server logs.
Ohhh.... and I don't even RUN WINDOWS.
All my machines are either OS X or RH 9.
The fact is, microsoft puts out a product and that product is flawed (no ones perfect). By not allowing ALL users of their product to correct those flaws, they harm EVERYONE regardless of OS used. If you're online in any way, shape or form YOU are effected.
If Ford had such flaws that would cause a car to veer off course defying it's owners control, a recall would be issued and ALL owners would be elligible. Mind you, regardless if they were the 1st, 2nd 3rd or 4th owner or whether or not they had a Ford service plan or were covered under warranty.
An OS vuln is no different. And by simply ignoring 100,000 pirated copies of windows XP in China they allow for 100,000 virii hosts to spewn spam worldwide.
Those 100,000 machines then infect your licensed machine, spam my LAN, and cause a fortune 500 tens if not hundreds of thousands in costs per year in associated cost.
But hey... as long as those damn pirates don't get anything for free I guess it's ok right?
Many "pirates" can not afford to buy the music/software that they download.
(I'm not saying that this gives them any right to infringe on others' copyrights.
I'm just saying that the BSA's figures are exaggerated.)
Those who sacrifice security to condemn liberty deserve to repeat history or something. - Benjamin Santayana
Look, I'm against piracy. Not only I wouldn't give them any updates, but I think pirates should swing from the mast, like in 1600. Or make them walk the plank.
But I also think there's a reason why there's "BS" in "BSA". Their statistics make me want to puke. They do such bullshit statistics as taking a pirated CD from Taiwan or China which includes some expensive piece of softwware, like 3D Studio Max, and say "see, there's 5000 USD worth of software on this CD. We think 10,000 chinese kids bought this CD for 5$, which robbed us of 50,000,000 USD."
That's utter bullshit. Most of those Asian and Eastern European pirates do not need 3D Studio Max and wouldn't buy it anyway, even if they could afford to. (Which they can't. As was said before, a chinese family would need to pay _all_ their income for _two_ _years_ to afford a license. Again: _all_ their income. That is, leaving them with no money for food, rent, clothes, etc.)
We're not talking 10,000 professional designers and architects who actually need it, we're talking mostly kids who much around with it a bit to make some skins for mods for old games. Maybe 1 of them will actually release an obscure mod, the rest just mucked a round a bit with it, uninstalled it and moved on to something else.
Would all 10,000 of them have bought 3D Studio Max if they couldn't pirate it? No. _I_ wouldn't buy it either, much as (1) I could easily afford it, and (2) I'm tempted to try modding "X2 - The Threat." (Which, sadly, only supports exporting stuff from 3DS MAX.) Now I don't pirate it either, but even I think it would be utterly retarded to pay $4000 on tools to mod a $40 game.
Yet the BSA would want me to believe that 10,000 dirt-poor kids from Taiwan would. That's so much bullshit, it could fertilize a few acres.
A polar bear is a cartesian bear after a coordinate transform.
Well, personally I'll take that 170 billion figure with a bit of salt. Knowing BSA's bullshit statistics, say, divide it by 10.
But I do think it would create new jobs. Just not jobs at Microsoft.
See for example how Via makes some living selling cheap C3 CPUs. Yes, they're not fast chips. But here's how it works: some poor chinese wants to get a computer. He/she can't pirate a CPU, and can't afford to pay 400$ for a top of the line Intel chip. So he/she gets a 40$ VIA chip instead.
Which in turn keeps some people employed at VIA.
That's how it would work for software too.
If noone could pirate MS Office, a lot more of them would look into Open Office or some locally produced software. And a lot more people would be willing to tell their government or their boss "stop asking me to send you this stuff in MS Word or MS Excel. I'm not going to pay 450$ at home, out of my own pocket, just because you're too stupid to accept plain text files."
Or if so many Chinese and Eastern Europeans were't pirating those $40 games, a lot of them would be willing to pay, say, $5 for something produced by a small company in their own country. Especially for countries which by sheer size are potentially a huge market, like Russia or China, and where salaries are very low, I can see how someone could afford to produce cheaper games locally _if_ someone bought them. Most of those wouldn't be as good as Id's or Epic's games, but they'd be playable. And they'd keep a lot of talented programmers and designers in their own country employed.
Except in practice everyone there pirates the games, so such a market doesn't exist. And as a consequence those jobs don't exist either.
So, yes, piracy does cost jobs, economic growth and tax revenue. The only catch is: not at the big corporations, like BSA seems to think.
A polar bear is a cartesian bear after a coordinate transform.
You are actually forbidden to do that by the EULA.
Since I got my laptop with XP on, and clicked "I do not agree", reformatted and installed Slackware, I don't see what such an EULA has to do with me. I never agreed to the EULA, I never had any contact with Microsoft. The PC manufacturer gave me something I didn't want with the hardware, I had to spend time and effort cleaning it off the hard drive, and I'm giving away the last remnant unused.
Here's my unused key for Windows XP Home edition:
VQDYD-CBPCT-MR2JV-6WR9Y-Y6HX3
First come, first served!
"Copying a CD (software or music) for someone else to use is NOT fair use because you buy the right to fair use by buying the product in the first place. This scenario, therefore, falls within the legal control of the copyright holder to enforce."
Mostly correct, but my anal self must correct one detail here. Most of things you mentioned aren't even fair use. Their simply your rights. Ownership of a copyrighted work belongs to the public even while the copyright still exists.
THAT is why you have the right to do anything that wasn't explicitly put into the copyright holders hands when granted the copyright.
Copyright grants control over distribution, most of the examples you mentioned are "use" which copyright grants no control over because copying WITHOUT distributing anything is within your domain.
Fair use on the other hand is a set of circumstances under which you have the right to distribute a copyright'd work (or a portion thereof) despite the holder of the copyright. For example you may quote a copyrighted work in a research paper giving credit. Because of fair use you may distribute that research paper far and wide.
Your rights and fair use apply regardless of whether you've purchased the material or not, they apply if you have it. It's distributing that is copyright infringment, not using.
should users with pirated copies of Windows be allowed to download security updates?
My answer: No.
As much as I do not like the price of Windows (too high for what one gets for the money) you have to either try to restore competition in this particular market (which will lover the price of Windows to some real numbers) or change your demands and use something else (Mac, Linux, ...) or something else. It's maybe unfair there is no alternative producer of Windows but stealing does not make that better, quite contrary (helps Microsoft keep the monopoly while they have 90%+ market share also thanks to those users with illegal copies).
If users of illegal copies (they) get (with permission from Microsoft) those patches, they wont be stealing (patches) from Microsoft. But they will have screwed comparison tables "Windows vs. ProductX" in a way as "Windows are for free (0 monetary cost)". It will make them unwiling to switch (either to legal copy of Windows or legal copy of some other product be it free or commercial). Thus it'll help Microsoft to keep their unfairly acquired monopoly much longer and screw the market/economy/people/... much more. If Microsoft is going to give permissions to users of illegal copies of their products to use patches, I'll consider it anticompetitive and illegal move from them.
If [they] will be allowed to use those patches, market/economy/people may mistakenly see it as a move to the right direction (from security point of view) while the true right move - more OS diversity on desktop PCs - will be pushed away. Security will hurs, market/economy/people will hurt.
For sure, there will be short-range benefits in allowing [them] to use those patches, but in the long term I do not see it as good decision (good for market/economy/people).
hany
The question posed has striking similarities to the question of public healthcare. In the US, the EMTALA (Emergency Medical Treatment and Active Labor Act) requires hospitals and clinics to give life saving and stabilizing care to anyone, regardless of proof of insurance and/or ability to pay.
This is primarily a welfare service for the individual but has corporate benefits as well such as the reduction of communicable disease from those who would otherwise go untreated.
Without getting offtopic into the US healthcare system, I think the article brings up a similar point. If a software update is meant to benefit the end user only, in that it fixes or enables a new feature, that is one thing, but for the health of the public Internet, security patches that prevent malicious and communicable computer virii should be publicly available...by law.
It is more important to keep the Internet available to individuals, businesses, and research institutions as well as governments that rely upon it every day for communication and control of critical systems, than to ensure that a small percentage of the population is not illegally pirating software.
I only came here to do two things; kick some ass, and drink some beer...looks like we're almost out of beer.
"Although about three million computers get sold every year in China, people don't pay for the software. Someday they will, though. And as long as they're going to steal it, we want them to steal ours. They'll get sort of addicted, and then we'll somehow figure out how to collect sometime in the next decade."
-- Bill Gates
I think that Bill Gates quote has less bullshit than _any_ quote from the BSA.
Not similar. If you don't have a Ferrari, and you steal one, you've deprived someone else of the Ferrari they had, changing what others have. If I were to ``pirate'' the mythical copy of 3DSMax, what have I deprived any other entity of?
You've taken someone's Ferrari. I've duplicated their Ferrari. The only person that loses anything (by the BSA's logic) is an Italian car maker. In this case, I can't afford either the Ferrari or 3DS. Therefore, there is 0 net loss by the {manufacturer|copyright holder}.Does it make this morally right? Hell no. But is it equivalent to stealing a physical object from someone? No. If I'm just a cheap bastard and copy a work that has a cost of $0.99US (downloading a single song when it is available from iTunes [and I'm on either Windows or a Mac]), I consider that a less moral act than copying 3DS, simply because I could pay for it. And yes, I would consider someone stealing food to be significantly less immoral than stealing a luxury. Still wrong, but more justifiable.
</rant>
-30-