Slashdot Mirror
Microsoft Security Updates for Pirated Windows?
zachlipton writes "DSL Reports has an interesting question posted: should users with pirated copies of Windows be allowed to download security updates, such as for Sasser? Apparently, without a valid CD key, users cannot download these updates. Do they get what they deserve, or should they be allowed these updates through Windows Update in order to reduce the impact of these worms on the rest of the net? Should security updates only for worms be made available to pirated users, or also updates for issues that while not posing a risk to other internet users, would open the pirate up to a security hole?"
I am pretty sure MSDN version of windows XP don't have activation keys and such. Does that mean they can't upgrade?
If they cant download the updates, and havoc is all the more extreme because of poor MS coding, it only shines a brighter light on alternative operating systems.
Ive been saying forever that the year MS perfects its anti-piracy technique really WILL BE the year of the linux desktop, and this (at least in my eyes) is a step closer to that.
Its microsofts perogotive, theyre not in any way required to support pirated versions of their software, and why should they bother. On the other hand, these worms negativly effect everyone. Although if your smart enough to pirate windows (there are some tricks joe sixpack wouldn't know right away) you should be savy enough to get a keygen of kazza or something. Not that thats how i got XP SP1 or anything...
"Sic Semper Tyrannosaurus Rex."
It is fundamentally a companies sole responsibility to ensure that any flaws within its products are fixed. By using their own mistakes as a punishment for people who pirate that are propagating flawed copies of their software. Microsoft should allow any user of their products regardless of if they have a right to it to have updates. They can fight piracy in more responsible and effective ways, for there are other people who use the network.
We need to create an environment where piracy is looked down upon, not encouraged. Giving them updates is simply encouraging pirate behavior.
If an infected machine becomes such a problem that they're affecting other people, ISP's should simply revoke a users access until they upgrade to the latest patches and remove the virus. A pirated version of Windows wouldn't be able to get the updates and therefore would probably keep on getting the virus, costing them a great deal of inconvience every time their internet is shut off. Not to mention the knowledge that thier machine is going to be swamped with viruses and that their computer will be completely insecure.
The best way to get rid of pirates is to make the cost of pirating greater than the cost of buying the software (or finding a legit alternative).
i don't know about yous guys but my "functional offsite backup copy" of xp get updates and patches
.. download the patches form Windows Catalogue? Or do even they not work? What about service packs?
It is called the Microsoft Baseline security analyzer. It will tell you which updates you need to get and even point you to the security bulletin page to download it
did you forget to take your meds?
Yes because ISP's get bandwidth free flowing from the backbone, which they repackage and sell for an outrageous markup. Massive worm traffic costs ISP's too, they pay for bandwidth at some level too, less flooding, more customers per t-1 ds3 oc whatever = more money, at some point the profit/cost of filtering vs more users per line has become favorable to the ISP.
I read at -1 So you don't have to.
Unfortunately for them, there is already a keygen out that will generate within any range you give it, and not take 20min to do it. Or so I hear. I'm a beta tester for SP2, don't need to gen keys for it :P
Irrelevant. Once SP2 final is out, a new keychanger will be around within a day or two. Nobody is just bothering with it right now because MS could just block the volume keys in the next build.
(And obiviously a new corporate edition of WinXP+SP2 with working volume license key will be out - probably even faster than the SP2 installer)
But way too many warez windows user is *still* using the first Devils0wn release with a blacklisted key. No SP1 for j00. Perfect host for all kinds of viral stuff...
Even MS knows it cannot prevent it completely, but by making it hard for the joe average user they are selling new licenses. Like when a joe sixpack goes 'updates don't work *again*? And if I don't update, my comp will be hosed this time next week? I need to bother my brother's kid again and let him to mess up my computer while installing some new warez version? BAH I go buy original.'
This happens pretty damn often - I work at PC repairs and when we get warez windows PC which is unpatched, we clearly say that either you buy a windows license, or all of the non-hardware problems you have are yours. We won't touch it. Certain age group tends to take their PC back and either live with the problems or get the new warez version, but those who don't care if it costs 100$ for an OEM WinXP tend to fork out money and ask us to fix the damn thing for good. They have used a pirated copy earlier because they felt that the 100$ was 'wasted money' - pirated copy worked just as fine. As soon as it suddenly doesn't work just as fine, they see value in tossing the 100$ at MS.
This is a public policy issue.
The fact is that piracy levels are there. If updates against these critical security issues are not publically available, then the infected pirated machines are a social nuisance. These people are unlikely to buy a legitimate version anyway.
However, it should stop at critical issues: anything related to bug fixes or performance or reliability issues only available to licensed users.
Look at some of the AV companies: they do provide free disinfectant tools for critical issues: you can download and use these even if you are not the AV customer. However, if you want true AV support, then you do need to buy the product for the licensed updates.
I totally agree, however Microsoft should horon their "pirates." After all, if it weren't for the people who illegally copy and distribute Windows, the Microsoft market share would not be what it is right now. Microsoft owes a lot to "pirates."
-Jemthis seem only fair since providing service to pirates will only encourage piracy and shrink their market share. On the other hand since you get value out of not being bombarded with viruses and virus spawned spam you of course are happy to pay this small fee even if you install linux.
what do you think? How much would you pay to get MS to do this?
Some drink at the fountain of knowledge. Others just gargle.
That is correct. I have "on the ground" observation from 3-5th world countries that it does not enforce until market penetration reaches at least 80%. In fact I have seen Microsoft reps and partners handing out CDs like candy to kids especially in the academia. All of them with versions that are later blamed to be pirated and with keys like 1234-5678. Once all alternatives are dead Bill comes to discuss the matters of software piracy with the prime minister or the president and bolts start to tighten. Two years later MSFT has one more steady revenue stream.
It is the same scheme crack dealers use in schools and IMO it should be prohibited. If you do not enforce a license you must lose your rights as entitled by the license.
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
I'll consider it a serious problem when I wake up outside Microsoft's headquarters missing a kidney or other nonvital organs.
A EULA is not as binding as a contract is. They can say whatever they want, but they're limited in what can actually be enforced. They can make you stop using the software, and not too much more.
And they won't want you to stop using Windows, because then you'll have to use something else.
If you have a "valid" corp key for you no Activation corp copy of XP.
.... but I doubt they can stop it totally.
as soon (or slightly before if memory serves?) their was a number of work arounds for the 'keys' m$ disabled with SP1,
I have a large number of 'friends' running XP pro with corp 'keys' and all have been able to use windows update without much difficulty.. other than changing keys for SP1 but no biggie.
of course for the slightly less 'advanced' warez copy users out there they may have difficulties.
As long as all the people in China and other SE Asian countries refuse / can't afford to pay M$ prices for software 'fixes' for m$ anti piracy efforts seem likely to presist. M$ can 'raise the bar' for how much work it is to successfully pirate and then update their os
actually I am happy to see you, however that is in fact a banana in my pocket.
It it's clear that MS has no obligation to support stolen software. If you steal property you should be ready for some kind of problems.
Yet I see that the point is that MS is making a mistake in not giving security fixes to everyone.
Here's why: There will be millions of pirated XP's also in future. They will have trouble in fixing their system. During that period they are harming the network experience of all of us. And they do have a significant effect, because of their huge amount. Finally they find a solution from firewalls or installing other OS's, such as Linux or OS/X !
If 50% of worlds PC's carry pirated XP and 10 % of those will end up in moving to Linux, we will have quite a boost for Linux ! I don't mind that..
If the Microsoft PR machine is smart they'll withhold security updates from pirated copies. Then they can blame the spread of viruses and worms on the evil software pirates who are running the insecure systems.
How many people have valid licenses but don't use valid cd keys? For instance, does Dell give cd keys for their products? Having an invalid cd key does not necesarily mean the product is pirated.
Believe or not, the NT server product key will accept all 1's. I don't know why Microsoft did that, but it seems to contradict anti-piracy tactics. It almost seems intentional. But if you don't believe me, just give a try.
"Microsoft, nor does any other company, have a civic duty - their only duty is to make the shareholders money."
You are very much mistaken. Microsoft, like any other company, can only function as it does by the grace of our civil society and its rules. Among which, the rules that protect (to an absurd extend imo) Microsofts intellectual property. Pirated copies are only pirated copies because we as a society say so, not because MS says so. Same goes for private property in general.
MS, and all other companies that profit from the possibilities and protection our society gives them owe that society.
They sure as hell have a civic duty. As do we all.
There is a problem with that. I don't call myself a Lixux zealot, and in fact, I triple-boot XP/ME/Mdk 10. I live in a dorm where I know of at least two people on my floor alone who have snaked copies of XP Pro. I try to convey to these people that Linux is out there and is free, if they really don't want to pay for XP. Yet, I get the distinct impression that their motive for snaking XP isn't just to have a free OS, but because they are used to Windows, and have this need to conform to the majority of the online population. They probably believe it to be uncool to use Linux.
I also think they would have an illegal XP if just to feel rebelious rather than play it safe and have Linux on their computer. So I don't think pointing them to legitamite free software is going to get them to dump their illegal copy of XP.
I find it odd that in America, we have goals of individuality, yet, some people choose to let the majority overly influence their choices. They do everything that 75% of Americans do because they want to express their individuality. Do I smell a contradiction here?
Calling atheism and agnosticism a religion is like calling bald a hair color.
"All real property vs intellectual property ideals aside, that's like blaming Ford that your stolen car can't be serviced."
:P) causing harm to other legitimate users of networks. In many cases this means that the only way to stop infected PCs becoming a problem is to do something similar to the approach blocking all ICMP to stop Nachi. This blocks legitimate ICMP as well, thus disadvantaging legitimate network users.
A stolen car which poses a danger to legitimate road users will normally be removed from the roads fairly quickly if it is really causing a problem, thus removing any threat an unroadworthy stolen car can pose to other road users and, importantly, in a way which does not disadvantage legitimate road users.
A pirate copy of XP will be used regardless of it being infected by many virii (Sasser excluded seeing as it shuts down most infected PCs
Eventually a there will probably be at least one flaw affecting each of the most popular ports. Blocking these would render the internet effectively useless, so unless another better method can be found, we have the choice of either blocking EVERY access to potentially vulnerable (ALL) services, or we allow infected PC's to remain, putting an unnecessary load on networks worldwide and eventually most likely destroying said networks.
I would have thought that Microsoft actually like to have pirated copies of windows out there. If everyone is running windows, then it will be very hard for other operating systems to get a foot hold, where as, if they alienate everyone not running a legit copy of windows, then they will either have to pay, or turn to an alternative. If they stop using windows, then windows stops being the defacto standard and that is currently microsoft's big advantage on the market.
Should they provide support to people that pirate their products? No. But if it means losing out on their user base; shouldn't they?
I only have Linux machines and I was able to download the updates from Microsofts own security advisary pages without any problems (links found through earlier slashdot story).
I have then made CDs containing Symantecs Sasser removal tool and the hotfix for both Windows 2000 and XP and made copies to pass around to friends and family that still run Windows.
So even if Windows Update requires a valid key for Windows XP users, the updates are still readily available. Albeit, not quite as easy as Windows Update, but if you run pirated software, you deserve to suffer just a bit.
Personally, if I were a PR at Microsoft, I'd be giving those patches away. The less overall damage systems running Windows would get because of security exploits, the best the PR. Furthermore, it would allow me to give the possibility to give the "we care" speech...
On the other hand, as an Open Source advocate as I am, I believe these issues should be exploited to the maximum. Not only is most Open Source software more immune to such problems but the patching speed is of critical importance for most enterprise users, and as far as I'm concerned, that would be the main entry point into the household.
Well, if I was running a pirated version of Windows, and found out I couldn't secure my system because it was a pirated version, it would encourage me to actually buy a copy. While it might not persuade many people, I don't see MS wanting to make life easier for people without legal copies of Windows.
He didn't exactly have an answer, other than to say they were still looking at the problem - but from what he did say MS is acutely aware of the problem.
I think my solution would be to allow security updates only. During this trip I had a long discussion with a pile of MS executives about community and /. came up more than a couple of times in the conversation ;-)
we see things not as as they are, but as we are.
-- anais nin
What some people are suggesting is that people using illegal copies of Windows should be allowed to install security patches, at least the important ones, in order to reduce the damage done when a worm starts spreading - if illegal copies can't be patched, every illegal copy is an extra carrier for worms. The only way MS pay for that is in extra bandwidth for the Windows Update servers, which I suspect would be a pretty small cost (particularly if the next big worm DoSs Microsoft yet again, in which case having more updates downloaded would probably be a net saving).
:-) and I can't imagine it'd get any better if it became public knowledge that their security updates sometimes deleted the operating system.
The other side of the argument is that Microsoft should have no obligation to support illegal copies, and indeed should reduce the functionality of illegal copies in order to encourage people to buy a copy instead; this is the philosophy MS currently follow, to some extent, by having Windows Update and service packs not install on copies with a bad CD-key.
The problem with using patches as an area of reduced functionality is that most people don't particularly care about the security of their computer at the best of times, so it's not a big deterrent to illegal copying; at the same time, illegal copies getting worms and such affects everyone on the Internet, whether they're illegal Windows users, legit Windows users, or not even using Windows.
(There's also the argument that Microsoft have tacitly encouraged illegal copies in the past in order to get more market share, which I think might be what you're referring to, but the above applies whether you believe this or not.)
Microsoft should set the updates to automatically remove the operating system from anyone who is not a legit user
False positives under MS's current policy are merely an annoyance, but if they followed your policy and their warez-detection algorithm got any false positives whatsoever, it'd wipe the OS of a legit user - I for one wouldn't appreciate that. Microsoft have, um, a bit of a reputation problem as it is
I can't imagine it would kill that many warezed copies either (once word got around), it'd just encourage anyone with an illegal copy not to install patches, and since that has a negative effect on the rest of the Internet, it'd be irresponsible.
*** now talking on #hypothetical-warez-channel - Topic: Get your XP isos here!
<w4r3z-k1dd1e> don't install yesterday's critical update whatever you do, I got burned by it
<@l33t_d00d> how's that?
<w4r3z-k1dd1e> it deleted my OS!
<w4r3z-k1dd1e> had to reinstall it
<@l33t_d00d> lol, didn't you know?
<@l33t_d00d> some of the patches do stuff like that
<@l33t_d00d> safest way is to skip them all
<w4r3z-k1dd1e> doesn't that make your pc not secure?
<@l33t_d00d> heh, whatever
<@l33t_d00d> that's what *they* tell you
<w4r3z-k1dd1e> ah, k
*** l33t_d00d has changed topic to "Remember kids, patches are for the weak"
Is that really what you want the warez kiddies to be thinking, and if so, would your answer change when the next Code Red/Nimda/Slammer/Sasser/... turns up?
If MS in the future decides that patches are a premium-service (with premium license-fees), then so be it. I also think that anyone who uses MS-software should pay their price.
If you don't like their prices or their conditions turn to the alternatives.
"By the way if anyone here is in advertising or marketing... kill yourself." -- Bill Hicks
I *would* agree with ya in a perfect world. But in our real world there are dialup user, free/anonymous ISPs over dialup, sometimes BIG corporate nets may get infected, and they do not have an 'ISP', instead they have some fat pipes going out, so no luck enforcing some TOS... etc etc.
I used to be a nasty pirate myself, until I saw the light. MS enforcing their 'rights' can only be a good thing, since it will shy people (at least people from poor countres) away form their products, thus making the internet safer. But for now it is simply wiser to give updates to the pirates.
cheers.
``If a program can't rewrite its own code, what good is it?'' - Mel
MS should detect update attempts from pirated software and offer the opportunity to: 1) pay a fee and obtain a retroactive license; 2) get a code to access and apply the updates; 3) receive an effective amnesty for the piracy.
-- Slashdot: When Public Access TV Says "No"
Funnily enough, I get that message despite the fact that I run Win2K. I do, however, use a proxy server that strips out my HTTP User-Agent headers.
I can't believe this question even deserves attention
YOU DIDN'T PAY FOR WINDOWS hence they DON'T OWE YOU SHIT for support, why is this so hard to understand.
Because users couldn't get updates, I've seen quite a few of them go out and buy legit copies at work. The reason being they were going to lose network access if they didn't!
Your Windows PC is my other computer.
I STILL don't get why people think downloading is their right and stealing is OK.
If you come into my house to burglarize it, and I shoot you in the legs to stop you, I'm liable for your loss of future income earning potential. Think it sounds farfetched? I remember a case when I was in HS that revolved around that exact scenerio, and the burglar won.
Faulty products are faulty products. If Microsoft fails to offer a repair to a product it knows is defective. Unlike the stolen Ford, our pirate friends may have tried to get the patch and were denied it. Microsoft now has knowledge of a defective instance of the product and has knowingly refused to make the necessary safety corrections. Regardless of the legal status of the ownership, the product liability remains. The fact that the "product" is digital is what makes it not quite fit the traditional product mold. All the disclaimers won't help either,as known defects _will_ make you liable no matter what. As a PE, if I say in my contract "that's not my responsibility" but the "not by me" design is clearly faulty, I'm still liable.
If they can prove it has been stolen from them, they should notify the autorities of the theft and have the product returned to them for repair or destruction.
(I'm not advocating piracy - I have legal copies of XP - but making a patch unavailable is wrong. How would you get the sasser patch if your inet connex was down due to sasser? My parents couldn't, because I couldn't get the patch and write it to disc for them, and they own a legal copy of XP home.)
Is it just my observation, or are there way too many stupid people in the world?
Actually, reading his site, it seems he has been in "contact" with Microsoft lawyers several times already. They have repeatedly gotten his providers to cut access to his pages through legal threats. (The current site is the fifteenth relocation of the pages.)
However, he claims the numbers are not copyrighted nor trademarked, so the law does not forbid posting them. Since it seems he has published them for some time and still not directly been sued by Microsoft, this might actually be true.
Use Linux and free software instead.
Fact: professional software costs a shitload of money that most home users can't afford.
Fact: using pirated software builds both familiarity and brand loyalty
Fact: most free software cannot hold a candle to the commercial software it attempts to emulate (see GIMP vs Photoshop argument)
Keeping those three points in mind, companies like Microsoft and Adobe secretly don't care that you didn't pay for your copy of Windows or Photoshop.. it's the perfect scenario: Person pirates sofware. Person feels like a rebel and is doubly excited to use it. Person learns software and becomes dependant on it. Person gains employment. Person's employer purchases software for person to do their job. Software company profits. Simple as that. Piracy sucks for game companies, but in my opinion really helps large software powerhouses.
-Rylfaeth
Nope, it's not Microsoft bugs trashing the net. It's some asshole somewhere who thought it would be really cool to have lots of computers rebooting all the time (or whatever crap the latest virus does to your machine).
That's true. But it's also irrelevant.
Once the exploits are out there, the only ways to make them STOP trashing the net (short of taking out the machines) is to apply the patch. Blocking distribution of the security patch to unlicensed copies insures there will be a much larger number of infected machines chattering away than if it is open.
Selling millions of copies of software that is susceptable to infection and expecting them to remain uninfected is like laying out millions of uncovered petri dishes full of culture medium and expecting them to remain sterile. If nothing else, Microsoft bears some of the responsibility according to the doctrine of "attractive nuisance".
In case you're not aware of it: Consider a chemical company that keeps concentrated sulphuric acid in an uncovered, unfenced, outdoor tank that looks like a swimming pool. Is it the chemical company's fault if, some summer afternoon, some neighborhood kids jump in and/or push each other in? In US law: Absolutely!
By deploying a massively virus/worm susceptable system Microsoft has created an attractive nuisance. Yes the primary responsibility for damage when it is exploited rests with the exploiters. But when they "light a fire" that starts an ongoing process of consuming the neighborhood, it's Microsoft's responsibility to help put it out.
And it's in Microsoft's interest to do so, before somebody wises up and starts using the attractive nuisance doctrine to make them pay for the damage.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
You can unpack them and copy the DLLs over.
That will install updates.
Yes, I patched DCOM on a machine without SP1
this way.
Can I bum a sig? I left mine at the office.
I have always seen to it that the software on the networks I admin was properly licensed. Sometimes, on taking up a new job, the task was enormous.
We still got audited. So we had a double penalty of staff time: fix the problem before the audit, then prove it was fixed. Neither case advanced the organizational mission. It was pure loss, friction . All the time I was doing that, I wasn't fixing things that were broken. I wasn't making the net more secure. I wasn't installing new things.
I will grant that a company can set the terms of use for their products as they wish. They should be aware that hamfisted, user-hostile enforcement mechanisms like this are driving customers like me away. At comparable functionality, even with higher costs, I prefer the Free as in Speech solution.
Should I experience a difficult implementation due to lack of developer/test resources in an Open Source project, I experience necessary pain. That is to say, any problems I have with getting it working are a natural result of the state of the project I'm working with. Licensing friction is unnecessary pain. It's the unnatural result of the developers going out of their way to put up obstacles.
Unnecessary pain hurts way more than necessary pain for similar stimulus levels.
Gotta say, props to the commercial software outfits that have simple concurrent licensing setups that actually work. It's the ones that suck that cost you future business.