Slashdot Mirror


Microsoft Security Updates for Pirated Windows?

zachlipton writes "DSL Reports has an interesting question posted: should users with pirated copies of Windows be allowed to download security updates, such as for Sasser? Apparently, without a valid CD key, users cannot download these updates. Do they get what they deserve, or should they be allowed these updates through Windows Update in order to reduce the impact of these worms on the rest of the net? Should security updates only for worms be made available to pirated users, or also updates for issues that while not posing a risk to other internet users, would open the pirate up to a security hole?"

31 of 1,096 comments (clear)

  1. What about MSDN windows by superpulpsicle · · Score: 3, Interesting

    I am pretty sure MSDN version of windows XP don't have activation keys and such. Does that mean they can't upgrade?

    1. Re:What about MSDN windows by Oriumpor · · Score: 4, Interesting

      There are corporate CDs out there that have been available for quite some time they only require a valid "volume license" cd key to operate. In point of fact, they ignore the stupid Activation BS and are what we use for Unattended installation scripts since they don't require activation once installed.

      Then again I'm not an active member in the Warez community. I would assume something like this would be near holy grail status.

    2. Re:What about MSDN windows by Dever · · Score: 3, Interesting

      that is true, but they have blacklisted one (maybe more) corporate keys. i still use them when i use vmware, but one that began FCKGW if i remember correctly, couldn't install SP1. Evidently they caught wind that a corp key was being used predominantly for warezd copies, and nipped it.

      --
      - I'd prefer not to.
    3. Re:What about MSDN windows by Anonymous Coward · · Score: 5, Interesting

      I'm not exactly 'part of the warez scene' either, but I was easiy able to find corporate editions of XP, win2k, office, and so on, via p2p networks. Valid serial numbers that still allow windows updates are even easier to find.

      I quite frequently use them when I have to reinstall friends computers, because even though they already have an OEM copy of XP home it's tedious going through the activation process for Windows, Office, and whatever other crap got bundled with the computer. They paid for windows with the computer, they get windows. I don't have any ethical problem with it.

    4. Re:What about MSDN windows by pantherace · · Score: 3, Interesting
      RedHat's security updates are free: in SRPM form, which means you get to compile them, and you can redistribute them.

      Why? RedHat decided to make people pay for service, and considered compiled updates part of the service. Fortunately they still follow the "Always Open" part, and you can download all of RedHat Enterprise Linux & build it yourself. (Why someone would do that, and not just run gentoo is beyond me. (Maybe they like messing with RPMS & they annoynce they are to rebuild & install?))

      Yeah, it is an issue that should be addressed, but people have already. As many people have pointed out: Corperations are often not very wise. (case in point: Red Hat canceling their desktop version, which has led people to change distributions very quickly)

      However, what obligation does Red Hat have to provide those that they don't have a contract with updates? They and Microsoft don't. (Nor does anyone who uses BSD or GPL software: your warranty was where? and your contract was what?) It's just that people who write software or package it tend to not want to have their reputation on security sink to as low as IIS or genuinely want to help others.

  2. Well by 222 · · Score: 4, Interesting

    If they cant download the updates, and havoc is all the more extreme because of poor MS coding, it only shines a brighter light on alternative operating systems.
    Ive been saying forever that the year MS perfects its anti-piracy technique really WILL BE the year of the linux desktop, and this (at least in my eyes) is a step closer to that.

    1. Re:Well by Joel+Carr · · Score: 3, Interesting

      Actually, not letting pirates update their copy of Windows I believe partly works in Microsoft's favour. I personally have 3 friends who have purchased a copy of Windows XP simply because of the hassles of trying to patch their pirated copies.

      ---

      --
      Any man who can drive safely while kissing a pretty girl is simply not giving the kiss the attention it deserves. -- AE
    2. Re:Well by praksys · · Score: 4, Interesting

      You hit the nail on the head. MS has no obligation to pirates, and no responsibility for the problems caused by pirates. But the problems caused by these insecure windows machines are a PR black-eye for MS, a pain for their paying customers, and a great reason for the pirates to switch to free software. If the pirates switch then that will eventually cut into the network effect value of windows. If MS had any sense they would provide the patches to all. Fortunately I think it is unlikely.

    3. Re:Well by thogard · · Score: 5, Interesting

      MS has an obligation to ensure that their products do not cause harm to others according to nearly ever product safety law in the world. If you steal a Ford pickup and it needs a recall and you kill someone as a result of the defect, Ford won't be let off the hook.

      One of these days Microsoft is going to get nailed by a "innocent third party" law suit and then the avalanche of law suits will start.

    4. Re:Well by Oinos · · Score: 5, Interesting

      if MS made a genuine attempt to stop piracy it would be the beginning of their end.

      This reminds me of the immortal words of Steve Ballmer:

      "I'd rather have someone using a pirated copy of my software instead of a legitimate copy of someone else's."

    5. Re:Well by ReallyQuietGuy · · Score: 3, Interesting

      If the pirates switch

      why do you assume they won't just switch to paid Windows?

      "damn it sucks, my windows doesn't work anymore, all this worm stuff on it makes it really fucked up, i can't patch it 'cos, well, its pirated"

      "hey man, just try this CD, it's got this great OS on it and it's called Linux, sorry I mean GNU/Linux, and not only are the security updates free, the entire OS is free and legal!"

      ##next day##

      "hey, man, i dunno what the thing is that you gave me, but i dunno how to use it, and they tell me none of my (also-pirated) games work on it, so i'm gonna go to the store now and cough up that money for windows, thanks anyway"

      you're rated +4 interesting now, but it looks more like +5 wishful thinking. there's a whole ecology around windows that doesn't go away. unless linux can become in some way a "drop in replacement" of windows (distribs with WINE bundled are headed that way but is not there yet, and MS may yet find a way to stop it), any switchers-to-linux will be negligible.

      best of all, winxp's firewall WILL stop most of these worms, so whats most likely gonna happen is these guys are gonna 1. reinstall, 2. live with an unpatched pirated windows but with the firewall on.

  3. Tricky situation... by Cyno01 · · Score: 4, Interesting

    Its microsofts perogotive, theyre not in any way required to support pirated versions of their software, and why should they bother. On the other hand, these worms negativly effect everyone. Although if your smart enough to pirate windows (there are some tricks joe sixpack wouldn't know right away) you should be savy enough to get a keygen of kazza or something. Not that thats how i got XP SP1 or anything...

    --
    "Sic Semper Tyrannosaurus Rex."
  4. Of course by HenryFjord · · Score: 5, Interesting

    It is fundamentally a companies sole responsibility to ensure that any flaws within its products are fixed. By using their own mistakes as a punishment for people who pirate that are propagating flawed copies of their software. Microsoft should allow any user of their products regardless of if they have a right to it to have updates. They can fight piracy in more responsible and effective ways, for there are other people who use the network.

  5. Why should they be able to? by Maddog2030 · · Score: 5, Interesting

    We need to create an environment where piracy is looked down upon, not encouraged. Giving them updates is simply encouraging pirate behavior.

    If an infected machine becomes such a problem that they're affecting other people, ISP's should simply revoke a users access until they upgrade to the latest patches and remove the virus. A pirated version of Windows wouldn't be able to get the updates and therefore would probably keep on getting the virus, costing them a great deal of inconvience every time their internet is shut off. Not to mention the knowledge that thier machine is going to be swamped with viruses and that their computer will be completely insecure.

    The best way to get rid of pirates is to make the cost of pirating greater than the cost of buying the software (or finding a legit alternative).

  6. But they CAN download updates! by js3 · · Score: 5, Interesting

    It is called the Microsoft Baseline security analyzer. It will tell you which updates you need to get and even point you to the security bulletin page to download it

    --
    did you forget to take your meds?
  7. Re:Windows Xp Sp2 Latest Build by Jarnis · · Score: 5, Interesting

    Irrelevant. Once SP2 final is out, a new keychanger will be around within a day or two. Nobody is just bothering with it right now because MS could just block the volume keys in the next build.

    (And obiviously a new corporate edition of WinXP+SP2 with working volume license key will be out - probably even faster than the SP2 installer)

    But way too many warez windows user is *still* using the first Devils0wn release with a blacklisted key. No SP1 for j00. Perfect host for all kinds of viral stuff...

    Even MS knows it cannot prevent it completely, but by making it hard for the joe average user they are selling new licenses. Like when a joe sixpack goes 'updates don't work *again*? And if I don't update, my comp will be hosed this time next week? I need to bother my brother's kid again and let him to mess up my computer while installing some new warez version? BAH I go buy original.'

    This happens pretty damn often - I work at PC repairs and when we get warez windows PC which is unpatched, we clearly say that either you buy a windows license, or all of the non-hardware problems you have are yours. We won't touch it. Certain age group tends to take their PC back and either live with the problems or get the new warez version, but those who don't care if it costs 100$ for an OEM WinXP tend to fork out money and ask us to fix the damn thing for good. They have used a pirated copy earlier because they felt that the 100$ was 'wasted money' - pirated copy worked just as fine. As soon as it suddenly doesn't work just as fine, they see value in tossing the 100$ at MS.

  8. Re:Hey lets support the thieves! by ValourX · · Score: 5, Interesting

    I totally agree, however Microsoft should horon their "pirates." After all, if it weren't for the people who illegally copy and distribute Windows, the Microsoft market share would not be what it is right now. Microsoft owes a lot to "pirates."

    -Jem
  9. Re:Hey lets support the thieves! by arivanov · · Score: 5, Interesting

    That is correct. I have "on the ground" observation from 3-5th world countries that it does not enforce until market penetration reaches at least 80%. In fact I have seen Microsoft reps and partners handing out CDs like candy to kids especially in the academia. All of them with versions that are later blamed to be pirated and with keys like 1234-5678. Once all alternatives are dead Bill comes to discuss the matters of software piracy with the prime minister or the president and bolts start to tighten. Two years later MSFT has one more steady revenue stream.

    It is the same scheme crack dealers use in schools and IMO it should be prohibited. If you do not enforce a license you must lose your rights as entitled by the license.

    --
    Baker's Law: Misery no longer loves company. Nowadays it insists on it
    http://www.sigsegv.cx/
  10. Re:Read carefully by dtfinch · · Score: 5, Interesting

    I'll consider it a serious problem when I wake up outside Microsoft's headquarters missing a kidney or other nonvital organs.

    A EULA is not as binding as a contract is. They can say whatever they want, but they're limited in what can actually be enforced. They can make you stop using the software, and not too much more.

    And they won't want you to stop using Windows, because then you'll have to use something else.

  11. Clean the web by Mr+Europe · · Score: 4, Interesting

    It it's clear that MS has no obligation to support stolen software. If you steal property you should be ready for some kind of problems.

    Yet I see that the point is that MS is making a mistake in not giving security fixes to everyone.

    Here's why: There will be millions of pirated XP's also in future. They will have trouble in fixing their system. During that period they are harming the network experience of all of us. And they do have a significant effect, because of their huge amount. Finally they find a solution from firewalls or installing other OS's, such as Linux or OS/X !

    If 50% of worlds PC's carry pirated XP and 10 % of those will end up in moving to Linux, we will have quite a boost for Linux ! I don't mind that..

  12. Great opportunity to blame the pirates by 2WheelCowboy · · Score: 5, Interesting

    If the Microsoft PR machine is smart they'll withhold security updates from pirated copies. Then they can blame the spread of viruses and worms on the evil software pirates who are running the insecure systems.

  13. Re:Yes we should all pay for this too by Anonymous Coward · · Score: 3, Interesting

    Here's a better idea:

    Maybe Microsoft should be charged for every byte of bandwidth that their stupid programming practices chew up when one of these viruses run rampant.

    This would force Microsoft to clean up their act. They might actually start thinking about security instead of just paying lip service to it. Then, whether copies of Windows are pirated or legitimate, we just wouldn't have to deal with as much crap on the Internet!

  14. Windows PR by carvalhao · · Score: 3, Interesting

    Personally, if I were a PR at Microsoft, I'd be giving those patches away. The less overall damage systems running Windows would get because of security exploits, the best the PR. Furthermore, it would allow me to give the possibility to give the "we care" speech...

    On the other hand, as an Open Source advocate as I am, I believe these issues should be exploited to the maximum. Not only is most Open Source software more immune to such problems but the patching speed is of critical importance for most enterprise users, and as far as I'm concerned, that would be the main entry point into the household.

  15. Re:Yes we should all pay for this too by ajs318 · · Score: 4, Interesting

    Quick solution: If, like me, you bought a laptop and had to pay for Windows XP Home Edition even though you subsequently installed Linux on it, you effectively have a "spare" licence key. Why not everyone who has such a licence key, pass it on to somebody with a pirated copy of XP? That way you get some use out of it {through the rest of the Internet being one machine more secure than it would have used to have been otherwise}, and the Windows user gets updates. You might even get a pint out of it!

    --
    Je fume. Tu fumes. Nous fûmes!
  16. Re:Yes we should all pay for this too by morcego · · Score: 3, Interesting

    You are actually forbidden to do that by the EULA.
    So, even having the key, you would still be illegal.

    You can be very sure Microsoft have ways to track the license number so the reseler.

    --
    morcego
  17. We're not the only people wondering about this... by pointbeing · · Score: 3, Interesting
    I was at a shindig in Redmond last month and Steve Ballmer took this very question from the floor.

    He didn't exactly have an answer, other than to say they were still looking at the problem - but from what he did say MS is acutely aware of the problem.

    I think my solution would be to allow security updates only. During this trip I had a long discussion with a pile of MS executives about community and /. came up more than a couple of times in the conversation ;-)

    --
    we see things not as as they are, but as we are.
    -- anais nin
  18. Re:And the truth comes out on Slashdot... by smcv · · Score: 3, Interesting

    What some people are suggesting is that people using illegal copies of Windows should be allowed to install security patches, at least the important ones, in order to reduce the damage done when a worm starts spreading - if illegal copies can't be patched, every illegal copy is an extra carrier for worms. The only way MS pay for that is in extra bandwidth for the Windows Update servers, which I suspect would be a pretty small cost (particularly if the next big worm DoSs Microsoft yet again, in which case having more updates downloaded would probably be a net saving).

    The other side of the argument is that Microsoft should have no obligation to support illegal copies, and indeed should reduce the functionality of illegal copies in order to encourage people to buy a copy instead; this is the philosophy MS currently follow, to some extent, by having Windows Update and service packs not install on copies with a bad CD-key.

    The problem with using patches as an area of reduced functionality is that most people don't particularly care about the security of their computer at the best of times, so it's not a big deterrent to illegal copying; at the same time, illegal copies getting worms and such affects everyone on the Internet, whether they're illegal Windows users, legit Windows users, or not even using Windows.

    (There's also the argument that Microsoft have tacitly encouraged illegal copies in the past in order to get more market share, which I think might be what you're referring to, but the above applies whether you believe this or not.)

    Microsoft should set the updates to automatically remove the operating system from anyone who is not a legit user

    False positives under MS's current policy are merely an annoyance, but if they followed your policy and their warez-detection algorithm got any false positives whatsoever, it'd wipe the OS of a legit user - I for one wouldn't appreciate that. Microsoft have, um, a bit of a reputation problem as it is :-) and I can't imagine it'd get any better if it became public knowledge that their security updates sometimes deleted the operating system.

    I can't imagine it would kill that many warezed copies either (once word got around), it'd just encourage anyone with an illegal copy not to install patches, and since that has a negative effect on the rest of the Internet, it'd be irresponsible.

    *** now talking on #hypothetical-warez-channel - Topic: Get your XP isos here!
    <w4r3z-k1dd1e> don't install yesterday's critical update whatever you do, I got burned by it
    <@l33t_d00d> how's that?
    <w4r3z-k1dd1e> it deleted my OS!
    <w4r3z-k1dd1e> had to reinstall it
    <@l33t_d00d> lol, didn't you know?
    <@l33t_d00d> some of the patches do stuff like that
    <@l33t_d00d> safest way is to skip them all
    <w4r3z-k1dd1e> doesn't that make your pc not secure?
    <@l33t_d00d> heh, whatever
    <@l33t_d00d> that's what *they* tell you
    <w4r3z-k1dd1e> ah, k
    *** l33t_d00d has changed topic to "Remember kids, patches are for the weak"

    Is that really what you want the warez kiddies to be thinking, and if so, would your answer change when the next Code Red/Nimda/Slammer/Sasser/... turns up?

  19. Anyone using MS-software is subject to MS-policies by gotan · · Score: 3, Interesting

    If MS in the future decides that patches are a premium-service (with premium license-fees), then so be it. I also think that anyone who uses MS-software should pay their price.

    If you don't like their prices or their conditions turn to the alternatives.

    --
    "By the way if anyone here is in advertising or marketing... kill yourself." -- Bill Hicks
  20. Re:OS racists! by julesh · · Score: 3, Interesting

    Funnily enough, I get that message despite the fact that I run Win2K. I do, however, use a proxy server that strips out my HTTP User-Agent headers.

  21. Re:Yes we should all pay for this too by gfxguy · · Score: 4, Interesting

    Well, I had a long rant and decided to just shorten it... the meaning of "Microsoft Tax" depends on WHEN you apply it. It used to be that all computers sold paid a royalty to MS wether or not they came with MSDOS. That was really what was known as the MS Tax.

    Nowadays people use it to refer to the fact that you can't buy a major brand PC without Windows installed. Even IBM, at one point, who were competing with MS with OS/2, wouldn't sell you a computer without Windows. That had to do with the cliff pricing tactics MS used.

    It's still hard to find a major brand you can buy "naked" or with an alternative OS. I know a bunch of idiots are going to respond about how that's not true, that you can buy a Dell, for example, with Linux - but I said it's "hard", not impossible. They do not make it easy.

    Notebooks are the worst.

    So often enough people who might run an alternative OS will buy a prebuilt system with Windows on it, even if they don't want it.

    In other words, MS makes money off of almost every prebuilt PC sold (probably upwards of 99%). That's the MS tax.

    Here's another one for you - let's say you bought a prebuilt computer with Windows XP. One day after the warranty expires, you spill coffee on it and fry it, and decide to just buy another PC - now you've bought two licenses of Windows XP but only use one. Yes, again, you CAN build your own PC or find a "naked" one somewhere, and then you can give MS all your private information over the phone, trying to explain you had to replace your computer all the while they think you are a pirate, but most people just buy the pre-built system and pay the "MS Tax".

    Any geek can easily avoid it, though, and since most users of alternate OS' are geeks, I fail to see the big deal. Of course, if we hadn't fought it for years and years, you still wouldn't be able to buy a naked PC.

    --
    Stupid sexy Flanders.
  22. that @$(*& really adds value, doesn't it? by JimmytheGeek · · Score: 3, Interesting

    I have always seen to it that the software on the networks I admin was properly licensed. Sometimes, on taking up a new job, the task was enormous.

    We still got audited. So we had a double penalty of staff time: fix the problem before the audit, then prove it was fixed. Neither case advanced the organizational mission. It was pure loss, friction . All the time I was doing that, I wasn't fixing things that were broken. I wasn't making the net more secure. I wasn't installing new things.

    I will grant that a company can set the terms of use for their products as they wish. They should be aware that hamfisted, user-hostile enforcement mechanisms like this are driving customers like me away. At comparable functionality, even with higher costs, I prefer the Free as in Speech solution.

    Should I experience a difficult implementation due to lack of developer/test resources in an Open Source project, I experience necessary pain. That is to say, any problems I have with getting it working are a natural result of the state of the project I'm working with. Licensing friction is unnecessary pain. It's the unnatural result of the developers going out of their way to put up obstacles.

    Unnecessary pain hurts way more than necessary pain for similar stimulus levels.

    Gotta say, props to the commercial software outfits that have simple concurrent licensing setups that actually work. It's the ones that suck that cost you future business.