Microsoft Security Updates for Pirated Windows?
zachlipton writes "DSL Reports has an interesting question posted: should users with pirated copies of Windows be allowed to download security updates, such as for Sasser? Apparently, without a valid CD key, users cannot download these updates. Do they get what they deserve, or should they be allowed these updates through Windows Update in order to reduce the impact of these worms on the rest of the net? Should security updates only for worms be made available to pirated users, or also updates for issues that while not posing a risk to other internet users, would open the pirate up to a security hole?"
I am pretty sure MSDN version of windows XP don't have activation keys and such. Does that mean they can't upgrade?
If they cant download the updates, and havoc is all the more extreme because of poor MS coding, it only shines a brighter light on alternative operating systems.
Ive been saying forever that the year MS perfects its anti-piracy technique really WILL BE the year of the linux desktop, and this (at least in my eyes) is a step closer to that.
Its microsofts perogotive, theyre not in any way required to support pirated versions of their software, and why should they bother. On the other hand, these worms negativly effect everyone. Although if your smart enough to pirate windows (there are some tricks joe sixpack wouldn't know right away) you should be savy enough to get a keygen of kazza or something. Not that thats how i got XP SP1 or anything...
"Sic Semper Tyrannosaurus Rex."
It is fundamentally a companies sole responsibility to ensure that any flaws within its products are fixed. By using their own mistakes as a punishment for people who pirate that are propagating flawed copies of their software. Microsoft should allow any user of their products regardless of if they have a right to it to have updates. They can fight piracy in more responsible and effective ways, for there are other people who use the network.
We need to create an environment where piracy is looked down upon, not encouraged. Giving them updates is simply encouraging pirate behavior.
If an infected machine becomes such a problem that they're affecting other people, ISP's should simply revoke a users access until they upgrade to the latest patches and remove the virus. A pirated version of Windows wouldn't be able to get the updates and therefore would probably keep on getting the virus, costing them a great deal of inconvience every time their internet is shut off. Not to mention the knowledge that thier machine is going to be swamped with viruses and that their computer will be completely insecure.
The best way to get rid of pirates is to make the cost of pirating greater than the cost of buying the software (or finding a legit alternative).
It is called the Microsoft Baseline security analyzer. It will tell you which updates you need to get and even point you to the security bulletin page to download it
did you forget to take your meds?
Irrelevant. Once SP2 final is out, a new keychanger will be around within a day or two. Nobody is just bothering with it right now because MS could just block the volume keys in the next build.
(And obiviously a new corporate edition of WinXP+SP2 with working volume license key will be out - probably even faster than the SP2 installer)
But way too many warez windows user is *still* using the first Devils0wn release with a blacklisted key. No SP1 for j00. Perfect host for all kinds of viral stuff...
Even MS knows it cannot prevent it completely, but by making it hard for the joe average user they are selling new licenses. Like when a joe sixpack goes 'updates don't work *again*? And if I don't update, my comp will be hosed this time next week? I need to bother my brother's kid again and let him to mess up my computer while installing some new warez version? BAH I go buy original.'
This happens pretty damn often - I work at PC repairs and when we get warez windows PC which is unpatched, we clearly say that either you buy a windows license, or all of the non-hardware problems you have are yours. We won't touch it. Certain age group tends to take their PC back and either live with the problems or get the new warez version, but those who don't care if it costs 100$ for an OEM WinXP tend to fork out money and ask us to fix the damn thing for good. They have used a pirated copy earlier because they felt that the 100$ was 'wasted money' - pirated copy worked just as fine. As soon as it suddenly doesn't work just as fine, they see value in tossing the 100$ at MS.
I totally agree, however Microsoft should horon their "pirates." After all, if it weren't for the people who illegally copy and distribute Windows, the Microsoft market share would not be what it is right now. Microsoft owes a lot to "pirates."
-JemThat is correct. I have "on the ground" observation from 3-5th world countries that it does not enforce until market penetration reaches at least 80%. In fact I have seen Microsoft reps and partners handing out CDs like candy to kids especially in the academia. All of them with versions that are later blamed to be pirated and with keys like 1234-5678. Once all alternatives are dead Bill comes to discuss the matters of software piracy with the prime minister or the president and bolts start to tighten. Two years later MSFT has one more steady revenue stream.
It is the same scheme crack dealers use in schools and IMO it should be prohibited. If you do not enforce a license you must lose your rights as entitled by the license.
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
I'll consider it a serious problem when I wake up outside Microsoft's headquarters missing a kidney or other nonvital organs.
A EULA is not as binding as a contract is. They can say whatever they want, but they're limited in what can actually be enforced. They can make you stop using the software, and not too much more.
And they won't want you to stop using Windows, because then you'll have to use something else.
It it's clear that MS has no obligation to support stolen software. If you steal property you should be ready for some kind of problems.
Yet I see that the point is that MS is making a mistake in not giving security fixes to everyone.
Here's why: There will be millions of pirated XP's also in future. They will have trouble in fixing their system. During that period they are harming the network experience of all of us. And they do have a significant effect, because of their huge amount. Finally they find a solution from firewalls or installing other OS's, such as Linux or OS/X !
If 50% of worlds PC's carry pirated XP and 10 % of those will end up in moving to Linux, we will have quite a boost for Linux ! I don't mind that..
If the Microsoft PR machine is smart they'll withhold security updates from pirated copies. Then they can blame the spread of viruses and worms on the evil software pirates who are running the insecure systems.
Here's a better idea:
Maybe Microsoft should be charged for every byte of bandwidth that their stupid programming practices chew up when one of these viruses run rampant.
This would force Microsoft to clean up their act. They might actually start thinking about security instead of just paying lip service to it. Then, whether copies of Windows are pirated or legitimate, we just wouldn't have to deal with as much crap on the Internet!
Personally, if I were a PR at Microsoft, I'd be giving those patches away. The less overall damage systems running Windows would get because of security exploits, the best the PR. Furthermore, it would allow me to give the possibility to give the "we care" speech...
On the other hand, as an Open Source advocate as I am, I believe these issues should be exploited to the maximum. Not only is most Open Source software more immune to such problems but the patching speed is of critical importance for most enterprise users, and as far as I'm concerned, that would be the main entry point into the household.
Quick solution: If, like me, you bought a laptop and had to pay for Windows XP Home Edition even though you subsequently installed Linux on it, you effectively have a "spare" licence key. Why not everyone who has such a licence key, pass it on to somebody with a pirated copy of XP? That way you get some use out of it {through the rest of the Internet being one machine more secure than it would have used to have been otherwise}, and the Windows user gets updates. You might even get a pint out of it!
Je fume. Tu fumes. Nous fûmes!
You are actually forbidden to do that by the EULA.
So, even having the key, you would still be illegal.
You can be very sure Microsoft have ways to track the license number so the reseler.
morcego
He didn't exactly have an answer, other than to say they were still looking at the problem - but from what he did say MS is acutely aware of the problem.
I think my solution would be to allow security updates only. During this trip I had a long discussion with a pile of MS executives about community and /. came up more than a couple of times in the conversation ;-)
we see things not as as they are, but as we are.
-- anais nin
What some people are suggesting is that people using illegal copies of Windows should be allowed to install security patches, at least the important ones, in order to reduce the damage done when a worm starts spreading - if illegal copies can't be patched, every illegal copy is an extra carrier for worms. The only way MS pay for that is in extra bandwidth for the Windows Update servers, which I suspect would be a pretty small cost (particularly if the next big worm DoSs Microsoft yet again, in which case having more updates downloaded would probably be a net saving).
:-) and I can't imagine it'd get any better if it became public knowledge that their security updates sometimes deleted the operating system.
The other side of the argument is that Microsoft should have no obligation to support illegal copies, and indeed should reduce the functionality of illegal copies in order to encourage people to buy a copy instead; this is the philosophy MS currently follow, to some extent, by having Windows Update and service packs not install on copies with a bad CD-key.
The problem with using patches as an area of reduced functionality is that most people don't particularly care about the security of their computer at the best of times, so it's not a big deterrent to illegal copying; at the same time, illegal copies getting worms and such affects everyone on the Internet, whether they're illegal Windows users, legit Windows users, or not even using Windows.
(There's also the argument that Microsoft have tacitly encouraged illegal copies in the past in order to get more market share, which I think might be what you're referring to, but the above applies whether you believe this or not.)
Microsoft should set the updates to automatically remove the operating system from anyone who is not a legit user
False positives under MS's current policy are merely an annoyance, but if they followed your policy and their warez-detection algorithm got any false positives whatsoever, it'd wipe the OS of a legit user - I for one wouldn't appreciate that. Microsoft have, um, a bit of a reputation problem as it is
I can't imagine it would kill that many warezed copies either (once word got around), it'd just encourage anyone with an illegal copy not to install patches, and since that has a negative effect on the rest of the Internet, it'd be irresponsible.
*** now talking on #hypothetical-warez-channel - Topic: Get your XP isos here!
<w4r3z-k1dd1e> don't install yesterday's critical update whatever you do, I got burned by it
<@l33t_d00d> how's that?
<w4r3z-k1dd1e> it deleted my OS!
<w4r3z-k1dd1e> had to reinstall it
<@l33t_d00d> lol, didn't you know?
<@l33t_d00d> some of the patches do stuff like that
<@l33t_d00d> safest way is to skip them all
<w4r3z-k1dd1e> doesn't that make your pc not secure?
<@l33t_d00d> heh, whatever
<@l33t_d00d> that's what *they* tell you
<w4r3z-k1dd1e> ah, k
*** l33t_d00d has changed topic to "Remember kids, patches are for the weak"
Is that really what you want the warez kiddies to be thinking, and if so, would your answer change when the next Code Red/Nimda/Slammer/Sasser/... turns up?
If MS in the future decides that patches are a premium-service (with premium license-fees), then so be it. I also think that anyone who uses MS-software should pay their price.
If you don't like their prices or their conditions turn to the alternatives.
"By the way if anyone here is in advertising or marketing... kill yourself." -- Bill Hicks
Funnily enough, I get that message despite the fact that I run Win2K. I do, however, use a proxy server that strips out my HTTP User-Agent headers.
Well, I had a long rant and decided to just shorten it... the meaning of "Microsoft Tax" depends on WHEN you apply it. It used to be that all computers sold paid a royalty to MS wether or not they came with MSDOS. That was really what was known as the MS Tax.
Nowadays people use it to refer to the fact that you can't buy a major brand PC without Windows installed. Even IBM, at one point, who were competing with MS with OS/2, wouldn't sell you a computer without Windows. That had to do with the cliff pricing tactics MS used.
It's still hard to find a major brand you can buy "naked" or with an alternative OS. I know a bunch of idiots are going to respond about how that's not true, that you can buy a Dell, for example, with Linux - but I said it's "hard", not impossible. They do not make it easy.
Notebooks are the worst.
So often enough people who might run an alternative OS will buy a prebuilt system with Windows on it, even if they don't want it.
In other words, MS makes money off of almost every prebuilt PC sold (probably upwards of 99%). That's the MS tax.
Here's another one for you - let's say you bought a prebuilt computer with Windows XP. One day after the warranty expires, you spill coffee on it and fry it, and decide to just buy another PC - now you've bought two licenses of Windows XP but only use one. Yes, again, you CAN build your own PC or find a "naked" one somewhere, and then you can give MS all your private information over the phone, trying to explain you had to replace your computer all the while they think you are a pirate, but most people just buy the pre-built system and pay the "MS Tax".
Any geek can easily avoid it, though, and since most users of alternate OS' are geeks, I fail to see the big deal. Of course, if we hadn't fought it for years and years, you still wouldn't be able to buy a naked PC.
Stupid sexy Flanders.
I have always seen to it that the software on the networks I admin was properly licensed. Sometimes, on taking up a new job, the task was enormous.
We still got audited. So we had a double penalty of staff time: fix the problem before the audit, then prove it was fixed. Neither case advanced the organizational mission. It was pure loss, friction . All the time I was doing that, I wasn't fixing things that were broken. I wasn't making the net more secure. I wasn't installing new things.
I will grant that a company can set the terms of use for their products as they wish. They should be aware that hamfisted, user-hostile enforcement mechanisms like this are driving customers like me away. At comparable functionality, even with higher costs, I prefer the Free as in Speech solution.
Should I experience a difficult implementation due to lack of developer/test resources in an Open Source project, I experience necessary pain. That is to say, any problems I have with getting it working are a natural result of the state of the project I'm working with. Licensing friction is unnecessary pain. It's the unnatural result of the developers going out of their way to put up obstacles.
Unnecessary pain hurts way more than necessary pain for similar stimulus levels.
Gotta say, props to the commercial software outfits that have simple concurrent licensing setups that actually work. It's the ones that suck that cost you future business.