Slashdot Mirror
Microsoft Security Updates for Pirated Windows?
zachlipton writes "DSL Reports has an interesting question posted: should users with pirated copies of Windows be allowed to download security updates, such as for Sasser? Apparently, without a valid CD key, users cannot download these updates. Do they get what they deserve, or should they be allowed these updates through Windows Update in order to reduce the impact of these worms on the rest of the net? Should security updates only for worms be made available to pirated users, or also updates for issues that while not posing a risk to other internet users, would open the pirate up to a security hole?"
Pirates should get updates as much as they get support from any other product they stole: Zero.
Want software without paying for it? Use Free Software. Theres heaps of it.
If they can pirate the operating system, why can't they just pirate the patches too?
Hear recorded Slashdot headlines on your phone! New service beta testing. Just call (248) 434-5508
If they cant download the updates, and havoc is all the more extreme because of poor MS coding, it only shines a brighter light on alternative operating systems.
Ive been saying forever that the year MS perfects its anti-piracy technique really WILL BE the year of the linux desktop, and this (at least in my eyes) is a step closer to that.
the EULA attached to the security patches, even when you are legitimate owner of a copy of Windows!
Bull. I update my pirate copies of XP all of the time.
Its microsofts perogotive, theyre not in any way required to support pirated versions of their software, and why should they bother. On the other hand, these worms negativly effect everyone. Although if your smart enough to pirate windows (there are some tricks joe sixpack wouldn't know right away) you should be savy enough to get a keygen of kazza or something. Not that thats how i got XP SP1 or anything...
"Sic Semper Tyrannosaurus Rex."
I've seen several "corporate" XP cds floating around, as well as some beta versions which contain all XP functionality once patched through Windows Update.
Microsoft disables some CD keys already which are known to be pirated, but I wonder how many valid corporate group cd key installations there are which have been pirated. In that case, it really wouldn't be feasible for MS to disable that cd key, as it would disable that entire company, etc.
"Sed Quis Custodiet Ipsos Custodes?" -Juvenal
It is fundamentally a companies sole responsibility to ensure that any flaws within its products are fixed. By using their own mistakes as a punishment for people who pirate that are propagating flawed copies of their software. Microsoft should allow any user of their products regardless of if they have a right to it to have updates. They can fight piracy in more responsible and effective ways, for there are other people who use the network.
Why should it have to pay for the bandwidth to support pirated copies? There is no benefit to them.
Most if not all infected Sasser users around here had legit but hadn't bothered to update. Real crackers use the corporate version of Windows that apparently doesn't require a CD key for updates.
Trollem mirabilem hanc subnotationis exigiutas non caperet
Company profits vs. general good of the internet. I really wonder which one they'll choose.
(note that I left out writing better software)
SecondPageMedia - Wha
Maybe it's something you could get used to.
Frank: Hey Bob, could I burn a CD on your computer?
Bob: Yeah sure.
Frank: Uhh. It says it's going to shut down in 60 seconds.
Bob: Yep. Gotta work fast.
XP and Longhorn-beta are special that way. Most other packages (2000 included) have generic MSDN keys.
I write code.
The latest build( released in the last 4 days ) of the xp service pack2 beta, blocks a whole range of keys. People who have been using the corporate version of xp, using a keygen will find it will find it needs activating when the apply service pack 2.
The keygen(a very very very popular one) generates product keys in the range 640-645. SP2 turns activation back on when it detects this.
We need to create an environment where piracy is looked down upon, not encouraged. Giving them updates is simply encouraging pirate behavior.
If an infected machine becomes such a problem that they're affecting other people, ISP's should simply revoke a users access until they upgrade to the latest patches and remove the virus. A pirated version of Windows wouldn't be able to get the updates and therefore would probably keep on getting the virus, costing them a great deal of inconvience every time their internet is shut off. Not to mention the knowledge that thier machine is going to be swamped with viruses and that their computer will be completely insecure.
The best way to get rid of pirates is to make the cost of pirating greater than the cost of buying the software (or finding a legit alternative).
The simple answer is yes.
For the common good of the internet, as well as for the sake of protecting Microsoft's already spotty image, they should be allowed to download hotfixes... after all, they wouldn't need them if Micrsoft had done it right in the first place.
The corporate answer is no.
They didn't pay for the software and are therefore ineligible for updates.
My opinion?
For the common good, Windows should go away. But until then, everyone running it, legally or not, needs to have access to emergency patches and fixes.
-- This sig for rent.
Of course the initial response is to think that those who have pirated copies must not receive updates.
As with all things though it's seldom that simple.
When a company such as Microsoft gain a significant share of the market (yes... monopoly), then the damage that saying no could be could actually threaten the stability of that society were their software to fail sigificantly.
i.e. If machines cannot be patched with at least the bare security updates, and those machines then assist in the even wider propagation of a virus or worm such that it affects the infrastructure of the Internet as a more general thing.
Then in those cases, would it not have been a civic duty upon the company to protect the wider Internet and society (of their original shortcomings in allowing the vunerability to exist) regardless.
So I'm more of the opinion that No should be the answer for all bells and whistles things... such as Media Player. But that all security patches should be installed on every machine possible... regardless of whether that is a machine without a legit key or not.
Interesetingly, this is probably opposite Microsofts view. As to be able to manipulate market forces they need critical mass in areas suh as Media Player. So I think from their perspective they would probably wish to allow the whistles, but to encourage/force the upgrade to a legal version would probably wish to disallow stability patches (read: security) so that legit systems are more stable.
There are corporate CDs out there that have been available for quite some time they only require a valid "volume license" cd key to operate. In point of fact, they ignore the stupid Activation BS and are what we use for Unattended installation scripts since they don't require activation once installed.
Then again I'm not an active member in the Warez community. I would assume something like this would be near holy grail status.
On the one hand there is piracy. Even if you say it's an advantage for Microsoft because of more dependency, the truth is that it isn't what they want people doing with their product, and it is illegal. If you want the support you should fork over for the product; after all Windows is about as Not-Free-Software as you can get. Perhaps if it wasn't such as widespread, costs to cover piracy would come down, and Windows would be cheaper and thus more easily availible. A rock and a hard place, people will need to buy before they can afford, and the numbers on actual piracy are way out of the realm of possible statistical analysis.
That being said, not getting security updates can cause problems for the Internet as a whole, not to mention for valid Windows users as pirate machines which can't be patched propigate viruses. That is more than just a problem for the people with bootleg'd copies themselves, that causes network congestion and performance problems for valid users as well. I know my Apache logs are still crammed with exploit attempts...
It's a question of responsibility vs. assisting lawbreakers. My (personal, humble) opinion is that Microsoft should allow security patches to all copies of Windows as it defeats expliots and worms/virii much quicker, but as for feature upgrades and bug fixes which are not a security issue, Microsoft should withold those unless the user has a valid serial key. True seriousness about security means defeating the problem for more than just customers, it means providing a better enviroment for everyone. This, I believe, is the root of the problem in the Microsoft attitude, and it's kind of sad that the largest software company on Earth can't see far enough past their bottom line to make such a move.
No one is (or should) ask them to give away anything more than saftey.
CAn'T CompreHend SARcaSm?
It is called the Microsoft Baseline security analyzer. It will tell you which updates you need to get and even point you to the security bulletin page to download it
did you forget to take your meds?
Even better than that is "Reset5". Updates are allowed for unactivated XP installs that are still in the first 30 days. Reset5 is a little service that runs at startup and magically keeps that 30 day grace period timer set at 30 days. This is actually more than just a handy tool for pirates. I personally use it on my legitimate copy of XP Pro because the stupid piece of crap DE-ACTIVATES ITSELF if I change more than a couple pieces of hardware (something I do with remarkable frequency).
If a job's not worth doing, it's not worth doing right.
If they key started with FCKGW then it is considered "Invalid". There were a few other keys that were considered Invalid too. Attempting to install SP1 with one of these keys would pop up a message saying that there's a license problem.
FCKGW-... being they key that was commonly distributed with the first major pirate release of XP (Devil's own).
How, excatly speaking, can an ISP know which app generated which packet in a remote machine ?
And ISP-level port blocking is the foulest evil an ISP can commit, far worse than asymmetric connections or hidden monthly usage limits. Port blocking prevents your computer from being used as anything except a simple surf station; even some FTP sites refuse to work. There is absolutely no justification for this.
Internet was designed to be a P2P network. Do not break it. Especially just because some people insist on using computers without bothering to learn to maintain them (or hiring someone else to do so).
Yes, it's so simple and straightforward to tell a good packet from a bad. All it requires... is checking the evil bit !
An ISP is just a traffick carrier. In no way, shape or form, should they be responsible for the actions of their users. If they are, it will be an additional incentive for them to block all the ports from incoming connections, reducing the value of Internet for all and making interesting and important applications like Freenet impossible. But even if they block all the incoming ports, it still won't stop the worms from spreading (by e-mail), it will simply give them an excuse for the Courts ("Hey, we did our best !"). All pain, no gain.
As this is self-obvious, I must ask: Are you a RIAA mole, trying to destroy the P2P networks ? Or are you a government mole, trying to destroy the capacity of Internet for applications like Freenet ? Or are you just a particularly clever troll who got modded insightfull by a not-so-clever moderator ?
Inquiring minds want to know ?-)
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
I run XP unpatched with no Antivirus and no problems.
You sound like the people in the porn industry who try to justify having sex without condoms.
If you have no antivirus software, how can you be so sure that there are no viruses?
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
I'm not exactly 'part of the warez scene' either, but I was easiy able to find corporate editions of XP, win2k, office, and so on, via p2p networks. Valid serial numbers that still allow windows updates are even easier to find.
I quite frequently use them when I have to reinstall friends computers, because even though they already have an OEM copy of XP home it's tedious going through the activation process for Windows, Office, and whatever other crap got bundled with the computer. They paid for windows with the computer, they get windows. I don't have any ethical problem with it.
http://www.microsoft.com/technet/security/tools/mb sahome.mspx
"I'm Feeling Lucky", even.
It it's clear that MS has no obligation to support stolen software. If you steal property you should be ready for some kind of problems.
Yet I see that the point is that MS is making a mistake in not giving security fixes to everyone.
Here's why: There will be millions of pirated XP's also in future. They will have trouble in fixing their system. During that period they are harming the network experience of all of us. And they do have a significant effect, because of their huge amount. Finally they find a solution from firewalls or installing other OS's, such as Linux or OS/X !
If 50% of worlds PC's carry pirated XP and 10 % of those will end up in moving to Linux, we will have quite a boost for Linux ! I don't mind that..
If the Microsoft PR machine is smart they'll withhold security updates from pirated copies. Then they can blame the spread of viruses and worms on the evil software pirates who are running the insecure systems.
Restricting patches guarantees hackers a healthy number of drones to use in DDoS attacks, and runs counter to all the other efforts focused on getting users to keep their systems up to date.
Corporate versions are easy to find. I use one at work constantly. Although we have a valid license for every system (who knows when the BSA may come knocking), I keep it for upgrades to the systems or re-installs. Wasting my time for 1/2 hour to get a new registration number is just not productive.
Funny thing about that: although Microsoft claims that they will allow 2 (or 3??) automatic registrations over the 'net without calling, I have found that not to be the case. Since XP was released, reg process for win2k or office2k always reports server down or too busy and then I must call. I haven't gotten any flack from the flunkies passing out reg numbers, but the 1/2 hour wasted is a pain. Microsoft has forced me to pirate a copy of their software to use valid licenses.
Wow. All or nothin', eh?
Really. Given the choice between 90% of users being able to use the net, or 100% of users being unable to use the net, which do you choose?
It's perfectly reasonable to block certain types of packets during times of need. Is it desirable? No - but it's also not desirable to have worms, viruses, trojans, and other malware in the first place.
Get over it. Idealism on the 'net ended when it became a commercial entity. Now pragmatism is the rule of order.
If your ISP blocks ICMP during a ping storm (as the grandparent examples) in order to preserve some semblance of service, and you are offended by that, get another ISP.
And while you are getting over it, get real, too. Freenet is cool, but it's not going to save mankind, and not everybody in favor of pragmatic use of private resources is a fan of the Record Industry Association.
I have no problem with your religion until you decide it's reason to deprive others of the truth.
Yeah infected computers hurt others but most themselves. I don't give a damn if my neighbor's Windows XP is falling apart because
a) He either doesn't give a damn about security and hasn't updated OR uses an illegal copy which can't be updated
b) My own systems are well protected (or perhaps run Linux, etc.).
Microsoft has no obligation whatsoever to provide any freebies to folks with illegally copied (the P word - "pirated" - seems to be politically incorrect here at Slashdot) versions of Windows. People are not _supposed_ to use such software anyway - Linux and Mac have been viable long before 2001 (Windows XP), I don't see how anyone could have been "locked" into using an illegal copy of Windows XP.
I propose that Slashdotters who care buy Windows licenses for the underprivileged, the stingy, or the lazy (lazy to learn Linux). Or provide them with free migration (Win->Lin) service.
(Speaking of updates - if Windows updates should be free, why aren't Red Hat Enterprise Linux security updates free? That's even more critical because it's mostly servers than run this OS. So much for balanced reporting on Slashdot).
So: Would we treat somebody in a hospital because he caught an infectious disease while doing something illegal? Yes. Then, the same should be true for patches.
Yeah, but Microsoft is a corporation. Wise != Profitable.
Alas, this is only becuase of Microsoft's interesting position where security or safety flaws in their products never have any consequences whatsoever for Microsoft, only for Microsoft's customers. If only Microsoft were in some fashion accountable for the messes their products made on the internet, then acting wisely would be profitable...
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
And you are VERY wrong if you think that piracy will shrink their market share. I personally would be very happy if Microsoft stamped out EVERY pirate version, because their market share would be pretty small. Microsoft grew based on the piracy, and they know it. Now they are reaching the saturation point, and really only now have they started trying to make the pirates pay, because they are no longer contributing to the increase in profits, because the market share is so relatively high. They have known in the past that they can't stomp too hard or they would lose market share, but now they no longer care, and they can pull out the "the soul-stealing demonic copyright infringing people" (or pirates) sympathy/stupid-law-making card out.
I used to live in SE Asia. I have experience with the warez shops there. While I personally was running Linux (it took me over a week to download a set of Debian ISOs!), just about everything and everyone around me was running Warez. It's hard to find anyone in Viet Nam who can afford legitimate, licensed copies, and even harder to find anyone who sells them, unless you buy a new machine (Dell is there, IBM is there, I think HP is too) from a major foreign vendor.
The warez version of XP Pro for about a buck any software shop will install most XP patches, but will not install SP 1. SP 1 recognizes the key as bogus and refuses to install.
In any case, it hardly matters. People are on slow and unreliable dial-up connections. DSL is almost unknown. ISDN is not available at all, as far as I could tell. Hardly anyone has the bandwidth to actually patch their machines, and even fewer people have the knowledge or interest (even fewer than here). There are some really great programmers and admins in Viet Nam, but just like there, those highly knowledgeable people are a tiny minority. Most people with computers neither know nor care about anything like keeping them secure.
So even if MS made all patches available to warez versions of Windows, it would hardly matter in many parts of the world, because the people running them couldn't and/or wouldn't apply the patches anyway.
Comment removed based on user account deletion
Differences being
a) there's not only one company that makes seatbelts, and won't sell you any if you don't install them on every seat
b) you don't have to pay for 5 seatbelts if you get a 2-seater sports car
c) that seatbelts are mandated by government, not by some corporation that makes them but does not make cars
So actually it's nothing like it at all.
Who modded this flamebait tripe as "insightful"?
Perhaps you were ignorant of the fact, but:
- according to the Business Software Alliance.Quick solution: If, like me, you bought a laptop and had to pay for Windows XP Home Edition even though you subsequently installed Linux on it, you effectively have a "spare" licence key. Why not everyone who has such a licence key, pass it on to somebody with a pirated copy of XP? That way you get some use out of it {through the rest of the Internet being one machine more secure than it would have used to have been otherwise}, and the Windows user gets updates. You might even get a pint out of it!
Je fume. Tu fumes. Nous fûmes!
Many "pirates" can not afford to buy the music/software that they download.
(I'm not saying that this gives them any right to infringe on others' copyrights.
I'm just saying that the BSA's figures are exaggerated.)
Those who sacrifice security to condemn liberty deserve to repeat history or something. - Benjamin Santayana
Won't work... the keys on preinstalled windows are OEM keys. They won't work on a copy of windows that you install from a retail disk, or indeed, install at all. They only work with "restore discs" from your manufacturer.
You are actually forbidden to do that by the EULA.
Since I got my laptop with XP on, and clicked "I do not agree", reformatted and installed Slackware, I don't see what such an EULA has to do with me. I never agreed to the EULA, I never had any contact with Microsoft. The PC manufacturer gave me something I didn't want with the hardware, I had to spend time and effort cleaning it off the hard drive, and I'm giving away the last remnant unused.
Here's my unused key for Windows XP Home edition:
VQDYD-CBPCT-MR2JV-6WR9Y-Y6HX3
First come, first served!
> in fact I wish they would write code that makes illigimate versions of windows to not allow any virus scanner to run
> plus crash randomly.
And how would they differ from the regular versions, anyway?!
cheers.
``If a program can't rewrite its own code, what good is it?'' - Mel
You've never been to Asia, apparently. I've talked to several people who have been there, and they were just amazed. There are stores operating openly in malls there that carry NOTHING but pirated software and music. They say everything's a buck a disc. You want The Matrix DVD? $1. Microsoft Office? $1. A music CD? $1.
I've seen articles where they interviewed shop owners, and they just didn't understand what the problem was. They considered the *DISCS* to be the product, not the content, and said they didn't understand, they bought the discs for x, they sell them for x*2, they're doing nothing wrong, what's the problem?
Another friend said it's about the same in Russia, though less open. For about $15, you can buy a CD pack containing Windows, Office, and a selection of games and stuff. Even when someone has the legitimate software, they sometimes use the "pirate pack" because the pirates take the time to have the properly localized versions of everything already set up. I think the Russians know that what they're doing isn't considered "right" though.
Certainly there are big pirating operations everywhere, but in some countries, pirating is the norm, and nobody thinks twice about it.
"Copying a CD (software or music) for someone else to use is NOT fair use because you buy the right to fair use by buying the product in the first place. This scenario, therefore, falls within the legal control of the copyright holder to enforce."
Mostly correct, but my anal self must correct one detail here. Most of things you mentioned aren't even fair use. Their simply your rights. Ownership of a copyrighted work belongs to the public even while the copyright still exists.
THAT is why you have the right to do anything that wasn't explicitly put into the copyright holders hands when granted the copyright.
Copyright grants control over distribution, most of the examples you mentioned are "use" which copyright grants no control over because copying WITHOUT distributing anything is within your domain.
Fair use on the other hand is a set of circumstances under which you have the right to distribute a copyright'd work (or a portion thereof) despite the holder of the copyright. For example you may quote a copyrighted work in a research paper giving credit. Because of fair use you may distribute that research paper far and wide.
Your rights and fair use apply regardless of whether you've purchased the material or not, they apply if you have it. It's distributing that is copyright infringment, not using.
should users with pirated copies of Windows be allowed to download security updates?
My answer: No.
As much as I do not like the price of Windows (too high for what one gets for the money) you have to either try to restore competition in this particular market (which will lover the price of Windows to some real numbers) or change your demands and use something else (Mac, Linux, ...) or something else. It's maybe unfair there is no alternative producer of Windows but stealing does not make that better, quite contrary (helps Microsoft keep the monopoly while they have 90%+ market share also thanks to those users with illegal copies).
If users of illegal copies (they) get (with permission from Microsoft) those patches, they wont be stealing (patches) from Microsoft. But they will have screwed comparison tables "Windows vs. ProductX" in a way as "Windows are for free (0 monetary cost)". It will make them unwiling to switch (either to legal copy of Windows or legal copy of some other product be it free or commercial). Thus it'll help Microsoft to keep their unfairly acquired monopoly much longer and screw the market/economy/people/... much more. If Microsoft is going to give permissions to users of illegal copies of their products to use patches, I'll consider it anticompetitive and illegal move from them.
If [they] will be allowed to use those patches, market/economy/people may mistakenly see it as a move to the right direction (from security point of view) while the true right move - more OS diversity on desktop PCs - will be pushed away. Security will hurs, market/economy/people will hurt.
For sure, there will be short-range benefits in allowing [them] to use those patches, but in the long term I do not see it as good decision (good for market/economy/people).
hany
The question posed has striking similarities to the question of public healthcare. In the US, the EMTALA (Emergency Medical Treatment and Active Labor Act) requires hospitals and clinics to give life saving and stabilizing care to anyone, regardless of proof of insurance and/or ability to pay.
This is primarily a welfare service for the individual but has corporate benefits as well such as the reduction of communicable disease from those who would otherwise go untreated.
Without getting offtopic into the US healthcare system, I think the article brings up a similar point. If a software update is meant to benefit the end user only, in that it fixes or enables a new feature, that is one thing, but for the health of the public Internet, security patches that prevent malicious and communicable computer virii should be publicly available...by law.
It is more important to keep the Internet available to individuals, businesses, and research institutions as well as governments that rely upon it every day for communication and control of critical systems, than to ensure that a small percentage of the population is not illegally pirating software.
I only came here to do two things; kick some ass, and drink some beer...looks like we're almost out of beer.
I wiped the XP offering from this box too (with Debian). So here's my useless key for you to enjoy:
XVJW8-DB93F-2R2XD-XGB3D-3788D
To illustrate how crap things have become with preinstalled doze, my Sony didn't even come with a CD!
Well, I had a long rant and decided to just shorten it... the meaning of "Microsoft Tax" depends on WHEN you apply it. It used to be that all computers sold paid a royalty to MS wether or not they came with MSDOS. That was really what was known as the MS Tax.
Nowadays people use it to refer to the fact that you can't buy a major brand PC without Windows installed. Even IBM, at one point, who were competing with MS with OS/2, wouldn't sell you a computer without Windows. That had to do with the cliff pricing tactics MS used.
It's still hard to find a major brand you can buy "naked" or with an alternative OS. I know a bunch of idiots are going to respond about how that's not true, that you can buy a Dell, for example, with Linux - but I said it's "hard", not impossible. They do not make it easy.
Notebooks are the worst.
So often enough people who might run an alternative OS will buy a prebuilt system with Windows on it, even if they don't want it.
In other words, MS makes money off of almost every prebuilt PC sold (probably upwards of 99%). That's the MS tax.
Here's another one for you - let's say you bought a prebuilt computer with Windows XP. One day after the warranty expires, you spill coffee on it and fry it, and decide to just buy another PC - now you've bought two licenses of Windows XP but only use one. Yes, again, you CAN build your own PC or find a "naked" one somewhere, and then you can give MS all your private information over the phone, trying to explain you had to replace your computer all the while they think you are a pirate, but most people just buy the pre-built system and pay the "MS Tax".
Any geek can easily avoid it, though, and since most users of alternate OS' are geeks, I fail to see the big deal. Of course, if we hadn't fought it for years and years, you still wouldn't be able to buy a naked PC.
Stupid sexy Flanders.
In the 50's in Venezuela, we had a dictator called Marcos Perez Jimenez.
/me hopes Windows can reach that quality. It certainly has improved, but the user hasn't. Stupid people clicking all those .exe, .vbs and .pif files
When a tunnel was built in a city, he ordered the arquitects to stand in it, and ordered 10 tanks to drive slowly above the tunnel with the crew below to see if the tunnel would hold the weight.
I'm sure you can tell the quality of the work that was done here in that time.
Open Source Java Web Forum with LDAP authentication