Slashdot Mirror
Microsoft Security Updates for Pirated Windows?
zachlipton writes "DSL Reports has an interesting question posted: should users with pirated copies of Windows be allowed to download security updates, such as for Sasser? Apparently, without a valid CD key, users cannot download these updates. Do they get what they deserve, or should they be allowed these updates through Windows Update in order to reduce the impact of these worms on the rest of the net? Should security updates only for worms be made available to pirated users, or also updates for issues that while not posing a risk to other internet users, would open the pirate up to a security hole?"
Pirates should get updates as much as they get support from any other product they stole: Zero.
Want software without paying for it? Use Free Software. Theres heaps of it.
If they can pirate the operating system, why can't they just pirate the patches too?
Hear recorded Slashdot headlines on your phone! New service beta testing. Just call (248) 434-5508
Bull. I update my pirate copies of XP all of the time.
I've seen several "corporate" XP cds floating around, as well as some beta versions which contain all XP functionality once patched through Windows Update.
Microsoft disables some CD keys already which are known to be pirated, but I wonder how many valid corporate group cd key installations there are which have been pirated. In that case, it really wouldn't be feasible for MS to disable that cd key, as it would disable that entire company, etc.
"Sed Quis Custodiet Ipsos Custodes?" -Juvenal
It is fundamentally a companies sole responsibility to ensure that any flaws within its products are fixed. By using their own mistakes as a punishment for people who pirate that are propagating flawed copies of their software. Microsoft should allow any user of their products regardless of if they have a right to it to have updates. They can fight piracy in more responsible and effective ways, for there are other people who use the network.
Why should it have to pay for the bandwidth to support pirated copies? There is no benefit to them.
Most if not all infected Sasser users around here had legit but hadn't bothered to update. Real crackers use the corporate version of Windows that apparently doesn't require a CD key for updates.
Trollem mirabilem hanc subnotationis exigiutas non caperet
Maybe it's something you could get used to.
Frank: Hey Bob, could I burn a CD on your computer?
Bob: Yeah sure.
Frank: Uhh. It says it's going to shut down in 60 seconds.
Bob: Yep. Gotta work fast.
We need to create an environment where piracy is looked down upon, not encouraged. Giving them updates is simply encouraging pirate behavior.
If an infected machine becomes such a problem that they're affecting other people, ISP's should simply revoke a users access until they upgrade to the latest patches and remove the virus. A pirated version of Windows wouldn't be able to get the updates and therefore would probably keep on getting the virus, costing them a great deal of inconvience every time their internet is shut off. Not to mention the knowledge that thier machine is going to be swamped with viruses and that their computer will be completely insecure.
The best way to get rid of pirates is to make the cost of pirating greater than the cost of buying the software (or finding a legit alternative).
Although if your smart enough to pirate windows
A great deal of windows piracy is by people who have absolutely no idea what they're doing. Other people do the pirating for them, and they just use the OS the same as if they had bought it.
"as if nothing were solid...and that would be the end of the world, not fire and brimstone, but goo."--Rand
The simple answer is yes.
For the common good of the internet, as well as for the sake of protecting Microsoft's already spotty image, they should be allowed to download hotfixes... after all, they wouldn't need them if Micrsoft had done it right in the first place.
The corporate answer is no.
They didn't pay for the software and are therefore ineligible for updates.
My opinion?
For the common good, Windows should go away. But until then, everyone running it, legally or not, needs to have access to emergency patches and fixes.
-- This sig for rent.
On the one hand there is piracy. Even if you say it's an advantage for Microsoft because of more dependency, the truth is that it isn't what they want people doing with their product, and it is illegal. If you want the support you should fork over for the product; after all Windows is about as Not-Free-Software as you can get. Perhaps if it wasn't such as widespread, costs to cover piracy would come down, and Windows would be cheaper and thus more easily availible. A rock and a hard place, people will need to buy before they can afford, and the numbers on actual piracy are way out of the realm of possible statistical analysis.
That being said, not getting security updates can cause problems for the Internet as a whole, not to mention for valid Windows users as pirate machines which can't be patched propigate viruses. That is more than just a problem for the people with bootleg'd copies themselves, that causes network congestion and performance problems for valid users as well. I know my Apache logs are still crammed with exploit attempts...
It's a question of responsibility vs. assisting lawbreakers. My (personal, humble) opinion is that Microsoft should allow security patches to all copies of Windows as it defeats expliots and worms/virii much quicker, but as for feature upgrades and bug fixes which are not a security issue, Microsoft should withold those unless the user has a valid serial key. True seriousness about security means defeating the problem for more than just customers, it means providing a better enviroment for everyone. This, I believe, is the root of the problem in the Microsoft attitude, and it's kind of sad that the largest software company on Earth can't see far enough past their bottom line to make such a move.
No one is (or should) ask them to give away anything more than saftey.
CAn'T CompreHend SARcaSm?
It is called the Microsoft Baseline security analyzer. It will tell you which updates you need to get and even point you to the security bulletin page to download it
did you forget to take your meds?
They can be nasty, but what can you do? If you're administering Windows machines on a network, you can't really decide not to update them (at least not without a lot of trouble). Yes, I'd love to get rid of Windows entirely, but unfortunately it isn't my call.
I really think it should be illegal for them to change your license in an update anyhow. I mean, do the warranty conditions on your car suddenly change drastically when they replace parts in a recall? I'm sure some of you can come up with better analogies.
They are basically forcing their users to change the licensing deal well after the initial agreement and purchase. But aren't we paying for the license to use the software in the first place (as the EULAs themselves make clear). How can they change the terms of that license after we've already paid for it? I suppose that is in the EULA somewhere too though.
So basically we pay for a license giving us the right to use their software. And that license may change at any time at their discretion. Especially if the product is faulty and needs an update.
Considering the cost of the software, the relative functionality compared to alternatives, and these licensing terms, I have to wonder why is it so many people buy this stuff again?
If they key started with FCKGW then it is considered "Invalid". There were a few other keys that were considered Invalid too. Attempting to install SP1 with one of these keys would pop up a message saying that there's a license problem.
FCKGW-... being they key that was commonly distributed with the first major pirate release of XP (Devil's own).
How, excatly speaking, can an ISP know which app generated which packet in a remote machine ?
And ISP-level port blocking is the foulest evil an ISP can commit, far worse than asymmetric connections or hidden monthly usage limits. Port blocking prevents your computer from being used as anything except a simple surf station; even some FTP sites refuse to work. There is absolutely no justification for this.
Internet was designed to be a P2P network. Do not break it. Especially just because some people insist on using computers without bothering to learn to maintain them (or hiring someone else to do so).
Yes, it's so simple and straightforward to tell a good packet from a bad. All it requires... is checking the evil bit !
An ISP is just a traffick carrier. In no way, shape or form, should they be responsible for the actions of their users. If they are, it will be an additional incentive for them to block all the ports from incoming connections, reducing the value of Internet for all and making interesting and important applications like Freenet impossible. But even if they block all the incoming ports, it still won't stop the worms from spreading (by e-mail), it will simply give them an excuse for the Courts ("Hey, we did our best !"). All pain, no gain.
As this is self-obvious, I must ask: Are you a RIAA mole, trying to destroy the P2P networks ? Or are you a government mole, trying to destroy the capacity of Internet for applications like Freenet ? Or are you just a particularly clever troll who got modded insightfull by a not-so-clever moderator ?
Inquiring minds want to know ?-)
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
Irrelevant. Once SP2 final is out, a new keychanger will be around within a day or two. Nobody is just bothering with it right now because MS could just block the volume keys in the next build.
(And obiviously a new corporate edition of WinXP+SP2 with working volume license key will be out - probably even faster than the SP2 installer)
But way too many warez windows user is *still* using the first Devils0wn release with a blacklisted key. No SP1 for j00. Perfect host for all kinds of viral stuff...
Even MS knows it cannot prevent it completely, but by making it hard for the joe average user they are selling new licenses. Like when a joe sixpack goes 'updates don't work *again*? And if I don't update, my comp will be hosed this time next week? I need to bother my brother's kid again and let him to mess up my computer while installing some new warez version? BAH I go buy original.'
This happens pretty damn often - I work at PC repairs and when we get warez windows PC which is unpatched, we clearly say that either you buy a windows license, or all of the non-hardware problems you have are yours. We won't touch it. Certain age group tends to take their PC back and either live with the problems or get the new warez version, but those who don't care if it costs 100$ for an OEM WinXP tend to fork out money and ask us to fix the damn thing for good. They have used a pirated copy earlier because they felt that the 100$ was 'wasted money' - pirated copy worked just as fine. As soon as it suddenly doesn't work just as fine, they see value in tossing the 100$ at MS.
I'm not exactly 'part of the warez scene' either, but I was easiy able to find corporate editions of XP, win2k, office, and so on, via p2p networks. Valid serial numbers that still allow windows updates are even easier to find.
I quite frequently use them when I have to reinstall friends computers, because even though they already have an OEM copy of XP home it's tedious going through the activation process for Windows, Office, and whatever other crap got bundled with the computer. They paid for windows with the computer, they get windows. I don't have any ethical problem with it.
MS has an obligation to ensure that their products do not cause harm to others according to nearly ever product safety law in the world. If you steal a Ford pickup and it needs a recall and you kill someone as a result of the defect, Ford won't be let off the hook.
One of these days Microsoft is going to get nailed by a "innocent third party" law suit and then the avalanche of law suits will start.
I'll consider it a serious problem when I wake up outside Microsoft's headquarters missing a kidney or other nonvital organs.
A EULA is not as binding as a contract is. They can say whatever they want, but they're limited in what can actually be enforced. They can make you stop using the software, and not too much more.
And they won't want you to stop using Windows, because then you'll have to use something else.
If the Microsoft PR machine is smart they'll withhold security updates from pirated copies. Then they can blame the spread of viruses and worms on the evil software pirates who are running the insecure systems.
Corporate versions are easy to find. I use one at work constantly. Although we have a valid license for every system (who knows when the BSA may come knocking), I keep it for upgrades to the systems or re-installs. Wasting my time for 1/2 hour to get a new registration number is just not productive.
Funny thing about that: although Microsoft claims that they will allow 2 (or 3??) automatic registrations over the 'net without calling, I have found that not to be the case. Since XP was released, reg process for win2k or office2k always reports server down or too busy and then I must call. I haven't gotten any flack from the flunkies passing out reg numbers, but the 1/2 hour wasted is a pain. Microsoft has forced me to pirate a copy of their software to use valid licenses.
if MS made a genuine attempt to stop piracy it would be the beginning of their end.
This reminds me of the immortal words of Steve Ballmer:
"I'd rather have someone using a pirated copy of my software instead of a legitimate copy of someone else's."
And you are VERY wrong if you think that piracy will shrink their market share. I personally would be very happy if Microsoft stamped out EVERY pirate version, because their market share would be pretty small. Microsoft grew based on the piracy, and they know it. Now they are reaching the saturation point, and really only now have they started trying to make the pirates pay, because they are no longer contributing to the increase in profits, because the market share is so relatively high. They have known in the past that they can't stomp too hard or they would lose market share, but now they no longer care, and they can pull out the "the soul-stealing demonic copyright infringing people" (or pirates) sympathy/stupid-law-making card out.
I used to live in SE Asia. I have experience with the warez shops there. While I personally was running Linux (it took me over a week to download a set of Debian ISOs!), just about everything and everyone around me was running Warez. It's hard to find anyone in Viet Nam who can afford legitimate, licensed copies, and even harder to find anyone who sells them, unless you buy a new machine (Dell is there, IBM is there, I think HP is too) from a major foreign vendor.
The warez version of XP Pro for about a buck any software shop will install most XP patches, but will not install SP 1. SP 1 recognizes the key as bogus and refuses to install.
In any case, it hardly matters. People are on slow and unreliable dial-up connections. DSL is almost unknown. ISDN is not available at all, as far as I could tell. Hardly anyone has the bandwidth to actually patch their machines, and even fewer people have the knowledge or interest (even fewer than here). There are some really great programmers and admins in Viet Nam, but just like there, those highly knowledgeable people are a tiny minority. Most people with computers neither know nor care about anything like keeping them secure.
So even if MS made all patches available to warez versions of Windows, it would hardly matter in many parts of the world, because the people running them couldn't and/or wouldn't apply the patches anyway.
Comment removed based on user account deletion
Who modded this flamebait tripe as "insightful"?
Perhaps you were ignorant of the fact, but:
- according to the Business Software Alliance.Many "pirates" can not afford to buy the music/software that they download.
(I'm not saying that this gives them any right to infringe on others' copyrights.
I'm just saying that the BSA's figures are exaggerated.)
Those who sacrifice security to condemn liberty deserve to repeat history or something. - Benjamin Santayana
You are actually forbidden to do that by the EULA.
Since I got my laptop with XP on, and clicked "I do not agree", reformatted and installed Slackware, I don't see what such an EULA has to do with me. I never agreed to the EULA, I never had any contact with Microsoft. The PC manufacturer gave me something I didn't want with the hardware, I had to spend time and effort cleaning it off the hard drive, and I'm giving away the last remnant unused.
Here's my unused key for Windows XP Home edition:
VQDYD-CBPCT-MR2JV-6WR9Y-Y6HX3
First come, first served!
The question posed has striking similarities to the question of public healthcare. In the US, the EMTALA (Emergency Medical Treatment and Active Labor Act) requires hospitals and clinics to give life saving and stabilizing care to anyone, regardless of proof of insurance and/or ability to pay.
This is primarily a welfare service for the individual but has corporate benefits as well such as the reduction of communicable disease from those who would otherwise go untreated.
Without getting offtopic into the US healthcare system, I think the article brings up a similar point. If a software update is meant to benefit the end user only, in that it fixes or enables a new feature, that is one thing, but for the health of the public Internet, security patches that prevent malicious and communicable computer virii should be publicly available...by law.
It is more important to keep the Internet available to individuals, businesses, and research institutions as well as governments that rely upon it every day for communication and control of critical systems, than to ensure that a small percentage of the population is not illegally pirating software.
I only came here to do two things; kick some ass, and drink some beer...looks like we're almost out of beer.
I wiped the XP offering from this box too (with Debian). So here's my useless key for you to enjoy:
XVJW8-DB93F-2R2XD-XGB3D-3788D
To illustrate how crap things have become with preinstalled doze, my Sony didn't even come with a CD!