Slashdot Mirror
Microsoft Changes Tune Again On SP2 Installs
KidHash writes "Following on from last months Slashdot story, it appears Microsoft has changed its tune with the BBC reporting that SP2 will not install on XP installations using the '20 most pirated product IDs.'"
What is ironic is that the people pirating the OS are tech savy enough to know that there are security holes they need to patch, as opposed to Grandma Millie who just wants to look at pictures of her grandkids on the intarweb gadget (or senior pr0n, you never know...)
stuff
Why not just have SP2 install and patch the system then report in ANY WAY POSSIBLE that this is a pirated copy of Window XP. Try and send information to MS identifying the end user if possible through the IP Address, login name, Dial-Up Networking IP account, address, and provider. Gather information from Microsoft Office as well, any Word or Excel Documents that have addresses in them send those to MS as well.
Place something in the Word/Office documents stating this user is using illegal copies of Windows XP or such when opened by a non-pirated user. Then let folks turn other folks in for a reward. Have other systems on the same MS Networking Browser elections realizes which other machines are pirated when the Browser Election process happens, then have those other machines tattle tale to MS about the pirated machines.
Heck, some folks may not even realize they have a pirate copy. When SP2 installs, they could have it prompt the user and tell them, "you're currently using an illegal copy of MS Windows XP, would you like to pay for a legal version at this time?" and still patch them, but inform them and give them a chance to buy a cheap copy of XP.
Fairly unrelated, but has anyone else noticed that it usually takes about 10 times longer for an XP service pack or update to install versus win2k?
This is based on observations doing windows updates on similar spec machines, 20+ win2k boxen and a few XP boxen.
Please help metamoderate.
Installing via service pack and integrated install has worked fine for me, and I haven't had to report any bugs since the couple betas.
My experience with it lately has been great. The popup and activex blockers in IE are a godsend. The firewall is painless, aside from the initial "do you want to allow this?" messages when opening a 3d game for the first time (blank screen for ~10sec in some of them).
I'd love to have an AMD64 cpu to test the NX support, it sounds like a great addition.
Not true really. Many people I know have been able to install SP1 with the infamous "FCK" key with a bit of reverse engineering. The people that will be most hurt are those users that apply the patch by those who don't. Pirated or not, the ones running the unpatched boxes don't know jack about computers and THOSE computers are the ones we have to pull off the internet.
It's not the pirates we have to worry about, it's those Technically ignorant people we should reach.
Be proactive about it, track those IP's the connect and try to contact them. Tell them what's up without telling them how to get a hold of you and TELL THEM TO FIX THEIR COMPUTER OR CALL SOMEONE WHO CAN!
That's what needs to be done. Vigilance about getting those darned patches onto peoples computers!
Okay here's the major weakness - after the machine chugged away processing the SP2 installation for approximately 45 minutes, it suddenly decided it couldn't find files that apparently existed.
This stuck the whole routine in a loop, and forced me to reboot, at which point, my XP installation was trashed and could not even be recognised by a Windows XP recovery CD.
Yeah this sucks, and beta software is unstable, but surely not THIS unstable?
Since installing SP2, I've found the most annoying thing is the box that pops up constantly when you need to reboot your machine - especially since it is set to "reboot" as default. So you'll be tapping along on xchat, hit enter to send a message, but at that point, the little reboot window has decided to maximise itself from the system tray as it will do approximately every 15 minutes. As you hit enter, rather than sending your message, you are confirming a reboot. 30 seconds later, everything's shut down - including the loss of unsaved documents..... Now does this really seem usable to you?
Add to that that most of the firewalls and virus checkers I have tested it with are not recognised by the new security tool (which is hardly a tool, as it does nothing more than show you if you have the software installed in the first place), and the fact that SP2 has made a clunky operating system even S-L-O-W-E-R, and I have to wonder exactly *why* it's taken so long for Microsoft to produce a poor firewall, a splash screen to show you whether you have a virus checker and firewall enabled, and an irritating popup to constantly remind you to reboot your machine after installing an update. *sigh*
Sunday you're Thinking Different, Monday you're a huge tool, paying too much and waiting to think like everyone else.
The next time you get 1000 spam messages with forged headers due to a unprotected machine, that cant be patched due to the key code, you will care.
This issue is not about the actual pirates, its the effect they have on the rest of us, and having Microsoft extend the patches to them only makes sense.
It doesn't take ANY extra effort, cost or time on the part of Microsoft to do this, and benefits paying customers.
---- Booth was a patriot ----
It's not as straightforward as you think. Microsft isn't just screwing that particular user -- they're screwing (virtually) everybody connected to the Net.
A case in point: even though there's a patch I have received hundreds of copies of Swen/Sobig. Now imagine that users of pirated XP installations can't get the patch. Imagine the chaos.
So by screwing that user, they're screwing me. Even though I HAVE DONE NOTHING WRONG. That's just not on.
Allergy advice: Contains eggs.
Not like it's hard to change keys anyway. I would have said screw it and let it be, because it's not liek those who copyright infringe on XP are techno dweebs. There'll be workarounds, depending on how exactly Microsoft tries to deny the SP2 update. Just like SP1 does exactly the same thing - switch keys and your gold again.
You can see Microsoft's sentiment, but exactly how many more copies of XP will they sell out of this move? None. It's a waste fo time on their behalf. How about they stop wasting time and get on with fixing the bugs and security holes that will still exist, even after this service pack.
Maybe do us all a favour and remove IE totally. Now THAT would be a worth while service pack.
Funny... I've tried SP2 (RC1) and really liked it. And I don't even use Windows (the installation was in my father-in-law's laptop).
:)
The RC1 does NOT include an AV (contrary to popular belief), but does recognize a bunch of AV vendors and is capable of verifying if the DB is up-to-date.
They now have a bunch of visible security measures (not counting the hidden ones like bugfixes and NX). It has the firewall enabled by default, and a "Security shield" or something like that in the systray and control panel. The damn thing is a PITA unless you have 3 things:
- All critical updates in place AND auto-updates enabled
- An up-to-date AV
- The firewall enabled
If all 3 are OK, the shield stays out of sight and doesn't bother you. Oh, and Windows Update is MUCH more intuitive. The updates to IE6 are minimal, but very useful:
- No ActiveX unless you allow it on a case-by-case basis (including WinUpdate, but that may be a bug)
- Options like "Always accept content from this provider" are now _hidden_ by default instead of being visible checkboxes in the installation dialogs. Users who push every checkbox and "OK" button in sight will now have to go an extra-step in order to blindly accept these things.
Remember: this is coming from a guy who does not use Windows; not for "philosophical" reasons, but simply because I do a lot of Unix-related work and like developing on my workstations and laptops. I also get more kicks out of using Linux or OSX.
That reminds me of one of the old 1980s Compaq ads with John Cleese. He was a stuffy uptight businessman who had just bought an IBM PC. When the narrator questioned him about his choice of computer vs. the cheaper and more capable Compaq system, he defiantly said:
"It was a sound decision...
Wrong, but sound."
(He did several Compaq ads back then; funny stuff. I wonder if they can be found anywhere on the net. His turtleneck-wearing Apple snob impression was another standout.)
I agree whole heartedly, and if I might add.. They've more chance of knitting fog.
That's the coolest damn phrase I've ever heard.
Learn something new.
And you'd be 100% correct if it weren't for the fact that Microsoft themselves have given us a set of instructions that allow one to change their XP activation code. There's even code there so you can write it as VBScript. When they first announced their activation system I thought that Windows XP would be a difficult program to pirate in such a way that it can't be differentiated from a valid install. Thanks to the handy instructions they've given us I've been proven wrong.
--Obyron
That has to suck... or maybe we're just smart enough to have our web browsers lie and say, we're running MSIE 6.01 WindowsXP, 1600x1200 24bit color.. eh? :)
XP is better as an emoticon anyways.
Here's teh offtopic part, and a shameless plug for a really awesome Window Manager. Try XPde out. It's really awesome at the look and feel of windows, especially when you want to move someone over to Linux without telling them.
Now I know that sounds evil, but hear this story out. My sister wanted me one day to fix her "slow" computer. Turns out that she has 100's of spyware, literally, running on her computer. Not to mention trojans and viruses. I did a backup of her documents, put them on a zip disk and virus scanned that on my comp, just to make sure. Then I installed Slackware Linux, and used XPde (quite successfully I might add) as the WM. Installed Gaim, OO.org, Mozilla, software firewall, gimp, and misc games (frozen bubble rocks!) Total install in just around 250mb. No crashes, no viruses, nothing and it's locked behind a NAT that allows no incoming/outgoing ports except what's specified for IM services and outbound httpd traffic.
She didn't know she was running linux for a few months until she went to install a program! (Insert WineX installation at this point. Went well too!)
My point. Most people dont care what they use, and if the conversion is successful (I do many like this, only with people I really *KNOW* and trust me), they'll learn to champion linux to people who are easily intimidated by "techies" and zealots who want to install linux for you because MS is "7!^3" (evil)
To summarize this success story by my sisters quote: "Windows SUCKS!, where's my cute penguin?"
----zoloto
In the end the legit users (even non-MS customers) will bear the brunt of Net attacks by compromised machines.
Microsoft doesn't care about the effects of their decisions on people who don't give them money, like 'pirates' and non-MS customers.
Furthermore, they only care about the effects of their decisions on people who do give them money, i.e. the legitimate users of their products, to the extent that they can keep getting those people to give them more money.
Microsoft have proven time and again that they can do just about whatever they want, and most of their customers will just roll over and take it in the ass, and still be loyal, paying customers. Software Assurance, anyone?
1) Microsoft's announcement that they were going to give SP2 away (even for pirated copies) hit the 6 o'clock news in my area.
2) Microsoft's announcement that they have changed their minds has not hit the 6 o'clock news, and the even-moderately-interested public will probably just assume (1), above.
3) Microsoft can now try to curb piracy of their products while people still assume that they're angels (due to (1), above), and even more importantly, blame the spread of worms on pirated copies.
advantage: good Microsoft PR.
It probably won't really do anything except make the pirates seek out an alternate serial number. Frankly, I wish they'd ban all pirated copies from downloading service packs... Then, more people would look for an alternative operating system. Microsoft is too smart for that though. They know that a lot of these people help sustain their platform (believe it or not) by making the userbase even larger.
I really can't tell what they are trying to prove by this. Maybe they are just experimenting with a limited number of people to see what the outcome will be.
They can pretend that they hate piracy of their products, but they hate OSS/Free software even more. Locking out non-payers would probably just hurt them more than help them, causing a lot of people to defect to Linux and Macs.
What is most ironic about this is that the people pirating XP are tech savy enough to know how to locate these restrictions in a hex editor and distribute their own service pack with them disabled. So in the end, the only ones losing out here are the people who bought a computer form someone and pirated XP unknowingly.
I'm not even sure it's a good self-serving decision, let alone a good business decision.
A good business decision makes you more money and it improves other aspects of your business, including your standing in the community.
I don't see ignoring the persisting problems of unpatched OS installations as reflecting a particularly community-oriented attitude on Microsoft's part.
Allowing pirated copies to take SP2 would say "We ackknowledge our products are widespread and problems with them create problems for the internet community as a whole. We don't thing that Microsoft is specifically responsible for pirated copies of our product, but in the spirit of cleaning up security problems as a top priority, we've made this patch universal."
1) Buy a legal copy of XP and actually pay for the support you deserve. You can get cut rates from mose vendors IF you buy some hardware (for example, new hard drive, or new RAM stick) with it.
2) Use one of the multitude of product key changers available (I'm not telling) like what happened when SP1 came out.
3) Use Windows 2000 instead - everything designed for XP so far works fine on Win2K Service Pack 4, though you will need IE6 among other free add-ons to get some functionality included in XP. If you're cheap, go talk to the guy you got XP from.
4) If you really insist on using a non-service-packed XP, then go buy some third-party security (hardware firewall, anti-virus software) like you used to do with your pirated copy of Win98.
Take responsibility for your own computer security, already, or pay someone to do it for you. Stop whining about how Microsoft is deliberately and maliciosly denying you support you don't deserve because you didn't pay for it. Or do the legwork and get Linux and learn how to use it.
As for Microsoft being "irresponsible," sorry. Users have to choose to be irresponsible. You don't have to use that pirated copy of XP.
Use Evolution instead of Outlook? Bewa
The problem for Microsoft is that their desktop OS market share has only 1 way to go from here, and that's downwards, which is going to freak out stock analysts, and give them a lot of bad press. They can't compete with Linux on price, and the days of competing in usability are numbered. All they will soon have to compete on is public opinios, and in this arena, they have the benefit of a practically infinite publicity budget vs Linux's zero budget.
This anti-piracy move is going to force at least *some* of the people who won't pay for an OS to switch platform away from pirated XP straight into the arms of Linux - of course people in the know realise this won't be a large number, because codes 21 onwards will take 99% of the switchers, but it's enough for their FUD PR purposes.
I'm guessing MS are doing this as a preemptive move so that when analysts point to their declinig share of the market and Linux's rise, they can blame it *all* on pirates switching platforms and claim that it's not going to translate to a loss of revenue. They will probably be branding Linux as 'the pirate's OS' pretty soon.
A pizza of radius z and thickness a has a volume of pi z z a
What has changed since MS introduced its most secure OS? Now viruses are mainly written to attack XPs. 95/98 users are minority today. Maybe you'd feel safer using 98 now because it is no longer hacker's main interest for massive virus attack.
MS has blamed users for not installing patches for the last ten years or so. Virus writers are taking more proactive approach with their virus to alter Windows boxes than merely asking users to install patches every week or so. Why don't MS make vaccines that automatically install patches before malicious virus spreads out? They should take advantage of vulnerabilities of their own OS and lead "infected" computers to install patches. Otherwise there is no cure for Windows virus. MS has always been behind hackers. It is lame.
Redhat will not let you patch your Enterprise Linux system unless your subscription fee is current.
Why does no one complain about this?
Microsoft should just go back to the C64 days of 'What is the third word of the fifth paragraph on the fifteenth page of your EULA?'
My favorite was the decoder wheel that came with Bard's Tale III. Can you imaging having to use that every time you booted up or opened a Word document?
(S(SKK)(SKK))(S(SKK)(SKK))
Well, what do I know - - I run a small network. But with Windows 2000 Pro on the desktops, 2000 Server and Linux in the back office, and an enterprise license for Norton AntiVirus Corporate, we keep 250 or so machines clean and updated. We run the free MS SUS for updates, by the way. Not a bad little system - - we set up Active Directory to force clients to hit our SUS server once a week, and have another method of shooting out emergency patches rapidly if we need to. XP seems to be another black eye for MS - - I don't know any admins who have been pleased with upgrades from Win2k to XP. Thank Zeus we didn't buy Software Assurance and feel compelled to "get our money's worth" by moving to this pretty, but deeply flawed piece of work from Redmond. Reminds me of the Windows Me fiasco - - it was all about needing profits, had nothing to do with improving the product line. XP is another one for the "Bob" file.
It's only funny until someone gets hurt. Then, it's hilarious.
Pirates = "I want my Windows XP"
MS = "I want your money"
MS could easily charge a few bucks per patch or charge another fifty bucks or so per service pack so that our friends that are using extended demos can keep their OS up2date (hint hint)while continuing to *ahem* try out the operating system. Over a few years MS would easily recover the cost of the pirated copy, the pirate wouldn't have to be a test person for new viruses with old exploits and it would enhance the security for the net as a whole.
The problem with MS is that they HAVEN'T adopted the cell phone or razor blade model of business. Let's face it. If the OS were REALLY inexpensive then they could reasonably charge for services outside of the OS such as service packs or feature upgrades. Red Hat, IBM, Apple, they all do it and are profitable.
I can't imagine it would require more "time, effort and resources" to not block the twenty most pirated product IDs (apart from perhaps some extra bandwidth costs for the service pack downloads), not to mention the disservice to other computers users (as other posters have commented on a length).
This is not about Microsoft "doing what's best for business" (since it's not like the pirates are going to go out buy windows as soon as they find they cannot install SP2), it's about Microsoft arrogantly coming down on pirates (in a totally impotent fashion) to the detriment of anyone who uses the internet.
This is a baffling approach to furthing their trusted computing platform. Why would you trust a product that isn't secure across the board? An even greater mystery is the fact that Microsoft appears to be ignoring the importance of the network effect.
One of the reasons Microsft software is so popular is because Microsoft software is so popular. In order to business, you need something that can read/write MS Office files because that's what people are going to send you. That's why Microsoft is so hung up on their proprietary file formats, because they keep people buying MS Office. Once MS Office files reached the tipping point, MS saw sales skyrocket.
The same ideas apply to network security, if there area few hosts unpatched due to ignorance they may avoid losing public trust. To do something that actively prevents people from patching their hosts, they increase the number of worms on the network. This increases the chances that Microsoft will be perceived as insecure and can only affect them negatively.
Do they really think pirates will say "Oh no, I've downloaded a possibly virus infected OS from an unknown source, and now you're saying I won't get security updates? Please take my money!"
Why can't I moderate something "Wrong" or at least "Grossly Misinformed"?
Well yes and no. It costs ISPs and businesses loads to deal with compromised PCs.
Ultimately you will probably receive more spam due to this decision.
The best thing they could have done is neuter the network connectivity when applying SP2 if the OS is pirated.
If they know what they're doing, Microsoft will deploy some sort of an exploit of the bugs that SP2 would fix.
Said exploit can be some form of a 'phone home' service, that reports the illegal copies of Windows to the SPA and appropriate agencies for license enforcement.
I'm not saying it would be a good thing, but it's very feasible and it would shake things up a bit in the Warez world.
resigned
This defection is very real phenomenon. I have moved from Windows to Linux in order to leave the pay for upgrade march. Now, instead of having to purchase the newest copy of the windows os, office apps, etc, etc. I simply [code]emerge -u world [/code] This simple solution is cheap, efficient, and does not support an ongoing monopoly. In addition, when problems or questions occur there is a friendly, free community of users willing to help out.
Here in mexico, piracy is a major concern... everybody uses a pirate copy of windows, nobody ever thinks about paying for a copy, it's not an option.
Microsoft did the same thing with SP1, everybody downloaded a crack from cracks.am and changed windows' serial, SP1's restriction was bypassed, I 'm sure microsoft hardcoded most (if not all) all those serials, but I bet a new batch of serials will come.
The solution is not "punishing" the market or whatever (can't find the right word), the solution would be lowering the prices, it's not like they NEED the liceses to be so expensive, is it?
In the mean time, Mexico (for one) will continue the piracy practices.
Fortunatelly I dont need it, I own the windose version that came installed in my notebook, and I use linux 99% of the time anyway.
Cheers