Slashdot Mirror
Is That Pirated Software?
underpar writes "According to this ZDNet.com article, Microsoft 'has launched a pilot program in which some visitors to the main Windows download page are being asked to let the software maker check to see whether their copy of the operating system is licensed.' The check is not required, but after the desired 20,000 users go through the program they might change their tune."
I just walked past a copy of WinXP Home Edition in a "Bargain Bin" at Costco, on sale for $299 CAD... so who are the pirates? Linux is free. I could see maybe $99 or something, but it's overpriced and bug ridden. So if you want to know why people are not paying Microsoft, it's a no-brainer. If it's overpriced, loaded with bugs and unstable in any way, paying for it seems like shooting yourself in the foot. Every time XP shows the blue screen of death, I get buyer's remorse.
The dangers of knowledge trigger emotional distress in human beings.
Who are these people? Being a freelance computer tech (and knowing many others in my trade), I know exactly who these folks are. They're the ones who got a particularly good deal when buying a home-made computer from someone's garage... or, more likely, those who had an OEM copy installed with their retail computer, messed it up dreadfully, and whoever worked on it decided to forego using the "restore disks" (which are often missing, since many people have no idea what they're for, and which are generally dreadfully broken in the first place) and install a questionable copy of XP. I've faced this dillema myself, before, but I always opt to try to fix the existing installation, or inform the customer that their decision to visit every gambling and porn site under the sun necessitates that they buy a new copy of Windows.
These are the folks who can often be genuinely uncertain whether their copy of Windows is legitimate. These are the folks who click "OK" on everything anyway. The question is what they have to gain from this knowledge, and, more importantly, what Microsoft has to gain.
What information can Microsoft harvest, exactly? They surely know how widespread these practices are; after all, they practically encourage them with their cutthroat OEM policies. Also, they insist (at least according to the article) that they won't treat those with an unlicensed copy any differently from those with a legitimate one. My guess, among other things, is they'll start harvesting illegitimate license codes (like they have in the past... FCKGW anyone?) and perhaps block them a year in advance.
So they'll probably use this to keep pirated windows boxes from downloading windows updates... so what? You can have microsoft send you a CD with the latest patches on it for free. Granted, it takes a little longer than a 1-20 minute download, but it's still a viable solution for those of you with the urge to use pirated software.
"The object of war is not to die for your country, but to make the other bastard die for his." - Patton
Those whose copies are found not to be genuine will be encouraged to go back to the company from whom they bought the PC or software upgrade. They'll also be given other information on obtaining genuine software before being allowed to download whatever software they were seeking. In its current form, the program offers no particular benefit for those who are running licensed software.
oooooh, i'm shaking in my pirate boots!
Marge, get me your address book, 4 beers, and my conversation hat.
then what's the point....What's scary is that someday they'll lock the pirates out of patches...Leads to two scenarios -
:)
1.) Increase of unpatched, demon, zombie PCs
or
2.) Linux Migration!
You could probably piss a hell off a lot of people, who as TFA states "namely, people who bought a computer that they thought had a legitimate copy of Windows." You're gonna force them into buying a new copy?
And that still doesn't get around ordering a patch cd in the mail.
-thewldisntenuff
My MythTV HowTo
...will it find all your stolen SCO code?
Sheesh, evil *and* a jerk. -- Jade
So once again the ones that Microsoft leaves in the cold are the unwitting consumers who had their grandson install it for them.
You mean they haven't been doing this since the birth of ActiveX anyway?
Well well well, you learn something new everyday, my respect-o-meter for Microsoft has just gone up a tiny fraction.
Oh, wait, they're doing it now, back down it goes...
FGD 135
If the user is running a VLK edition of Windows with a CD-Key other than the FCKGW one - or with the 640 PID, depending one how stringent they're being - how do Microsoft know that it's a priated copy?
OK, so activation cracked copies will be fairly easy to ID, but if you've got a corporate copy (which most pirated releases are anyway) and a valid key there's no way to tell, surely.
I fail to see how asking me if Microsoft can snoop around in my PC is going to give me a "better experience". It will be a worse experience, if for no other reason than having the experience interrupted to ask the privacy-invading question.
This is one of those glorious ideas that look great on paper and have absolutely no effect on piracy.
There was a time when Microsoft began blocking SP1 downloads for WinXP for users using one of a list of very common keys. I suppose it may have prevented a few people from downloading the service pack, but the vast majority of users who were using these keys either found a hack to change their key to something randomly generated, or simply downloaded the service pack elsewhere.
Go back a little further and try to remember the furore over the required online or phone registration of new WinXP installs. For the poeple who do not desire to pay for their operating system, this was a similar inconvenience. Easily circumvented, but an annoyance to legitimate users.
The music industry implements protection so weak that it can be circumvented by pressing the 'shift' key, but breaks CDs for legitimate users. Nobody who wants an illegal track or two is deterred by this. If they can't get the music off the CD they'll just go to a P2P network and download it from there.
Time and time again we see media providers and software companies implement these rediculous attempts to spite casual pirates. The only people they ever end up bothering are there own customers, and in the rare case there is a backlash and their sales are hurt by their own arrogance, who do they blame? Pirates, of course.
I want the fire back.
Why did they release the XP "corporate" verstion which allows installation of XP without teh required online registration?
It's apparently worked quite well to protect Citrix and MS Terminal Server from being used.
I believe MS likes having everyone use Windows, whether it's paid for or not.
What are people going to do, if they can't get Windows pirated? Buy it? Nope.
Build your own energy sources from scratch. http://otherpower.com/
I bet microsoft is watching IP addresses. If they see you turn around and leave when confronted they make a note. If they see a cluster from some company then the BSA will get a phone call. Obviously no one with pirated software and a brain is going to let them search. But of course it might uncover some cases of "shared" software between several computers.
Some drink at the fountain of knowledge. Others just gargle.
..is windows piracy. If it WAS cheap enough, people would pop for the Cd and install it.
I got some nifty proof, too, a similar large company gives away it's disks, and has for years now-AOL. They afford it on the margin of a certain small (but still over-all large) segement of the population who will install their software and sign up for net service.
Microsoft could sell the OS on a disk for ten dollars or something like that, and charge another ten a year (something cheap) for updates, and still be billionaires.. Most folks would buy the disk and the legit key then. Note I said most, not all, but I think most would buy it, at least in western/industrialised nations with a decent enough median income.
Their price is not only ridiculous, it's outright scandalous. It's an affront to anyone who's thinking. If their products didn't come pre-installed on new computers, there's no way in heckfire they would sell for what they are asking. Keeping it as a "stealth" product via bundling and collusion with the vendors has been the ticket to their success, off the shelf sales are most likely no where's near where they make most of their money, at least with the base OS. 95 and 98 people were standing in line to get, by ME it slowed down, 2000 hit the doldrums, and XP although on maybe 1/2 the active boxes on the net came mostly with new machines when folks upgraded hardware. It's just lost any "new/shiny/gotta haveit" appeal, because we are 20 years into mass computer adoption now, 10 in a large way. People just aren't as gullible any longer. They'll upgrade with a new box, and that's it, as long as MS lives in delusion land where a simple computer OS is somehow "worth" well over a hundred dollars heading to 200$. Not happening when an entire new computer can be had for not much more than that..
IMO anyway-anyones MMV of course
You won't generally get a bluescreen in XP because, by default, XP will reboot immediately when it encounters a blue screen condition. (See Control Panel | System | Startup and Recovery -- Automatic Restart).
(I leave my PC on 24/7 and only discovered this when I would return home and my PC was magically back at a fresh reboot state. For a while I thought I had a hardware problem because if Windows had crashed I would've seen a blue screen halt, right?)
While I get fewer blue screens then I did with 98, I get MORE blue screens than I did with Windows 2k.
Simple, I don't want to be part of their license tracking system. Win2k didn't require activation but XP does.
The computer is mine, I bought the components and built it with my own hands. Those bastards can get stuffed. I'll run Win2k until it isn't useful as a dual boot solution for playing games. Hopefully by then Cedega will be good enough to play everything i'm interested in playing.
MS-DOS wouldn't have become as popular as it was, and Windows in its turn, if they weren't allowing rampant piracy via lack of copy protection and winking at the pirates. This hypocritical attempt to maximize profits is a bunch of bullshit and will ultimately result in Microsoft's downfall once they piss off the wrong entity. They may have done so already.
Anyone who thinks Microsoft is justified in the measures they are taking at this point is either a total shill or ignorant of history.
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
1. They have a right to deny service to the folks who have pirated copies.
2. If you have a legitimate copy you have nothing to worry about.
3. If you have a pirated copy and have nothing against Microsoft go buy a legal one NOW.
4. If you have a pirated copy and are against Microsoft, then STOP USING WINDOWS instead of whining that it's overpriced, bug-ridden and poorly designed. There are at least TWO alternatives right now (MacOS X, and Linux), so there should no longer be any excuses.
I run a part time business selling computers (approx. 10 a week) and it's a rare event that I sell a computer to a private user with an operating system.
People do not enjoy using pirated copies. Especially when it's a pain in the ass or a worry, like getting service packs, etc. They do so because for them to buy legit copies of Windows would simply be too damn expensive. The cheapest I can do WinXP Home OEM edition for is around $150 Canadian, which is simply too much. Even $100 Canadian would be a stretch, frankly. Your average Joe would be satisfied buying an OS if it didn't exceed ~$75 Canadian. I'm not basing this off any direct studies, just my personal observations, but if WinXP was priced around there, I think I would sell FAR more copies.
Different demographics are all obviously different too. As a computer engineering student, I'd be surprised if any significant number of my colleagues were using legit copies of WinXP. Those who are, are usually doing so because it came with their laptops. MS will give us absurd discounts on Visual Studio, etc., but we're left to spend the big bucks on an OS?
Sure, analyzing the pricing on an OS may be a bit naive of me. But different demographics are willing to spend drastically different amounts of money on an operating system. When someone wants to buy a ~$400 system, it's hard to tell them that the OS will cost $150. Then I might turn around and build a system for someone else that costs 10x as much and they don't think twice to get me to toss it on there.
Here's an idea that's a real long shot. Suppose a motherboard manufacturer were to design a motherboard which is targeted for low end, budget users. It is somehow crippled so that it can't be used with the more expensive hardware, but it also comes with a rebate form or some sort of discount on WinXP Home. It would be a modified OS to run only on the motherboard it was shipped with or intended for use with, and the motherboard is set up so that it would be adequate for budget users but not for high end enthusiasts. It would encourage the low end users to purchase Windows instead of pirating it, and allow Microsoft to keep higher prices for the rest of the market. I see the potential flaws in my little scheme, but it's something to think about.
The site says my fake volume license key is legit. The people they're catching are the ones that got screwed by shady computer stores that slapped a computer together with an unlicensed copy of XP and give the customer a burned CD. If it makes anyone feel better I have 5 NFR copies of XP Pro that have never been used.
The problem is that most hackers are rabid about Linux because it's phenonmentally powerful if you code a bit.
They don't understand why the average Joe doesn't get excited about Linux. The average Joe doesn't get the benefit of all the great CLI tools out there, so Linux is, at best, just a decent XP alternative, not something that quashes it into the ground.
If you just use the GUI tools on Linux and don't give a damn about the politics involved, it isn't *that* amazing of a system. It's just a decent OS without a number of commercial apps that people want to play with.
Naturally, every hacker looks at people that aren't using Linux and thinks to himself "what are they thinking?". For a programmer or a hobbyist or a hacker or a sysadmin, Windows is an infinitely worse OS. But most people aren't any of the above -- and Windows lets them navigate to the application that they want to use and open it.
I like Linux, and use exclusively it as a desktop system. Those of you familiar with me know that I like Linux quite a bit. I think that it might become the defacto desktop system in a couple of years. But it won't be because it's mind-bogglingly better and people are just reluctant to switch. For *hackers* it's mind-bogglingly better. For average folks, it's just another alternative.
May we never see th
Decode ......", where 'B'=0, 'C'=1, 'D'=2 ... we call the array "6 1 3 22..." base24[]
compute decoded = , the result is: 00 C5 31 77 E8 4D BE 73 2C 55 47 35 BD 8D 01 00 (little-endian)
The decoded result can be divided into 12bit + 31bit + 62bit + 9bit, and we call theses 4 parts 12bit: OS Family, 31bit: Hash, 62bit: Signature, and 9bit: Prefix.
The following computations are based on this product key: JCF8T-2MG8G-Q6BBK-MQKGT-X3GBB The character "-" does not contain any information, so, the MS product key is composed of 25-digit-character. Microsoft only uses "BCDFGHJKMPQRTVWXY2346789" to encode product key, in order to avoid ambiguous characters (e.g. "I" and "1", "0" and "O"). The quantity of information that a product key contain is at most . To convert a 25-digit key to binary data, we need to convert "JCF8T2MG8GQ6BBKMQKGTX3GBB" to "6 1 3 22
Verify
If you want to understand what I am talking about in this section, please refer to some Elliptic Curve Cryptography materials. Before verifying a product key, we need to compute the 4 parts mentioned above: OS Family, Hash, Signature, and Prefix.
Microsoft Product-key Identification program uses a public key stored in PIDGEN.DLL's BINK resource, which is an Elliptic Curve Cryptography public key, which is composed of: p, a, b construct an elliptic curve G(x,y) represents a point on the curve, and this point is so called "generator" K(x,y) represents a point on the curve, and this point is the product of integer k and the generator G.
Without knowing the private key k, we cannot produce a valid key, but we can validate a key using public key:{p, a, b, G, K}
compute H=SHA-1(5D OS Family,Hash, prefix, 00 00) the total length is 11 byte. H is 160-bit long, and we only need the first 2 words. Right lift H's second word by 2 bits. E.g. if SHA-1() returns FE DC BA 98 76 54 32 10, H= FE DC BA 98 1D 95 0C 04. compute R(rx,ry)= Signature * (Signature*G + H*K) (mod p) compute SHA-1(79 OS Family, rx, ry) the total input length = 1+2+64*2=131 bytes. And compare Hash and result, and if identical, the key is valid.
Producing A Valid Key!
We assume the private key k is known (sure, Microsoft won't public this value, so we have to break it by ourselves). The equation in the product key validation system is as below:
Hash=SHA(Signature*(Signature*G+SHA(Hash)*K) (mod p))
What we need is to calculate a Signature which satisfies the above equation. Randomly choose an integer r, and compute R(rx,ry)=r * G Compute Hash= SHA-1(79 OS Family, rx, ry) the total input length = 1+2+64*2=131 bytes, and we get the first 62bit result. compute H=SHA-1(5D OS Family,Hash, prefix, 00 00) the total length is 11 byte, and we need first 2 words, and right lift H's second word by 2 bits. And now, we get an equation as below:
Signature*(Signature*G+H*K) = r * G (mod p)
By replacing K with k * G, we get the next equation:
Signature*(Signature*G+H*k*G) = r * G (mod p) , where n is the order of point G on the curve
Note: not every number has a square root, so maybe we need to go back to step 1 for several times.
Get Private-key From Public Key
I've mentioned that the private key k is not included in the BINK resource, so we need to break it out by ourselves. In the public key:
K(x,y) = k * G, we only know the generator G, and the product K, but it is hard to get k. The effective method of getting k from K(x,y) = k * G is Pollard's Rho (or its variation) method, whose complexity is merely , where n is the order of G. (n is not included in public key resource, so, we need to get n by Schoof's algorithm) Because a user cannot suffer a too long product key, the Signature must be short enough to be convenient. And Microsoft chooses 62 bit as the length of signature, hence, n is merely 62-bit long. Therefore, the complexity
the entire Microsoft organisation (which undoubtedly employs some of the world's finest software engineers and quality assurance experts)
What ever happened to judging people by their results...