Slashdot Mirror
MS To Limit Security Fixes to Legal Copies of Windows
rufey writes "An Associated Press artcile on MSNBC is reporting that Microsoft is going to start restricting access to security updates from pirated copies of its Windows operating systems. Starting in mid 2005, if you have a pirated copy of Windows, the only way to obtain security updates will be through the automatic updates mechanism. And even that method may be restricted at a future date. The article is light on details about what versions of Windows this will affect. Parts of the system to check for a valid copy of Windows is already used when downloading software (such as Media Player) from Microsoft - except that validation is currently optional." EnderWigginsXenocide points out Reuters' version of the story.
The main gist is that people who have their Windows Update set to automatically download the latest critical patches (through the Windows Security Center - insert oxymoron comment here) will not be affected at this time. If you manually go to Windows Update you will need to provide some sort of credentials (allow software to snoop on yer box or provide your key) to access content. I myself bought a copy of XP recently from Newegg for this exact purpose. I like Linux a lot and if I didn't game, I'd use it exclusively. Since I do game, Windows is a necessity, and I don't want to have a haxxored box because MS tightened down on allowing pirates (which I freely admit I was one) to patch their systems. Newegg has copies of XP pro for about $150.00 with the purchase of any hardware, which is a far cry from their $300.00 MSRP.
"As the intrepid kobold companion continues his journey, he begins to wonder... if priests raises dead, why anybody die?
Folks will just start distributing these patches through other arenas (torrent, newsgroups, web sites, etc.), or will develop methods (as they always have) to work around the system checks.
This is just a ruse to get folks to pay less attention to the fact that the MS OS is generally less secure for most people than it should be...
Many people pirate Windows, for many reasons. Cost, availability, etc.
But imagine now if it's becomes a nuisance to crack everypart of the OS which phones home. People will go elsewhere... legal perhaps.... but what about the people who wont pay.
With Linux now coming of age, it seems about right that a significant market share would now drift in the direction of OpenSource operating systems.
Like, if my HPiece-of-shit laptop dies and I "transfer" my XP license to a Dell, does that count as piracy?
Yes, because now you don't buy software. You lease it. >:(
Why should they be expected to support copies of Windows that people didn't pay for? Sure, this is an issue of customer support. But then, the people with 'pirated' copies of Windows aren't Microsoft's customers.
"Ask not what your country can do for you." --John F. Kennedy
And what happens if the machine you're legitimately trying to update can't be put on the internet? I remember during the blaster virus, some of our laptops were getting infected so fast, we had to make sure the remote users did NOT get online, and we had to send them the security update and blaster cleaner on disk.
So, under Microsoft's new model, we wouldn't have been able to fix those machines, because as soon as we let them on the internet to "validate" their copy of Windows and download the patch, they would have been reinfected and rebooted. Lame.
Talk about using your worst problem to your advantage. Now security holes sell windows. It's amazing what a monopoly can do isn't it?
Awsome simply awsome the tighter they make their licensing the quicker the uptake for Linux. Hell I don't really know anyone other than some companies that buy legitimate copies of windows. Hopefully they will put a check in Office that will not let you run on a pirated system as well.
Short term revenue gain, long term loss.
Got Code?
How many more people would start taking a hard look at FOSS if they couldn't get their 'free' MS products?
They can still get their "free" MS products. They will continue to get their "free" MS products. Those people will just not update their systems through Windows Update. I imagine that plenty of people that paid for Windows in some form or another still don't bother to update their systems because they don't know or don't care to know.
All this is going to do is create an even more dangerous computing environment on the Internet and give more and more backing to "trusted computing".
Oh look, see, everyone pirates and the pirates are causing all the worms to propagate! Look! DRM will stop that!
If you install WinXP Volume licenced edition with the famous FCKGW RHQQ2 (Genius!) serial number then install IE critical updates from Windowsupdate, the computer will start crashing on an occasional basis... its been widely rumoured that early on in the XP lifecycle Microsoft issued a patch which has an additional function of degrading the reliability of pirated copies.
This is reproducible with any XP volume licenced CD using that serial so bad media can be ruled out
I have been a user for about 10 years. This ends Feb 2014. The site's been ruined. I'm off. Dice, FU
If anything, it might nudge some people to a Mac. Apple has the brand recognition, and you can buy "For Macintosh OS X" software in stores. In other words, they know what they're getting with a Mac.
With Linux, on the other hand, most people wouldn't have any idea whether or not they would be able to use the software they want, let alone how to get it even if it did exist for Linux.
"Ask not what your country can do for you." --John F. Kennedy
No, for corporate edition your not supposed to use winupdate, your supposed to "streamline" the patches into the installer, and install an already service packed and patched system(or reinstall) on all your workstations, which may even be faster then trying to install a patch on a system with weird settings/corrupted files/messed up registry's.
Ok say some sinister hacker knowing that cd keys are
stored in the registry builds a little one liner that inserts a known comprimised key. You know ms is gonna check for this.
The result is a ton of instantly owned machines since they are unable to install security updates.......brilliant plan
That being said I hope they enforce their licensing pirates are slowing the uptake of Linux, it hurts everyone.
Got Code?
I remember reading a Crypto-Gram article on this a while back. Here's some great, relevant commentary from Schneier. The original link is http://www.schneier.com/crypto-gram-0406.html#4.
The security of your computer and your network depends on two things: what you do to secure your computer and network, and what everyone else does to secure their computers and networks. It's not enough for you to maintain a secure network. If everybody else doesn't maintain their security, we're all more vulnerable to attack. When there are lots of insecure computers connected to the Internet, worms spread faster and more extensively, distributed denial-of-service attacks are easier to launch, and spammers have more platforms from which to send e-mail. The more insecure the average computer on the Internet is, the more insecure your computer is.
It's like malaria: everyone is safer when we all work together to drain the swamps and increase the level of hygiene in our community.
This is the backdrop from which to understand Microsoft's Windows XP security upgrade: Service Pack 2. SP2 is a major security upgrade. It includes features like Windows Firewall, an enhanced personal firewall that is turned on by default, and a better automatic patching feature. It includes a bunch of small security improvements. It makes Windows XP more secure.
In early May, stories were written saying that Microsoft would make this upgrade available to all XP users, both licensed and unlicensed. To me, this was a very smart move on Microsoft's part. Think about all the ways it benefits Microsoft. One, its licensed users are more secure. Two, its licensed users are happier. Three, worms that attack Microsoft products are less virulent, which means Microsoft doesn't look as bad in the press. Microsoft wins, Microsoft's customers win, the Internet wins. It's the kind of marketing move that businessmen write best-selling books about.
Sadly, the press was wrong. Soon after, Microsoft said the initial comments were wrong, and that SP2 would not run on pirated copies of XP. Those copies would not be upgradeable, and would remain insecure. Only legal copies of the software could be secured.
This is the wrong decision, for all the same reasons that the opposite decision was the correct one.
Of course, Microsoft is within its rights to deny service to those who have pirated its products. It makes sense for them to make sure performance or feature upgrades do not run on pirated software. They want to deny people who haven't paid for Microsoft products the benefit of them, and entice them to become licensed users. But security upgrades are different. Microsoft is harming its licensed users by denying security to its unlicensed users.
This decision, more than anything else Microsoft has said or done in the last few years, proves to me that security is not the first priority of the company. Here was a chance to do the right thing: to put security ahead of profits. Here was a chance to look good in the press, and improve security for all their users worldwide. Microsoft claims that improving security is the most important thing, but their actions prove otherwise.
SP2 is an important security upgrade to Windows XP, and I hope it is widely installed among licensed XP users. I also hope it is quickly pirated, so unlicensed XP users can also install it. In order for me to remain secure on the Internet, I need everyone to become more secure. And the more people who install SP2, the more we all benefit.
Ha, ha! Nobody ever says Italy.
It's funny how Microsoft seems to want people to take them seriously when they talk about pirating their stuff, yet pretty much rip off their customers any time they can. System dies and you want to transfer the license? Sorry! You have to buy it again! Why? You paid for it once, now on a system that will no longer function. Provided that you don't repair the old system and bring it online, what valid reason other than "we want more of your money" do they have for such restrictions? What makes them believe they have the authority to make such restrictions in the first place?
Well it means that a large chunk of machiens will remain open to those who wish to install bot-nets on them and DDoS whoever annoys them on IRC.
I think they'd probably have done a lot better if the next version of DirectX can't install on a illegal version of windows, people generally don't give much of a damn if they can't get security patches, if they can't get the latest game to work however the'll be pissed.
Hi,
It's not a question of whether it's "right" or not. Fact is that there is a tremendous number of pirated Windows copies out there. These will be far more vulnerable than they are now; the result of this will initially be to hurt their owners, but in the end, everyone suffers due to an explosion of botnets/DDoS/spam gateways, etc. etc. etc.
I am even inclined to believe that even semi-clued kiddies will not be unduly affected by this because, as another poster pointed out, obtaining an illicit collection of updates probably won't be tremendously difficult.
Cole's Law: Thinly sliced cabbage
So last night I was playing Wow for a while and the performance in Orgrimmar was pretty bad. I figured I'd up the ram in my main maachine to fix the problem.
Pulled the ram from another machine, dropped it in and rebooted windows. Windows XP then informed me I had made substantial changes to the machine since I installed XP Pro on it and told me I had to re-activate it.
If this causes me, at a future date, to have issues because another minor change triggers the Activate windows, and it fails for some reason and I can't get security updates I am going to sue their ass.
Thankfully I have a Mac.
(If I had Priated XP I wouldn't even have this concern. I'm sick of being treated like shit after spending a few hundred on stuff.)
That does not make sense to me. If I buy a mobile phone, and somehow lose it, I cannot go to the reseller and claim a new phone simply because I "already own it". If I lose it, then it's lost and I will have to buy a new one.
Similarly, if I've lost my software key, then I've lost my proof of ownership, and I'm just as much a pirate as anybody else if I use a friend's key when installing.
No one can expect Microsoft to cover for one's own sloppiness - if you lose your key then you'll have to buy a new one. There's no "I already own this" argument to be made when you've lost it yourself.
First, as the other poster mentioned, a mobile phone is a physical entity that costs something to manufacture, and therefore costs a lot to replace. Therefore, reasonably, the manufacturer shouldn't have to pay for your sloppiness. However, a logical entity such as a software key costs NOTHING to replace, and software costs VIRTUALLY NOTHING to copy.
Second, you own that cell phone that you purchased. It's yours. But you DO NOT OWN SOFTWARE. You own a license to use that softare. And the key is not that license! The key is simply proof of the license, and losing the key does not equal losing the license that you own.
Basically, whether you have the right to use software when you've lost the piece of paper that says "you have a right to use this software" has *nothing* to do with whether you have the right to a new free phone if you lose your old one. The analogy is horribly flawed.
The following sentence is true. The preceding sentence was false.
Microsoft: What is your name!
Me: Stephen
Microsoft: What is yur quest!
Me: I seek the Security Patches!
Microsoft: What is your product Key?
Me: Uh, I don't know that Ahhhhhhhhhhhhhhhhhhhhhh.
If religous zealots don't believe in Evolution, then why are they so worried about bird flu?