Slashdot Mirror
Microsoft Genuine Advantage Cracked
piyush ranjan writes "An Indian researcher has cracked the much-touted "impenetrable" Windows Genuine Advantage of Microsoft. According to Microsoft this service would soon require all Windows users to verify their license before downloading updates."
So... where can I download this?
The first is from George Patton : "Fixed fortifications are monuments to the stupidity of man." The second is from Karl von Clausewitz: "If you entrench yourself behind strong fortifications, you compel the enemy seek a solution elsewhere." I think these speak volumes
Madre de Dios! Es El Pollo Diablo! -- Captain Blondebeard
Genuine Advantage is a pain in the arse for both registered and unregistered users. If reinstalling windows was a nightmare, imagine now with having to actually activate your windows. And now for updates? Come on!
Somebody has to put an end to this.
Can MS really be held at fault when illegal usage of the OS results in a huge failure of the Internet?
I'll bite. Microsoft can only repair the vulnerabilities that they have been made aware of. If somebody uses a 0-day exploit to craft a worm, then I don't believe Microsoft can really be held accountable. That is like blaming the manufacturer of a safe for being susceptible to a heretofore undisclosed method of safe cracking.
If it is a vulnerability that they've known about for months, however, not unlike many of those that affect Internet Explorer, then that should probably be considered a different story.
Despite the accusations of trolling that you've received, however, I believe that you were right to distinguish an ethical responsibility from a legal one.
Do you like German cars?
I mean, I'm fairly certain they would try and hack it (it's there, after all...) but would they, in general, give the info to MS, or would they (out of altruism for future consumers, or just out of spite) keep their hacks to themselves so that they could be used effectively against the product.
It just seems that these things are always cracked relatively quickly - couldn't microsoft somehow incorporate this into their pre-release coding cycle? I guess, though, they don't want to release their programs before they, er, release them.
Physicist, consultant, science communicator
ive used the program and put the little token into their site and it still wouldnt let me download something (cant remember what it was right now) so even with this crack or if youre legit you might still be out of luck :D
From the doc linked to:
>6. After downloading "GenuineCheck.exe", run it on the machine running a genuine copy of Windows XP.
> It will generate a code which is used for WGA validation. Copy the code and use the same code to
>validate a pirated copy of Windows XP and bypass the WGA.
But that's bogus, you still need "access" to a authentic copy to perform this hack. It's not really a hack at all.
But sadly this will only make it easier for people unwilling to pay for windows to continue to use it. It would be better if they had to find a cheeper (legal) solution.
(Mods, that's not a troll, it's a decent point)
You'd probably be quite surprised at the number of legal copies of Windows that are in use. Most people get it whether they like it or not with their new computer. People running 98/ME usually find that their computer is under-spec to run 2K/XP and simply buy a new one. It's mainly people who build their own computer (and thus should know what they are doing) who pirate Windows.
You still raise a very interesting question there though. I would say that they should allow anyone to update, mainly because many updates to Windows are security fixes and zombie machines adversely affect other users, not just the owner.
Where does that "impenetrable" quote come from? MS has pretty openly stated that they know that protection mechanisms like Activation can, and will, be cracked. They have been pretty clear that these mechanisms are in place more for the hobbyist or mom-and-pop user, than the people that would actively seek out cracks/pirate software.
"If somebody uses a 0-day exploit to craft a worm, then I don't believe Microsoft can really be held accountable. That is like blaming the manufacturer of a safe for being susceptible to a heretofore undisclosed method of safe cracking."
I agree with you in one way, and yet in another way, I'm compelled to disagree. No, I'm not a Linux fanboy/Microsoft hater/etc, but if something is insecure from the begining, then someone needs to take responsibility. Sure, they might not know about the exploit, but if one exists, then that means someone didn't do their job in the begining.
I realize it's probably fairly hard to create a product that is 100% exploit free, but I don't believe that just because it's hard/challenging that it relieves anyone/everyone from being held responsible.
I'll bite. Microsoft can only repair the vulnerabilities that they have been made aware of. If somebody uses a 0-day exploit to craft a worm, then I don't believe Microsoft can really be held accountable.
Bull. Good software is designed to be more reliable. Only give access that a module needs to do the job. Block access to things that you don't need.
An intelligent, proactive design prevents vulnerabilities in the first place, and mitigates them if they occur. Windows has so many design flaws, it looks like Swiss cheese.
No, it would still depend on the obviousness of the exploit used.
;-)
I'm not a Microsoft apologist. I never deploy Windows. I despise many of their tactics. I prefer a Unix-based operating system.
That said, let's face it: A 0-day exploit can affect any operating system, no matter how secure we might consider it. That includes every clone and variant of Unix available today.
As a programmer, you can take every precaution and still encounter a blatantly obvious -- to your critics, at least -- compromise. Although it really isn't a valid comparison, I'll cite the design problem that was eventually fixed in our beloved PHP interpreter. The end-user was once allowed to manipulate server-side variables, and that was sometimes an absolute nightmare to work around.
If such an obvious vulnerability were present in an ASP interpreter, we'd chuckle together and continue bashing the developers (developers, developers!) at Microsoft. I'll admit that it's often very funny to do so, but I'm ultimately afraid that people in glass houses shouldn't throw stones -- even if our glass house is reinforced.
Do you like German cars?
Both generals were talking about some kind of conventional warfare. Microsoft vs the hackers isn't conventional warfare. It is a lot closer to guerilla warfare. Against guerillas, a fortress is good protection. Of course, as Mao pointed out, the guerillas may be able to let their enemy rot in their fortified cities. That may be closer to what's happening here. Microsoft may be like the conventional army which alienates the population. When that happens, the war is as good as lost.
Like the IRA said to Margaret Thatcher: "You have to be lucky always, we only have to be lucky once." Microsoft is in the same situation. The battle is ultimately for the hearts and minds of computer users everywhere. If Microsoft makes a pain of itself in its attempts to defend its territory, their customers will eventually defect to the other side.
btw: Things have changed in Northern Ireland. The population is becoming VERY disenchanted with the IRA. Many Catholics now hate them more than they hate the Brits and regard them as little better than organized criminals. Similarly, with many years of hard work, Microsoft could regain its good name (but I'm not holding my breath).
Think about which is easier:
1) Accessing a random legitimate install once for a minute or two.
2) Accessing a legitimate install every time a new patch comes out, for however long it takes to download. Must also make arrangements to transport the downloaded files.
That answer your question?
"Fixed fortifications are monuments to the stupidity of man."
One word... Leningrad... Patton was a great general and one of the few Allied commanders the Germans geuinely respected but he was also an arrogant bastard (and he probably would have enjoyed being called that). Although he unfairly dismissed the value of fortifications he did have a point. The Romans for example preferred to besiege an enemy that was prepared to give battle. The reasoning being that it was cheaper in lives and money to starve him out. In this case one might actually argue that it is Micro$oft who is trying to starve out the pirate consumers by denying them access to updates rather than that Micro$oft is throwing up fortifications to hide behind. So let's not underestimate Micro$oft. Clamping down on OS piracy will certainly play into the hands of Linux and especially OS.X to some degree but alot of people will still cough up the money for one of those so-called "Student and Teacher" versions of XP.
Only to idiots, are orders laws.
-- Henning von Tresckow
Do you call this an "exploit"? It seems more like a loopwhole to me, something like using a valid cd-key from a genuine wraped up box to install a pirated copy of the same software. I mean, come on! They let you download something that checks for the validity of the installed windows and returns a code, how long would it take for someone to try a valid code on a pirated windows? For what I read, it's goes something like this: there is this building with several diferent apartments: A, B, C, etc... and there is a key in each. But for you to get in, you need to check your key to see if it's valid: "they gave me this key to aparment B, is it valid?" And the system validates your key, then you can get into ANY aparment, because ultimatly the system doesn't check if the key you are using has any conection to the apartment that you are trying to acess: "yes, the key you present is valid, please fell free to try it in any apartment, we don't check to see if its ACTUALLY the key to aparment B, we just check to see if it's a couterfeit" But, hey, maybe this is an exploit afterall, the "hole" is there, but it's in the process, not in the coding or programing itself.
"A sysadmin is a cross between a detective, a police officer, a gardener, a doctor and a fireman"
Microsoft has the right to refuse patches of their operating system to users who have illegally obtained the software. Why should Microsoft, or any other corporation, use its money and waste its time providing patches and other OS updates to people who have illegally obtained the OS? OS patches are a privilege, not a right.
Don't get me wrong; I do not support MS's annoying activation and registration policies. However, why should people who have pirated Windows be able to expect support from Microsoft at all? And Microsoft can't do anything about Internet worms and viruses at all. Even though Windows isn't very secure (and its long overdue for a complete rewrite), Microsoft has no control over what other software people make. Windows, or any other operating system, can't prevent worms and viruses. Only users can prevent worms and viruses. In order to avoid Internet nasties, you either need to use a more secure operating system, a less popular operating system, or stick with Windows and become educated about viruses/worms/malware/etc.
I wanted to install DirectX 9.0C on my laptop, and got hit by that. They've asked me to type in my product Key (which was UNDER my dhell laptop, attached to it was my external 80gb firewire drive and my 200GB USB2 drive, thank god it's not using a docking station, this would have required me to turn it off and then write it down then reboot than download, then reboot again...
:).
for god's sake what are they thinking? don't they get it? lot of people are buying software and use cracked version EXACTLY because of the fact that all legitimate software puts totally INSANE overhead that only irritates clients and in the end penalize them. And beleive me, they lose sales little by little because in the end it's less of a pain in the back to install cracked versions than upgrade with the re-registration, phone confirmation, yadi yada that without mentionning activations problems and all that stuff that people don't want to deal with especially after shelling out hundreds of dollars.
You want people to stop pirating, EDUCATE them, irritating them will only do the exact opposite. When I was a kid, I had a VIC20 and a C64, EVERYTHING was copied because "stores selling games" what not a commodity like today, plus, at 11, you don't have that much money, and face it, piracy is what made the C64 such a hot seller. But later, I was educated once entering a specific field of interest (3d/video editing) by people on mailing lists and also local pros, and today I'm the one pushing people to buy software and support companies, especially when these companies puts out educational pricing or non-commercial licenses at very decent pricing. Its still easy to get pirated software, but when you are educated, you know what happens in the long run, or you know the potential legal implications it might get you into if positive reinforcement is not your thing
Seriously, I just don't get it... if the goal is a clever way to reduce bandwidth costs on their server and outsource the stuff to pirate sites or torrents sites, well, hats off! but I doubt this would be the case.... man how pathetic can it get...
--- Metamoderating abusive downgraders since my 300th post.
"Can MS really be held at fault when illegal usage of the OS results in a huge failure of the Internet?"
Why not spread some of the blame to the hackers, crackers, and script kiddies?
"Derp de derp."
How many countless people around the globe learned Windows on an illegal copy? You'd think MS would want to distribute Windows to anybody who wanted to use it, learn it, develop on it, etc- I'd be looking at it as a way to increase Windows support- and only be charging corporate users, or those that are making a profit off of Windows capabilities. By limiting its availability to paying customers they are cutting off a huge user base- which will only enhance their competitors position in the market.
"Microsoft confirmed the claims of Mohanty, but sought to downplay it saying, "It represents very little threat."
Brings to mind an image of the captain of the "unsinkable" Titanic warning his passengers that the ship has bumped into a very little ice cube.
... if we want to play any decent number of games... I'm afraid you kind of have to use it, so don't be so high and mighty and say "Well just don't use it", because we have to.
You'd probably be quite surprised at the number of legal copies of Windows that are in use
You'd be quite surprised at the number of illegal copies too. Everybody I know who didn't get WinXP with a new PC has simply pirated it, most people just don't talk about it or post about it on message boards. I fear the day when all these machines (including, I'll admit, the non-Linux machines in my house) can't get security updates. There will be vast numbers of spam-bots, virus spreaders and DDoS zombies, even more so than now.
Pre-canned Evolution Links for all those Slashdot holy wars.
---Why should Microsoft, or any other corporation, use its money and waste its time providing patches and other OS updates to people who have illegally obtained the OS? OS patches are a privilege, not a right.
They had better consider it a "privilege" that I pay for any product that they make. After all, the 2 computers that I bought pre-done had licenses that I COULD NOT REVOKE and get my money back. And there's something I heard about bundling being illegal... and something about being a convicted monopolist illegally playing the system.
To me, its just a Wintendo, good for games, and not much else. I have a nice hardened Ubuntu desktop in which I do work in. The Windows box is good for stuff like NWN, console emulators, and Mechwarrior games. Thats it.
As you say, people who use cracked versions of windows usually know what they are doing. As such, they (should be) using good antivirus and firewalls. The real problem is Joe Shmoe AOL user who just discovered the intarweb on his new comptar and has no idea what a virus really is, let alone a botnet, but wants to go surf the web despite their being depressingly unprotected. I wrote in another article in another website: It is everyone's responsibility to use the internet correctly just like handling a gun. It can be a potent tool, hobby, and yes even a weapon, but use it without proper knowledge and your going to shoot yourself or worse, someone else, by accident. A point was brought up that someone didnt want to have to bother with getting better firewalls and antivirus, they arent "computer people". This is the type of attitude that lets the hackers' botnets bulge with fresh zombies.
If you have virtual PC or vmware you dont need to activate more than once.
I have winXP VMs (domained, undomained), and a win98 vm (historical quirk). Once you get a stable image with msoffice, activate it, snapshot it, and duplicate the VM image. One tip: activate and snapshot before you domain it, as it is a real pain to undomain a win2k-domained image.
Virtualization defeats activation.
He ment the activation code, the code that you have to put in if you don't have Internet access and are activating. And some OEM copies are not bound, it depends on the manufacturer. Many computer companies don't take the time to bind XP to their BIOS. Don't think this is true? Take for example the OEM copies you can buy with mobos/HDs/whatever off the internet-not bound to anything, but still have an OEM key and you still have to ACTIVATE. You clearly don't know what you are talking about. Nice microsoft fanboy...