Slashdot Mirror
Microsoft Genuine Advantage Cracked in 24 Hours
jrobie writes "It looks like mandatory validation of your Windows XP license is now voluntary again. A simple hack has been found that disables the check.
BoingBoing has the story. "
← Back to Stories (view on slashdot.org)
A simple hack has been found that disables the check.
It's simple, all right...as simple as the kids over at Microsoft who decided to implement an anti-piracy measure utilizing javascript without any input validation. Sheesh.
____
~ |rip/\/\aster /\/\onkey
Quality programming I tell you. Quality!
Sadly, Microsoft will issue a new version of Genuine Advantage that disables the hack and make you use the new version before you can use Microsoft update, so I believe this is only a temporary reprieve. I guess it will be a back and forth between MS and and hackers until MS has secured Genuine Advantage.
I've got a licensed, genuine version of Windows, but F them for making me jump through hoops to receive continued support. I paid for this and I shouldn't have to keep wasting my time to soothe their paranoid brows.
Just another reason to keep trying new Linux distros and updates on my testbed system until I find one I like enough to switch (tried so far: Ubuntu, SuSE, CentOS 3.3, Linspire, Knoppix, Mandrake 10). Already using OpenOffice, Firefox, and Thunderbird and have a WAMP (Windows, Apache, MySQL, PHP) set-up for development work. Going to Linux is a small step, but there are a few apps (like video editing, graphics editing) where I just don't have the patience to spend a whole bunch of time learning Linux apps that are 'almost' there in terms of their UI. Maybe I'll hit the Crossover Office site to see if they've gone to gold level support on some of my must-have Windows apps yet.
- Greg
Start a happiness pandemic
Let's post it on Slashdot for all to see so Microsoft will find out about it and make it harder to get around!
Are they serious about security, privacy and piracy yet?
Quality Hosting e3 Servers
Anyone notice anything wrong with the URL listed? It has AD at the end so I bet 90% of the mozilla users with adblock will have to it turn off to view the page. Is this the future of all URLs on the web?
That one will be fixed pronto in a "critical" security fix.
Thanks for posting that for millions of people to see. Behold this Slashdot: ohuk.
Who is stealing this software anyway? Does anyone actually use MS shit still? fuck, I thought the world was evolved.
That really is amazing. Proof of why I don't use the MS Validation Control when we develop in VS.NET - Just turn it off!
http://testing.onlytherightanswers.com/modules.php ?name=News&file=article&sid=26
Black Gray White Hats Unite to protect http://testing.OnlyTheRightAnswers.com
Download the hack here,
http://www.linux.org/
This is just too simple. I know we aren't setting the bar high for Microsoft but come on now. They should have been able to do a little better than this.
Oh well, sucks to be Microsoft. Now they've had their anti-theft security cracked again. Everyone's got to be laughing at them.
Wait. You were scared?
I mean, seriously, I expected a crack out much sooner. What's it been, six hours?
yeah if this was on hackthissite.org it'd be hacked in a new world record time!
my bootleg vmware running bootleg Windows XP setup is back in action!
The crack (which I have no intention of using, since I did buy my copies) really will only be used by Geeks, the check will still thwart a lot of the casual average joe. at least in my opinion.
...after users attempted to update, MS found out that there is actually only 1 registered copy of Windows XP.
"Look Lois, the two symbols of the Republican Party: an elephant, and a fat white guy who is threatened by change."
Am I the only person that can see Martin from the Simpsons pointing and saying, "Ha ha!"?
Cause everyone wants a free Xbox360
MS continues to do its absolute best (or does it?) to prevent their products from being hacked to bits (no pun intended), and they have no choice. As part of their business, it's mandatory that they attempt to curtail software piracy. But they know, and we know, that it can't be done. It's like the terrorists (now, seriously guys, I'm NOT making a link between hackers and terrorists, I'm above that). But look at it this way. The US government has to protect against all possible terror threats, whereas the terrorists only have to find one single way to break through. That is, Microsoft will have to figure out every possible way that their products can be cracked and provide protection, but the hackers must only find one single weakness. So to speak.
If only it was this easy to crack the PSP's security. I dont know why microsoft even tries. If anything, by not allowing us apps like antispyware, its just going to make more of a headache for the non-savvy windows users, and force more people to switch over to a more secure system (i.e. mac and linux). with the Macs switching to intel, i think the OS business will start to get interesting soon.
A simple hack has been found that disables the check. Cool! Just like the simple hacks that can disable Windows.
In a cost comparison, they probably figured a cheap, easy means to get people who otherwise did not know they had a pirated version to purchase outweighed trying to lock out people who knowingly run a pirated copy (i.e., people who will use this hack).
well,
o ws+Vista&btnG=Search
hahahahaha
after reading this http://www.google.com/search?hl=en&lr=&q=new+wind
Introducing Windows Vista(TM). It enables a new level of confidence in your PC and
in your ability to get the most out of it
LOL
ROFL
hahahahaha
etc ect
A product with the market penetration as big as Windows is always going to be cracked, as soon as possible after it comes out. No matter what they do to try and prevent it, which is why some companies don't spend that much on anti-piracy for the product on release now, something microsoft can't do... so they have to try their best.
Business Voyeur
as simple as the kids over at Microsoft who decided to implement an anti-piracy measure utilizing javascript without any input validation.
;-)
You mean I don't even have to hold down the Shift key?
Javascript + Nintendo DSi = DSiCade
All I can do is laugh, i was just telling my boss about the key check less than an hour ago. Hahahahahaha. I cant wait to see how secure the XBox360 will be
Ubuntu- Linux for human beings.
I guess they've answered "Can Open Source and Commercial Software Coexist?" with a YES, and added a HOW!
Microsoft is becoming irrelevant, passe. Why would I care if I could pirate Windows? I don't use Microsoft software now, I don't plan to use Microsoft software in the future, it does not matter if they give the stuff away.
People who break authentication so they can pirate software are hurting free and open source software. This behaviour encourages people to pirate the software. If you want to use Microsoft software then don't break the law and don't use pirated copies. That's right, pay for legal use of the software. Use you elite hacking skills to improve free and open source software.
This link just goes back to the one in the article, you can skip it.
Quality Hosting e3 Servers
They diddle your pid, login and present updates and rediddle your pid back to devilsown or whatever blacklisted pid you happen to be running. I bet they're doing something similar for GA.
http://www.mirrordot.com/stories/706becc274a19bcef bf8740dd25a9fe3/index.html
Going to Linux is a small step, but there are a few apps (like video editing, graphics editing) where I just don't have the patience to spend a whole bunch of time learning Linux apps that are 'almost' there in terms of their UI.
You must have missed this.....
Does it have to be compatible with anything else than IE? Just make it in activeX! It will make it harder to crack: Using IE will get your computer deadly infected with spyware and virusses, so you can not hack the genuine advantage program yourself, ergo the genuine advantage program is safe and secure.
Actually MS sites work pretty well with firefox (I do not know if it looks or works different in IE since they do not make a version for linux (they made one for SUN, hum, maybe give that a try....))
My wife's sketchblog Blob[p]: Gastrono-me
Developers, Developers, Developers, Developers, Developers, {sweaty armpits}, Developers, Developers, Developers... [all clap]
Thursday, July 28, 2005
Microsoft "Genuine Advantage" cracked in 24h:
"This week, Microsoft started requiring users to verifiy their serial number before using Windows Update. This effort to force users to either buy XP or tell them where you got the illegal copy is called 'Genuine Advantage.' It was cracked within 24 hours."
Before pressing 'Custom' or 'Express' buttons paste this text to the address bar and press enter:
java script:void(window.g_sDisableWGACheck='all')
It turns off the trigger for the key check.
How did nobody at MS catch this? Security through obscurity? Blind hubris? Too much Koolaid? THIS, I feel, indicates more about the quality of Microsoft as an organization, than any stupid Ballmer or Gates speech.
I want to delete my account but Slashdot doesn't allow it.
Well, this is another So Happy It's Thursday moment for the guys from Redmond.
Sharp as a marble, those security guys.
www.eFax.com are spammers
The link is slashdotted but if this "crack" is what I think it is...
Basically, on a pirated XP system you run windowsupdate. It has you download the genuine advantage program. Then it checks your PC and says you're using an invalid key and you cant use windowsupdate.
In IE, you go to the Manage Add-ins area (SP2 only, but im sure you can disable it the old way in older XP and win2k) and disable the genuine advantage activex control.
Restart IE, go to windowsupdate, tada you have access to all the updates
This bypass also works http://home19.inet.tele.dk/jys05000/ I tested it earlier today, good job MS :D
This seems like such a amatuer web developer move that I'm led to think maybe they left it easy to bypass on purpose. Come on, if Microsoft eliminated all piracy of windows, people might actually try something else.
Mr Bill must be crying all the way to the bank.
try { do() || do_not(); } catch (JediException err) { yoda(err); }
...and if the above posts are correct, it's about 45 words!
The Mothership
AV sez, "This week, Microsoft started requiring users to verifiy their serial number before using Windows Update. This effort to force users to either buy XP or tell them where you got the illegal copy is called 'Genuine Advantage.'
It was cracked within 24 hours."Before pressing 'Custom' or 'Express' buttons paste this text to the address bar and press enter:
javascript:void(window.g_sDisableWGACheck='all')
It turns off the trigger for the key check.
This is their absolute best?
The world's burning. Moped Jesus spotted on I50. Details at 11.
And wanna bet that MS is gonna obfuscate the issue ever so slightly in the update description to make it appear to a person that doesn't read it very carefully that the update in question actually fixes an issue far more critical to the user than it really is, when in actuality it's only really critical to Microsoft?
File under 'M' for 'Manic ranting'
Since BoingBoing is getting hammered here's the text of the article:
Thursday, July 28, 2005
Microsoft "Genuine Advantage" cracked in 24h:
window.g_sDisableWGACheck='all'
AV sez, "This week, Microsoft started requiring users to verifiy their serial number before using Windows Update. This effort to force users to either buy XP or tell them where you got the illegal copy is called 'Genuine Advantage.' It was cracked within 24 hours."
Before pressing 'Custom' or 'Express' buttons paste this text to the address bar and press enter:
javascript:void(window.g_sDisableWGACheck='all')
It turns off the trigger for the key check.
Link (Thanks, AV!)
You say things that offend me and I can deal with it. Can you?
This is deigned for people who think they have a legit copy. It will help with that. I bet a lot of white box shops who install cracked versions of windows are a little nerviousr right now.
That was hella fast.
Is that anything like Military Intelligence?
---
Somewhere in Redmond, a developer is emptying his desk.
Introducing Windows Vista(TM). It enables a new level of confidence in your PC and in your ability to get the most out of *YOU*.
Religion is a gateway psychosis. -- Dave Foley
You actually read the articles?!
You can also just find a direct link to what you want to download. For instance, go to2 d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywa reInstall.exe
http://download.microsoft.com/download/8/1/5/815d
to get the anti-spyware program.
One of the mods today is on crack, methinks.
File under 'M' for 'Manic ranting'
Another WELL THOUGHT OUT MS security scheme cracked again... sure to make front page news!
||| I still can't believe Parkay's not butter.
Before pressing 'Custom' or 'Express' buttons paste this text to the address bar and press enter:
javascript:void(window.g_sDisableWGACheck='all')
Also, disabling the Genuine Advantage plugin in MSIE disables the check, apparently.
I found that if you go to Tools->Manage Add-ons (Req. XP SP 2 of course), then select to show "Add-ons that have been used by Internet Explorer" and finally set Windows Genuine Advantage to "Disable" and then Restart Internet Explorer, it lets you do Windows Update just fine.
they would actually treat their customers like their legitimate users unless they give them reason to believe otherwise. Here would be a good idea for Microsoft: allow unlimited product activations if you buy a site license for your house and send them a registration notice in the mail. Then product activation is against others who might steal your serial number.
I have enough PCs that I'd pay $300 for a "home site license." Microsoft could create such a thing without any hassle because for many households, it'd be worth it. All they'd have to do is make you send a copy of your driver's license or something in the mail and then if someone tries using your serial number that doesn't share the data on your driver's license, they go after them for infringement. That way, product activation doesn't harass law-abiding users.
I'd love to use Longhorn because it looks like a good release, but damned if I'm going to buy it and get 2 "harassment-free" installs. If I buy it, you can bet that I'll only buy it after I've either gotten a cracked CD or found a site license serial that actually works like the ones that XP uses. Every windows license I have is valid, though I use cracked CDs just to get around the PA. Seesh, why am I forced to behave like a common criminal? I can't wait to be able to switch back to OS X at this rate...
Click here or a puppy gets stomped!
I know it's probably just an un-filtered RSS feed in their Boing Boing portlet, but I thought it was rather funny that they haven't caught it yet.
You may find my appearance and demeanor foolish, but it is you who plays the fool.
As for the rest of you, if you think Windows is so bad, why pirate it?
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
Ha Ha
I have a perfectly legal XP system bought boxed from Toshiba via a well known and honest UK dealer.
Microsoft accuse me and/or Toshiba and/or the dealer of having an illegal copy of XP.
Now I will solve the problem by giving up on XP (which I only need to run IE occasionally where badly designed web sites require it) and using Linux and Solaris.
But what will happen when a large organisation falls foul of this problem? I predict a class action in Microsofts future that may cause them a lot of hurt.
Not that I care. I'm using my employer's volume liscense. And no, I won't share.
My sig can beat up your sig.
Maybe they're finally responding to the charges of security through obscurity with .. insecurity through outright clariry and legibility?
"Old man yells at systemd"
The US government has to protect against all possible terror threats, whereas the terrorists only have to find one single way to break through.
Which is much of WHY, in a race between weapons and armor, weapons always eventually win.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
http://www.apple.com/macosx/
If they come from Microsoft, they're OK. Microsoft is trustworthy.
Exam 4/C again. Maybe I'll do better this time.
To quote from Microsoft's own rejected key page:
Did you know that Windows XP can keep your computer up-to-date automatically with the latest updates and enhancements? You can set Windows to recognize when you are online, search for downloads from the Windows Update Web site, and deliver them directly to your desktop. Genuine Windows validation is not required to use the Automatic Updates feature.
So... whats the point?
"What do you mean you have no ice? Do you expect me to drink this coffee hot?" - Random Customer, Clerks
To put this in the address bar:
before clicking the "Express" or "Custom" buttons. (In case of /.ing occurs)
javascript:void(window.g_sDisableWGACheck='all')
.. in the server logs? No track is a trace too.
If you want to get all conspiracy theorist, you could say that they did this on purpose, and it's not a backdoor so much as a honeypot. All of you are now flagged as hackers, enjoy!
The 'worrying' as you did is just MS trying to strike the idea that at one point people may have to turn to legitimate versions, but this will clearly never be the case unless MS wants to lose a lot of ITS advantage - that a lot of hobbyists still toy with their OS and popularize it.
Nice try anyway, tho'
Before pressing 'Custom' or 'Express' buttons paste this text to the address bar and press enter: javascript:void(window.g_sDisableWGACheck='all')
How does this hack work?
Why does the javascript get executed in the address bar when the user clicks the button?
It took 24 HOURS to find a crack in Microsoft code!
Shame on you!!
- Sh!t
Starting in August 2006, you will have to submit a DNA sample and a sample from an authorized employee of an Authorized Microsoft Reseller along with a notarized copy of your bill of sale to validate Microsoft products. Product re-validation will occur every time you change 5 key hardware elements or weekly, whichever comes first.
No official word yet on what will happen to resellers who sell illegal copies, but the name "Guido" keeps popping up in the rumor mill.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Which leads me to put my tin foil hat on and say: was this really a hack? Or is Microsoft happy to have this effect 99% of people on earth, and allow the 1% of techies who are unhappy about this either for privacy reasons, or because they have have a "pirate" edition of Windows, to get around it and stop complaining? I don't really see this as getting one over on Microsoft, smart authoritarian hierarchies often leave little safety valves for discontent like this around, allowing a few people to get away with breaking the rules, instead of them going about trying to change or get rid of the rules.
It was only then I was informed that I had been fooled into downloading and installing the Windows Genuine Advantage Validation Tool. By which time, of course, it was too late to do anything about it.
This is misleading, bordering on outright fraud. You'd think a corporation with a criminal conviction on its record would at least pretend to be more responsible and open about its practices, but apparently their arrogance and hubris knows no bounds. It is readily apparent that they are completely untrustworthy.
Format your disk and install Linux. It's the only way to be sure.
Schwab
Editor, A1-AAA AmeriCaptions
The original XBox still has no generally applicable software-only crack for it, after several years in the field. Real security.
5 1
What about softmods? There's several of them around, designed for various purposes. Most of them are meant to be used to run XBMC, admittedly, but in theory they could be generalized to run Linux or something.
Check the various tutorials: http://www.xboxscene.net/tutorials.php?p=151%7C#1
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
If there is one thing I've learned from developing software, is if you concentrate all your efforts on trying to improve the anti-piracy measures of your product, the actual application will never benefit. If someone really wants to pirate something, they will, and that's just a sad fact.
it will :-)
Does anyone know if WSUS concerns itself about the validity of the client?
I know this was tongue-in-cheek, but since it's all client side, they have no way of flagging anybody as far as I can tell.
Anybody know differently?
*everything* is Orwellian to cats.
basically, Microsoft is gonna think HEY EVERYONE IS LEGIT NOW. LOOK AT WINDOWS UPDATE TRAFFIC JUMPED 1000%.
seriously, if you have older hardware, install win2k server/pro and don't update.. hotfixes and service packs are bloat. sp4 added like 600mb of space to my drive. i don't keep this machine outside the DMZ, so i don't have anything to worry about.
win2k server sp4 box
Downloading Update for Background Intelligent Transfer Service (BITS) 2.0 and WinHTTP 5.1 (KB842773) (update 1 of 2)... done!
Downloading Microsoft Windows Installer 3.1 (update 2 of 2)... done!
Initializing installation... done!
Installing Update for Background Intelligent Transfer Service (BITS) 2.0 and WinHTTP 5.1 (KB842773) (update 1 of 2)...
Installing Microsoft Windows Installer 3.1 (update 2 of 2)...
I think you may have misunderstood why MS did this. It is important for them to notify users that do not know they are using pirated copies of Windows. It is also important that they be able to show in court that they have made efforts to stop piracy of their software.
It is not very important that they immediately stop piracy, as long as they can continue to indoctrinate new computer users into the Microsoft paradigm. As they incrementally increase the difficulty of piracy, eventually these users will migrate to legitimate Windows licenses.
I don't think hubris or stupidity had anything to do with how lame this 'security' is.
I mean really...its like trying to disable the ability to right click/ save. Do these people even bother to test this shit? I mean my goodness...my 8 year old son could have bug tested that crap in less time that is takes to do a search for "XP COA"
slashdot isn't a script kiddie crackerz site. It's a news and discussion site.
Mac switching to Intel is not going to change a thing. The Mac OS upgrade to 10.4 is $129, XP home is only $99. Beside as of right now Apple is not planning to make OS X available on anything but an Apple PC(as stated by Apple in an article that was slashdotted when the switch was announced). Another interesting thing to note was an article post on slashdot talking about security on Linux vs XP. The final conclusion, minus fanboy flame was that they are both pretty equal now. The constant barrage at XP has made it as secure as Linux. After all, when was the last time you heard people specifically developing viruses exploiting Linux's weaknesses. All this said, the purpose is to try to limit piracy. MS knows it will always be there as does everyone in the software industry. Someone should tell that to the losers in the music and film industry. -I'm right, your wrong... Just deal with it.
I eat Karma for breakfast, lunch, and dinner. That's why I don't have any.
IANAL
Windows XP from a legitimet source (say Toshiba, as I've seen that mentioned in a couple of posts) and you fail to authenticate, call their support. If they don't solve the problem double quick, write your eterny general. They lied when they sold you the laptop. THEY need to fix it (not you).
If this is a common problem, a class action suit will be created and the manufacurer will have to answer for it. If the manufacturer feels it was actually MS that caused the problem, then they will file suit against them.
All this is academic. I use linux...
Spell check? Why bother. That is what grammer/spelling Nazi freaks who waiste band width posting "spell right" are for.
Start here:
Amateur Video Production Using Free Software and Linux
Follow the threads at the end of the article for updates.
Enjoy,
It's just the normal noises in here.
Why bother using some ubersecurity when it can always be cracked. Microsoft figured out that they would at least cut the costs and discourage some people from using pirated Windows since they won't be able to use it (my dad for example ;)).
..... who did the Sony copy protection scheme.
/. thread http://slashdot.org/article.pl?sid=02/05/22/143925 3
For those of you who missed that, here's the
This is my opinion. To make sure you don't steal it, it's covered by the DMCA.
24 hours?
...
My guess is they had a LAN party to play a MMUD during some of that time
-- Tigger warning: This post may contain tiggers! --
Now that this is in the wild you will disable the checking to get windows updates, and then you get to install the update from microsoft that disables the disabling. Brilliant.. you all walked into their trap by buying WinXP
You are quite correct. They're not targetting the people who download it off of a warez site. They're hoping to get the people who bought a copy that looked real with a manual and all that.
All versions of Windows from 2000 on have the WSH embedded and, consequently, interpret both JavaScript and VBScript on the fly. In this case, the language was absolutely nothing to do with the crack. It's the equivalent of feeding a shell command to a shell script when it reads input or feeding perl code to a cgi program written in perl. It isn't the language that's vulnerable, its the widget that doesn't check to see if the text it contains is executable.
That's almost as easy as holding down the Shift key. What won't they think of next?
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
instead of
javascript:void(window.g_sDisableWGACheck='all')
you have to use
javascript:void(window.g_sEnableAltOS='Linus')
-- Tigger warning: This post may contain tiggers! --
"Hey, it's OK. We're authorized."
Coderz 4 Life
as this was cracked so early and so easily, don't you think that microsoft will fix this? do something to make it more difficult? i think it's foolhardy to think thios is the last we'll hear of this...
Where are the moderators with brains today?
"In a cost comparison, they probably figured a cheap, easy means to get people who otherwise did not know they had a pirated version to purchase outweighed trying to lock out people who knowingly run a pirated copy (i.e., people who will use this hack)."
Thank you for pointing that out -- it's a concept that's lost on many people. It's a bit like the locks that come on your car: they probably won't hinder that professional thief who wants your car, but they'll stop the amateurs.
Sitting in my day care, the art is decopainted.
they probably figured a cheap, easy means to get people who otherwise did not know they had a pirated version...
I don't believe that there are many people who don't know that they are using a "quote" pirated "unquote" version of Windows. In the USA, it is extremely rare for unregistered versions of Windows to be used in Offices. And most people who buy PCs 'ready-to-operate' will have the Windows license included at a vastly reduced bulk price. People who build their own PC from components will know that the installed Windows is unregistered.
The only people who might not know that their Windows is unregistered are those who have had a friend or relative assemble a super-cheap PC from components for them. Or who have received a hand-me-down or secondhand PC from someone who installed an unregistered Windows, and didn't pass this piece of information along.
This is maybe 1% or less of all users in the USA. Outside the wealthy countries of the world, the situation would be that people would probably assume that either the Windows on the PC was unregistered or would not be aware that Microsoft was actually expecting to receive a large sum of money for every copy of Windows on every PC.
But Microsoft should lighten up about this policy. They are already the richest software company. Their chairman is the richest man in the world and possibly the richest man that every lived. They don't really do anything with the money that they already have. It would be in their best interest to lower the cost of their operating system in the developing world. Not by actually lowering the price, which would cause arbitrage from the wealthy countries, but by reducing the difficulty of inplementation of unregistered and by not penalizing people who use unregistered copies. They already have all the money that they are going to get from operating systems, so they should concentrate on preserving market share in the face of low cost alternatives like Linux.
javascript:void(window.g_sDisableWGACheck='all')
Is the string to enter in the address bar before pressing enter.
MS should just give up on verifying licenses of XP and take the pirated licenses as a huge loss and write that off. Then start fresh with Vista.
Any more problems like this and it could get embarrassing for them.(HaHaHa)
Microsoft has admitted that was a typo, what they meant was:
Introducing Windows Vista(TM). It enables a new level of confidence in your PC and in our ability to get the most out of *YOU*.
"Good things don't end with eum, they end with mania or teria." - H. Simpson
- to prevent people who have no idea what they're doing from being able to break in
- to make the break-in appear dangerous enough that a large portion of those who could break in are too afraid to try.
Now, maybe some security measures will make it really hard for even those with quite a lot of expertise, but that's pretty rare. Most locks/alarms rely on fear and a lack of expertise, and that's pretty effective.They can't stop people who know how to download or read hacks like this. It's only a matter of time. This will stop people who had a friend install Windows and it happened to be a pirated copy. At least they're putting in a small amount of effort knowing that it won't stop power users in the end.
How many people actually have a pirate copy like this? I've never heard of it, but I know lots of people who are running pirated/cracked versions of XP quite knowingly.
Hey, can I bum a sig?
Aside from the fact that it's completely idiotic for javascript to be able to executed from the address bar...I'm surprised that, given that the developers for MS (should) have an intimate knowledge of the functions of their software and what is being affected by their security lockdown, why in the heck didn't they figure this out beforehand?
And while it is bad that this can be cracked, up until the little link to the explanation of how to do the crack, 99-percent of the Windows users would have had no clue how to do this. Now they all know. Wonderful. A problem with a small crisis potential is now a problem across the board, making the need for a resolution a thousand times more urgent than it was before. No wonder MS is so freaking anal and tight about its problems.
It's throwing a strop on my IBM Thinkpad T40, running the stock XP install with SP2 applied. Says it's not activated, and to click a link that doesn't exist.
I'm sure I probably could activate it by fiddling in the registry, but my personal intention is to throw a strop at IBM and Microsoft, and see if I can get them to send out a copy of XP that will verify.
PocketGamer.org - For the gamer on the go!
Basically punishing unknowing customers with a whitebox setup from an unscrupulous dealer. What a way to treat customers.
if you steal from one source, that is plagiarism, if you steal from many, well, that's just research.
Plus if you are using an anonymous proxy server, M$ has no way of back tracing to your real IP address anyways.
So why should you get free continued support?
Because it's not "free", when you stop to think about it. You can't receive the patches and updates until you buy the original product. Since software companies have been releasing free patches (as is only reasonable considering that many of them are bug fixes and security patches), the "cost" of such updates are effectively included in the cost of the original purchase of the software.
What you're missing is the difference between a free upgrade and a paid upgrade; the former improves functionality and removes problems, while the latter introduces new features. (Generally speaking, anyway.)
You could of course argue that the company has a moral obligation to provide updates, and in fact it makes good Public Relations sense to provide free fixes for broken software, but they are really not obligated to.
Or would you rather that Microsoft charged people $10 a pop to download the security updates to fix their crappy operating system that shouldn't have had so many gaping holes in the first place? Based on your comment there, anyone could sell any product and not take any responsibility for ensuring that it works properly afterwards. That would be like ordering soup at a restaurant, finding a fly in said dish, and being told that you have to buy another bowl to get one that doesn't have an insect floating in it! (And who's to say it stops there? What's going to guarantee that the second bowl won't have a bug in it too?)
(As an aside, hrwiki is bandwith exceeded? sniff...)
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
They aren't actually punishing those people either. In the case where you unknowingly purchased an unlicensed copy of XP, they're giving you a free one if you can provide documentation. From a previous article posted here:
"Customers who discover they have a counterfeit copy of Windows will either be given a free version of the operating system or can purchase it for a discounted price, he said.
To get the free version of Windows, a customer must fill out a counterfeit report identifying the source of the software, provide a proof of purchase and send in a counterfeit CD of the software. If customers don't have all of that information, they can still fill out a counterfeit report and receive a copy of Windows XP Home Edition for $99 or a copy of Windows XP Professional Edition for $149, Lazar said."
So looks like even if you dealt in a shady off-the-truck operation, you would still be eliglble for OEM pricing.
when you can use BigFix and it is even more comprehensive in helping you patch and update various systems on your PC. Check it out. Why rely on a Microsoft-centric tool to manage your system when you run a wide variety of software from various sources? Bigfix rules!
It is too bad we can't post images on Slashdot, because this would be a perfect one for the HA HA! guy from fark.
How ya like dat?
...some poor bastard in MS was asked to come up with a solution to the piracy problem, and all he/they could come up with was a browser add-on that could be bypassed with either a single line paste into the browser, or by disabling it using the very add-on manager that was released just months ago by the same team! How do you manage that kind of idiocy? The project probably had a budget of more than I make in a year!
All they have to do is realize that there are no stand-alone machines anymore. Do an online validation of all license keys, and quit reusing the same keys for personal or select customers and the problem is solved! How hard is that? The damn key is long enough that it could very well be universally unique, and it's not like they don't have the technology to handle it.
For Select customers they could simply issue a key generator that itself does online validation, or stores a bank of keys that can be invalidated whenever a machine is reimaged.
The whole thing reminds me of so many projects where I work. They start by asking for the world, and end up implementing a mickey-mouse solution because of so much political BS. It is what happens when a company gets too big. Nothing progresses anymore because too many parties have a say in things, and no one wants to give up their piece of the pie.
"You are not a beautiful and unique snowflake."...Tyler Durden
still,
hahahahaha
sorry,
what a bunch of clowns
c'mon please, who could let this go public, no really, first ( and not the 1st time ) they tell you "where save" then 'we will get it better' and now this, and then this story
sorry i just came out of a rain storm read this shit and I laughed really hard
hahahahhaa
The people that first discovered this must've tried all sorts of sophisticated methods of circumventing the wga. But all that was really required was to think on the same level that Microsoft developers do - think of the dumbest way to secure something and boom! Its cracked.
Let's see.
If this mechanism was put there intentionally, and the real validation code lives in an activeX object within windows somewhere, all they would have to do to flag it is check for that variable, which can be passed back to their back end any number of ways from cookies, to querystrings, to windows update information packets. In fact, if they were smart, they should have been the ones to leak the crack just for that purpose (anonymously of course). Not even an anonymous proxy would do you any good if this is the case. Why? Because if they're smart enough to do this, they've already figured out a dozen other ways to tag your computer that you don't even know about yet. Unfortunately, all of this would take a level of clever maneuvering that Microsoft hasn't shown for years. Then again... maybe China's scared of Windows for a reason.
This signature has Super Cow Powers
You guys are all, every single one of you, missing the point of Microsoft Genuine Advantage. Its primary purpose is *not* to prevent pirates from obtaining updates. Individual pirates can use this "crack" if they like, or they can just get their updates from somewhere else. Microsoft doesn't give a crap about individual pirates. Rather, Genuine Advantage is actually a *feature* for honest users whose intentions are not to steal Windows. These users are not going to use a "crack". Through Genuine Advantage, they either learn that their license is legitimate (which they can feel good about), or they learn that their license is bogus and are given an opportunity to make things right at a reduced cost. Microsoft gains because they sell a few more licenses, and more importantly they have a channel through which they can learn of distributors of pirated software.
In order to get updates now, you have to download and run this new code:
10 INPUT "Are you using a legitimate copy of Windows(TM) - (Y)es or (N)o", A$
20 IF (A$ = "Y") or (A$ = "y") GOTO 60
30 PRINT "Sorry, your copy of Windows cannot be updated."
40 PRINT "If you wish to purchase a legitimate copy, please call (555) 555 5555"
50 GOTO 100
60 PRINT "Thank you for purchasing a genuine copy of Windows"
70 PRINT "To download important security patches please type the following address"
80 PRINT "into your Web browser: http://www.updates.microsoft.com/"
100 STOP
AT&ROFLMAO
when Microsoft sues Slashdot and Digg.com over widely publishing ways to circumvent their copyrighted software.
If people were honest they wouldn't need this in the first place. Don't harp on Microsoft for being unethical, franklin-greedy individuals when you know damn well at least half of your friends have an illegal copy of Windows lying around. If you really want to enact change and get people using linux then don't proliferate this bullshit of spreading illegal Windows copies all over the place. And don't tell me I'm wrong because just a few hours ago a several posts were made on slashdot with the location of the Windows Vista DVD image. You're not too bright if you think they'll become second place on computers when your proliferating there software daily.
Everyone starts talking about this and people will believe sush a thing really exists - that's all that matters in the end - w00f!
In Soviet Russia, ... oh you beat me to it. Nuts.
It must be Windows. It needs half a gig of RAM and a hardware-accelerated graphics card just to run Solitaire.
ms windows is full of bugs, holes [intel would call them errata and not fix them].
windows update is primarily intended to push the fixes for these bugs and holes to your defective product.
ms markets the windows update functionality as a selling point of ms windows [stay up to date with windows/automatic update].
sure they can stop doing this, but it will anger their customers and may lead to some class actions for deceptive marketing practices...
sum.zero
You don't know whether there is a second layer of protection which will, say, wipe out your hard disk a month from now, if you tamper with their first layer. With regular customer, the punishment is just the cost of new windows. With hacker, it is the whole hard disk or worse (e.g. they could leave a backdoor and watch what you're doing and what you got on your machine from now on, although they likely have a few already).
Genuine advantage may seem like a pisser... But oh, is it ever worth it. Heck, for participating in the Genuine Advantage program myself, I was able to download this terrific program called "Match Up" FOR FREE! What an amazing game. Wow. It was soooooo worth it.
I feel so bad for the richest company in the world that there are still some dollars out there that don't belong to them. Please Microsoft catch every single person using XP and make them pay. You can never have too much money right?
This is probably one of the more briliant ideas from M$ in a long time: consumers who get/got screwed by their OEM can trade evidence that their OEM is shifting fraudulent copies of M$ software for legit copies.
1) Let OEMs shift fraudulent copies
2) Get the customers to seek relief from said fraud
3) Collect evidence against OEM
4) Go after said OEM's pockets
5) Profit (fraud + copyright infringement + etc. = most likely more than enough to cover legal costs)
sounds kind of like everyone who wnats can get windows for free now... 1. Download Windows XP Professional from Bittorrent 2. make CD 3. Print cover on CD. 4. Print paperbox. 5. Fold paperbox. 6. Take picture. 7. Send picture as proof of buy to Microsoft and report you got it from some Thaiguy. 8. Recieve free Windows XP Professional. 9. ??? 10. Profit.
My dual Athlon 1GB/250GB with a Geforce4 Ti4200 and 17" flat panel display was $500.00. Windows costs more than half that, and Office costs more than that.
You'd have to try REALLY FUCKING HARD these days to spend $2k on a PC.
This is about as "interesting" as watching laundry dry.
Just because its JavaScript now, doesn't mean it will be in the future. IMHO, this is just the first step. Today, its a javascript check. Tomorrow, who knows what they'll do.
Does this new validation system apply to win2k?
I've noticed that there is an update for win2k that has a new way of doing updes (if you know what I mean).
Should one download this new update or will it cause problems?
Yeah, you're right, but it tells something about "code culture" when they don't do input validation even in such a critical (from bussiness/money point of view) module.
Exactly. It seems pretty clear that they are after the resellers of pirated copies and not the end users. They are offering a free key to those who unknowingly bought a pirated copy, per their FAQ:
"The Microsoft genuine Windows offer is designed to help customers who unknowingly purchased counterfeit versions of Windows XP, by offering those who qualify a complimentary copy or electronic license key for a genuine copy of Windows XP."
And
"Microsoft will make a complimentary copy of Windows XP available to customers that have been sold counterfeit Windows. Customers will be required to submit a proof of purchase, their counterfeit CD, and complete a counterfeit report with details of their purchase. Only high-quality counterfeit Windows will qualify for the complimentary offer."
I'm assuming that the high-quality counterfeit requirement is to stop people from burning a CD, making up a story and/or reciept, then getting a free copy.
Sadly, Microsoft will issue a new version of Genuine Advantage that disables the hack and make you use the new version before you can use Microsoft update
To appear tomorrow on Slashdot:
javascript:void(window.g_sWGACheckVersion='2.0')
the only thing they are missing is the article is how to do this correctly. If you need to remove the language portion of the URL. the end result should look like this. http://update.microsoft.com/windowsupdate/v6/defau lt.aspx?javascript:void(window.g_sdisablewgacheck= 'all')&ln=en-us if you looking for US English.
My sisters copy which i used a keygen to produce the key to many years ago is still updating fine...
;)
I guess the key she uses is now registered to her computer
So I want to sue you.
I will gladly loose all of life's battles.. in order to win the war..
...using the IE engine. Putting the javascript line into the location bar seems to automagically flip it to Firefox rendering.
Hm, you'd think that the folks at AOL believe IE's javascript handling is sub-standard or something...
http://www.extended64.com/blogs/rafael/archive/200 5/07/27/1026.aspx
Applies the hack automatically when you visit microsoft.com sites.
since it's all client side, they have no way of flagging anybody as far as I can tell.
Not necessarily. Client-side Javascript code can write to a cookie, and the server can read that cookie on subsequent submits. The client side Javascript can even communicate the cookie to the server using the XMLHTTPRequest object, or with an iframe, eliminating the need for a subsequent user-initiated request.
Not that I expect them to go to all this trouble, and I'm definitely not saying that they are doing that now. I'm just saying it is theoretically possible.
The first time I tried to reinstall Windows XP because I fucked up my computer, and had to use my cell phone minutes to call some jerk who couldn't speak english, and have him interogate me as to why I have a different system configuration, and a host of other topics I have used something such as Windows Nemesis for installations of windows. As someone who is always breaking my computer and fixing it, I refused to have to call someone everytime I feel like resinstalling a piece of software a payed for. asshoes. Viva La Cracks.
It is reaping what it has sowed on businesses, governments, and individuals for nearly 20 years.
I will gladly loose all of life's battles.. in order to win the war..
Actually if you need to use the car comparison, a better representation would be this: It won't stop the professional car thief, but it will stop the person who unknowingly walks up to the wronng car in the parking lot and expects to be able to unlock the door and drive away.
Many, many people have bought pre-built PCs with Windows loaded on it by a PC builder that was pirating Windows to his heart's content They just have no idea it's not legit.
what the hell? if you use windows pay for it! it's a goddamn product not free beer.
if people are stupid enough to buy it then it's their fault, microsoft is only doing what any company would do.
you don't blame google for showing ads, do you?
..use a hex editor, and permantantly disable this annoyance.
%systemroot%\SYSTEM32\LegitCheckControl.dll
@0002BE98h:
8B45D8 --> 33C090
I just don't see anyone trembling in their bootloaders over that possibility
In fact there are probably thousands of script kids salivating over that thought, as we laff!
I will gladly loose all of life's battles.. in order to win the war..
To get the free version of Windows, a customer must fill out a counterfeit report identifying the source of the software, provide a proof of purchase and send in a counterfeit CD of the software. If customers don't have all of that information, they can still fill out a counterfeit report and receive a copy of Windows XP Home Edition for $99 or a copy of Windows XP Professional Edition for $149, Lazar said.
Switching to translation mode: "Be a Microsoft informer. Betray your family & friends. Fabulous prizes to be won."
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
I still use Windows 2000 Professional because I didn't like the vibe I got from XP, what with product activation and all. My thinking was, even if it turns out to be harmless and never rejects valid copies (ha!) or if I find a way to bypass it, they will sneak something in after the fact. Well, not only was I dead right, but they back-ported the requirement to Windows 2000 as well with Windows Genuine Advantage!
.NET Framework), or desired purchased software updates (Office). Is there a way to get these without installing WGA at all?
I want no part of WGA, for the same reasons I wanted no part of XP. I have offline access to SP4 and SP4 Update Rollup 1, but that doesn't help me get other security updates (which are still available to everyone for the time being), desired gratis software (DirectX, Windows Media Player,
11. Go to prison for perjury if they figure it out. Not to mention pay MS for the copy of Windows and possibly the cost of any investigation they did as a result of your statement.
That counterfeit report you have to fill out? Probably you need to endorse it under penalty of perjury.
If the unknowning "customers" with a whitebox setup from an unscrupulous dealer didn't actually purchase Windows, then they aren't Microsoft's customers, are they?
Regarding the backdoor issue... several universities, and just about every national governemnt, have source licenses to windows.
If there were a backdoor, I think some proferssor somewhere would have said something (possibly the day after retiring, or sealed in his will).
Comment removed based on user account deletion
I'm sure if MS software was backdoor ridden, these would be found by blackhats VERY quickly, henceforth brought to public eye, and removed.
Unless of course they spend more time, money, and effort on the backdoor than the house. Even MS wouldn't do that... would they?
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
You can disable the tool from within IE. Just go Tools > Addons > Disable Windows Geniuine Advantage
Actually, the main idea is to delay access. The harder it is and the longer it takes, the more likely it is that the perp will be noticed. Hopefully, they'll give up and go elsewhere rather than stand there and increase their chances of getting caught.
Any sect, cult, or religion will legislate its creed into law if it acquires the political power to do so.
Perhaps the biggest vulnerability is a VLK. Install Windows XP with one of these and you will never be bothered by any kind of validation nonsense, hacks or otherwise.
Me thinks people at Microsoft know it can be disabled, they might be having a different reason for it. And no, I dont work for MS.
This stuff is begginning making Linux look more and more appealing all the time...
No but it's assumed in most cases.
If you buy a vacuum cleaner, you expect a working belt to come with it.
You buy a fax machine, you expect a reasonable amount of toner to come with it.
It really is a smart way that MS is trying to catch the unscrupulous dealers but shitting on potential customers is just plain wrong.
It's like buying flood insurance for you house and your house floods and they don't cut a check for you.
if you steal from one source, that is plagiarism, if you steal from many, well, that's just research.
Server 2003 isn't effected by this. Personally, I've found it to be much more stable than XP (like the stability of 2000, but with the extra features of XP). If you can stand not having themes and window effects, it's great, and plus, you can still update it (even after this "crack" is fixed).
I'm with you on the blackhats quickly identifying a backdoor - but I'd be guessing they would USE it themselves - if they are smart, to deploy alternate backdoors that will stay open once MSFT is forced to close the backdoor.
Its the whitehats who I'd be expecting to find and communicate the backdoor to us. Here's hoping in this scenario they are on their game.
Microsoft might be stupid in a lot of things, but they know how to hold on to their market share. The last thing they'd want to do right now is start tracking down and prosecuting people with warez copies of windows. After a few test cases to let everyone know they're serious, some people would buy legit copies, but there'd be a big move by the people who know enough about computers to be able to buld their own machine and avoid the microsoft tax to look at the alternatives they've been hearing about but hadn't quite gotten around to trying out.
That group is the people that help out friends and family with computers. The people who everyone turns to and says 'is this worth x dollars? it's got 3 gigahertz of ram'. Somehow I don't think that scenario is worth the amount they'd get from those who chose to go out and legitimise their installs.
"Cracked in 24 hours"? I 'cracked' it so long ago (Proof) I'm surprised that this is even news. And you don't even need javascript enabled - all you need is "WinGenCookie=validation=0;" in your cookie. So just paste this into your location on any microsoft.com page: javascript:document.cookie='WinGenCookie=validatio n=0; expires=01 Jan 2999 00:00:00 GMT'; void 0
I mean, it was just so easy and obvious; I can't believe everyone else hadn't already found out about the easy ways to bypass it long ago.
... is that if you put this in a Google query, it is smart enough to correct it to "attorney".
Just to find out it was now broken. Validate!? Again!?! WTF...so I patched it...hehe
They must have told a 1st year CS intern to make this up a friday afternoon.
There's another reason for locks and alarms: To make your car (or whatever) more of a pain to steal than the next guy's. It's like the joke about the campers who hear a grizzly bear coming. One starts putting on his running shoes. The other says, "What are you doing? You can't outrun a bear!" The reply: "I don't have to outrun the bear. I just have to outrun you."
Can't afford it ? Do not use it !
...
..... of course the licence number could not be used from my laptop version so I googled a serial FOR MY PURCHASED COPY
.....
... but personally I get screwed by MS for the second time..... and there is virtually nothing I can do other than walk into a store and buy an expensive piece of crap software that will be obsolete ... on top of that I only use WIN to run IE to validate some work I do on "other" systems ...
....
There are exceptions that MS should handle:
e.g. I can afford it but i refuse to buy it again.
I was forced to buy one with my laptop, I use the laptop with linux, and my purchased version does not install on a normal PC (and there was not a sign: beware this crippled version won't install anywhere but this crappy piece of hardware)
so I "borrowed one" (I figured that If i bought it i use it because I paid for it).... everything was fine until I wanted to DL some update nowadays
Now what can I do ?
Same with a wk2 copy... I bought it, I have the original CD, but I lost the little book with the serial
I understand that there are people who do not want to buy something and choose pirating and so
Ahh I think it is time to slide that debian CD into my windoze box now
I need a new laptop and I will get an iBook just so i can have a unix-like system and do not throw an other CD into the trash with a valid serial, unable to use on a desktop PC (where I would actually need it)....
All of your analogies are flawed.
/. posts.. the fact that a) only new content is being withheld, not security fixes. So if your "vacuum" is broken, the manufacturer is still going to fix it for you. They just won't give you the new attachment. And b) duped computer buyers will have the chance to get a legitimate copy of Windows at no extra cost, albeit given a few hoops they have to jump through. Considering Microsoft is under no obligation to provide this, legal, ethical, or moral, it's a pretty good deal. They're not screwing any of their users, they're just trying to stop illegal distribution of their product.
If you buy a vacuum cleaner, you expect a working belt to come with it.
But people who buy an open-box vacuum off the back of a truck and discover that there is no belt probably aren't going to complain to the vacuum maker. And if they do, the vacuum maker is going to laugh in their face.
Without the CoA, a Windows license/installation is no better than a vacuum cleaner bought off the back of a truck.
You buy a fax machine, you expect a reasonable amount of toner to come with it.
You might expect it, but unless that's written on the box, you shouldn't complain if you don't get it. And again, we get into the "authorized retailer" game, where someone might sell you a used or stolen fax machine without the box and all the manuals. Microsoft is targetting people who bought a PC from a retailer who didn't give them all the manuals/CoA/License, etc. Everything you're talking about has the unspoken assumption that you've purchased it legitimately and from either an authorized retailer or the company itself. No one who buys Windows off the shelf from Best Buy is going to run into a problem with this security check.
It really is a smart way that MS is trying to catch the unscrupulous dealers but shitting on potential customers is just plain wrong.
Ah, so you prefix "customers" with "potential". That's good.
Of course, you still overlook the fact that's been pointed out several times in various other
It's like buying flood insurance for you house and your house floods and they don't cut a check for you.
That's not even an analogy to this situation.
Someone a while ago posted a link to an app that does what Windows Update does, only I can't remember the name of it :( Anyone know of any alternatives to windows update?
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
So far i counted five cracks. I am particularly interested because WGA does not recognise my copy of Win2k, a legitimate upgrade. So there is little left to do other than to patch it. W
OS/2 - because choice is a terrible thing to waste.
The funny part will be when the Chinese and many parts of Asia start updating their systems. I wonder how M$ will handle that!
My bet will be at some point, M$ will have to stop this altogether OR they will make a huge exception for the other half of the world.
It will be interesting to see......
MS software _is_ ridden with holes. However, what the black hats do with them is find them, then, do _not_ bring them to the public eye, and, then, sell their services to organized crime, other nations, unscrupulous corporations, etc. Any other view of the world would be naive.
i was specifically commenting on the parent's assertion that ms are under no obligation to provide ongoing patches to their customers...
sum.zero
In the counterfeit report, you also have to supply a receipt for the pirated software from the vendor. No receipt, no free XP.
Of course, you can always fake up a receipt...I think the law calls that 'uttering and publishing', and although it's not counterfeiting per se, it still carries a hefty penalty.
Have fun with your scheme, and don't pick up the soap.
____
~ |rip/\/\aster /\/\onkey
This only applies if your "friend" sold you a pirated copy as a real one. What friend is that?
If customers don't have all of that information, they can still fill out a counterfeit report and receive a copy of Windows XP Home Edition for $99 or a copy of Windows XP Professional Edition for $149, Lazar said."
So looks like even if you dealt in a shady off-the-truck operation, you would still be eliglble for OEM pricing.
Such a deal! I'm building a dual-boot box for a relative and picked up the real deal OEM Windows XP Home with COA and snazzy holograms for around $75 (with the required hardware of course - a dead 64MB SIMM at no charge). Let's face it, $100 dollars for Windows is no deal. The profit margin on the product is over 80%, while the competition's product can be had for the price of a download.
Family and friends??
No, this is to nail 'whitebox' sellers who purportedly sold you a copy of Windows XP but just pocketed the proceeds and left you high and dry.
what the hell? if you use windows pay for it! it's a goddamn product not free beer.
That's got some validity, but would you pay full price for a new car that had doors that wouldn't lock, the engine stopped at random times and required a minute to restart, and whenever you stopped at a gas station, strange heavy things were loaded into the trunk and you had to take it in for service to get them out? More likely you'd be suing the manufacturer under the lemon law. Cars come with a warranty that gives rights to the buyer; Windows comes with a EULA that gives rights to the seller.
microsoft is only doing what any company would do
Most companies don't have the ability to abuse a monopolistic position, because most companies don't have a monopoly. Even Intel has been very careful to try not to cross that line, but perhaps not careful enough according to AMD. So no, Microsoft != any company. To paraphrase Dan Gillmore, American capitalism should be about honest, tough competition, not a knife fight.
It's unknown in the small town I live in now, but I saw lots of sketchy software in Vancouver.
"A language that doesn't affect the way you think about programming, is not worth knowing" - Alan Perlis
...Is the possibility that perhaps not all posters on /. have english as their native language, hence making these sorts of posts pointing out spelling errors a bit silly.
So if you want to frame your next door neighbor, you can put his address as the OEM that sold you the pirated version! :-)
Now that a workaround has been found to make it useless, will they remove it now? I installed it on my parent's laptop (OEM, with a legitimate, paid-for XP install), only to have it hang 45 minutes into the installation, leaving them with no access to any updates now (it seems to have broken both the version of windows update they had, and the new one it was trying to install). Way to go Microsoft!
I especially liked the part about how this 'new Windows Update' would make my update experience faster and more reliable'...i'm sure my pirated but secured windows box would be much faster than the average user who paid $300 to an OEM for his now-spyware-ridden, virus-bearing, spam-spewing zombie box. How exactly is the pirated software slower? Benchmarks? (and could we trust them?)
Stasis is death. Embrace change.
Holy cow!!!!! XP is still $150? I haven't checked lately, but is Windows 98 still being sold at Walmart for $80?
Some people get very upset when personally identifiable data is sent to servers. Does Microsoft ever send the Windows serial number across the network today? I am guessing that they chose to do this client-side (knowing it would get bypassed) because they did not want to deal with the backlash from passing the data to the server.
I was surprised my copy actually validated.
/. article, I connected to Windows update, while looking for a spare CD-RW to put Ubuntu on should it fail.
I had bought a Dell Dimension with XP home pre-installed. I booted it up once (just to check if it booted), but didn't allow it to register. I then wiped the hard drive and installed linux.
I have an old Dell laptop (366 Mhz PII) running Windows 98. Since I had just gotten an iPod as a present and needed to run iTunes, I needed a machine that runs XP (thanks, Apple). I used the CD to upgrade the laptop to XP since I figured I had technically paid for XP when I bought the new Dell.
So, after reading the previous
And lo and behold, it passed. WTF?
What MS figured, that nobody who didn't know they had a pirated copy would use this, has a major flaw.
Imagine a Fortune 1000 manager doing updates. Maybe this person isn't sure where the licenses came from. OEMs have given out bad copies before, and this is all a legal mine field. Now, does this person expose the company to a potential fraud scandal, or simply code in the exploit for the next round up updates (if they aren't already scared away from all updates because of SP1/SP2 horror stories) ?
Now imagine a different situation. Adware companies can easily hijack certain urls. What if fraudulent OEMs ship with adware, and they simply fire up an internal routine updater to run the hack as well?
If someone is putting illegitimate copies of Windows on computers, you can bet they know about this hack, and you can bet they will take every measure they can to cover their asses. How many off the shelf computers today come with their own custom patch/update programs? Quite a few. Adding this hack into their update, before you could hit MS's update, would not be difficult.
MS will only catch the stupid/unprepared piraters, and of those they do catch, they'll be middleman OEMs who most likely themselves were duped (just like in the past).
I know its a really dumb thing to say, but I'll still say it... I can't believe a world leading software company has the security thought process of a newb's "I'll hide my page with a 3 digit javascript code" mentality.
And then they expect me to download their security updates?!? Are you KIDDING ME?!?
I8-D
Indeed. MS is not so stupid to call something so easily circumvented by simple javascript a security measure. Think back over the history of windows - its largely thanks to pirating that MS now dominates the desktop market, and they know it.
I'm sure if MS software was backdoor ridden, these would be found by blackhats VERY quickly, henceforth brought to public eye, and removed.
That's exactly what has been going on for the last ten years, replacing one backdoor with another. Before you advise me to check my tinfoil, you should look some history of Microsoft's business practices. Microsoft was caught once inserting a "bug" in Windows that would crash DR's CP/M (a Bill's memo revealed in a court case few years later showed that it was done purposefully). Also, recall that AOL was caught few years ago with a backdoor in their AIM disguised precisely as a stack overflow bug (they were stupid enough to leave some code in the distribution which worked together with the "bug"). With Microsoft's resources, they could put dozen Indians on every single buffer in their source and be done with these so-called stack overflow bugs in month. Instead, all they do is keep moving the bug from one buffer to another, which gives them few months of functioning backdoor ahead of the black hats.
Another benefit of the scheme is that it keeps customers dependent, coming back for "fixes" (so MS can track your software use and check legality of your Windows, or whatever else they or the bureaucrats are interested in).
Based on your analogies, I can only guess that you were high when you wrote that.
this text is not here.
sum.zero
They're too busy wondering why manhole covers are round.
Mumia Abu-Jamal is *laughably guilty*. Check the evidence.
I hate "me too" posts, but I'm afraid I have to make one here. Microsoft isn't 100% evil, just like [blank] isn't 100% good. They're realizing that a number of people are getting screwed via pirated software, and they realize that they themselves are also getting screwed by said piracy. They're attempting to rectify the situation in a relatively unobstrusive manner. What's the problem? There's no snitching on friends, since your "friend" screwed you on stolen merchandise, in essence tricking you into criminal activity. I don't see the harm.
HI, MY NAME IS ISAAC.
Usually MS tries to hide its evil ways ... at least somewhat.
... all of which it is obvious that no new installer is actually needed for, it could all be done on their side just as easily. No mention of the WGA validation tool, just that you need the new installer (even though automatic updates works fine)
... voila! it says thanks for installing the WGA validation tool. It doesn't say thanks for installing the new installer ... just thanks for installing the WGA validation tool.
.... now's your time to shine.
The WGA tool however has been hidden in a way which I can see some litigious bastard somewhere jumping on for a good lawsuit.
You go to the windows update page. It tells you to download a new installer with great new enhanced features. It lists the great new features
And as soon as you've installed it
So they told you you were installing one thing, and they thank you for installing something quite different.
That pretty much defines what malicious spyware is.
litigious bastards
George Bush + Linux = "I will not let information get in the way of the fight against Windows"
Let me get this straight...
If I want to buy a cheap, legit copy of Windows, why can't I,
1) Go to shady dealer and knowingly purchase counterfeit Windows for, say, $50
2) Give Microsoft everything they want (CD, Proof of purchase, etc.)
3) Receive entirely legit copy of Windows at no extra charge.
How exactly is this good for Microsoft?
I, for one, welcome our new karma-whore sig writing overlords
The problem with Windows is, and always has been, that it's intended to be easy for new users. This is good in that it is, well, easy for new users. The problem arises when it becomes annoying for people who actually know what's going on, and when the layers of "user friendliness" becomes anything but by hiding all sorts of stuff from the user.
On my Linux system, I know what it's doing. If nothing else, I can look at the process listing, look at the manual pages for the various applications, and if I'm really suspicious I can strace/ltrace the thing. It's also easy to kill it. On my Windows system, on the other hand, it's very difficult to find out what the hell half the crap that's loaded is. Is it really needed? Is it fluff? Is it for some random feature? Is it something that's a potential security hole? Hell if I know, due to lack of documentation, lack of development tools (unless I buy them), and the lack of source, among other things.
Windows is good for the casual, "I don't care how it works" kind of user, especially if that user doesn't care one wit about data and system security. It's remarkably bad for someone who needs/wants to know how things work, and who does care about data and system security.
Windows has its niche. Granted, it's a pretty big niche. But it isn't mine, and aside from playing games and hotsyncing my Palm (damned Windows-only desktop-side apps), it's a pain in my ass.
Use what works for you. In the case of Windows, don't be surprised when it's ridden with spyware, viruses, security holes, ill-defined applications that are all over the place and you don't know what they do, et cetera. In the case of Linux, don't be surprised when hardware support blows chunks (not that I think this is right, mind you).
All that said, I seriously doubt Microsoft would implement something like that. Historically, they have, but supposedly unintentionally. (I've had NT installations wipe their drives, Windows scribble all over Linux partitions, etc.) If they did it intentionally, the blackhats would be all over it and cost Microsoft more than the entire thing was worth by releasing the next fifteen versions of Slammer targetting different vulnerabilities.
Doesn't using AutoPatcher sort of make windows update superfluous?
Opera, Proxomitron-Grypen,GPG 0x0A1C6EE3
Seems to me that they closed it (Win2KSP4, IE6SP1). It installed the damn GA ActiveX no matther when I tried that javascript.
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
There are $2,000 and higher PCs but you won't find them in Walmart or Dell. I guarantee you that a dual Athlon 64 system with 8-12GB of RAM, a 2TB RAID 5 array, and dual GeForce 7800 graphics cards will run you over $2,000.
Its "Don't drop the soap." Unles of course you were trying to give him a "heads up" before bubba does.....
I'm abroad, in Israel; I RARELY see a legal copy of Windows; no-one has a CD, and it "just came on the computer" they bought from a local, small company that puts computers together.
They aren't targeting the tech savvy people you happen to know, that's all.
I'm a concientious
It's good for Microsoft because they now know exactly who and where the shady dealer is and can go after him.
This policy wasn't intended to fight P2P piracy (not directly anyway).
Adversive
My cat's breath smells like cat food.
Russian pirates suggest that you go to IE options->Programs->Add-ons and disable Genuine ActiveX. Then just load the updates from the web site.
It is easy to find a cheap new computer w/ XP home pre-instaled but hard to find the same w/ XP pro. I wish I could upgrade Home to pro for $50.
let's see... i would by another car. will this do ?
Rich
Note that step four is optional.
Buy Microsoft, for another 4 glorious years of total EULA enforcement :-)
They certianly would rather someone use a pirated copy of windows than switch to Linux. If everyone who couldn't afford or refused to pay for a copy of Windows used a different OS instead, then Microsoft would have much less of a market share then they do now, especially in countries like China. The battle for OS domination is more important to them then just about anything else. They can't efectivly cut off support for all illegal copies of windows without creating a worldwide zombie pandemic, so they use weak protection while slowly forcing more and more illegitmate users over to the paying side. Makes perfect sense.
I've always thought that the best way to actually eliminate something is to make it legal to be a consumer, illegal to be a provider (or the other way around). Thus, make using drugs legal, but selling or producing drugs remains illegal. I guess Microsoft finally figure out the same thing.
yeah and don't forget Microsoft never read /. and they don't know about this so called hack so it will never get fixed.
I reckon this 'hack' will last a few days at the most.
I just wanted to get the word out with this somewhat OT post: I, too, had been frustrated with the steep learning curve of the GIMP just to get some simple stuff done. I found that Kolourpaint works well, and the moment you run it, you'll know how to use it the way you can use MS Paint for simple image editing, circling someone's face in a photo, drawing arrows to it and putting a text label, etc.
Best of all, they now have a version that is statically compiled, so that you don't need to worry about having KDE 3.3 or having the right libraries; just download the single file, decompress (no need to install) and run. You don't even need to be using the actual KDE environment if you have some of the basic libraries. From the web site: "The Generic Linux/x86 + KDE3 Binary needs no installation nor root - just decompress & run. It works on most GNU/Linux/x86 distributions released after August 2002. Specifically, it requires: Linux/x86, KDE 3.x, Qt 3 (>= 3.0.5) with threading, X, glibc 2.2, gcc 3.2 ABI."
The web site is here: http://kolourpaint.sourceforge.net/download.html
Microsoft "Genuine Advantage" cracked in 24h: window.g_sDisableWGACheck='all'
AV sez, "This week, Microsoft started requiring users to verifiy their serial number before using Windows Update. This effort to force users to either buy XP or tell them where you got the illegal copy is called 'Genuine Advantage.' It was cracked within 24 hours."
Before pressing 'Custom' or 'Express' buttons paste this text to the address bar and press enter:
javascript:void(window.g_sDisableWGACheck='all')
It turns off the trigger for the key check.
Nice Red Dwarf reference.
The kind of friend that would save you from spending hundreds of dollars on something that shouldn't cost that much?
Everybody throws morals out the door every once in a while to benefit themselves. It doesn't make them evil people. Just because they pirate software doesn't mean they will rob and rape you.
and receive a copy of Windows XP Home Edition for $99
That's $89.99 at Fry's or Costco (without the additional paperwork burden), isn't it?
This is why I use Linux and open source for nearly everything. Mod'd xbox, mod'd tivo, linux everywhere. What's the point of being clever and knowledgable if you don't use it to your advantage. I learned from Microsoft and other capatalists to win at all costs and take advantage of every opportunity. You reap what you sow.
3. Print cover on CD.
*looks at his shiny WinXP CD, all nice and holographic*
Uhm...how do I copy this?
No, because Microsoft could set up whatever price discrimination schemes they wanted to make it affordable to anyone. Right now, they get $0 for pirated copies.
Instead of letting Bob pirate a copy, sell it to him for $5.
Any program relying on (nontrivial) preemptive multithreading will be buggy.
let's see... i would by another car. will this do ?
No. For most people, Microsoft is the only car dealer there is, and that's the way Microsoft wants it.
Am I the only one who read [blank] as Google??
of course, microsoft is perceived as the only dealer - but you must also take into account reasons why is it so. are there legacy applications ? are there compatibility issues ? or is it simply a lack of information about other dealers ?
;)
for mentioned most people that probably would be the latter.
i wouldn't say there is an extreme lack of choice - you just have to know what to choose.
just yesterday i spoke to a person that qualifies as "receiver of free family/friends support". he was interested in a new computer for basic word processing, spreadsheets and internet browsing. he already uses openoffice.org, firefox/opera, so he knew he doesn't have to buy some expensive software in that area. but he was pretty sure that he would have to buy (or pirate) windows anyway. given that he does not depend on legacy apps, his needs are relatively simple - there are a lot of 'dealers' that he can go to. and that's where i'm taking him
Rich
1. ms eula is illegal (like most software vendors) because you can't sell a product "as it is" and adveritsing it's features but if it won't work as advertised the producer doesn't take any responsability for that. It's like you would go to a restaurant and if the food they serve it's poisoned they tell that they sell it "as it is" and it's not their problem if you got ill ! Wouldn't you shoot them ?!
2. win was created for entertainment and should be used only for that - it would be insane to use it as a server/development platform (sure that it depends on how you configure it,
3. the only versions of windows i've paid for are win 3.11 for workgroups which was a good piece of software worthing the $ and win95 which was a piece of junk. since win95 - total waste of money - i'm not paying ms for any other trashOSes, i'm just installing/testing/ and dropping them to the sandbox.
of course, microsoft is perceived as the only dealer - but you must also take into account reasons why is it so. are there legacy applications ? are there compatibility issues ? or is it simply a lack of information about other dealers ? for mentioned most people that probably would be the latter.
Agreed. If you don't know there are choices, you don't have a choice, and that's what Microsoft wants and is how it maintains unbelievable profit margins. That doesn't make its operating system worth $200.
i wouldn't say there is an extreme lack of choice - you just have to know what to choose.
For non-techies, there is no choice. Microsoft a) makes sure that Windows is the OS installed on your new computer, and b) that you are afraid to use that Linux thing if you do hear about it.
given that he does not depend on legacy apps, his needs are relatively simple - there are a lot of 'dealers' that he can go to. and that's where i'm taking him ;)
Good. He's one of the lucky ones. Most Windows users don't have anyone able or willing to help them through a transition to a different OS, so they are stuck paying a ridiculous amount for a license to use a broken product.
I wonder, is any of it actually worth the money? I imagine Microsoft spends millions, possibly billions on anti-piracy efforts. For what? Piracy hasn't gone down at all since they've started, quite the opposite. So why bother at all?
This signature has Super Cow Powers
Oh wait, it gets better! Didn't you see where people might not have every last detail on the counterfeit form and still have to pay. So either way, Microsoft gets money. What is the bet that there is some obscure little thing that almost nobody will be able to remember/find/discver that will make them have to pay. So you have fraud+copyright infringement+more sales+etc At least that is what the pessimist in me says
If you have all of the following:
1) bill with vendor address on which the Windows copy in question is present
2) the Windows certificate
3) the Windows CD
Then there is not much else Microsoft could ask for. Keeping bills is good practice to collect insurance in case of theft, flooding, fire, etc. Windows certificates and CDs should be kept for as long as the copies in question are going to be used. There is no good reason for people not to be able to produce at least these three pieces of evidence... unless the vendor did not provide them in the first place, which would be awfully suspicious.
Just go to Tools/Manage Add-ons, look for Windows genuine Advantage and disable it..
Now, you can update your xp again..