Slashdot Mirror
Dvorak on Windows Genuine Advantage
PadRacerExtreme writes "Vista includes the much maligned 'Genuine Advantage' layer inside, which ensures that your copy of the OS is legit. If you're running a non-validated copy you get no upgrades, no security protection, nothing. That's all well and good, but what happens if a cracker tweaks that Genuine Advantage layer for its own good? Dvorak sees a huge problem, just waiting to happen. What's the vulnerability?" From the article: "I suspect the policeman [WGA] will actually be hacked before the OS. It might actually be easier for the pirates to create a fake cop that constantly authenticates fake versions of Vista than it will be to create a Vista imitation that can pretend to be a legitimate version. There is some irony to that idea. But that's none of my concern. I'm more worried about some joker creating a virus or exploit that turns the good cop into a bad cop, and I can only imagine the destruction and hassle that will ensue."
Dvorak's forecast of the future is often wrong.
Great new book on Evolution: The Greatest Show on Earth by Richard Dawkins
For instance, chainsaws are designed to cut off limbs. Tree, human, what's the difference?
WGA and successors are designed to disable Microsoft systems. OK, I'm sure that there are those who appreciate the help.
Lacking <sarcasm> tags,
The guy writes some symphonies back in the late 1800s, then in the early 1900s designs a keyboard that nobody except a few nerds can type on, and NOW he's criticizing Windows?!?!
Not only is this guy old, he should be commenting on things like piano typewriters or something like that...
TDz.
More complicated security simply means more circumstances for the code to be vulnerable. Windows continues to bloat in every direction and as a result, it continues to be an easy target. Now that so many systems areon the web, one wonders if there will ever be an exploit so complicated and devisive that it will shut down a significant portion of the windows user base. If this Security Cop layer of Vista gets hacked, a huge DOS will be easier than ever.
Funnypics
... on a virus right now that effectively shuts down any Vista computer by causing WGA to always detect the OS as a pirated copy.
Actually, for some reason, I had never thought of this before. You probably wouldn't really even have to mess with WGA all that much, just change whatever it's checking to see if the OS is valid. Not sure how easy that would be, but considering the number of false positives that are cropping up on XP, it should be quite doable.
Everything I say is a lie. Except that... and that... and that, and that, and that, and that... and that.
Whether or not you pass WGA, you still get critical security updates. It's not in Microsoft's best interest to have a few million illegal Windows installs out there being compromised because it harms the user base as a whole.
The real problem here is that Dvorak might die old, alone, and invalid. He must come up with this crap to feel like he's important. What if a hacker did this or that? I don't really care unless a hacker actually does it. People have been talking about someone pointing auto-updates to a 3rd party that would be able to install anything, but I've yet to see any widespread auto-update hack.
or else!
"It might actually be easier for the pirates to create a fake cop that constantly authenticates fake versions of Vista than it will be to create a Vista imitation that can pretend to be a legitimate version."
This is exactly what I was thinking when I heard that volume licensed versions of Vista would no longer take the product key's word for it (bye bye FCKGW), but authenticate and activate with a local server. I bet the first pirated versions of "Vista Pro Corp" will include a proxy patch or HOSTS entry that will point the OS to a server run by a warez release group, or maybe 127.0.0.1 with a host-side server.
Either way, it's going to really suck when people need to run a one or more instances of Vista Ultimate in a VM (yes, Ultimate can run in a VM) for testing and staging but quickly run out of licenses on the local activation server.
Server certificates are the basis for SSL, SSH, HTTPS, etc. AFAIK, nobody can make a fake policeman without faking Microsoft's certificate. I don't think Dvorak's scenario is reasonable.
Viruses can cause windows based computers to be unable to function properly, access windows update, or lock out the user.
More news at 11.
Beware. Vista is an OS like no other. I'm for one am not going to upgrade after reading part of the EULA. 4. Problem-solving prohibited. "You may not work around any technical limitations in the software." http://wendy.seltzer.org/blog/archives/2006/10/19/ forbidding_vistas_windows_licensing_disserves_the_ user.html/
He's an idiot. Stop submitting his articles. Nobody in the tech field (should) take(s) him seriously.
Couldn't a virus just change the local cd key, as documented by MS, to a pirated one? Then effectively they have a machine that can't be updated.
Even though he's occasionally mis-aligned himself, he DOES have a very valid point.
.. it's OSS .. but closed source stuff, why not)
... "DUN DUN DUN!!!" SKYNET...
But to what end? Why couldn't any kind of software do this?
Free anti-virus..(not Clam
SpyBot S&D
Ad-Aware
Hi-Jack This!
Could ALL be spyware-in-disguise. We don't know. How could we?
It's not just Vista's WGA we need to worry about. I mean, what better way to take over the world. Develop some cool little free app that EVERYONE starts using. Get it installed on a bajillion computers, then it grabs an auto-update and WHAMMO! You've got
= Grow a brain...
Denying unlicensed Windows instances access to security upgrades does to the Internet ecosystem just what denying poor people access to vaccines and other public health does: it creates incubators for plagues. The "underground" class of unlicensed Windows instances will offer criminals, vandals and spies a cesspool in which to multiply, and launch attacks on everyone. Since Microsoft cannot exterminate completely the global unlicensed Windows population, nor ensure licensed instances are invulnerable to these attacks, their WGA program is making everyone less safe.
--
make install -not war
Someday in the future a worm will set off a wildfire, disabling every windows box in the world in a single day. Everyone else will only notice that there suddenly was no more spam and wonder why. Then the spammers will notice all their bots are dead and they will create a new worm that goes out and fixes the vulerability in the few remaining zombies they have left.. So mircosoft's problem will be solved by the spammers faster than you can say Patch-tuesday.
Whihc brings me to another question. What happens when the WGA cop is triggered. Your machine still functions right? you just can't get updates or fixes for vulnerabilities....
Some drink at the fountain of knowledge. Others just gargle.
Whomever creates the crack of the century and turns the good cop bad, Please PLEASE be patient. Don't just send out the bots 2 days after Vista's launch, give Vista a chance to permeate the bowels of the gulible and self opressed - Then - and ONLY THEN can the bots be launched, creating a wondrous show for the rest of use to enjoy.
Microsoft has long been due the fruits of their incidious labor and it is only just that they reap the true rewards.
Microsoft ignores a redirect for microsoft.com in the host file. Try setting it to localhost on a XP machine and see what happens.
Woah! Someone check the weather, 'cause it's gonna be a cold day down in you know where. Dvorak just said something that makes sense! Of course, it's the same chain of thought that's been going on for weeks here at Slashdot, so it may not be his own original reasoning. But nonetheless, that's the first article of his I've read in longer than I can remember that didn't make me want to highlight all the flaws in his reasoning and send them along with proof of their idiocy to his editors.
Sunwalker Dezco for Warchief in 2016
-- Old Man Kensey
what will happen then? A big pile of badwill for M$. OK, if it's overly complicated to hack it will also be overly complicated to administrate by IT departments and also very sensitive for businesses as a whole.
It seems to me that every step M$ takes to make sure that no illegal copies are around it will also create more work for the IT department. And what if there is an unexpected problem popping up causing all legitimate copies to be locked from the users due to a flaw in WGA? Who will be paying the standstill cost? Not M$ in the first turn.
It seems to me that alternative solutions like Linux and the BSD variants will benefit most from this. The latest versions of the Linux distros aren't really that complicated to install and use, even if there still are flaws. (most notably the X11 config, which can be a real pain to get right, even if Fedora Core 5 seems to work acceptable there). Another item that can cause severe dandruff is the SELinux package, but I assume that there are work in progress on that.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
I really fail to see what incentive a cracker would have in making someone's legitimate copy of Vista appear to be illigitament. Granted, I'm sure somone will write it to see if they can, and it'll make it's way to a few people, but it seems counter productive for any big time cracker to do this.
Most of the people who send out these exploits aren't doing it to piss people off, they are doing it to make money. The thing is, a botnet only works when the zombied machines are running. If you are Joe Cracker, you want those machines up so they can be sending your spam, performing your DDOSes, and collecting information for you to sell to ad companies. What you don't want is for the machine to stop working so that the owner takes it in to be fixed - especially when the person fixing it might just put some antivirus software on there that will stop your bots from running (for a while).
Famous Last Words: "hmm...wikipedia says it's edible"
The upgrade market for PC's is very small. Those days were long ago when Windows 3.1 and Windows 95 were the hot OS. There's no incentive to pay $200 for a copy of an OS when $500 gets you a whole new machine with a copy already installed.
XP installs are almost all OEM copies, Vista will be the same way. The only people it affects are white box PC's (which are rare these days). Every PC that comes from a name vendor already has a license for Windows, which makes me wonder who the target is for these WGA activation patches.
You were mistaken. Which is odd, since memory shouldn't be a problem for you
he should be commenting on things like piano typewriters
It looks like you're composing a letter in the key of G, would you like some help?
I think the main problem is not that Microsoft (or anyone) wants to prevent/stop priacy. They have every right to. The problem is how they go about doing this. Basically, they are shooting themselves in the feet and are assuming their customers are guilty until proven innocent (see any parallels here to the RI/MPAA?). The way you deal with piracy is to address the demand for piracy. People are always going to pirate/counterfeit almost everything that's not already free (beer and speech). Look at the market for counterfeit merchandise. So what drives more people to use priated software or buy counterfeit goods? Price is a good starting place. Windows is DAMN expensive, and for those don't see Mac or Linux as an option (pussies) it's essential. So you get a cracked version. Just like the fashion obsessed MUST have a Louis Viton or Prada handbag, but can't afford it, so they buy the knock-off and hope no one notices. Second, you can go after the criminals without inconveniencing your customers. All you have to do is search for the distributers and shut them down/prosecute. There is no need for Microsoft to stay one step a head of the hacker's latest exploit, all they have to do (or the police have to do) is stay one step ahead of the latest ditribution methods. You find a site hosting cracked copies of XP, you have the ISP shut it down, you track who put it up, you prosecute. But like I said earlier, you have to address the demand as well. Microsoft really needs to lower the price. Afterall, they've already told you that you NEED Windows and that there is no substitute. If XP only cost $50, more people would buy it legitimately because they can afford it, less reason for them to knowingly break the law to get it.
Now since I mentioned it, let's look at the digital music industry parallel. Given that I'm a cheap bastard and don't want to pay for my music downloads, I'm not ready to stop downloading pirated music (Although I do buy CD's still). Others (lots of Slashdotters) however, object morally to the DRM that infests all of the legit music downloads. They don't have the freedom to do what you want with the music like you do with CD's and mp3's. Hackers are still cracking the DRM and will continue to do so no matter how much DRM you put in. Solution, don't give people a reason to pirate it. Sell mp3's, no AAC or WMA. The people will explore ways of using/sharing/whatever the music that no one ever thought of and further advance the way we handle media.
Jerry's Final Word: Stop treating the consumers like two cent whores out to make a quick buck and screw you over! Most of us dont' want to break the law, but if you push us beyond reasonable means, you better be ready to accept the consequences.
"It's not whether you win or lose, it's how drunk you get." -- H. J. Simpson
Two big problems with his proposed scenario:
#1: After vista 'detects' that your version is not legit, it gives you 30 days to fix that before actually shutting down.
#2: "Once a virus that makes the cop refuse to authenticate Vista hits the Net, then how can the problem be fixed? By definition and the way I see it, this will be an impossibility."
Well, while a small # of users will already be effected, I see something that prevents vista from being upgraded by paying customers is one of the few things that could convince MS to patch out-of-cycle. Fix the bug in WGA and release it after a couple days of QA.
I have my own DNS server on a dedicated BSD machine. Let them try to block that one ;-)
Technically, I see no reason why someone couldn't make a small DNS caching service that installs on a Windows machine and then set all DNS lookups to be redirected to localhost:53, bypassing the %SystemRoot%\System32\drivers\etc\hosts file.
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
Better yet, what happens if the virus repeatedly switches the product key? MS would likely give instructions to victims on how to switch the product key back to the one glued onto the machine's case, but each time you switch it back to a legitimate key, it'd have to reactivate. Eventually, the key will refuse to be activated on suspicion on key sharing.
If MS takes steps to ensure that valid product keys can always be activated, then they'd introduce a new way of pirating keys.
Not everyone who has pirated Windows XP would purchase Vista if WGA locks them out. Many won't pay for it/can't afford it (which is why they're pirating in the first place) and not everyone's existing computer can run Vista. Some will, of course, but some will switch to Linux. Linux is usable enough now, and someone who's desperate/mad that they can't run Windows anymore without paying microsoft money will likely try the free option. Not everyone who gets lock ut with WGA will go to Linux, but enough that I think this is a stupid move by Microsoft. A person running pirated XP today might buy a new PC with Vista later, or might encourage friends/family to. A person running Linux today is very unlikely to purchase Vista in the future and will encourage friends/family to switch. Microsoft has all the big name shops (well, besides Apple) selling only Windows boxes. That's the only anti-piracy they need (not that I appreciate that), and the only kind that won't bite them in the ass. Of course, I'm a Linux user, so I'm not complaining. :-)
"What is Internet Explorer 7? Are you saying we can't access the normal internet?" - I love tech support. Really.
Uhm, perhaps they're meaning "You may not hack Vista Home Basic (or whatever the cheapest version is named) into Vista Ultimate by changing a registry key".
These aren't all the same Dvorak. The composer was Antonin Dvorak, John's grandfather. The keyboard designer was Dr. August Dvorak, his father. Unfortunately, this family line of geniuses stopped cold there, with poor Johnny being an idiot child and getting into journalism, making a successful career somehow of writing moronic columns in computer publications for 25 years.
Bugs are not technical limitations. Converting a cheaper version into a more expensive is. Hacking a non-administrator account into full-access is.
Hell, I think that they may be referring to "don't try to run Vista RC2 after the beta license expires". Or "don't try to install drivers that are known to cause crashes and are forbidden to be installed".
On 10/9 on a This Week in Tech podcast (http://www.twit.tv/72), Dvorak said that Google will never buy YouTube. I haven't listened to it yet, but in this weeks podcast, I think he talks about it (http://www.twit.tv/twit73.
You may be victim of software counterfeiting. This copy of Windows is not genuine and is not elegible to receive the full range of upgrades and product support from Microsoft.
Click Get Genuine now to get more information and resolve this issue.
[ Get Genuine ] [ Resolve Later ]
When ideas fail, words become very handy.
Maybe they'll forget to pay their domain name fee some year. Then we'll have them...
One company didn't do it. Microsoft got miles of cool points for making their operating system, and eventually their applications, easy to copy. There were legal barriers to reproduction but no technical barriers. People bought MS at premium prices because they could copy. System administrators knew they would have no difficulty making backups, or "educational" copies to take home to put on their systems. They also knew that things would not be difficult if they had to do a reinstallation. It was viral marketing at its most effective. The license agreement of course forbade such practices, but Microsoft winked at personal duplication. Licenses had to be bought, of course, because support was needed, especially in a large enterprise. My personal opinion is that the bugs in early iterations of Microsoft software were their insurance against wholesale ripoff. This is just a feeling.
I thought activation was a big mistake. I actually do think it slowed the adoption of XP if you can recall back that far. However it was easy to crack so the viral thing happened. Anyway Microsoft continued to thrive. I was living in Eastern Europe at the time of XP's introduction and cracked copies were everywhere. Pirate copies of the beta were in the electronics market in the months running up to final release. I am in Western Europe now so I don't know what the Russian and Ukrainian guys have done with WGA, but I can only guess. Vista will be zooted as soon as it hits the market. The Russian and Chinese pirates will not be slowed down at all from putting cracked versions onto hardware. Legitimate customers however will have no end of headaches. It's a crying shame.
The fact that this WGA is vulnerable to hacks is merely the bitter coating on the poison pill of this new form of copy protection, which is always a bad idea because it hurts your customers. DRM and copy protection are ideas that corporate lawyers dream up. Marketing men instinctively know they suck.
I actually think Vista might not even fly very well. Net services are coming. Linux could be attractive to eterprise in some circumstances. And there is always Apple waiting in the wings with good stuff. Corporate prejudice against the "toy computer" might well melt now that the OS is riding on an Intel platform. And there is also the iPod effect. Nothing sells like success.
Meanwhile, Microsoft's latest patch automatically installed itself and rebooted my computer even though I have set the update options to stop at the download. Feh! I didn't have any process running, so I skated, but that is practically a crime in my book. If Vista is going to walk all over me like that I won't want the thing. Certainly I am going to wait as long as I can before I get it. And if I can get away without getting it I won't get it.
"No fear. No envy. No meanness." Liam Clancy
The guy is a troll who writes his "articles" by stringing as many buzzwords as possible into one paragraph. Pretty soon he'll be telling us that Vista will run on a Mactel as a browser-based application but only for those who subscribe to Verizon FiOS, is Google in on this and how will this affect Net Neutrality?