Slashdot Mirror
Stealthy Windows Update Raises Serious Concerns
UniversalVM writes "What is the single biggest issue that bothers open source advocates about proprietary software? It is probably the ability of the vendor to pull stunts like Microsoft's recent stealth software update and subsequent downplaying of any concerns. Their weak explanation seems to be a great exercise in circular logic: 'Had we failed to update the service automatically, users would not have been able to successfully check for updates and, in turn, users would not have had updates installed automatically or received expected notifications.' News.com is reporting that all of the updated files on both XP and Vista appears to be in windows update itself. This is information that was independently uncovered by users and still not released by Microsoft."
Here's the complete list to prove it (sorry for the lame formatting, it's Slashdot's lameness filter):
won't work under Linux anymore?
The last update they did was stealthy enough that I didn't realize it was happening, and my XP system lost power during the middle. End result, XP is now acting erratically, proclaiming update is invalid at bootup, sometimes not booting at all. Forced me to re-evaluate Linux for my 1 game machine, and trying out Cedega to get my last real Windows game (City of Heroes) to run.
Karma Whoring for Fun and Profit.
Just a bunch of people bitching for no reason, trying to generate traffic to their blogs. Let's see...
The update only updated the Windows Update software itself, nothing in Windows.
It did not update if you have automatic updates turned off.
It did update if you had "Notify me" turned on. This is a point of contention, but MS says they needed to do the update to continue to notify users of actual updates.
Finally, this doesn't apply to any networks running a WSUS (or whatever it's called now) server.
I wonder why this capability doesn't this kind of thing cause more of an outrage or show up in the "real" media. Microsoft may not be doing anything blatantly wrong _in this case_, but what about when they start auto-installing updates that nuke installs suspected to be pirated? You know it's coming...
This game will waste your life. Don't clicky!
Give in to the Dark Lord and life will be predictable and simple. Freedom is for babies.
Table-ized A.I.
People have been warning about such things for years. I know this sounds terrible, but no one on Slashdot should be surprised by that this. Take what Microsoft has chosen to give you.
"Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
We already did this one just two days ago.
The anti-Microsoft FUD was thoroughly debunked by numerous Slashdot posters. It was also thoroughly debunked by numerous comments in reply to the various external sources cited in the older Slashdot article.
They updated Windows Update, when people explicitly visited the Windows Update site. That is all. They are not pushing out updates to critical system files without any user intervention.
Last time, several posters asked whether Slashdot would at least have the decency to correct the blatantly Microsoft-bashing headline/article. They didn't, they posted it again. <sigh> Go Zonk!
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
you didn't need to wait for a hacker to pwm your box, the state already had.
With closed source software you don't need to wait for a hacker (or the state) to pwn your box, they already have, with access to all your data, just waiting for that National Security Letter.
Someone has not run a diff with the new files versus the old. Hell I'd be satisfied with a simple "strings".
Only the State obtains its revenue by coercion. - Murray Rothbard
From the article:
... automatically UPDATE[s] itself when ... the customer is using WU ... be NOTIFIED of updates."
"WU
to automatically
Yes, the land of Microsoft is an amazingly magical place.
My understanding is that this update arived even if automatic update was turned off.
In this case Microsoft was illegaly entering the custumer owned computer, using the customer paid connection, hardware, in order to achive something that is beneficial for Microsoft.
Just try to do the same for a Microsoft owned computer: the full power of legal prosecusion will fall on your neck for countless charges, with likely jail term panishment if convicted.
Who is going to press charges for the same act against Microsoft? And if Microsoft is found guilty, who is going to jail from Microsoft?
Sometimes I think all updates should be FORCED whether you want them or not... at least for the 'home' versions of software. This might put some kind of dent in these bots.
Some systems and applications are so mission-critical sensitive that the systems have to be certified in their configurations -- medical systems, traffic control, pharmaceutical manufacturing, banking and financial systems -- too many to be subject to this outrageous behavior.
The most secure setting provided (that I am aware of) is "do not install updates". If a system's certification can be sabotaged by Microsoft covert behavior, who's going to pay when a system fails and the system is demonstrated to have been subverted with tripwire-like checksum failures? Microsoft? The applications vendor?
-- Gary Goldberg KA3ZYW 301/249-6501 AIM:OgGreeb Digital Marketing Inc., Bowie, MD
I have disabled, then removed completely the windows update service from all my computers. I will manually install updates from now on, when and if I want them.
I hadn't known there were so many idiots in the world until I started using the Internet -Stanislaw Lem
My biggest gripe is getting stuck with a bug (like the strip(1) which deleted already stripped binaries on the end-of-life'd AT&T 3B1) that I cannot get fixed or fix myself.
So now that hackers know there exists a backdoor to the windows update which will let them update a stealth patch to anything they want in the system because it runs with admin rights, this isn't a big deal to you?
We were all warned a long time ago that MS products sucked, remember the Magic 8 Ball said, "Outlook not so good"
Wouldn't the correct thing have been to have the next manual update show that Windows Update needed updating, and then proceed to show the newer patches only after the new Update was installed? Better still would be to show all, but grey some out saying "Requires Windows Update v1.2.3.4" next to the ones that aren't yet accessible.
Oh, and wild-speculation-with-no-evidence time: this seems awfully soon after the WGA failure debacle, I'll bet the changes are to do with preventing a rerun of that.
Cheers,
Ian
I have never heard of anything this evil before. An OS that updates it Update Notification system if it is turned on.
Holy cow, let's get the torches and head to Redmond...
Oh wait, maybe the few thousand idiots that never update Windows will get BETTER notifications and actually not leave their systems open to 5 year old exploits.
a) MS doesn't keep Windows Secure enough (No longer True - Damn)
b) MS doesn't supply updates fast enough (No longer True - Damn)
New Flame, plan (c)...
c) MS updates Windows too often and keeps it too secure!
Why has Slashdot turned into kool-aid drinkers instead of the rational 'open' community it use to be when I first started coming here? This is like when AOL opened the gates to the internet to all users, the idiot masses of success lowered the IQ of the Internet ten fold.
Now SlashDot has courted enough fringe idiocy and OS zealots that it is about as informational or interesting as Page Six.
Hey, I like Linux too, but there's nothing about open source software that prevents a software distributor from being able to do this exact same thing. Microsoft could have released their source code prior to this update and still been just as able to install this upgrade on computers worldwide without user consent.
If the people who maintain the apt-get repositories wanted to install a program on practically every Ubuntu computer in the world, they could do it too.
This is not an issue which concerns the antipathy between free/open source and proprietary/profit oriented software. It's an issue with a networked repository software version control system.
They updated the updater. If you want to update manually, you don't run the updater, and then it doesn't update itself. So there is no problem
"I have never heard of anything this evil before. An OS that updates it Update Notification system if it is turned on."
Read it again (the first time?), it wasn't on.
That's the problem, it updated even when disabled.
If tyranny and oppression come to this land, it will be in the guise of fighting a foreign enemy. - James Madison
So when a user's windows system that was say 5 years old gets corrupted these days and a total re-install is required, how does this play out? I assume it must work like my mac: namely you get your original disk out and you do an "archive-and-install" which puts a fresh copy of the system on the disk and moves all the important bits of the old one into a folder so you can recover stuff like application-keys and special fonts. Then you click "software update" and apple offers a "rolled up" updater that merges all the updates for the last 5 years into one grand update that gets downloaded and installed. (occasionally this actually takes two "update" steps).
Or do you really have to install all those updates serially on windows? I know this used to be the case in windows98--that one had to do the updates serially--and often there were multiple incongruent sets of updates so you had to know which to do. That was why I switched my wife's computer to DamnSmall when the system go crufted to the point of needing a reinstall.
I figure this could not possibly still be the case or basically it would be easier to buy a new computer than try to reinstall from your original disks on a old computer. That would be nuts. Who would put up with that?
Some drink at the fountain of knowledge. Others just gargle.
Four reboots sound high though totally impossible if your mac was bought right before some major shift in the system happened. However 20GB is complete 20GB bullshit. So you make things up. Under a worst case scenario this could be a few hundred megabytes which admittedly is a lot too.
I have seen a couple of times that the update icon appeared and when I moved my mouse over it, it said it was downloading updates.
A minute or two later it went away, only it never said what it downloaded. I didn't really like that since I had configured it to download but not install updates.
That was just one of the things that made me feel less and less in control of my own computer, WGA problems was another one. So I have dropped using Windows completely at home. It is not without problems, but I'd rather do without the few things I can't do and then be in control of my own computer.
So now that hackers know there exists a backdoor to the windows update which will let them update a stealth patch to anything they want in the system because it runs with admin rights, this isn't a big deal to you?
Sure, all they need to do is forge all of Microsoft's digital certificates first. Patches are signed or else they don't install without warnings.
The biggest problem I have with this update, is that it proves beyond any doubt that Microsoft deliberately placed a "hole" in the security of their OS for their own purposes. It is nothing less than something on the internet contacting the OS, opening a hole, then running software with root/admin permissions to change something in the OS itself. Something many people have suspected because of the so-called security patches that move holes around instead of actually closing them, has now been proven to be true.
This must be a holy grail for a Windows hacker. This hole was put in the OS specifically to take over a computer, and Microsoft's reaction to its discovery shows they obviously have no intention of closing it - just continuing to use it when desired. You can bet that finding this hole and ways to exploit it are now the top priority of hackers around the world.
If I suppose this sentence true :
Had we failed to update the service automatically, users would not have been able to successfully check for updates and, in turn, users would not have had updates installed automatically or received expected notifications.
What append when someone install XP (OR Vista) from zero and get the OldAndBad Windows Update ? He will never be able to get update ?
Someone have feet in his mouth.
Ceci n'est pas une Signature !
Most windows systems have a much higher percentage of userland software that is not and cannot be updated with the rest of the system when compared to any modern linux distro with a good package repository.
Of course there will be more updates from the single source for Linux!
As was said by another poster: what matters is that these can be separated into vital security updates and optional functional enhancements (or, sometimes, dehancements).
It also matters whether you are likely to be compromised by known vulnerabilities before and during the update (which is why AutoPatcher was nice--it let you stay off the net when updating).
This is related to the ease of INSTALLing an up-to-date system given the original media. In many cases, you can just burn a new Linux iso or can do a network installation & be sure that you're up-to-date on install. While you can slipstream Windows installs, it isn't as easy & takes much more interaction that updating Linux installs.
Finally, people gripe about the NUISANCE factor of an install. How many times do they have to reboot the system because of kernel changes or because of file locking issues during an update? And (returning to the initial point) how many sources do you have to check to update all of userland?
...and that solution is that any version of MS Windows should be automatically disqualified for even being considered for the O/S for such a "certified" system in the first place.
Hey, I like Linux too, but there's nothing about open source software that prevents a software distributor from being able to do this exact same thing.
Assuming an open source software project tried this. What would happen?
* The code to download the update is published. They would have to risk having the backdoor discovered by someone working on the download code. Microsoft doesn't have that problem.
* The first time the code is used, and the unexpected downloads are detected, the downloader will be fixed and submitted back to the source. If they don't accept the change, it will be forked. They can't do the same thing a second time. Microsoft doesn't have that problem.
Microsoft could have released their source code prior to this update and still been just as able to install this upgrade on computers worldwide without user consent.
Assuming nobody noticed this exception in the code before the update, which is hardly something to depend on, they'd be able to fix it afterwards.
If the people who maintain the apt-get repositories wanted to install a program on practically every Ubuntu computer in the world, they could do it too.
But, and this is the key point, it would not be installed on the computers that had automatic updates disabled, unless there's a backdoor in apt-get.
Microsoft can still use this to sneak in a patch without notification and without permission.
Ubuntu might (and that's a might) be able to, once. But only once.
By far the most worrisome thing to me about closed source software is proprietary file formats. Almost always the data is worth far more than the software, and when vendors try to lock up the data they are making a grab right for the testicles.
This is ultimately why OOXML is such a big deal, and why I would much rather has open source.
There are many good reasons why people who build mission critical systems steer clear of Microsoft OSes
Oh, were that only true.
My concern isn't necessarily the client self-update. My concern is the lack of documentation thereof. For technical concerns, warn the user if there needs to be an update to the client itself. That way I can schedule that and plan on my own.
My real problem, though, has to do with why this isn't documented. Is there a reason MS won't publish this? Can this be a potential attack vector? If an IIS/WSUS system is compromised, can you 'simulate' a client update and use it to install whatever you want to the clients that are listening?
Microsoft clearly have a backdoor because even computers with users settings that disabled updating still got this.
Microsoft decided years ago that users were stupid and their choices to be ignored, and they haven't looked back ever since as people just keep spending good money on whatever rights-eroding crap they put out. It boggles my mind how much most people just quietly put up with this shit.
"Had we failed to update the service automatically, users would not have been able to successfully check for updates and, in turn, users would not have had updates installed automatically or received expected notifications."
I read this three or four times trying to make some sense of it and got a screaming headache for my effort.
Fortunately, I keep the AU and BITS services disabled until and unless I need them. This hasn't happened since last February and that's the date on the WU files. Every so often I get frantic dialog boxes, but I drop them in the bit bucket. In spite of the lack of patching, XP continues to run flawlessly for me.
I'm a Programmer. That's one level above Software Engineer and one level below Engineer.
It's not a big deal. YOU don't own it, it's thiers and they can update it as they wish. If security/privacy/updates were a serious issue to you, you wouldn't lease an operating system anyway.
Thing big picture.. What's preventing them from rolling out updates that delete/remove codecs for audio/video.. Honestly it's endless.
I haven't read the other comments yet, so this is my opinion without being influenced by anyone else.
If someone can update one's computer in secret, without so much as a by-your-leave, they own that computer, and all the data on it, totally. In my America even the government needs a warrant to look at my computer! Our Constitution says so.
But M$ can take your computer and change the software of the OS at will! I'm lucky enough to be behind firewalls, and to have killed M$ update off, so my machine doesn't have this secret update.
I think no one was supposed to know about this update. I believe they are shocked that people discovered this update, and I can only wonder what people in other lands think about it.
Most of the techy guys at work have been thinking about dropping Windows for other OSs; even folks who are pretty conservative about their machines. Guys who have always run "standard" software setups are loading Linux, and talking about which is the best distro. Red Hat, Ubuntu, Slackware, even BSD...
Don't let the machine take your freedom!
anonymous creature
This act puts Microsoft under liability for a lot of things. If they upgrade the software of a computer system with a validated software system (for example used in medical testing, medicine control or just plain medical reporting, also in many other fields) without getting any proper authorization, they can be sued by many entities for damages. Also computer testing done for software products is liable to suffer damages due to unannounced upgrades or stealth version changes. Every last thing needs to be kept on ice on some of these systems to ensure proper results and functioning. Otherwise the results are not deemed valid or safe. Medical tests done for medical software are exceptionally strict in this regard. Many testing companies are likely to suffer damages due to this kind of action.
Microsoft should be held responsible for damages.
Let's look at this from a logical perspective for a moment:
According to This_Is_My_Happening, there are four settings for Automatic Updates:
Now if I understand correctly, those who selected the second or third option above were surprised by an update that was downloaded and installed, contrary to their selected setting. I don't know if I understand correctly, but if I do, then this is what I have to say about it:
If it is possible for Microsoft to install updates contrary to your selected setting, then this means that Windows Update code basically had a backdoor installed in it from the beginning. This backdoor was, then, designed so that if a certain "install anyway" bit was set in an update, the update would install regardless of your setting.
I am mentioning this because I haven't noticed anyone else mentioning it.
If the above is the case, then I leave it to the Slashdot community to determine whether the presence of such code is an ethical business decision or not.
Now, I would like to offer the solution to problems like this. Please bear with me while I tell a long story, to properly set the stage.
My .sig says that Microsoft released Windows Vista, so I got a Mac. Truth is, I didn't use Windows before (I used some flavor of Linux, BSD, and the Mac, except for the Windoze computers I administer at work and it's not my fault that those were chosen) but one day, a friend of mine brought over a machine he just bought with Windows Vista on it. He said he couldn't get it to do anything so we made a deal that if I fix his computer, he'll fix my busted bicycle. I turned on the machine, and within minutes, I was practically rolling on the floor, my stomach hurting from laughter.
Windows Vista is a joke.
Everything is so slow, obfuscated, and complicated that I don't know how anyone with less than a Ph. D. in Windows Vista can figure out how to move a file from one place to another. At least there are fancy shmancy time- and resource-wasting graphics all over the system, speaking of which, everything is so slow that after every button you push, you should lean back in your chair and relax for a minute or two before the computer is ready to accept the next keystroke or mouse click. Not to mention that every other click of the mouse causes the screen to turn black and a window pops up to ask, "Did you really just click the mouse over there?"
Solution? I did two things: I installed Ubuntu 6.06-LTS (Long-Term Support) on his machine, and I went to one of Apple's retail stores and bought another Mac for myself. Did I mention that Apple also has fancy shmancy graphics all over the system? Just that on a Mac, these graphics make the system easier to use, not harder like in Windows. They fit in to the computing environment and serve to show you what is going on, rather than to waste your time with annoying and slow eye candy. And on a Mac, the graphics and animation don't slow anything down!
I don't understand why Microsoft, a company with probably 500 times the resources available to Apple, can't do 1/500th of what Apple can do on a computer with 500 times the resources available to a Mac. Oh, by the way, I was at one of Apple's stores today. The iPod section was completely crowded, with entire families cramming around the iPod display table to play with the new models. The iPhone section was also completely crowded, again with entire families squeezing in. And the laptop and desktop computer sections were, you guessed it, also crowded as are the other two sections.
So, as I've been trying to say for a few paragraphs, the solution to avoiding the extremely problematic Windows software is to move away from the Microsoft platform. Either get a Mac, or learn Linux or *BSD. Especially now when so many people are doing it and these platforms (especially the Mac) are gaining some really, really serious acceptance.
--
"If anyone can show me, and prove to me, that I am wrong in thought or deed, I will gladly change." - Marcus Aurelius
Love the irony of your sig given the post you replied to proved you wrong.Unfortunately, by not reading the comments, you seem to have missed the part where it was explained several times that the article is FUD.
Not to go off tangent, does anyone know the status of Autopatcher?
The day Apple installs an update without my consent is the day I wipe OSX off my drive and install GNU/Linux on my Macbook Pro. Ubuntu Server already runs on my intel mac mini.
"Who will update the updaters?"
http://www.informationweek.com/830/hacker.htm
"City hall" in German is "Rathaus" Kinda explains a few things......
So now that hackers know there exists a backdoor to the windows update which will let them update a stealth patch to anything they want in the system because it runs with admin rights, this isn't a big deal to you?
So explain to everyone how a hacker without prior access will get the machine to go to their server instead of the MS server, present the correct authenication, which still has not been broken, and then forge security certificates for every file they want to download?
A system would already have to be compromised to even attempt to use or subvert this system and would be a lot harder than just taking control of other areas of the OS...
Are people really this stupid?
Marked troll because I pointed out that /. ran this story two days ago.
Politics is the art of looking for trouble, finding it everywhere, diagnosing it incorrectly and applying the wrong fix.
Since the updates are signed (and have been for years), no, I'm not particularly worried.
And how do you slipstream the individual updates that have been made SINCE SP2?
It is fucking hard and tedious, so don't pretend it isn't.
yeah, we all know how that goes.
not sure how it goes once it gets long past twice
In SOVIET RUSSIA, Windows update YOU!! ... sorry.
sudo eat my shorts
http://komplexify.com/blog/2006/10/12/circumloqution/ I think this is pretty fitting.
Well, with Cedega (copy-protected games) anyhow, I haven't tried much with actual wine (although for some things I've heard it's better, just not as good at dealing with the proprietary protection methods). On my laptop though, I've found that many games run faster. Partly because I can't get an updated windows video driver anymore (it's pretty specific to the laptop model due to some power-saving stuff, but the latest linux ones work fine), and partly because my filesystem under linux seems to be *much* faster than FAT32 or NTFS was. My load-times are significantly improved, and - depending on the features enabled - video is often better in some areas and perhaps a bit slower in others. Overally, I'd love to see more games that run directly on linux (a-la-doom3 etc) to take full advantage of my system's capabilities.
Windows Update is not a backdoor, since it is known.
After reading all the comments, my suspicion is that there are OTHER backdoors, that will never be spoken of, because they are put in at the behest of the NSA.
The NSA will be looking for various spies and such, but the whole mess begs the question of what happens when a black hat in the Baltics or Bejing figures out how to access and control any Windows computer it can get to on the Internet?
Critical proprietary information does NOT belong on computers connected to the Internet.
Why is this story being reposted here after just 2 days? Is it that the first story didn't "take" so now slashdot feels compelled to repost it, in hopes that it "takes" this time? The only thing that's changed since it was originally posted is that it's been debunked, but slashdot feels compelled to debunk the debunking, but by simply repeating what was originally posted? Reposting this is a waste of time and bandwidth.
-- "I never gave these stories much credence." - HAL 9000
film at eleven!
(hey, I just made the longest subject that mase sense using only two words)
there are 10 types of people in this world; those who get this joke, and those who don't
All 80-100 Windows updates are still there.
However, at least their updater is a little smarter these days and doesn't seem to deliver anything that threatens to crash the machine. You can also choose your style of updates, either "smash & grab" and let them all pile into a big heap, or update in stages if you want to reduce some of the bandwidth download. There might be close to 300 megs worth of updates which can sometimes be a lot for one swipe on a managed-load ISP or network.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
Except that certificate just says "Microsoft Corporation" in the Subject. It may have been an attack vector for something like an ActiveX Control (where it asks if you trust "Microsoft Corporation"), but in the case of Windows Update, it's looking for code actually signed by an MS server, not a $99 Verisign SSL certificate with "Microsoft Corp" in the subject.
Also, that's REALLY old news. Take a look on any recently updated Windows box, and you'll see a certificate store titled "Untrusted publishers" and that exact certificate is in there. Now that that novel hack has been done, it's unlikely to happen again.
Yes, everyone is out to get you. Please retreat to your home, pull the covers over your head, and read silently with a flashlight.
BeauHD. Worst editor since kdawson.
For example, there's a service running on virtually all home PCs that can be instructed to download and install an executable by a remote site and give no indication that this has happened. It seems to me that the only reason this hasn't been exploited yet (if it hasn't) is because it wasn't a published interface. Now that the existence of this vulnerability has been sprayed across all the tech sites it's just a matter of time before it becomes a BIG problem.
And let's not overlook the little detail of how you can configure the automatic updates client to notify only, or download and notify and Microsoft overrides your explicit configuration and causes it to download and install software without notifying you. That story about needing to update the update client so you could receive notifications is a load of bull and just further illustrates the utter lack of respect for their customers that has become the calling card of Microsoft.
Those who run Linux may take some satisfaction in knowing that the creators of their OS cares about what the users want. But they can't ignore the MS beast; when the day comes that umpteen million XP installations silently download and install BOTNET.EXE and the net is saturated with the traffic from all these zombies the Linux users will suffer too.
Thanks once again to the "smart" people at Microsoft. They've introduced many, many systems to allow remote sites to execute code on client computers. Unfortunately, they're not wise people at Microsoft and they've baked all these vulnerabilities into their products.
It's been a feast for the spyware, virus and botnet creators - people think that these people are brilliant (but misguided) computer geniuses that have gone over to the dark side. That's really not the case - these blights upon the network are created by common criminals. Microsoft has made it easy for even them to take over systems running Microsoft software.
...despite having XP, I don't use Windows Update.
Anyone who is in a corporate environment and is forced to use it has my sympathy. However, with what my machine gets used for, I find that security in general isn't much of a concern at all. I do exercise some caution with regards to the web sites I use, but that is about all that is necessary.
If you don't use Internet Explorer, have an ISP's spam filter on, and aren't stupid, XP's security is just fine in my experience. A lot of problems come from ovine corporate employees running strange email attachments and so on, which is something I would never do.
Marked troll because of the way it was stated I expect.
But you are comparing updates of just the OS (or just the OS and the office suite/browser/media player) to updates of every single application on the system (everything from compiler to panel widgets).
If you bothered to compare apples to apples, you would likely come to a different conclusion.
A house divided against itself cannot stand.
a hacker without prior access will get the machine to go to their server instead of the MS server,
DNS poisoning
present the correct authenication,
Using "genuine" certificates from Verisign will get you much of the way to where you want to be, I suppose.
If you're a zombie and you know it, bite your friend!
I'm not sure where user UnverisalVM gets this "information that was independently uncovered by users and still not released by Microsoft" crap.
The EULA you or your IT department agreed to gives full admin rights to Bill and his minions on several occasions. Don't take my word for it. Look up the EULA for XP S1 or 2000 SP3.
I only used the advanced option to choose which updates I take (ie for software that is installed and risks I wish to avoid)
I have never "allow"ed Windows Genuine Advantage to be installed.
Yet now it is running.- Why?
I choose not to install it as the machines move locations from time to time - I do not want it to check and remove my paid for functionality. As I build my own, I pay the end-user price for windows. As I am switching from XP to Kubuntu, I have more Windows licenses than boxes! Yes maybe I am a control freak - but then maybe Personal computers should be personal
if "Faith" could be proved with facts - would it still be faith? So why does "Faith" try to present beliefs as fact? -
nLite will solve your problem. With it you can slipstream a full Windows installation disk, plus patches, plus any drivers that you would otherwise need to install. You can even remove chunks that you don't need.
I do take issue with some of your points though. Your knowledge of the DOS/Win32 operating environment is no doubt something that you have accumulated slowly over a number of years. I too found the unix command line unfamiliar and painful when I first used it. I'm still a novice, but I now find it more productive than cmd.exe by an order of magnitude.
I found installing and using Gentoo to be a great learning experience. The lack of a graphical installer (at the time) forces you to use the command line for everything. If you follow the install manual "blind" you pick up a few things. If you go through it reading the manuals for every command you use, you pick up a lot of things. I didn't get along with the graphical distributions at the time, I couldn't find any of the options I wanted. They have improved, but my TV server still runs Gentoo since it was the only distribution that supported my hardware at the time.
Your old hardware is much more likely to be supported than newer hardware.
As for games? I'm not going to chime in with the rest of the people in this thread and claim you can use Linux to run them all. I like to play games. I intend to keep running Windows until I give them up (which may well happen, they innovate less every year), or until Linux versions are commonplace.
As a software developer, I also can't do without Windows. I depend on Windows, because it's where most of my code lives. But I love open-source. I'm lucky enough to be doing a job where I don't have to avoid it - I can use what I like. And if I have to pick and choose, using OSS tools are just overall much less hassle. I don't have to requisition them, justify purchase costs, fill in forms, wait thirteen weeks for approval. If they have bugs, I don't have to contact the supplier and engage in complex political games about who's fault it is, I just fix them. OSS for me is just far more agile and productive.
or you could just play in windows, not fiddle with linux so as to spend time actually playing instead of fiddling! :)
Windows update does not need to have a DLL updated on the local machine in order to work properly. Try taking a fresh install of Windows 2000 or XP and installing it offline. Next, get online and visit windowsupdate.microsoft.com. Presto: it works. No need to have some DLL updated in the background without your knowledge.
The command line is much, much easier to use. What it isn't is easier to learn from scratch.
Seriously it is one big circle jerkoff fest here with the constant misinformed bashing of MS.
Nerds....nobody takes them serious in life and they are the grunt force of the tech industry.
When I needed to defrag my WinXP system I found that windows defrag actually doesn't move all files to the start of the drive. I used a program called Vopt (see http://alicious.com/linuxR40, http://www.vopt.com/nutry.htm ) to make the most possible contiguous freespace at the end of the drive. Then I used ntfsresize (which is in some distros installers, I think it's used in Ubuntu's qtparted partition resizer) to alter the size of the partition, creating freespace in which to install my linux system.
HTH someone out there.
YMMV, this stuff scares me! Make a backup.
Woot! We also collected the buying habbits of 236,249,620 people, the credit card numbers of 195,204,284 people, that 236,249,620 people have at least some software that we consider 'pirating', and our friends at the Brown Shirt Army (sorry, BSA) will be kicking their doors in within the next few months, and also, we have as a result of our remote 'information leveraging' seeking over 300 patents in areas we did not previously have any expertise, and lastly, we will be 'leveraging business information' from our update to purchase a significant amount of stock, while selling other stock to help our shareholders er, um, make a killing (executive staff too :)))
You cannot say that with cars. If you change the steering or breaking or transmission or whatever so that an accident occurrs, YOU CAUSE THE ACCIDENT.
No ifs and buts.
I would love to change from Windows to OSX. I would do it in a minute of OSX would run on any machine. But that is the problem. Apple hardware is GARBAGE, TRASH! But OSX is a marvel. While other computers are technological marvels running Microsoft GARBAGE, TRASH OS. Why can't people just get it right the first time and put the best with the best?
There are several ways to circumvent this potentially.
1. You only need to sign one file, the MSI installer or whatever package they push. It could contain unlimited potential files. Digital certificates are good but not perfect. Plus, this could leak from Microsoft due to a number of potential vectors. Nothing secret remains that way forever.
2. If someone hack into Microsoft and gets into their WU system that signs the installers then they only need one signed to wreak havoc. What if they could simply create a certificate that was signed by MS. What if they are using their own cert system and it has flaws.
3. Hack Windows update itself. Having such a back door to override the user prefs makes every hackable defect in this service much more risky as there is an intentional way to get around the "notify only" or "download but do not install" options.
4. What if this or any further update creates a security hole? Without MS telling anyone you won't even know you are now vulnerable.
I could ask you your own question back at you. Or are so many supposedly IT savvy people that nieve...
BC
Boeing - Nov. 19, 2005 - Stolen laptop - 161,000 records breached.
Boeing - April 21, 2006 - Stolen laptop - 3,600 records breached.
Boeing - Dec. 13, 2006 - Stolen laptop - 382,000 records breached.
It seems like similar hacks happen all the time...even within the same company.
You should never underestimate the stupidity of a corporate drone on a Friday afternoon.
As Douglas Adams put it: "Human beings, who are almost unique in having the ability to learn from the experience of others, are also remarkable for their apparent disinclination to do so."
"City hall" in German is "Rathaus" Kinda explains a few things......
Sorry, how do any of those examples have anything to do with a certificate subject hack?
The specific examples you mention are of a stolen laptop, which has nothing to do with cryptography.