Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Blocks Pirates From Security Essentials Software

Posted by samzenpus on from the not-for-you dept.

CWmike writes "Microsoft will block users running counterfeit copies of Windows from installing the free Security Essentials antivirus software, said Alex Kochis, director of Microsoft's Genuine Windows team, in a post to a company blog. On-again, off-again debates about the wisdom of blocking security-oriented downloads like patches or defensive software have centered around the argument that Microsoft should protect all users, including pirates, since hijacked PCs threaten the entire Windows ecosystem. In this case, though, one analyst isn't buying that line. 'I can't see any justification for making Microsoft give away Security Essentials [to counterfeit Windows users],' said John Pescatore, Gartner's primary security analyst. 'Those people have many other choices, including free. There are plenty of alternatives to Security Essentials,' he said, adding that that makes a difference. Windows patches, on the other hand, aren't available from anyone but Microsoft."

10 of 291 comments (clear)

  1. I agree with Pescatore, but... by Anonymous Coward · · Score: 3, Interesting

    He's right in that many people who have the tech-savvy to pirate a copy of Windows will know what their options are regarding anti-virus.

    On the other hand, how much does Microsoft actually stand to lose when it comes to giving this away?

    I'm willing to bet that they ran the numbers... "how much will the bandwidth cost us" vs "how much do we lose in good will by weakening the herd immunity".

    Now that would be an interesting (read: evil) spreadsheet to look at :D

    1. Re:I agree with Pescatore, but... by runningman24 · · Score: 4, Interesting

      I've never purchased a copy of Windows before, but the experience I got from Windows 7 Release Candidate caused me to buy it. I'm certainly not the only one. There are definitely a nonzero amount of customers that can be gained by giving users something they don't feel cheated in paying for.

  2. Who exactly are the going to be blocking? by mister_playboy · · Score: 4, Interesting

    Anyone running pirated versions of the OSs eligible for MSE will probable have cracked WGA, and will be able to install this if they wish.

    --
    Do what thou wilt shall be the whole of the Law ::: Love is the law, love under will
  3. *Takes stolen car to dealership for a repair* by maharb · · Score: 3, Interesting

    Everyone can blab on about herd immunity etc but this seems like denying a stolen car a repair under warranty. Systems are going to be used for attacks, it might as well be the pirates systems and not mine. Security these days is more about running faster than your peers, not outrunning the hackers. Microsoft doing this will put paying customers closer to the front of the race. And I am not a microsoft fanboy so don't write some bs about that.

    What will everyone want next? Metadata updates for your stolen music from the record companies? As much as I hate some things about companies, you have to draw a line somewhere.

  4. mind play? by postmortem · · Score: 3, Interesting

    Giving this software free to pirates is almost a promotion of piracy - if you get same stuff when you pirate, then there is no downside to do it.
    ll
    Also, few pirates might feel bad about the fact that their copy is not 'genuine'. And some owners of valid copies might feel satisfied knowing that people who got free ride didn't get the whole package.

  5. Re:Get Microsoft out of the free OS market. by AK+Dave · · Score: 3, Interesting

    I don't believe that Microsoft considers itself to be part of any "Free OS" market at all. Maybe they should be. I can't speak for all linux users, but I hardly consider myself to be a pirate. I use a legal OS: GNU/linux. But, alas, I'm certain that Microsoft would hasten to point out how the license code for the copy of XP that resides in a Virtualbox guest is actually the license code that came with the copy of XP which was OEM'd onto the laptop that hosts that guest and that the EULA was for XP to run on a real laptop, not a virtual laptop. Which makes me already a pirate in their eyes.

  6. Re:Herd immunity by Jurily · · Score: 4, Interesting

    The biology equivalent would be if someone sneezed in Beijing and you got the flu in Denver.

  7. Re:Herd immunity by Anonymous Coward · · Score: 4, Interesting

    Yeah, i keep hearing that repeated. "you are more likely to be infected using cracked software"

    I've pirated (and bought) a large variety of software in the last 15 years. And the one time i have ever been infected. it came from a piece of commercial software right on the cd.

    The 'pirates' and cracked software are WAY more trustworthy than any company out there. It only takes one or two bad comments to make people avoid using that cracked piece of software. With commercial software it takes thousands of bad installs before it makes the news and people avoid a bad piece of commercial software.

    Just having a more tech savy audience the cracked software will be subect to far more scruntity than anything you'd buy off the shelf.

  8. The freedom is not free. by Max_W · · Score: 5, Interesting

    The problem is that Windows is intentionally designed to be easy to crack, as a marketing tool. They wanted it to spread as wide as possible. In former Soviet Union about 99% of Windows are cracked versions.

    Now they stop critical updates because they want the bot-nets to grow and make the Internet unusable, because they are losing in the Internet to Google. So they destroy the Internet, and the world is returning to the Desktop.

    It is quite possible. For example, I cannot already use the torrent, if I use it, then my provider disconnects me next day for several hours. Crime and punishment.

    I begin to see a new meaning in the words: The freedom is not free.

  9. Re:Herd immunity by girlintraining · · Score: 4, Interesting

    Reducing the number of machines able to be infected reduces spread rate, which increases security since those who do get infected can get rid of it before it finds another host more often.

    You forget that geometric progressions don't much care for the spread rate. Let's assume a few things:

    1. We want to query every single IPv4 address space (brute force and stupid, since only a little over 2^27, 75%, is actually in use in some fashion).
    2. We're going to say that 90% of the machines out there run Windows. Actual estimates vary.
    3. If an infection is timed correctly, even an out of band emergency patch will hit less than half of all machines. So, a worm has 30 days to spread between Patch Tuesdays.
    4. For the sake of simplicity, I'm going to assume everyone's bandwidth is a mere 10KB/s bidirectional.
    5. Also for the sake of simplicity, I'm going to say that it takes 10KB of data to probe a machine to see if its infected.
    6. At any given point in time, I'm going to say only 5% of machines on the internet are accessible (turned on, and can receive connections). I have no factual basis for this -- it's an assumption.
    So based on 4 & 5, I can make 1 probe attempt per second.
    Last, a disclaimer -- I do not know much about statistics. If I made a mistake, sorry.

    So, in a day, a single machine can probe 86,400 IPs, probing the space in a random fashion. Of those, 64,800 (75%) are "in use" in some fashion. 58,320 (90%) of those run Windows. And 2,916 are turned on and receiving connections. 1,458 (half) are unpatched for the first 30 days of the spread. It manages to infect 2 machines in the first hour it runs (rounded down; is actually about 2.5) The next hour, 6.25 machines are infected, and so on and so forth. In 24 hours, 3.5 billion machines have been probed and infected.

    Geometric progressions like this are the reason why statistics like "An unpatched windows machine directly connected to the internet is compromised within 8 minutes" exists. The premise "Reducing the number of machines able to be infected reduces spread rate, which increases security" is not valid -- because the spread rate is almost completely irrelevant. Even if I say only 1 machine per hour is infected, in just over 30 hours we have the same number of infected machines -- even though we cut the rate from 2.5 to 1.

    If you want to make a difference -- reduce the window of opportunity; PATCH NOW. The rate is wholly irrelevant.

    --
    #fuckbeta #iamslashdot #dicemustdie