Slashdot Mirror
Microsoft Links Malware Rates To Pirated Windows
CWmike writes "Microsoft said today that computers in countries with high rates of software piracy are more likely to be infected because users are leery of applying security patches. 'There is a direct correlation between piracy and the malware infection rate,' said Jeff Williams, head manager of the Microsoft Malware Protection Center. Highlighting research that showed worms to be the most prevalent computer security problem today, Williams said the link between PC infection rates and piracy is due to the hesitancy of users of pirated software to use Windows Update. China's piracy rate is more than four times that of the US, but the use of Windows Update in China is significantly below that in this country. Same for Brazil and France. But Microsoft's own data doesn't always support William's contention that piracy, and the hesitancy to use Windows Update, leads to more infected PCs. China, for example, boasted a malware infection rate — as defined by the number of computers cleaned for each 1,000 executions of the MSRT — of just 6.7 per thousand, significantly below the global average of 8.7 or the US's rate of 8.2. France's infection rate of 7.9 in the first half of 2009 was also below the worldwide average."
So malware is Microsoft's fault for not patching pirated machines? Or did I miss something...
Including Windows Genuine Validation is the likely culprit for this.
I'm not hesitant of MS patches because of piracy, I'm hesitant because i use this machine to do all my Photoshop work and the last 4 auto patches crash Photoshop roughly every 6 min rendering my computer completely useless for it's primary purpose.
Suppose it was possible to apply security patches without installing Windows Genuine Advantage (malware by anyone's definition except Microsoft's). Would that make a difference? Perhaps what they are seeing is really just a choice users make between Microsoft malware and "aftermarket" malware.
Well, China is behind an all encompassing firewall.
And the French refuse to install malware written in English.
And users (with both legit and pirated copies) are leery of applying patches because of Microsoft Genuine Advantage and its ilk. Does this come as a surprise to them?
Sent from my iPhone
. . . people would be "leery" of installing "security patches," MS having pushed down things like WGA as a "critical updates." Of fscking course the people running dodgy copies of Windows are going to assume that each new wave of patches might come with a copy protection trojan, in light of the fact they've done it before. So in fact, Microsoft has caused the problem they're bellowing about in the name of attempting to inhibit piracy of Windows.
One CPU cycle wasted on digital restrictions management is ONE TOO MANY.
Block unauthorized copies from receiving patches, and unauthorized copies have more malware.
Who'dda thunk it?
Sent from my PDP-11
They're pirates. Of course they're going to run malicious software.
What the hell else would pirates do with a computer, donate to charity and solve world hunger? No, they're going to use it to look up www.saucywenches.com or download illegal treasure maps, or perform DDoS attacks on Royal Navy ships. They'd use a pirate version of Quicken to count their doubloons and inventory their treasure chest. They'd be looking up suspicious sites for syphilis treatments. They'd manually edit the Windows Registry with nothing but a cutlass and a corkscrew.
... and then they built the supercollider.
Wouldn't those pirating an OS be less likely to have infected computers simply because they would be more likely to be more computer literate than your average user? Granted, it is not hard to get and install pirated copies, but your average user who falls for Nigerian scams and self-installing anti-virus malware probably wouldnt be doing much downloading besides some music, if at all. I would assume that someone downloading a pirated version of Windows probably does not use IE, and probably follows safe browsing guidelines as well.
The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
Wouldn't the rates of infections be severely affected by how long the machine stays online? Because that increases both — the opportunity to infect the machine, and its value for the hijacker (as a spam-relay)?
With many organizations simply blocking the entire A- and B-class networks from China, even an always-connected server in China is not as hot a target as the one in US.
Also, one would expect, the machine owners' expected wealth to be a factor — some viruses blackmail the owner by threatening to delete their files... The poor Chinese may not even have a Paypal account to pay off the scumbags, so why go after them?
Accounting for all this may change the published statistics quite a bit...
In Soviet Washington the swamp drains you.
I just recently returned from a trip to India and found that many of the cyber cafes and family homes that I visited were not running the latest service-packs for Windows. I would attribute that to mostly being because although they had "broadband" their speed even during off hours were more around the range of 64 to 128 Kbps with high latency due to over subscription. Can any of you imagine downloading Windows XP SP3 over that kind of connection? (Setup a speed limiter on your next bit torrent download at about 5 KBs/40 kbps and see how long that file takes to transfer) Along with the problem that most computers are purchased as cheaply as possible so they frequently run with the minimum amount of ram possible, making the use of Antivirus software and the latest Service packs way too slow to even browse the web.
Security patches and Anti-virus updates that are several megabytes a piece are fine for someone with a lowly 512 kbps broadband connection, but understand that most people in these countries like China and India still have very large modem and slow DSL that is extremely over subscribed at the ISP.
Even here in the US there are many people that have dial-up even if other options are available because they don't feel the broadband options provide a good cost/performance ratio. $40 for 512kbps WISP connection or $10 for a cheap dial-up connection. $480 + install for the first year, or $120 for a year of dial-up over a phone line they already have...
Please keep in mind that although 5+ Mbps broadband is available in most Metro markets there are still a lot of people that have much slower connections making many online services out of reach (Steam, hulu, and to some security patches).
Perhaps these pirates just feel such extreme guilt for copying Windows that they are rejecting patches and virtually flogging themselves with malware.
This sig is exactly seventy characters long and a real waste of space!
Williams said the link between PC infection rates and piracy is due to the hesitancy of users of pirated software to use Windows Update.
Make Windows free.
There is no reason for there to be any high level of virus spread amongst pirates. Simply because pirates are often trapped together on a boat with no women for perhaps weeks or months at a time shows nothing. Is Microsoft slandering the pirate community, hinting at homosexual rendezvous? I for one am offended and suggest we 'make im walk the plank, yarrr'
Obviously Microsoft doesn't want to acknowledge the large portion of their licensed users who set Windows to do their updates automatically but have never touched an antivirus or security software. I've worked in IT and with the Joe Public users and that was by far the biggest problem out there.
People would often call in with viruses/malware they've just been living with on a 2 year old computer, and when you asked them about what they use for antivirus, they wouldn't have a clue. "I used that link that was on my desktop when I bought it," they would say. Well, that 30 day trial will get you into more trouble than not applying your windows updates, especially when they're opening up all those emails from disposed Nigerian dictators.
Microsoft said today that computers in countries with high rates of software piracy are more likely to be infected because users are leery of applying security patches.
When you purposely push out "security patches" that only disable copies of Windows that are pirated, then yes, they are leery of using them, and rightly so (Assuming their goal is to run Windows without paying, and not buying Windows or using another OS)
This is the exact situation Microsoft has stated they wanted to happen.
And before anyone starts, I am not suggesting Microsoft change their rules on supporting pirated copies of Windows.
It's theirs to choose how to support how they want.
Just that this is the only conclusion one could expect from their current choice.
I think that's a valid point. To be fair, a more "intelligent" pirate would try to keep up to date manually or with an external application (AutoPatcher comes to mind but I believe it's dead). The "torrent kiddiez" probably aren't going to bother. The "computer smart" grandkid who throws together a PC so Gramps and Gran-Gran can send email to the family isn't going to bother showing them how to do updates.
I can buy that... but don't report on something that you yourself can FIX Microsoft! I'd like to see a report from Microsoft on how many copies of XP were sold because of WGA nag screens. I would bet it's a fairly low percentage. (If anybody can find it please share it, i'm too lazy to look right now) Getting rid of WGA would be a good start. It may be hard to work through the fear of Windows Update that users of a pirated copy of Windows have, but it's a start.
Apparently those few XP sales generated by WGA are more important than their own reputation as the Kings of Malware.
Count me as one of those leery afraid to apply patches because there's never any indication in the update applet about whether they'll force a reboot or not.
So I can ignore useless (for me) "malicious software removal tool" patches and play it safe, or I can apply a patch and hope that I don't have to manually stop the Windows Updates service to prevent an undesired reboot.
Guess which one I pick?
(Posted from a legit win7 licensed box that gets rebooted when storms knock out my power..)
but lets give MS the benefit of the doubt. After all, haven't they earned our trust? I'll take them at their word that stealing windows = malware. Fortunately, I don't have to steal windows anymore, a guy from nigeria says I'll be rich soon.
"China, for example, boasted a malware infection rate — as defined by the number of computers cleaned for each 1,000 executions of the MSRT — of just 6.7 per thousand, significantly below"
So yeah, they probably don't execute it much over there, but the metric seems to be sound. That said, in a country where you can probably find an unlicensed copy of Windows laying on the ground, the people that go to the trouble of getting a licensed copy probably aren't the type to visit porn sites and whatnot.
couldn't you legally force them to give updates to pirated copies? I mean leaving it like this puts other people at risk! thats like a (CAR ANALOGY FTW!!!) car manufacturer who goes and cuts stolen cars' breaks!
The MAFIAA is a bunch of mindless jerks who will be the first up against the wall when the revolution comes
China's piracy rate is more than four times that of the US, but the use of Windows Update in China is significantly below that in this country. Same for Brazil and France. But Microsoft's own data doesn't always support William's contention that piracy, and the hesitancy to use Windows Update, leads to more infected PCs. China, for example, boasted a malware infection rate -- as defined by the number of computers cleaned for each 1,000 executions of the MSRT -- of just 6.7 per thousand, significantly below the global average of 8.7 or the US's rate of 8.2. France's infection rate of 7.9 in the first half of 2009 was also below the worldwide average."
How can Microsoft possibly conclude that Malware is a greater threat to pirated PCs from the previously quoted data? Obviously the US has a higher infection rate than China, with the US being at 8.2 per thousand and China only at 6.7.
If it were me analyzing the data I'm afraid I would have to conclude that users who use windows update more often and use official copies of windows(US users) are more likely to receive a malware infection than users on pirated copies without using windows update(China).
I guess I deserve a job at Microsoft if I'm able to better comprehend the statistics than they are, assuming the numbers from this article are even true.
First, I'm not even a user of Microsoft stuff (see my sig), and I'm not posting because I think I know what Microsoft should do. This is not a rhetorical question on my part, but just a plain question. As I understand it, when a machine is infected it makes trouble for everybody (becomes part of an army of botnets or whatever). So, helping pirates who, except for pirating Microsoft Software are pretty much minding their own business, to keep their machines virus free would help everybody wouldn't it? They try to give junkies clean needles not to help them be junkies, but to try to prevent the spread of disease. Have I got that right? If I do, then, isn't it a similar situation with Microsoft?
In theory, theory and practice are the same; in practice they're different. (Yogi Berra & A. Einstein)
The fact that there's a "Great (Fire)Wall" separating the Chinese from the rest of the internet? Chinese culture being less individualistic may simply not produce as much malware, and since most citizens are restricted to their own countrymen, there's a bias. That such a sampling bias exists should disqualify it from being included among the other countries, or at least warrant further research before lumping it in there.
Microsoft has a financial incentive to make people fear running unauthorized copies of Windows.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Problem solved. Link proven. That's what passes for innovation at Redmond these days.
These posts express my own personal views, not those of my employer
YMMV, but as an experiment, I chose the "alternate validation" thing long ago on a legitimate installation of Windows. Copy pasted the code into the window, then pasted the code into an email. Went to a pirated copy of Windows, ran the "alternate validation" thing again, and posted the prior code into the little window. This machine had failed WGA validation at least 2 times, but when I pasted that code into the window, suddenly it was good. The two installations were on similar, but not identical, hardware - which may mean anything, or nothing. It was an experiment that worked at least once, and may work for you.
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
I have an allergy to B.S. This sounds, at best, very suspect. You don't need a Windows computer to write viruses for Windows. You can compile binaries intended for Win32 on a Linux or BSD machine. Heck, you could even use PHP, PERL, or other to take advantage of a security hole in Windows.
Maybe I'm just tired and sleepy - but your post makes me think that if Gate's daddy had used a dirty needle and a condom, we wouldn't be so worried about getting Bill's viruses today. Hmmmm. I'll sleep on that idea......
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
The actual spin is that "it's not MS's fault" for perpetuating the outdated distribution method of selling/shipping unpatched versions of Windows to end-users and expecting them to patch up to the latest version. Sure, people can do rollups but it's OPTIONAL.
NO other security-conscious application these days dares to publish anything but the latest security-patched version.
If every OS image being installed was at least the latest "image" from one quarter ago, we definitely would have less problems as time goes by with new systems going online almost fully-patched and old patched systems go offline.
As a PC repairman who has been in the biz since the days of Win3.x, I'd like to point out that there is a MUCH bigger reason for botnets, drivebys, etc-Trialware and updates not turned on at the factory. Do you know how many times I have seen a Dell/HP/Compaq/Acer cross my desk with the SAME copy of Norton from x years ago running useless in the taskbar, along with Windows Update having been left off at the factory and therefor unpatched since it left the factory? if you said pretty much every single damned time, then you are correct!
I've known quite a few pirates over the years, and usually they can get the patches no problem if they so desire, someplace like Autopatcher, which pulls the updates of of the MSFT servers and can have WGA unchecked, comes to mind, but they just don't give a crap. But the clueless that bought some "Best Buy Special" or whatever Dell has on sale this week is MUCH more likely in my experience to be running the same level of patches that came from the factory.
I just wonder how much piracy is gonna promote WinXP over Win7 myself. From what I understand (haven't gotten around to installing mine yet, as I'm still trying to decide whether to triple boot or blast my XP X64) Windows 7 is MUCH harder to pirate, and of course we all know one of the reasons why Windows and Office is pretty much everywhere is that those that couldn't afford it could pirate them easily. Will the extra difficulty make folks switch to Linux? Or will it cause XP to just keep going and going like the Energizer bunny? I'm betting the latter as my experience with Linux is the OS still has too many "lack of driver" issues. It would be funny if after all their years of bitching about piracy if they finally came up with a "foolproof" way to make folks buy it and they just walked away instead.
But piracy isn't the source of all the malware IMNSHO, it is the frankly shitty trialware and default settings on the boxes from Dell/Best Buy/Walmart/Rent A Center, etc.
ACs don't waste your time replying, your posts are never seen by me.
When I pick up clients I make sure their "licensing"[sic] is brought into compliance. It's amazing how many PCs are in small-to-medium-size businesses where IT folk install "pirated" ("Yar! yo ho ho and a bottle of rum") corporate editions. I bring them into compliance but I use policies and now WSUS to restrict patches for days to weeks after release to learn of reports of patches breaking systems. They're always behind firewall appliances and running some sort of antivirus and anti-malware software. Why I am I so wary? I've seen many instances where Microsoft patches have broken software, ranging from being able to mount Microsoft Exchange info stores to rendering Windows itself unbootable. For clients on the go (notebooks, etc) I'll tell them sure, go ahead and update when prompted, keeping in mind that the patches haven't been proven in the field yet.
It's not just counterfeit license users who avoid patching; many delay patching until the updates have been proven "safe," or if the IT budget allows (it rarely does), testing them in a staging environment.
The best practice is to set up a WSUS server and push the updates out from your own servers, controlling when and where the updates get rolled out to client workstations (and other member servers). The sad thing is that almost no businesses value best practices until having experienced at least one catastrophic failure. Heck, getting smaller companies to accept even a reasonable backup regimen is like pulling teeth.
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
You are absolutely correct if the goal is the public good.
Corporations, on the other hand, are not about the public good.
t would be nice if Microsoft cared, but Microsoft is a corporation. A publicly traded corporation, no less; publicly traded corporations are required, by law, to be self-serving and to maximize profit over other considerations. If they don't, they can be sued by shareholders for not doing it.
So, nice as it would be, unless you can come up with a way to convince Microsoft to convince Microsoft shareholders that the goodwill would turn into profits that exceed the profit available with the current, selfish strategy, I think it's not so likely to happen.
Very true in my experience. There hasn't been a machine which I've had which at some point I stopped doing updates on because some sequential update killed the machine irreversibly. Rarely, one can roll back or uninstall some update or go back to a restore point, but most of the time the only thing to do is to back up data and do a sys repair/reinstall/ghost.
For example, I got me one of them awesome Gateway P7805u notebooks a while ago and it came with a Vista SP1 license. I installed some stuff and then remembered that I can do updates. So I decided to go to SP2. Long story short, it fucked up some essential drivers and no amount of rolling back would help. Restoring from image was simple, but imagine having to do so with a vast array of installed apps and whatnot just because an update killed it all.
Hence, this is why I can't see a reason for actually buying licenses. I mean, the IEEE gives me oodles of them to use, so everything's all legal and nice...but if they didn't, I'd have no problem installing a Pro build 2600...
having the latest patches and updates do not protect you from all viruses just specific ones. Microsoft cannot code Windows updates to prevent all virus and malware infections as Windows is "defective by design" with security holes and bugs that allow malware and viruses to be installed even if the system has the latest updates and a few AV programs as well as a firewall.
Pirated Windows can still apply the Windows updates and pirated Windows have a way around the Microsoft WGA checks as they redirect WGA checks to files within the operating system that have been patched to always return a genuine check, instead of going to Microsoft's servers. The only people that get WGA 'You may be a victim of counterfeiting" are legit Windows users who suffered from a "false positive" because their AV or Firewall detected WGA as Spyware and prevented it from connecting to Microsoft's servers.
Actually third world nations get virus infections because the economy is bad and many of their citizens turn to writing viruses to make money by infecting other systems and stealing their identity and bank accounts, but they just don't infect systems within their nation, but all over the world it is just that people in a third world nation cannot afford the tech support services to remove the viruses and malware or aren't educated enough to do it themselves and suffer with malware and virus infections. Not to say that people in rich economies like the EU and USA don't write their own share of viruses and malware, just that Geek Squad and other companies charge $300 (or more or less) to do a virus/malware cleanup using a MRI Boot CD with several virus scanners on it and pay some high school or college student or drop-out minimum wage to do the virus scan.
I myself clean up the Windows systems of friends and relatives, and their Windows is genuine and patched and updated to the latest versions and they paid for AV software and firewalls, but still get infected. Until Windows adopts a Unix like security system and uses a design that makes it hard for viruses and malware to exist or infect system files as Unix, Linux, Mac OSX, *BSD Unix etc have, we are going to see "Ghostbuster" type numbers of virus and malware infections all around the world. Now that is a big Twinkie!
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
May I suggest you do 4 partitions & quad boot? Partitions: 1- 40 GB for XP, 2- 10 Gb for Linux stable, 3- 10 Gb for Linux bleeding edge, 4- linux of the moment. All 4 computers here are done that way. One final bit; never boot partition 1. Your M$ Office argument does not make sense when Open Office is free & better. My shuttle & my Thinkpads all require drivers from Shuttle, Nvidia & IBM for Windiz. Every Linux distro i"ve tried finds all drivers at first update. Hows is that for your Linux "lack of driver" argument from last millenium?
So, another way to look at the data is that Windows malware outbreaks cause a corresponding surge in migration away from Windows and towards systems like Linux or OpenSolaris.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
It's almost like M$ keeps moving the holes around and re-hiding them, but never fixing them. That would certainly permit the known holes and backdoors to be available for exploit but make it harder for 'unauthorized' (you did read the EULA, right?) entities to use them.
That is, however, only when M$ can be assed to patch in the first place. Not like they've dropped patches for versions they still claim to support.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
...but there's a big whole in that argument, which, I'm sure, MS doesn't like being mentioned. IMHO, one of the biggest holes in security is the clueless user. We all know 'em. "Oooh, pretty cursors, and they're free," "I'll just email my username & password to someone so they can login to my account for *miscellaneous-reason*, and yes, that's over unencrypted email" "I just store all my info in My Documents," (including textfiles with usernames/passwords, personal info including credit card/bank account info, etc), "Bah! I can't view this crazy website properly! I'll just turn off the firewall/anti-malware program," "Oh, nifty IE toolbar! Sure I've never heard of this website/company/group/whatever providing it, but it looks pretty cool so I'll install it," "Internet cache? What's that? Defrag? Virus Scan? Fooey!" "Huh. I don't know who this person that emailed me is, or why they're emailing me about (insert tragic/horrific/frightening/miraculous/ridiculous or whatever urban legend/trope/myth/etc here), but I think I'll pass this email on like it says to. After all, if I don't send to at least 10 people in the next 5 minutes, then (insert promise of disaster/catastrophe or great happiness/wealth here, conditional on them forwarding spam)" "I made my password, 'Password'! Isn't it clever? No one will think it'll be that!" And so on, and so forth. Or how about the cluess admin that leaves a username or password of "admin" on a server or other network profile? "1-2-3-4-5? That's amazing! I've got the same combination on my luggage."
If they're drawing conclusions like this already, I can't help but wonder if they plan on hiding behind this when they roll out some new, more restrictive anti-piracy scheme. I'm not advocating piracy by any means, but MS seems to spend more time and money conniving how to get everybody to fork over a hefty chunk of cash for the "latest and greatest" version of their OS or software, rather than trying to fix bugs still in the last version. That, and trying to brainwash people into believing they're the only legitimate option. I hope they realize, if they think the Win7 release buys them enough good will to start monkeying around, that it only goes so far, which isn't far at all after infecting the World with Vista.
Odi profanum vulgus et arceo
From what I understand Windows 7 is MUCH harder to pirate
Nope, the process is exactly the same as with XP or Vista.
Do what thou wilt shall be the whole of the Law
Slipstreamed installs are convenient... but you can't really tell what else might have been slipstreamed in.
Safer to use normal install media and get the keys separately.
Do what thou wilt shall be the whole of the Law
Sofware "piracy" != theft
Do what thou wilt shall be the whole of the Law
A tad off topic but still relating to patching Microsoft stuff. We run WSUS at work to patch machines. I absolutely despise approving the Microsoft Office security updates and service packs, especially with OEM versions of Office. Every time I do so, it seems to screw up registration on Office XP and Office 2003 installations. I have a handful of users who can't get into office after the application of updates. Fantastic. In most of those cases when I try to do the internet registration it fails and I have to spend the time to call the phone registration system. This can take 10 minutes or so per machine. Absolutely irritating. And yes, all of our software is legit.
But Microsoft is trying so hard to kill XP. Making it free would mean that it will stay even longer. Vista failed to replace XP. 7 may replace Vista and may even replace XP on new(er) computers, but a lot of people will be using old hardware and XP well past the "no more patches" day. We will just have to figure out some workarounds for the unpatched vulnerabilities, but I don't think I'll be replacing my OS (or my PC) just because XP won't be updated anymore. I survived with Windows XP with no SP well into the SP2 time just by being careful (know the sites I am visiting, have a properly configured firewall etc). I installed SP2 only when after 4 or so years my installation crashed (4 years may not be a lot, but installing/uninstalling software and hardware leaves its mark on the system) and I had to reinstall Windows, so I installed SP2 that time. I even had copied USB2 drivers from my laptop with SP1 (since I installed Windows to my laptop later, I installed SP1) so I could use USB2 devices at full speed.
Thing is, WGA doesnt stop pirated copies of Windows (XP at least) from using Windows Update.. There are various "Activation cracks" that will pass WGA and let you update to your hearts content, so I dont think it necessarily matches up that "pirated = trojaned"..
I never update my pirate Windows as it slows down my XBox 360 torrents!!!!
If I walked out of that store, and someone offered to give me an exact copy of that suit for free, I wouldn't complain.
...we'd all still be downloading versions of Win/ Office/ Server/ Whatever and using keys of off mscracks.com (or the like) - then ranting about how good they were when at work, meaning the company would then have to legitimately buy copies to use so that they wouldn't get in trouble when audited. And we wouldn't be dealing with mal/spy/crapware when running a crack just to reinstall a copy of Windows simply because the motherboard blew up rather than spend another £100 that M$ do not need *or deserve*.
Before anyone starts shouting, this was the way of things for *over a decade* - and I don't remember seeing Bill Gates (or anyone from M$) in the dole queue during that time. Of course, OEM copies of Windows/ Office were still being sold with new PC's, so it was only the geeks/ friends & family of geeks that didn't pay. It was only once they decided that they weren't quite earning enough profit that the whole 'genuine' path was taken - and now here we are...with M$ in exactly the same situation as the music/ movie companies - every time they try to protect their obscenely overpriced products, they get leapfrogged by cracking crews, and it's they alone who pretend that somehow one day these cracking crews are going to go away by bringing out multiple versions of their Genuine Advantage Guff (while simultaneously pretending that their products were always good value for money - how many times did the music industry get investigated for overpricing CD's?), which in turn make folks avoid updating, and oh look....the number of viruses has gone up. Curse those users who won't pay another £100 for software they already bought with a machine!
I've always considered M$ to have no moral ground whatsovever anyway, due to their licensing system - if I pay for two pieces of software for two seperate machines, I consider it morally wrong to then demand money to allow them to talk to each other; something M$ have no trouble in doing with their stupid and labyrithine client licensing system. Symantec are the same with Backup Exec - the functionality is built in, but they see nothing wrong with demanding thousands for a key to allow you to actually use it. Imagine if you bought a car with an MP3 player built in, but you were only allowed to look at it until you paid the car company more money...that's what's accepted in the software industry these days, but it's gone on for so long people have gotten used to it :-(
I must have installed versions of Windows at least a thousand times in the last twenty years, in many cases for testing (where it was deleted afterwards). Is anyone seriously going to suggest that I should have paid for every single copy? And don't give me the Technet excuse either - every time I install, I'm increasing M$'s user base, and encouraging the companies I have contracted for to use M$ software (which they *have* to pay for). I have never, and will never accept that I have to pay M$ in order to sell their products for them :-)
Since Vista, Microsoft have made it much easy to slip-stream apps & customizations into the install process for OEM / system builders and such like.
It just so happens that works for hackers too; your Windows torrent comes pre-rooted quite often - it is a very popular download after all.
Also, WGA does not prevent your from downloading critical patches.
throw new NoSignatureException();
In my limited experience, casual pirates practice very little "software hygiene", i. e. they tend to install all kinds of dodgy programs, including pirated software from p2p networks. That might be an important infection vector.
Can someone make a fitting analogy to STDs?
"Beware of he who would deny you access to information, for in his heart he dreams himself your master."
I agree with many of your points, one thing you forgot to mention is the activation limits too.
You can only activate XP five times, even if you buy the retail box version. After then you have to buy it *again*.
Hehehe y you're right!
How about the MS Active Partner program (it's called something like that, anyway) - £130 a year, and you get all their s/w to run in a non-business environment - until, of course, you stop paying, at which point all your active/ in use licenses expire; at which point I advised M$ that I'd be going back to procuring them from an alternative source :-)
On a side note, it's also interesting how, once again, I get a score of 1 by making legitimate statements, when a reply that agrees gets a score of 2. Makes the whole 'karma' thing a bit pointless, really.
Malware is the infected OS fault for not being a good system from the get go, and M$ is guilty of that for sure, but also, we know Linux is free and no one wants to pay for this stuff, so if M$ really wanted to force a whopping move and force to shut down all pirated copies, you would have an overnight movement so big towards linux, that the market shares would probably be more like 50/50.
For all the pirated copies you still take those into consideration for counting market shares (M$ does), then you add to the fact , these people doing this do no want to spend money or else they would have legal copies, says they probably would not buy a copy of windows, but download linux.
If M$ was smart, they should offer for 19.99$ a one time transfer of all patches and updates, to all users that need them (obviously the pirates) and say no strings attached, then once they have the emails, and had their money , send not only the patches that make the internet safer for EVERYBODY, but also be able to use their emails to advertise why they should buy a legal copy of windows...hell, if they came out with cool stuff all the time like Apple IPhones, Windows would sell itself, no?
Problem is M$ is too greedy. Think about it, all pirated version are now patched and M$ has 19.99$ * each pirated copy, for future development. That would get them easily a 10 million copies of windows * 20.00 = 200 million easy...without doing anything but making the internet safer.
Balmer sucks, that's why M$ is the way they are.....stop throwing chairs, and start thinking with your head!
Do people on car forums provide computer analogies to their car issues?
Believing "user education" will lead to better security is like believing aggressive patching will create bug free software. Education and aggressive patching are useful and do improve the quality of the system but mistakes happen for people and software. You can have people read security documents forever and continually patch and machines will still get exploited because neither is perfected.
Beyond that, regular users don't have time to read security bulletins and twiddle with scanners. Instead of blaming the user, how about we blame the software systems that help create this mess? Why is it so difficult to configure and user and inspect the status of AV software? Why should any OS have AV software in the first place?? These seem like problems with the software design not the user. Or if anyone needs a hint on what the real problem is: It is very hard for a user to tell the difference between AV software and malware. That should tell you something is weird about the system where if the user could tell the difference we wouldn't need the software in the first place.
100% of Malware I've seen is on machines where I've given the end user admin/root access.
Wait a minute. We are using the MSRT stats to debunk the idea that piracy and not running Windows Updates results in more malware. MRST is usually run as a part of Windows Update...so the people not running WU don't run the tool and aren't even a part of the stats. Whether Microsoft is right or wrong, this argument is flawed.
It interrupts their work in a major way, frequently sucks up an hour of productive time (contrary to MS's lame human factor studies) and forces them to reboot to get anything done, followed by that *stupid* message about seeing what was updated (Golly Gosh, I'm so excited about the latest Windows update, I can hardly wait!).
.
Maybe, it's like having a regularly scheduled blue screen of death instead of a random one. Not much of an improvement.
Maybe *that's* why they're leery of patches. At least the viruses try and stay out of the way.
Please do not read this sig. Thank you.
Flamebait? One reason of the reasons I left WinXP was because I, a legitimate buyer of WinXP, had been accused of pirating a copy. WGA, snuck in a sly manner, only made it more difficult for me. I was only just learning do computer nerd things and consequently re-installed XP numerously with hardware upgrades (ram & hdd) interspersed. The contacts at the other end didn't like what they heard.
http://xkcd.com/488/ applies in the WGA case just as much as music.
Semi-automatic amateur armchair Australian philosopher; conjecture ready at any moment...
Thank you. This kind of "it doesn't cost anyone anything" logic is bullshit and needs to end. Piracy is ultimately theft and anyone that wants to try and argue otherwise will fail in the face of logic. If everyone decided to stop paying for software companies would stop developing it. Even the best "free" effort, Linux, has been driven by millions of dollars in development by, oh, say IBM and Red Hat and Novell and etc.....imagine a socialist operating system.....russia sure had some real gems of computing in the 70s.......
zosxavius photography
The GP didn't make that connection. At least, I didn't read that inference from the post.
However, in this case, I think the "piracy = theft" crowd might have a point, although not the point they think they have.
When you buy a copy of Windows, or any other software, for that matter, you also buy the right to get updates, usually through some kind of online updating mechanism.
If you've copied the software, you haven't stolen it; you're right: it's copyright infringement.
However, when you go to update that software, you _are_ costing the manufacturer money, directly, to support the bandwidth used by your downloading of the updates.
You're not stealing the software, but an argument could definitely be made that you're stealing the update services.
Now, in the case of something like Windows, with such a massive marketshare, and massive potential for abuse, I do think the right thing for Microsoft to do would be to allow all security updates to any copy of Windows, regardless of legit status. However, I do believe this is exactly what they currently do, as long as you have automatic updates turned on.
You can't go to the Windows Update website with a pirated copy of Windows (at least, not without some screwing around), but the WGA check doesn't get installed, and isn't required, for automatic updates.
They just download automatically in the background, and install on the next reboot.
I think the real problem is pirated versions like BlackXP, that install with the Security Center and Automatic Updates services disabled by default. I've seen this version installed by a couple of computer shops around here, and I'm sure the customer wouldn't turn on these services.
"City hall" in German is "Rathaus" Kinda explains a few things......
...but there's a big whole in that argument, which, I'm sure, MS doesn't like being mentioned. IMHO, one of the biggest holes in security is the clueless user. We all know 'em. "Oooh, pretty cursors, and they're free," "I'll just email my username & password to someone so they can login to my account for *miscellaneous-reason*, and yes, that's over unencrypted email" "I just store all my info in My Documents," (including textfiles with usernames/passwords, personal info including credit card/bank account info, etc), "Bah! I can't view this crazy website properly! I'll just turn off the firewall/anti-malware program," "Oh, nifty IE toolbar! Sure I've never heard of this website/company/group/whatever providing it, but it looks pretty cool so I'll install it," "Internet cache? What's that? Defrag? Virus Scan? Fooey!" "Huh. I don't know who this person that emailed me is, or why they're emailing me about (insert tragic/horrific/frightening/miraculous/ridiculous or whatever urban legend/trope/myth/etc here), but I think I'll pass this email on like it says to. After all, if I don't send to at least 10 people in the next 5 minutes, then (insert promise of disaster/catastrophe or great happiness/wealth here, conditional on them forwarding spam)" "I made my password, 'Password'! Isn't it clever?
BINGO!!! This sums up a big part of the real problem... coupled with a lot of unfixed holes in the OS... like the recent .NET maybe-fix just released (it is the 6th major attempt - the previous 5 failed). To continue this example with documentation to prove the point:
Here's just ONE similar exploit and patch:
http://www.microsoft.com/technet/security/bulletin/ms05-004.mspx
When that obviously failed to address nothing but specific methods for such attack vectors, that patch was replaced by this one:
http://www.microsoft.com/technet/security/bulletin/ms07-040.mspx
When that obviously failed to address nothing but specific methods for such attack vectors, that patch was replaced by this one:
http://www.microsoft.com/technet/security/bulletin/MS09-061.mspx
And that was after 3 earlier service packs for .NET didn't fix these issue. This thing is like a boat with a hundred holes. patching 2 or 3 at a time doesnt solve the core problem... water is still able to pour right in. Thats somewhere around SEVEN YEARS of trying and not fixing the .NET issue.
So... take the "clueless user" factor, and add the "Microsoft somtimes (often?) takes YEARS to properly fix various of the serious exploits and you have a recipe for disaster that has nothing at all to do with software piracy.
Then they make idiotic claims (like again, for instance, regarding the latest .NET fix): "First we'd like to make it clear that any customers that have applied the update associated with MS09-054 are protected, regardless of the attack vector. And most customers need not take any action as they'll receive this update automatically through Automatic Updates."
Really? This time, finally, for real, they promise, users "are protected, regardless of the attack vector." - somehow I doubt that. But regardless, there have been tons of other similar scenarios (look at IE's track record and the slew of patches released, numerous for the same issue that was not properly resolved with the previous one (or ten)). Thus, again, that has nothing to do with piracy.
Until Microsoft can truthfully claim that piracy creates "clueless users" and also prevents them from properly fixing their code (their promises of such to the contrary), then piracy is not nearly as large a part of this equation as they want people to believe.
StarTrekPhase2 - The Five Year Mission Continues!