dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
25864

ssj4android
Redefining Reality
join:2002-04-14
Wyoming, MI

ssj4android to blacksurfer

Member

to blacksurfer

Re: People with fake keys can't protect from Sasse

Yeah, the keygen keys aren't blocked.

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

1 recommendation

Snowy to blacksurfer

Premium Member

to blacksurfer

Re: People with fake keys can't protect from Sasser!

I believe it's a common fault of otherwise sensible people to throw their common sense out the window when it comes to microsoft.
If the very same question were posed but the players were changed from microsoft to let's say, Trojan Hunter or BoClean we'd be hard pressed to find a member saying they should also update (patch) illegal copies of their software.

LinkTech
Former Linksys Tech
join:2002-07-02
Mission Viejo, CA

1 recommendation

LinkTech to ssj4android

Member

to ssj4android

Re: People with fake keys can't protect from Sasse

Lets not get this all mixed up either. The original title was people with fake keys can't protect from Sasser. This is misleading in itself. You don't have to have service pack one installed to update. You can run updates just not service pack one.
vic102482
Premium Member
join:2002-04-30
Upper Marlboro, MD

vic102482 to jvmorris

Premium Member

to jvmorris

Re: People with fake keys can't protect from Sasser!

said by jvmorris:
said by vic102482:
. . . Shouldnt the car just not be allowed to start? IE windows being reverted back to the 30 day activation then lock period?

Isnt chan[g]ing it back to 30 day trial and then lock a better solution than denying updates?
Getting a bit confused by the word 'lock' in this instance. Are you really saying that Windows (probably XP) should be disabled (or perhaps rendered inoperable) or are you saying "No more updates"?

I mean, I like, your question about "Isn't there a better alternative?", but there are some logistical and legal issues with the first approach that are likely to raise havoc -- especially the first time someone with a legitimate copy of Windows gets wrongly locked out.

I mean locked as in, you just got the software.

If you try to use a pirated key then it will revert back to the 30 day trial period and on the 30th day, ask you to present a real key or you will not be allowed to login, just as the software does now.

Is that a better alternative than blocking the updates?
OZO
Premium Member
join:2003-01-17

OZO to blacksurfer

Premium Member

to blacksurfer

Two separate issues here...

There is a lot of comparisons with a car. Despite of that I'll offer you another one to this discussion.

Car is protected from authorized use by offering a key. No key - no running engine
(I hope you compare this to activation of OS).
Second point - if car is on the road - don't you feel that we all share the same road space (Internet) and if a car has design defect with its wheels (or whatever) that is not fixed (patched), then it creates potential problem to you (who has "patched" wheels).

Do you feel that in spite of fighting to protect cars from thief - it should be dangerous on the road to to others?

I think there are two separated issues here. One is protecting OS from unauthorized use (which should be done at activation time), and the second one (and I think it is completely separated one) - keeping safety on the roads (Internet) by fixing known problems with it.
IGGY9
No Guru Just Here To Help
Premium Member
join:2001-03-30
Chatham, IL

1 edit

2 recommendations

IGGY9 to blacksurfer

Premium Member

to blacksurfer

Re: People with fake keys can't protect from Sasser!

Actually only a few of the more popular keys were killed in SP1. Anyone who knows what there doing could easily get around this. And many have. But then again anyone who could figure out how to get around the block most likely aren't going to get infected in the 1st place. Do to the fact that they'll have decent security in place. Granted probably not paid for. But it will be in place.

Yes it stinks that these people will continue to infect others. Because of there actions and stupidity of not taking basic steps to secure themselves. But many users who have legit software are causing just as much trouble. They have the option to update and many aren't doing this - even now.

Honestly it amazes me. A very basic software firewall would stop almost all of the recent and past worm infections. Legit software or not. You'd think users by now would know that this is just 1 piece of the puzzle you can't do without. And free options are available.

TakeTheFifth
join:2004-04-20
Anjou, QC

TakeTheFifth to blacksurfer

Member

to blacksurfer
ummm

Reminds me a a friend who bought a real nice sound system years ago and «I only paid 300$ but I know it's worth 1200$, but I don't care where it came from. The guy even delivers it to my place!»

A few days later, "someone" broke into her appartment, took «back» the sound system and the TV and the VCR.

If no one bought stolen (or pirated) goods, there would be no market for it.

Regards,

Phil

jvmorris
I Am The Man Who Was Not There.
MVM
join:2001-04-03
Reston, VA

jvmorris to vic102482

MVM

to vic102482
said by vic102482:
. . . I mean locked as in, you just got the software.

If you try to use a pirated key then it will revert back to the 30 day trial period and on the 30th day, ask you to present a real key or you will not be allowed to login, just as the software does now.
Okay, pardon me for being obtuse, but all My MS OS licenses have been legitimate, so I really have no idea what happens (especially with Win XP) if one fails to present a valid key within the 30-day interval.
quote:
Is that a better alternative than blocking the updates?
I'm having to be a bit presumptuous at this point, but I take your reply to mean that the system would then be inoperative (if the 30-day period expired without the insertion of a valid key).

This would be somewhat different from what I thought you might be advocating -- a 'self-help' function that Microsoft could use (remotely) to disable the OS (as proposed in the original UCITA draft legislation).

To answer your direct question, yes. I think that would be a better solution. We would not then having people (knowingly or unknowingly) running around with pirated copies of the OS and consequently being able to propagate worms, trojans, or viruses (if they'd taken the time to run the updates). If then they failed to enter a legitimate key, they would no longer be part of the vulnerable pool under any circumstances.

I gather that there are an incredible number of counterfeit MS OS licenses out there. No point in simply letting them become a source of infection for the rest of us (including the simply clueless who think of their PCs as being little different from their refrigerator).
vic102482
Premium Member
join:2002-04-30
Upper Marlboro, MD

2 edits

vic102482

Premium Member

said by jvmorris:
said by vic102482:
. . . I mean locked as in, you just got the software.

If you try to use a pirated key then it will revert back to the 30 day trial period and on the 30th day, ask you to present a real key or you will not be allowed to login, just as the software does now.
Okay, pardon me for being obtuse, but all My MS OS licenses have been legitimate, so I really have no idea what happens (especially with Win XP) if one fails to present a valid key within the 30-day interval.
quote:
Is that a better alternative than blocking the updates?
I'm having to be a bit presumptuous at this point, but I take your reply to mean that the system would then be inoperative (if the 30-day period expired without the insertion of a valid key).

This would be somewhat different from what I thought you might be advocating -- a 'self-help' function that Microsoft could use (remotely) to disable the OS (as proposed in the original UCITA draft legislation).

To answer your direct question, yes. I think that would be a better solution. We would not then having people (knowingly or unknowingly) running around with pirated copies of the OS and consequently being able to propagate worms, trojans, or viruses (if they'd taken the time to run the updates). If then they failed to enter a legitimate key, they would no longer be part of the vulnerable pool under any circumstances.

I gather that there are an incredible number of counterfeit MS OS licenses out there. No point in simply letting them become a source of infection for the rest of us (including the simply clueless who think of their PCs as being little different from their refrigerator).

Yeah it works just like norton. I have never seen it either on my machine, but I can tell what happens. Beofre I enter in my key code there is a 30 days remaining notification, then 20 days 15 etc. and when you get down to one the system will lock. You cant log in, when it boots it just sits there with a "Please Call Microsoft or Enter Keycode" screen. No access is given to the system what so ever.

If microsoft used windows updates to revert the system back to this mode (which is most certainly posssible) this method will not only ensure that pirated copys of XP are locked until a valid key is entered, but the virus propagtors are also removed from the internet pool so that they cannot do damage to other machines.

What sense does it make for Microsoft to allow them to use the software but not update it. Isnt what you are trying to accomplish the "removal" of bad software, IE steering wheel locking and the engine refusing to start when a car is broken into? Stop the problem at the door, lock it down restrict access and tell them to call Microsoft for assistance! Dont let them roam free with no updates allowing them to collect up malicious software and spread it onto other unsuspecting users.

Disabling updates is a foolish idea with so many commonsense alternatives available. Also in the long run, legetimate customers get burned. If someone stole your key youd have 30 days to call Microsoft vs. finding out you cant update when a new virus is on the itnernet. And in this case alot of the time with so many new viruses out people update during a breakout, not "just because", so alot of legitimate users who had their keys stolen or were sold stolen software will find out they cant update when its "too late".

Totally rediculous idea by Microsoft:(.

Steve
I know your IP address

join:2001-03-10
Tustin, CA

2 recommendations

Steve

Re: People with fake keys can't protect from Sasse

At the MVP Summit, we asked them about this. They saw the point of allowing eveybody to upgrade (patching the dirtballs actually helps protect me), but ultimately it came down to:
said by Microsoft guy:
There really should be benefits of ownership
I could go either way on this, but they do have a point.

sivran
Vive Vivaldi
Premium Member
join:2003-09-15
Irving, TX

1 recommendation

sivran to OZO

Premium Member

to OZO

Re: Two separate issues here...

An unpatched computer, unlike a fatally flawed car, isn't going to maim or kill anyone. It may hurt someone's pocketbook, but only if they too are unpatched, unsecured. The problem then is shared between the pirates and the users who fail to secure.

I thought I had come up with a better analogy, but after typing it up, I realized it wasn't quite complete and didn't work. Ah well.

Rogue Wolf
An Easy Draw of a Sad Few
join:2003-08-12
Troy, NY

1 recommendation

Rogue Wolf to blacksurfer

Member

to blacksurfer

Re: People with fake keys can't protect from Sasser!

I think I can sum up the (rational) arguments on both sides:

A> Microsoft should refuse to support those who stole from them.

B> Microsoft should patch all copies of XP to help protect the Internet as a whole.

There's the dilemma, because IMO, both arguments are valid.
IGGY9
No Guru Just Here To Help
Premium Member
join:2001-03-30
Chatham, IL

1 recommendation

IGGY9 to Steve

Premium Member

to Steve

Re: People with fake keys can't protect from Sasse

I think this is one of those you get what you pay for points. If you wish to do this or need to for economic reasons etc - you'd better either be able to beat the system or suffer the results of your actions.

I'm just not sure that these users would actually use the option if they had the choice. As I mentioned above - most users who have a valid license don't and obviously the pirated key users don't have basic security on there mind.

norky
Premium Member
join:2002-12-02
Lithia, FL

1 recommendation

norky to Rogue Wolf

Premium Member

to Rogue Wolf
If you steal a steak from the grocery store and get a stomach ache, are they obligated to give you free TUMS?
vic102482
Premium Member
join:2002-04-30
Upper Marlboro, MD

vic102482 to Steve

Premium Member

to Steve
said by Steve:
At the MVP Summit, we asked them about this. They saw the point of allowing eveybody to upgrade (patching the dirtballs actually helps protect me), but ultimately it came down to:
said by Microsoft guy:
There really should be benefits of ownership
I could go either way on this, but they do have a point.

That is a self defeating statement said by "Microsoft guy". If one of the "benefits" of ownership is protection, then why must I be bombarded by someone that cant update their own system? Should I recieve 10,000 Netsky viruses from teh same IP because someone cant update their stolen software?

Who is really paying the price here is the question I have.

Steve
I know your IP address

join:2001-03-10
Tustin, CA

1 recommendation

Steve

said by vic102482:
Should I recieve 10,000 Netsky viruses from teh same IP because someone cant update their stolen software?
Maybe you need a sense of perspective: my router turns them away, and I have no idea whether I've had 1 "attack" or a million. Why do you care how many?

Steve
dave
Premium Member
join:2000-05-04
not in ohio

1 recommendation

dave to vic102482

Premium Member

to vic102482
said by vic102482:
Should I recieve 10,000 Netsky viruses from teh same IP because someone cant update their stolen software?
Whereas, of course, if this thief could update his stolen software, he would thus cease to be a bad network citizen.

Got any proof of that conjecture? Or is it more likely that since he didn't give a rats arse about theft, he doesn't give a rats arse about the rest of us?

jvmorris
I Am The Man Who Was Not There.
MVM
join:2001-04-03
Reston, VA

jvmorris to Steve

MVM

to Steve
Well, Steve, I can sort of understand that, but still . . .
If MS is going to let you use software for 30 days without having submitted a legitimate key, (regardless of whether it was a legitimate purchase or a counterfeit copy), then it seems to me that -- just for the sake of the rest of us -- they should allow at least critical updates to be applied to the system in the interim. (Again, at this point I could care less whether the 'owner' is potentially legit or running a counterfeit copy.)

After that, the software gets disabled (I think their host-based notifications make that quite clear). At this point, it doesn't matter whether you've got a legitimate copy or a counterfeit copy. No ticket, no laundry -- seems simple enough to me.

Now, again, I'm not talking about some sort of (remote) self-help function, but rather the basic 30-day timer inherent in the software until such time as a valid key is entered. There is a little minor detail (gasp!) for people who actually buy a machine, but don't connect it to the Internet, but I think Microsoft provides an alternative means of handling that also, don't they?

Ender3rd
join:2001-07-15
Connecticut
·Frontier FiberOp..

1 recommendation

Ender3rd to blacksurfer

Member

to blacksurfer

Re: People with fake keys can't protect from Sasser!

This will be a moot topic if Microsoft releases Palladium or whatever they choose to call it in the configuration they want. In fact, the "trusted platform module" in the operating system won't let anyting run: viruses, shareware, freeware, unless it is on the secured, approved list. The Intel decision to implement DRM hardware encoding into their processors will further lock down systems as it works with Palladium. Like to tinker with your computer? Like to write your own code? You may need to find something else to do with your time if you go with Palladium/Intel/AMD! Future computers will most likely resemble xbox or PS/2 black box consoles with the OS locked to the hardware and no ability to run open-source code whatsoever. Would Linux run on these "Trusted Computer" platforms? Not likely. But that will certainly end the need for discussion of viruses or updating an OS with a stolen authentication key.

Regards,

Ender

Vig
Thread-safe since 1997
Premium Member
join:2004-03-23
La Jolla, CA

1 recommendation

Vig to blacksurfer

Premium Member

to blacksurfer
The way I see it, what we have here is a moralistic vs. pragmatic approach. It's true that, from a moral standpoint, a stolen copy of the software can and should be blacklisted from continuing support of any kind. This creates a penalty for the theft.

OTOH, the unpatched systems are affecting more than just their own performance. Other users suffer from performance hits, downtime, etc. when large virus outbreaks occur. It's this "collateral damage" in the "war against software piracy" that makes the argument for the pragmatic approach: patch every system with the aim of stopping the virus.

The perfect solution would be if the update could detect the invalid status, apply the patch, then subsequently shut down further network operations. This way the virus stops, the illegal users do pay their penalty, and the rest of the legit users are left out of the crossfire.

If the only choices are pacth or don't patch, then I have to say that the better alternative is to allow all systems to be fixed. This solution does allow the illegal copies to be fixed without punishment, but IMO the overall health of the net at large outweighs the need to deliver punishment to software pirates in this manner.
vic102482
Premium Member
join:2002-04-30
Upper Marlboro, MD

vic102482 to Steve

Premium Member

to Steve

Re: People with fake keys can't protect from Sasse

said by Steve:
said by vic102482:
Should I recieve 10,000 Netsky viruses from teh same IP because someone cant update their stolen software?
Maybe you need a sense of perspective: my router turns them away, and I have no idea whether I've had 1 "attack" or a million. Why do you care how many?

Steve

My pix turns them away as well but what about all of the spam generated? How can I turn them away without using my bandwith to do so? Perhaps you can tell me of a product that can DNSBL on a cisco router because I surely would be interested;). It just took me 2 hours to delete my badmail directory. Ive had to setup a separate relay because of so much junkmail. A bunch of that crap follows back to Aldephia and Comcast IPs.

A router is just one perspective of this patching problem. Sasser is a worm, but there are many more viruses out there that exploit patches.

Link Logger
MVM
join:2001-03-29
Calgary, AB

Link Logger to vic102482

MVM

to vic102482
said by vic102482:
That is a self defeating statement said by "Microsoft guy". If one of the "benefits" of ownership is protection, then why must I be bombarded by someone that cant update their own system? Should I recieve 10,000 Netsky viruses from teh same IP because someone cant update their stolen software?
They can update their stolen software by purchasing it, if they choose not to purchase it then they are choosing not to update it. How is that Microsoft's problem, as there exists a way for the user to update his OS, if they don't like that path, then that is their problem, not Microsoft's. One day no doubt there will be very malicious worm that will destroy infected systems, so problem solved (unfortunately a lot of license users will be creamed as well as they choose not to apply updates or have other security measures in place).

Blake
vic102482
Premium Member
join:2002-04-30
Upper Marlboro, MD

vic102482 to dave

Premium Member

to dave
said by dave:
said by vic102482:
Should I recieve 10,000 Netsky viruses from teh same IP because someone cant update their stolen software?
Whereas, of course, if this thief could update his stolen software, he would thus cease to be a bad network citizen.

Got any proof of that conjecture? Or is it more likely that since he didn't give a rats arse about theft, he doesn't give a rats arse about the rest of us?

I think there are plenty of theives that would be pissed if their machines were infected. Just because you steal software doesnt mean you dont have anything worthwhile on it. PC gaming for example. Would someone with stolen windows XP and stolen unreal torunmaent want their computer all slowed down and randomly rebooting in the middle of their games?

I think how you got the software doesnt matter if you patch or not. Remember the guy on the front page that bought a new 2,000 dollar laptop because his old one was infected? I doubt with that much cash hed be stealing verisons of XP, but yet he didnt update his system.
dave
Premium Member
join:2000-05-04
not in ohio

1 recommendation

dave to Vig

Premium Member

to Vig

Re: People with fake keys can't protect from Sasser!

said by Vig:
The perfect solution would be if the update could detect the invalid status, apply the patch, then subsequently shut down further network operations. This way the virus stops, the illegal users do pay their penalty, and the rest of the legit users are left out of the crossfire.
I imagine that it's perfectly possible for the Windows Update mechanism to detect 'invalid keys' and install a slightly more interesting version of the update to selected parties.

However, that's dangerous: it can do bad things to innocent people whose keys have been stolen. Right now the people whose keys have been stolen will be refused an update, and they can presumably (in theory at least) talk to Microsoft, convince Microsoft they are innocent victims, and get a new key.

If they installed an update that quietly disabled their machines, EVEN IF THEY WERE INNOCENT AND WERE BEHIND A FIREWALL THUS WERE NO THREAT TO THE REST OF US WITHOUT THE UPDATE, then that would be grossly unfair. Better to say "your key has been compromised".
vic102482
Premium Member
join:2002-04-30
Upper Marlboro, MD

vic102482 to blacksurfer

Premium Member

to blacksurfer
Sorry everyone, I hope Im not "spamming" this topic. I feel very strongly on the issue after having to spend hours on end deleting bad mail.:)

You all can probably see where I got my 16K post record from lol.
vic102482

vic102482 to dave

Premium Member

to dave
said by dave:
However, that's dangerous: it can do bad things to innocent people whose keys have been stolen. Right now the people whose keys have been stolen will be refused an update, and they can presumably (in theory at least) talk to Microsoft, convince Microsoft they are innocent victims, and get a new key.

If they installed an update that quietly disabled their machines, EVEN IF THEY WERE INNOCENT AND WERE BEHIND A FIREWALL THUS WERE NO THREAT TO THE REST OF US WITHOUT THE UPDATE, then that would be grossly unfair. Better to say "your key has been compromised".

Also what I said before. Telling them "Your key has been compromised and your system will deactivate in 30 days". Then windows reverts back to trial status. You have 30 days to call MS and get it resolved, if not BAM system no workie.

Better than giving them unlimied days to run around getting every virus known to man and sendnig me 50K emails per week lol.

Steve
I know your IP address

join:2001-03-10
Tustin, CA

1 recommendation

Steve

Re: People with fake keys can't protect from Sasse

What makes you think that the bad guys will just crack this too, to disable the disablement?

Randy Bell
Premium Member
join:2002-02-24
Santa Clara, CA

1 recommendation

Randy Bell to blacksurfer

Premium Member

to blacksurfer

Re: People with fake keys can't protect from Sasser!

These threads, and we have had many such threads over the past year or two, always remind me of the age-old debate about drug-abuse and law enforcement:

There are always those who argue that law enforcement has failed, so just give in to the drug abusers and legalize drugs. By de-criminalizing their acts we can hope to reduce further abuse and crime. Maybe even provide cheap {free or almost free} "alternatives" for the junkies.

Personally I think software pirates are moral scum {criminals} and should not be treated as legitimate citizens. I base my opinion on moral grounds; when you start to give in to the scum, even with a pious high-sounding justification of "protection of the many", you are on a slippery slope of justification .. JMHO.

I totally, thoroughly, disagree with the arguments in favor of giving rights to the scum that they do not deserve .. they are software pirates / criminals who are not entitled to the same privileges as legitimate users / customers ..

.. and, any damage they cause is their guilt, their responsibility ..
Daemon
Premium Member
join:2003-06-29
Washington, DC

Daemon to vic102482

Premium Member

to vic102482
Microsoft's dominance approaches that of a public utility and should be regulated similarly.

PG&E can't cut off my power service if i am unable to pay for it without a legal fight because electricity should be available to all (so goes the thinking in CA)

Microsoft should disable certain features of the OS if it's pirated yes, but basic security should not be one of them. The argument that MS shouldn't support those who stole from them is overridden by the need for internet security, in my opinion.

Note: in SP2, all XP keys that don't generate a PID of 640 will be killed, so be warned if you used a keygen.
vic102482
Premium Member
join:2002-04-30
Upper Marlboro, MD

1 edit

vic102482 to Steve

Premium Member

to Steve

Re: People with fake keys can't protect from Sasse

said by Steve:
What makes you think that the bad guys will just crack this too, to disable the disablement?

That is still not a good enough reason that innocent users on the internet should suffer:).

Let the hackers deal with it, if they want to crack it so be it. Thats just adding extra headache, which is the exact same thing Microsoft does with denying the updates. Just like a theif would become fustrated at being denied access at windows update, they will become fustrated with having to crack the software everytime they need to update (which with Microsofts record is pretty frequent;)).

Same result, two different solutions. With my way I dont have to deal with junk mail and clogged pipes everytime a new verison is released. Block the software and call it a day.