Re: People with fake keys can't protect from Sasser!

Author	All Replies
bluebaron2 Stuff Happens Premium,Mod join:2001-02-01 North of 44 Host: Canadian Chat	reply to vic102482 Re: People with fake keys can't protect from Sasser! You're still missing it here vic. The people who stole the software knew when they stole it that they could not get updates and fixes, if they didn't then they were not only thieves but terminally stupid to boot. The BMW thief knew at the onset that he wouldn't be able to steer the car ( BMW/Microsoft has not been shy in informing people that they do not support stolen property ) and he still took it out on the freeway. Just because it took him a little time before he crashed does not diminish his responsibility for the accident one iota. -- bb2 Since I've given up hope I feel much better.
	to forum · permalink · 2004-05-06 15:35:16 · (locked)
vic102482 Premium join:2002-04-30 Upper Marlboro, MD Reviews: ·Verizon FiOS 1 edit	said by bluebaron2: You're still missing it here vic. The people who stole the software knew when they stole it that they could not get updates and fixes, if they didn't then they were not only thieves but terminally stupid to boot. The BMW thief knew at the onset that he wouldn't be able to steer the car ( BMW/Microsoft has not been shy in informing people that they do not support stolen property ) and he still took it out on the freeway. Just because it took him a little time before he crashed does not diminish his responsibility for the accident one iota. Yes I agree(excellent argument), but in all honesty(I want your honest opinion:)), is that the wisest desicion that a corporation like microsoft should come to when trying to deal with piracy? Shouldnt the car just not be allowed to start? IE windows being reverted back to the 30 day activation then lock period? Isnt chaning it back to 30 day trial and then lock a better solution than denying updates? -- I tie a rope around my penis and jump from a tree, don't you wanna grow up to be just like me!!!!
	to forum · permalink · 2004-05-06 15:49:18 · (locked)
jvmorris I Am The Man Who Was Not There. Premium,MVM join:2001-04-03 Reston, VA	said by vic102482: . . . Shouldnt the car just not be allowed to start? IE windows being reverted back to the 30 day activation then lock period? Isnt chan[g]ing it back to 30 day trial and then lock a better solution than denying updates? Getting a bit confused by the word 'lock' in this instance. Are you really saying that Windows (probably XP) should be disabled (or perhaps rendered inoperable) or are you saying "No more updates"? I mean, I like, your question about "Isn't there a better alternative?", but there are some logistical and legal issues with the first approach that are likely to raise havoc -- especially the first time someone with a legitimate copy of Windows gets wrongly locked out. -- Regards, Joseph V. Morris
	to forum · permalink · 2004-05-06 15:57:58 · (locked)
bluebaron2 Stuff Happens Premium,Mod join:2001-02-01 North of 44 Host: Canadian Chat	reply to vic102482 We're probably taking this car anology way to far vic but here goes one more time. BMW did make the car not be able to start, you needed a key to get it going, the thief jumpered it to get past that built in anti-theft device. The Software thiefs bypassed the registration to make the software work, beyound the 30 day limit. M$ installed a anti-theft device in their software and now you are arguing that since the thiefs by-passed that one it's M$ fault that they didn't install another one. Bottom line don't steal software, if someone offers you software at a fraction of the retail cost, you damn well should know it's not legit. Don't want to get infected...go buy the legal operating system. Period. -- bb2 Since I've given up hope I feel much better.
	to forum · permalink · 2004-05-06 15:58:30 · (locked)
vic102482 Premium join:2002-04-30 Upper Marlboro, MD Reviews: ·Verizon FiOS	reply to jvmorris said by jvmorris: said by vic102482: . . . Shouldnt the car just not be allowed to start? IE windows being reverted back to the 30 day activation then lock period? Isnt chan[g]ing it back to 30 day trial and then lock a better solution than denying updates? Getting a bit confused by the word 'lock' in this instance. Are you really saying that Windows (probably XP) should be disabled (or perhaps rendered inoperable) or are you saying "No more updates"? I mean, I like, your question about "Isn't there a better alternative?", but there are some logistical and legal issues with the first approach that are likely to raise havoc -- especially the first time someone with a legitimate copy of Windows gets wrongly locked out. I mean locked as in, you just got the software. If you try to use a pirated key then it will revert back to the 30 day trial period and on the 30th day, ask you to present a real key or you will not be allowed to login, just as the software does now. Is that a better alternative than blocking the updates? -- I tie a rope around my penis and jump from a tree, don't you wanna grow up to be just like me!!!!
	to forum · permalink · 2004-05-06 16:23:36 · (locked)
jvmorris I Am The Man Who Was Not There. Premium,MVM join:2001-04-03 Reston, VA	said by vic102482: . . . I mean locked as in, you just got the software. If you try to use a pirated key then it will revert back to the 30 day trial period and on the 30th day, ask you to present a real key or you will not be allowed to login, just as the software does now. Okay, pardon me for being obtuse, but all My MS OS licenses have been legitimate, so I really have no idea what happens (especially with Win XP) if one fails to present a valid key within the 30-day interval. quote: Is that a better alternative than blocking the updates? I'm having to be a bit presumptuous at this point, but I take your reply to mean that the system would then be inoperative (if the 30-day period expired without the insertion of a valid key). This would be somewhat different from what I thought you might be advocating -- a 'self-help' function that Microsoft could use (remotely) to disable the OS (as proposed in the original UCITA draft legislation). To answer your direct question, yes. I think that would be a better solution. We would not then having people (knowingly or unknowingly) running around with pirated copies of the OS and consequently being able to propagate worms, trojans, or viruses (if they'd taken the time to run the updates). If then they failed to enter a legitimate key, they would no longer be part of the vulnerable pool under any circumstances. I gather that there are an incredible number of counterfeit MS OS licenses out there. No point in simply letting them become a source of infection for the rest of us (including the simply clueless who think of their PCs as being little different from their refrigerator). -- Regards, Joseph V. Morris
	to forum · permalink · 2004-05-06 16:36:39 · (locked)

vic102482 Premium join:2002-04-30 Upper Marlboro, MD Reviews: ·Verizon FiOS 2 edits	said by jvmorris: said by vic102482: . . . I mean locked as in, you just got the software. If you try to use a pirated key then it will revert back to the 30 day trial period and on the 30th day, ask you to present a real key or you will not be allowed to login, just as the software does now. Okay, pardon me for being obtuse, but all My MS OS licenses have been legitimate, so I really have no idea what happens (especially with Win XP) if one fails to present a valid key within the 30-day interval. quote: Is that a better alternative than blocking the updates? I'm having to be a bit presumptuous at this point, but I take your reply to mean that the system would then be inoperative (if the 30-day period expired without the insertion of a valid key). This would be somewhat different from what I thought you might be advocating -- a 'self-help' function that Microsoft could use (remotely) to disable the OS (as proposed in the original UCITA draft legislation). To answer your direct question, yes. I think that would be a better solution. We would not then having people (knowingly or unknowingly) running around with pirated copies of the OS and consequently being able to propagate worms, trojans, or viruses (if they'd taken the time to run the updates). If then they failed to enter a legitimate key, they would no longer be part of the vulnerable pool under any circumstances. I gather that there are an incredible number of counterfeit MS OS licenses out there. No point in simply letting them become a source of infection for the rest of us (including the simply clueless who think of their PCs as being little different from their refrigerator). Yeah it works just like norton. I have never seen it either on my machine, but I can tell what happens. Beofre I enter in my key code there is a 30 days remaining notification, then 20 days 15 etc. and when you get down to one the system will lock. You cant log in, when it boots it just sits there with a "Please Call Microsoft or Enter Keycode" screen. No access is given to the system what so ever. If microsoft used windows updates to revert the system back to this mode (which is most certainly posssible) this method will not only ensure that pirated copys of XP are locked until a valid key is entered, but the virus propagtors are also removed from the internet pool so that they cannot do damage to other machines. What sense does it make for Microsoft to allow them to use the software but not update it. Isnt what you are trying to accomplish the "removal" of bad software, IE steering wheel locking and the engine refusing to start when a car is broken into? Stop the problem at the door, lock it down restrict access and tell them to call Microsoft for assistance! Dont let them roam free with no updates allowing them to collect up malicious software and spread it onto other unsuspecting users. Disabling updates is a foolish idea with so many commonsense alternatives available. Also in the long run, legetimate customers get burned. If someone stole your key youd have 30 days to call Microsoft vs. finding out you cant update when a new virus is on the itnernet. And in this case alot of the time with so many new viruses out people update during a breakout, not "just because", so alot of legitimate users who had their keys stolen or were sold stolen software will find out they cant update when its "too late". Totally rediculous idea by Microsoft:(. -- I tie a rope around my penis and jump from a tree, don't you wanna grow up to be just like me!!!!
	to forum · permalink · 2004-05-06 16:43:01 · (locked)
Steve I know your IP address Consultant join:2001-03-10 Yorba Linda, CA kudos:5	Re: People with fake keys can't protect from Sasse At the MVP Summit, we asked them about this. They saw the point of allowing eveybody to upgrade (patching the dirtballs actually helps protect me), but ultimately it came down to: said by Microsoft guy: There really should be benefits of ownership I could go either way on this, but they do have a point. -- Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site
	to forum · permalink · 2004-05-06 16:44:49 · (locked)
IGGY No Guru Just Here To Help Premium,MVM join:2001-03-30 Chatham, IL	I think this is one of those you get what you pay for points. If you wish to do this or need to for economic reasons etc - you'd better either be able to beat the system or suffer the results of your actions. I'm just not sure that these users would actually use the option if they had the choice. As I mentioned above - most users who have a valid license don't and obviously the pirated key users don't have basic security on there mind. -- Test Your Security Team Z Member Cable Modem Diagnostics
	to forum · permalink · 2004-05-06 16:51:08 · (locked)
vic102482 Premium join:2002-04-30 Upper Marlboro, MD Reviews: ·Verizon FiOS	reply to Steve said by Steve: At the MVP Summit, we asked them about this. They saw the point of allowing eveybody to upgrade (patching the dirtballs actually helps protect me), but ultimately it came down to: said by Microsoft guy: There really should be benefits of ownership I could go either way on this, but they do have a point. That is a self defeating statement said by "Microsoft guy". If one of the "benefits" of ownership is protection, then why must I be bombarded by someone that cant update their own system? Should I recieve 10,000 Netsky viruses from teh same IP because someone cant update their stolen software? Who is really paying the price here is the question I have. -- I tie a rope around my penis and jump from a tree, don't you wanna grow up to be just like me!!!!
	to forum · permalink · 2004-05-06 16:52:12 · (locked)
Steve I know your IP address Consultant join:2001-03-10 Yorba Linda, CA kudos:5	said by vic102482: Should I recieve 10,000 Netsky viruses from teh same IP because someone cant update their stolen software? Maybe you need a sense of perspective: my router turns them away, and I have no idea whether I've had 1 "attack" or a million. Why do you care how many? Steve -- Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site
	to forum · permalink · 2004-05-06 16:55:34 · (locked)
dave Premium,MVM join:2000-05-04 not in ohio kudos:7 Reviews: ·Verizon FiOS ·Verizon Online DSL	reply to vic102482 said by vic102482: Should I recieve 10,000 Netsky viruses from teh same IP because someone cant update their stolen software? Whereas, of course, if this thief could update his stolen software, he would thus cease to be a bad network citizen. Got any proof of that conjecture? Or is it more likely that since he didn't give a rats arse about theft, he doesn't give a rats arse about the rest of us?
	to forum · permalink · 2004-05-06 16:56:51 · (locked)
jvmorris I Am The Man Who Was Not There. Premium,MVM join:2001-04-03 Reston, VA	reply to Steve Well, Steve, I can sort of understand that, but still . . . If MS is going to let you use software for 30 days without having submitted a legitimate key, (regardless of whether it was a legitimate purchase or a counterfeit copy), then it seems to me that -- just for the sake of the rest of us -- they should allow at least critical updates to be applied to the system in the interim. (Again, at this point I could care less whether the 'owner' is potentially legit or running a counterfeit copy.) After that, the software gets disabled (I think their host-based notifications make that quite clear). At this point, it doesn't matter whether you've got a legitimate copy or a counterfeit copy. No ticket, no laundry -- seems simple enough to me. Now, again, I'm not talking about some sort of (remote) self-help function, but rather the basic 30-day timer inherent in the software until such time as a valid key is entered. There is a little minor detail (gasp!) for people who actually buy a machine, but don't connect it to the Internet, but I think Microsoft provides an alternative means of handling that also, don't they? -- Regards, Joseph V. Morris
	to forum · permalink · 2004-05-06 16:58:12 · (locked)
vic102482 Premium join:2002-04-30 Upper Marlboro, MD Reviews: ·Verizon FiOS	reply to Steve said by Steve: said by vic102482: Should I recieve 10,000 Netsky viruses from teh same IP because someone cant update their stolen software? Maybe you need a sense of perspective: my router turns them away, and I have no idea whether I've had 1 "attack" or a million. Why do you care how many? Steve My pix turns them away as well but what about all of the spam generated? How can I turn them away without using my bandwith to do so? Perhaps you can tell me of a product that can DNSBL on a cisco router because I surely would be interested;). It just took me 2 hours to delete my badmail directory. Ive had to setup a separate relay because of so much junkmail. A bunch of that crap follows back to Aldephia and Comcast IPs. A router is just one perspective of this patching problem. Sasser is a worm, but there are many more viruses out there that exploit patches. -- I tie a rope around my penis and jump from a tree, don't you wanna grow up to be just like me!!!!
	to forum · permalink · 2004-05-06 17:02:41 · (locked)
Link Logger Premium,MVM join:2001-03-29 Calgary, AB kudos:3 Reviews: ·Shaw	reply to vic102482 said by vic102482: That is a self defeating statement said by "Microsoft guy". If one of the "benefits" of ownership is protection, then why must I be bombarded by someone that cant update their own system? Should I recieve 10,000 Netsky viruses from teh same IP because someone cant update their stolen software? They can update their stolen software by purchasing it, if they choose not to purchase it then they are choosing not to update it. How is that Microsoft's problem, as there exists a way for the user to update his OS, if they don't like that path, then that is their problem, not Microsoft's. One day no doubt there will be very malicious worm that will destroy infected systems, so problem solved (unfortunately a lot of license users will be creamed as well as they choose not to apply updates or have other security measures in place). Blake -- Vendor: Firewall Logging Software »www.SonicLogger.com - SonicWall and 3Com »www.LinkLogger.com - Linksys, Netgear and Zyxel
	to forum · permalink · 2004-05-06 17:05:55 · (locked)
vic102482 Premium join:2002-04-30 Upper Marlboro, MD Reviews: ·Verizon FiOS	reply to dave said by dave: said by vic102482: Should I recieve 10,000 Netsky viruses from teh same IP because someone cant update their stolen software? Whereas, of course, if this thief could update his stolen software, he would thus cease to be a bad network citizen. Got any proof of that conjecture? Or is it more likely that since he didn't give a rats arse about theft, he doesn't give a rats arse about the rest of us? I think there are plenty of theives that would be pissed if their machines were infected. Just because you steal software doesnt mean you dont have anything worthwhile on it. PC gaming for example. Would someone with stolen windows XP and stolen unreal torunmaent want their computer all slowed down and randomly rebooting in the middle of their games? I think how you got the software doesnt matter if you patch or not. Remember the guy on the front page that bought a new 2,000 dollar laptop because his old one was infected? I doubt with that much cash hed be stealing verisons of XP, but yet he didnt update his system. -- I tie a rope around my penis and jump from a tree, don't you wanna grow up to be just like me!!!!
	to forum · permalink · 2004-05-06 17:07:05 · (locked)
Brad Helm join:2001-08-27 Salem, IL	reply to vic102482 said by vic102482: That is a self defeating statement said by "Microsoft guy". If one of the "benefits" of ownership is protection, then why must I be bombarded by someone that cant update their own system? Should I recieve 10,000 Netsky viruses from teh same IP because someone cant update their stolen software? Who is really paying the price here is the question I have. Rather than lay the responsibility on Microsoft, why not lay the responsibility on the users and their ISP's? I believe most ISP's have a clause in their user agreements which states that the ISP can terminate a customer's service if that customer's connection/usage becomes detrimental to their network. So if a person neglects to maintain their computer, have their ISP's shut them out of the internet. Of course, there is always a chance that the cheap-arsed, software pirate may simply be using a hacked commection to the internet and not paying for that either, so this solution would help the fiscal viability of both software manufacturers AND the ISPs....
	to forum · permalink · 2004-05-06 18:08:28 · (locked)
jvmorris I Am The Man Who Was Not There. Premium,MVM join:2001-04-03 Reston, VA	said by Brad Helm: . . . Rather than lay the responsibility on Microsoft, why not lay the responsibility on the users and their ISP's? Umm, Brad, with all due respect, I think Vic did a bit more than simply lay the responsbility on Microsoft; he suggested a more reasonable strategy than what Microsoft has enunciated. Rather than simply denying Critical Updates to people running unregistered copies of Windows, he suggested that during the typical 30-day grace period (before a legitimate key is required by Microsoft) that all such users be able to install the Critical Updates. Doesn't make any difference as to whether they're legitimate purchasers procrastinating, knowing pirates, or unknowing users who've been duped. At the end of the thirty days, if there's no legitimate keyfile been entered the OS quits working (and there are all sorts of warnings available from the box itself to this effect). I like that idea. I don't give a damn if it's a 'legitimate' owner who fails (or refuses) to register, a pirate, or some poor soul who's been duped. (And a legit user who doesn't validate his registry key is as much a problem to the rest of us as someone running a pirated copy, knowingly or unknowingly; they probably don't run Windows Update, either.) No tickee, no laundry -- after that 30 day grace period (which I think is only that long so that people who've bought a computer that is not connected to the Internet have an opportunity to validate their key by other means). What's wrong with this concept? quote: I believe most ISP's have a clause in their user agreements which states that the ISP can terminate a customer's service if that customer's connection/usage becomes detrimental to their network. Yep, it's called 'fireproofing'. As soon as the ISPs start comprehensively invoking that policy, their revenues are going to drop rather precipitously (unless forced to do so by some external entity, as we've seen in the past). Hey, ISPs don't exist to secure the public good, they exist to make money! quote: So if a person neglects to maintain their computer, have their ISP's shut them out of the internet. . . . I cannot see this happening in the real world, save in the case of the most egregious violations of the AUP/ToS agreements (or if the ISP finds itself under an "Internet Death Sentence"). -- Regards, Joseph V. Morris
	to forum · permalink · 2004-05-06 19:15:16 · (locked)
Brad Helm join:2001-08-27 Salem, IL 1 edit	said by jvmorris: Yep, it's called 'fireproofing'. As soon as the ISPs start comprehensively invoking that policy, their revenues are going to drop rather precipitously (unless forced to do so by some external entity, as we've seen in the past). Hey, ISPs don't exist to secure the public good, they exist to make money! Last I checked, Microsoft was in it for the moeny as well, not for the altruistic reasons. Why should they have to support people who aren't willing to financially support Microsoft? The way I read most of Vic's posts, he was advocating Microsoft make its updates available to everyone regardless of their license status. Perhaps I'll revisit the posts to see if I over-looked something. AFAIK, anyone with a legitimate copy of MS Windows can call Microsoft to activate over the phone, at any time during their ownership of license. In fact, I've had to make that call on several occassions when I upgraded my PC's from one CPU/mobo to another. Go through the voice-prompts and either get an activation key or get an operator who figures out why the voice-recognition software fubared. Granted it's a PITA, but in my experience, there is NO reason a person should not be able to authenticate their MS Windows in order to receive the appropriate updates. Unless, of course, their CD-KEY is on one of the lists of known bogus codes.... It all comes back to this (for me anyway): legitimate Windows users have a fairly easy method of authenticating and activating their copy of Windows - and those who haven't paid for their COA from Microsoft are simply SOL.
	to forum · permalink · 2004-05-06 19:29:59 · (locked)
jvmorris I Am The Man Who Was Not There. Premium,MVM join:2001-04-03 Reston, VA	said by Brad Helm: said by jvmorris: Yep, it's called 'fireproofing'. As soon as the ISPs start comprehensively invoking that policy, their revenues are going to drop rather precipitously (unless forced to do so by some external entity, as we've seen in the past). Hey, ISPs don't exist to secure the public good, they exist to make money! Last I checked, Microsoft was in it for the moeny as well, not for the altruistic reasons. Why should they have to support people who aren't willing to financially support Microsoft? Oh, come on, Brad! Thirty days after someone installs the OS, Microsoft either has the money or it isn't going to see it (under the current paradigm). Indeed, Vic's approach makes it more likely that they will get some money. If you really believe that allowing users of illicit copies of Windows to be able to download critical updates (and only for that 30-day period) is even noticeable to Microsoft's bookkeepers, I think you're kidding yourself. Under the current Microsoft strategy, the bogus copies keep on working (and polluting the rest of us) just fine; under Vic's alternative, they don't. quote: The way I read most of Vic's posts, he was advocating Microsoft make its updates available to everyone regardless of their license status. Perhaps I'll revisit the posts to see if I over-looked something. The way I read my own interchange with Vic in this thread, you get 30 days to provide a legitimate key. If you don't, you're dead meat -- doesn't matter if you bought it legitimately, whether you're a knowing pirate, or some poor guy that got conned with an el cheapo deal. quote: AFAIK, anyone with a legitimate copy of MS Windows can call Microsoft to activate over the phone, at any time during their ownership of license. In fact, I've had to make that call on several occassions when I upgraded my PC's from one CPU/mobo to another. Go through the voice-prompts and either get an activation key or get an operator who figures out why the voice-recognition software fubared. Granted it's a PITA, but in my experience, there is NO reason a person should not be able to authenticate their MS Windows in order to receive the appropriate updates. Unless, of course, their CD-KEY is on one of the lists of known bogus codes.... Sure. I thought that was one of the options, but all my Windows boxes do have Internet access. At this point, I don't give a damn. You can have spent the $200 to license Windows XP Pro; you register it or you kiss your money goodbye -- after the 30 days, it's not just no updates, it's no OS! . . . . -- Regards, Joseph V. Morris
	to forum · permalink · 2004-05-06 19:55:26 · (locked)

Broadband Tech > Security > Security > People with fake keys can't protect from Sasser!

Re: People with fake keys can't protect from Sasse