dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
15
Expand your moderator at work
premio
join:2002-02-17
Sunnyvale, CA

premio

Member

Re: Consider something else

Bah, just download Microsoft's SUS Server :-/ run it on your computer, and it will download all the updates. Now tell your computer to get updates from itself via the SUS server. This bypasses the SP1 check with little hassle.

Microsoft should absolutely patch security holes but not neccesarily add features like Media updates. The havoc on the Internet bandwidth, routers, email servers does not justify letting people be at risk. In fact, I think microsoft should FORCE critical updates for any computer connected to the Internet. These virus's are getting out of hand, I'm willing to compromise control.

BIGMIKE
Q
Premium Member
join:2002-06-07
Gainesville, FL

2 recommendations

BIGMIKE to Anon

Premium Member

to Anon

Home | About | Services | Software | Contact | Search

By James Brents
Nistix Networks
07/18/2001 05:29:00 PM CST (Last updated: 02/12/2002)
Windows XP CD-Key Dangers
First off, let me explain how Windows Product Activation currently works. When installing Windows XP, you (like with older versions of windows) have to enter a product key when installing Windows. This key is a sticker on the back of the CD case. When you boot Windows XP, you must activate it. When you do this, it makes a hardware ID for your computers hardware configuration, and takes your CD key, and sends all this to Microsoft. If the key has never been used before, or it's been used on this same hardware, it becomes activated. (More information on this is from Microsoft)
Windows CD Keys have never been a big deal. Once you have one, you’re all set. This is no longer the case with Windows XP. Now, when you have a CD key, or in particular, a ‘virgin CD key’, you have the ability to activate windows. This will allow you to activate windows legally.

So never before has the desire to generate CD keys been a big deal. Key generators have been made for previous windows versions, and to think it can't be done with Windows XP is ludicrous (AND IT HAS HAPPENED!). A key generator is a program that produces a working CD key. If one of these programs is created for Windows XP, people may be able to obtain a virgin key. Generate a virgin key, activate windows, it’s yours. Congratulations.
But let’s now consider what happens after this.
Joe User buys Windows XP. His product key was generated by someone, and used. It’s no longer a virgin. His copy of XP is now unable to be activated. Congratulations Joe User, You’ve paid for nothing.
Cracking Windows XP may or may not be difficult. But a crack doesn't hurt anyone else. This isn't a crack; it's abusing the system that Microsoft intends to use. This hurts people. It is now not just stealing from Microsoft; it's stealing from the people who actually paid for it. Microsoft of course should protect its copyright. But this will not work.
What can be done? Remove product activation. This article I've written clearly shows how PAYING CUSTOMERS could be hurt by this. This could very well be considered a Denial-Of-Service attack. I however am calling it a 'Denial of Operating System' attack. One that takes away the users very right to use the operating system they have PAID for. If Microsoft's reading this, take note: This is dangerous. Back out now, while you still have a chance. Piracy will no longer be JUST about getting your copy of Windows working illegally; it now has the ability to take away that ability from others. So I'm sure if this does go through, we can expect to see lots of CD key generators. The quest is no longer over just a CD key that you can install Windows with; it’s now a quest for the virgin CD key; one that has never been used.
Some notes regarding the possibility for a CD key generator or brute force attack:
Don't get me wrong, It would not be easy to use brute force. There are a total possibility of 3.2e+34 CD keys. If the algorithm allows for say 10 million keys (the maximum Microsoft could ever dream of selling in retail) it would take a long time to find a valid key. UPDATE: To prove this point more, I recently wrote a brute force program to go through and check CD keys. The code's really un-optimized but it was working at a rate of about 10 keys a second on an Athlon 900MHz machine. But for the sake of argument, Say it went at 1000 keys a second. At that rate, a single computer would take 1015019617085452149504628 YEARS to exhaust the entire key space. Brute force is just not possible. (And don't email me asking for the brute force application, Just don't use Windows XP, or pay for it (and take the risks, of course)).
A Key generator however, is much more likely. No one has ever done this, probably because there has never been a need. Even if Microsoft hid the algorithm, this could still be discovered by a competent programmer. There's also the possibility the algorithm could be leaked. If either of these things happens, then consumers everywhere who purchase Windows XP are potentially doomed.
I honestly see no way how Microsoft could stop this from occurring. And now that Windows XP has been released, we will have to wait and see what happens. It should be noted that the people who steal software already have obtained a volume licensed version of Windows XP, which does not require activation. So because of this, there is likely less of a desire to activate windows the honest way. For the sake of consumers who purchase XP, we hope this is the case.
MAJOR UPDATE:
IT HAS HAPPENED! A CD Key generator for Windows XP (as well as office XP) has been created! This produces keys for the Home and Professional editions. Now everything in this article can happen! This key generator was sent to me by an anonymous reader of the article, and I have confirmed it to work! I will update this article further as details are learned on the effects this will have. Hopefully we will not see a large number of people unable to install Windows XP.
But Microsoft was warend; This article was written well before Windows XP was released. Maybe with the next version they will learn their lesson.
TJ_665
join:2001-07-04
Fairview, OR

TJ_665 to Anon

Member

to Anon
Yeah, people who use corp keys which don't require any activation can update using windows update and running SP1 on the machine.

ninersfan
join:2001-02-09
Hayward, CA

ninersfan to Anon

Member

to Anon
SP1, but when SP2 comes along it will disable all XP keys that don't generate a PID of 640.

Look in your control panel, system properties.
Then if your number is:
XXXXX-64X-XXXXXXX-XXXXX

with the 64X being anything but 640 your SOL, no more updates.

BIGMIKE
Q
Premium Member
join:2002-06-07
Gainesville, FL

BIGMIKE

Premium Member

the sp CD KEY FIX ON OFFICE xp and OFFICE 300O did not work I cant tell you how it dun.

tcp1
Premium Member
join:2000-04-17
Monument, CO

tcp1 to ninersfan

Premium Member

to ninersfan
You've got that backwards; or just plain wrong.

»www.updatexp.com/windows ··· ck1.html

"The changes are:

1) If a pirated installation of Windows XP is on the end users machine then it probably has one of the following product codes according to Microsoft.

xxxxx-640-0000356-23xxx

xxxxx-640-2001765-23xxx

If this is the case then the Windows XP service pack will NOT install. Instead it will give you an error message asking you to contact Microsoft's Anti Piracy unit!"

So; if the 640's were locked out with SP1, I highly doubt they'll be the only ones that work in SP2.. Unless you have a reference for this?? (I'd like to see out of curiosity.)

ninersfan
join:2001-02-09
Hayward, CA

ninersfan

Member

said by tcp1:
Unless you have a reference for this?? (I'd like to see out of curiosity.)

»www.neowin.net/comments. ··· num=28.5

Vvian Kalyss
join:2003-10-14
Stage 5.0

Vvian Kalyss to BIGMIKE

Member

to BIGMIKE
I was searching for that article, thanks! Thumbs.