premio join:2002-02-17 Sunnyvale, CA |
premio
Member
2004-May-6 7:07 pm
Re: Consider something elseBah, just download Microsoft's SUS Server :-/ run it on your computer, and it will download all the updates. Now tell your computer to get updates from itself via the SUS server. This bypasses the SP1 check with little hassle.
Microsoft should absolutely patch security holes but not neccesarily add features like Media updates. The havoc on the Internet bandwidth, routers, email servers does not justify letting people be at risk. In fact, I think microsoft should FORCE critical updates for any computer connected to the Internet. These virus's are getting out of hand, I'm willing to compromise control. |
BIGMIKEQ Premium Member join:2002-06-07 Gainesville, FL
2 recommendations |
to Anon
Home | About | Services | Software | Contact | Search
By James Brents Nistix Networks 07/18/2001 05:29:00 PM CST (Last updated: 02/12/2002) Windows XP CD-Key Dangers First off, let me explain how Windows Product Activation currently works. When installing Windows XP, you (like with older versions of windows) have to enter a product key when installing Windows. This key is a sticker on the back of the CD case. When you boot Windows XP, you must activate it. When you do this, it makes a hardware ID for your computers hardware configuration, and takes your CD key, and sends all this to Microsoft. If the key has never been used before, or it's been used on this same hardware, it becomes activated. (More information on this is from Microsoft) Windows CD Keys have never been a big deal. Once you have one, youre all set. This is no longer the case with Windows XP. Now, when you have a CD key, or in particular, a virgin CD key, you have the ability to activate windows. This will allow you to activate windows legally.
So never before has the desire to generate CD keys been a big deal. Key generators have been made for previous windows versions, and to think it can't be done with Windows XP is ludicrous (AND IT HAS HAPPENED!). A key generator is a program that produces a working CD key. If one of these programs is created for Windows XP, people may be able to obtain a virgin key. Generate a virgin key, activate windows, its yours. Congratulations. But lets now consider what happens after this. Joe User buys Windows XP. His product key was generated by someone, and used. Its no longer a virgin. His copy of XP is now unable to be activated. Congratulations Joe User, Youve paid for nothing. Cracking Windows XP may or may not be difficult. But a crack doesn't hurt anyone else. This isn't a crack; it's abusing the system that Microsoft intends to use. This hurts people. It is now not just stealing from Microsoft; it's stealing from the people who actually paid for it. Microsoft of course should protect its copyright. But this will not work. What can be done? Remove product activation. This article I've written clearly shows how PAYING CUSTOMERS could be hurt by this. This could very well be considered a Denial-Of-Service attack. I however am calling it a 'Denial of Operating System' attack. One that takes away the users very right to use the operating system they have PAID for. If Microsoft's reading this, take note: This is dangerous. Back out now, while you still have a chance. Piracy will no longer be JUST about getting your copy of Windows working illegally; it now has the ability to take away that ability from others. So I'm sure if this does go through, we can expect to see lots of CD key generators. The quest is no longer over just a CD key that you can install Windows with; its now a quest for the virgin CD key; one that has never been used. Some notes regarding the possibility for a CD key generator or brute force attack: Don't get me wrong, It would not be easy to use brute force. There are a total possibility of 3.2e+34 CD keys. If the algorithm allows for say 10 million keys (the maximum Microsoft could ever dream of selling in retail) it would take a long time to find a valid key. UPDATE: To prove this point more, I recently wrote a brute force program to go through and check CD keys. The code's really un-optimized but it was working at a rate of about 10 keys a second on an Athlon 900MHz machine. But for the sake of argument, Say it went at 1000 keys a second. At that rate, a single computer would take 1015019617085452149504628 YEARS to exhaust the entire key space. Brute force is just not possible. (And don't email me asking for the brute force application, Just don't use Windows XP, or pay for it (and take the risks, of course)). A Key generator however, is much more likely. No one has ever done this, probably because there has never been a need. Even if Microsoft hid the algorithm, this could still be discovered by a competent programmer. There's also the possibility the algorithm could be leaked. If either of these things happens, then consumers everywhere who purchase Windows XP are potentially doomed. I honestly see no way how Microsoft could stop this from occurring. And now that Windows XP has been released, we will have to wait and see what happens. It should be noted that the people who steal software already have obtained a volume licensed version of Windows XP, which does not require activation. So because of this, there is likely less of a desire to activate windows the honest way. For the sake of consumers who purchase XP, we hope this is the case. MAJOR UPDATE: IT HAS HAPPENED! A CD Key generator for Windows XP (as well as office XP) has been created! This produces keys for the Home and Professional editions. Now everything in this article can happen! This key generator was sent to me by an anonymous reader of the article, and I have confirmed it to work! I will update this article further as details are learned on the effects this will have. Hopefully we will not see a large number of people unable to install Windows XP. But Microsoft was warend; This article was written well before Windows XP was released. Maybe with the next version they will learn their lesson. |
|
to Anon
SP1, but when SP2 comes along it will disable all XP keys that don't generate a PID of 640.
Look in your control panel, system properties. Then if your number is: XXXXX-64X-XXXXXXX-XXXXX
with the 64X being anything but 640 your SOL, no more updates. |