Pirated Windows and Worms
Should Microsoft supply patches for bootleg copies?
An age old catch-22 illuminated once again by the recent Sasser outbreak among members of our Security forum
: a large number of PC's run pirated copies of Windows XP, which aren't able to apply security patches because of invalid CD keys. Should these infected PC's be allowed to grab timely critical updates, simply to help lessen the impact of worms web-wide? Many users say pirates who can't find workarounds should "reap what they sow", but their infected pirated Windows boxes impact non-pirates everywhere.
306 comments .. click to read
|reply to Jeremy341 |
Re: Consider something else
Jerw134, you're obviously one of those holy rollers who reduces this issue down to the "simple.. it's stealing" argument so I'm not going to go on with you on that one... However..
The simple fact is that software piracy always has existed, and always will. I will freely admit that I never paid for an OS until I graduated college... (As an aside; as I was growing up, I wouldn't have been able to afford or do much in computers if it wasn't for .. ahem.. piracy.. Now, I have a computer related job that pays well [thanks to all my experience over the past 20 years] and I pay for all my software. Interesting, hmm?)
Anyways.. It's abundantly clear that product activation has failed to stop piracy yet again. You will NOT stop it; it's completely futile.. SO.. Taking into consideration that infected machines DO hurt everyone, not just that user (ISP traffic, congestion, administrative nightmares) here's how your argument breaks down:
1) Deny an illegitimate user access to a patch simply out of spite or perhaps deserved 'punishment' for not purchasing a product, just to give them what-fer,
2) Allow access to that patch since the entire community benefits from patched machines.
I don't see where the argument really is in this issue, unless you're just one of those folks bent on making everything a moral lesson -- and I'll add that such simplistic moral lessons usually end up with the inverse being the higher moral ground.
Personally, I'd rather have everyone patched and these stupid kode kiddie creations rendered ineffective versus giving some 13 year old with a bootleg version of XP a just-to-show-'em "Ha, take that!"
And since I can't resist.. Take myself when I was a horrible "pirate" and move me into today..
That 13 year old kid without a dime but a intense interest in tech.. You say it's simply "theft"; I say that's oversimplistic.. but ponder this.. (and no need to start a subthread since it's OT..) There's no way, at 13, that I ever would have been able to purchase say.. WinXP pro myself.. So who lost a sale when I downloaded it? What was the net effect? Zero. Calling it theft is like saying walking around naked in your house with the curtains closed is indecent exposure. Sure, the act is there, but it just ain't the same thing in every circumstance, and it depends on the person doing it and where they're doing it. Does that mean I think nobody should pay for software? Hell no. Does it mean I think MS and folks like you should stop getting their Hanes in a bunch about the casual Sunday pirate? Absolutely. (Now, widespread piracy in corporations and bootlegs in Asia are a completely different story.. the average home user is NOT the thorn in the side that the BSA makes it out to be.)
However, what's the net effect when my machine gets infected due to a MS security issue, and I can't patch it, and it goes and infects others? Plenty.
I know what you're thinking -- but if you think using unpatchability (a word?), which hurts everyone, as a way to say "See, you shoulda bought the licensed version", these stupid worms will continue to thrive -- which I think is a bigger fish to fry than 13 year old kids with fake CD keys.
|reply to Anon |
Home | About | Services | Software | Contact | Search
By James Brents
07/18/2001 05:29:00 PM CST (Last updated: 02/12/2002)
Windows XP CD-Key Dangers
First off, let me explain how Windows Product Activation currently works. When installing Windows XP, you (like with older versions of windows) have to enter a product key when installing Windows. This key is a sticker on the back of the CD case. When you boot Windows XP, you must activate it. When you do this, it makes a hardware ID for your computers hardware configuration, and takes your CD key, and sends all this to Microsoft. If the key has never been used before, or it's been used on this same hardware, it becomes activated. (More information on this is from Microsoft)
Windows CD Keys have never been a big deal. Once you have one, youre all set. This is no longer the case with Windows XP. Now, when you have a CD key, or in particular, a virgin CD key, you have the ability to activate windows. This will allow you to activate windows legally.
So never before has the desire to generate CD keys been a big deal. Key generators have been made for previous windows versions, and to think it can't be done with Windows XP is ludicrous (AND IT HAS HAPPENED!). A key generator is a program that produces a working CD key. If one of these programs is created for Windows XP, people may be able to obtain a virgin key. Generate a virgin key, activate windows, its yours. Congratulations.
But lets now consider what happens after this.
Joe User buys Windows XP. His product key was generated by someone, and used. Its no longer a virgin. His copy of XP is now unable to be activated. Congratulations Joe User, Youve paid for nothing.
Cracking Windows XP may or may not be difficult. But a crack doesn't hurt anyone else. This isn't a crack; it's abusing the system that Microsoft intends to use. This hurts people. It is now not just stealing from Microsoft; it's stealing from the people who actually paid for it. Microsoft of course should protect its copyright. But this will not work.
What can be done? Remove product activation. This article I've written clearly shows how PAYING CUSTOMERS could be hurt by this. This could very well be considered a Denial-Of-Service attack. I however am calling it a 'Denial of Operating System' attack. One that takes away the users very right to use the operating system they have PAID for. If Microsoft's reading this, take note: This is dangerous. Back out now, while you still have a chance. Piracy will no longer be JUST about getting your copy of Windows working illegally; it now has the ability to take away that ability from others. So I'm sure if this does go through, we can expect to see lots of CD key generators. The quest is no longer over just a CD key that you can install Windows with; its now a quest for the virgin CD key; one that has never been used.
Some notes regarding the possibility for a CD key generator or brute force attack:
Don't get me wrong, It would not be easy to use brute force. There are a total possibility of 3.2e+34 CD keys. If the algorithm allows for say 10 million keys (the maximum Microsoft could ever dream of selling in retail) it would take a long time to find a valid key. UPDATE: To prove this point more, I recently wrote a brute force program to go through and check CD keys. The code's really un-optimized but it was working at a rate of about 10 keys a second on an Athlon 900MHz machine. But for the sake of argument, Say it went at 1000 keys a second. At that rate, a single computer would take 1015019617085452149504628 YEARS to exhaust the entire key space. Brute force is just not possible. (And don't email me asking for the brute force application, Just don't use Windows XP, or pay for it (and take the risks, of course)).
A Key generator however, is much more likely. No one has ever done this, probably because there has never been a need. Even if Microsoft hid the algorithm, this could still be discovered by a competent programmer. There's also the possibility the algorithm could be leaked. If either of these things happens, then consumers everywhere who purchase Windows XP are potentially doomed.
I honestly see no way how Microsoft could stop this from occurring. And now that Windows XP has been released, we will have to wait and see what happens. It should be noted that the people who steal software already have obtained a volume licensed version of Windows XP, which does not require activation. So because of this, there is likely less of a desire to activate windows the honest way. For the sake of consumers who purchase XP, we hope this is the case.
IT HAS HAPPENED! A CD Key generator for Windows XP (as well as office XP) has been created! This produces keys for the Home and Professional editions. Now everything in this article can happen! This key generator was sent to me by an anonymous reader of the article, and I have confirmed it to work! I will update this article further as details are learned on the effects this will have. Hopefully we will not see a large number of people unable to install Windows XP.
But Microsoft was warend; This article was written well before Windows XP was released. Maybe with the next version they will learn their lesson.
Perhaps if Microsoft lowered the price of their OS to something more reasonable, users would be less likely to seek illegal copies. I say lower the price by 50%, add basic copy protection to the CD to keep honest people honest. Then spend 50% less on trying to outsmart piraters and more on security and I bet things would work out just fine for Bill.
No Pirate Patches P-)
Don't help users of illegal software. Incent the ISPs to shut off the connections of infected systems. An unpopular approach, I know, but that's my opinion on how to go about it.
Just add more hardware.