MS To Limit Security Fixes to Legal Copies of Windows

rufey writes "An Associated Press artcile on MSNBC is reporting that Microsoft is going to start restricting access to security updates from pirated copies of its Windows operating systems. Starting in mid 2005, if you have a pirated copy of Windows, the only way to obtain security updates will be through the automatic updates mechanism. And even that method may be restricted at a future date. The article is light on details about what versions of Windows this will affect. Parts of the system to check for a valid copy of Windows is already used when downloading software (such as Media Player) from Microsoft - except that validation is currently optional." EnderWigginsXenocide points out Reuters' version of the story.

For those who have RTFA issues...

[Deekin_Scalesinger (755062)]

The main gist is that people who have their Windows Update set to automatically download the latest critical patches (through the Windows Security Center - insert oxymoron comment here) will not be affected at this time. If you manually go to Windows Update you will need to provide some sort of credentials (allow software to snoop on yer box or provide your key) to access content. I myself bought a copy of XP recently from Newegg for this exact purpose. I like Linux a lot and if I didn't game, I'd use it exclusively. Since I do game, Windows is a necessity, and I don't want to have a haxxored box because MS tightened down on allowing pirates (which I freely admit I was one) to patch their systems. Newegg has copies of XP pro for about $150.00 with the purchase of any hardware, which is a far cry from their $300.00 MSRP.

Re:For those who have RTFA issues...

[parkrrrr (30782)]

As long as "work" won't mind losing one of their five activations. Unlike previous versions of Windows, the MSDN copies of XP are only valid for a limited number of installs, and you have to use your MSDN account ID to get the serial numbers from MS.

And hey, as long as you're using stuff from work, why not just take your printer home, too? They'll never miss it.

Re:For those who have RTFA issues...

[delus10n0 (524126)]

Why don't you backup/restore Windows XP's activation keys [windowsnetworking.com]?

Re:For those who have RTFA issues...

[digitalchinky (650880)]

I often wonder if this is an accurate comment - surely they have a big database full of keys they 'know' they've printed little green or blue stickers for right?

I know xpkey comes included on a lot of pirated XP cd's here in the Philippines, or if not, the guy or girl selling the CD advises you to download it.

Original
XP Professional costs roughly 8000 peso (US $160) XP Home about 5000 (US $100)

Pirated
XP Pro 100 peso.
XP Home 100 peso.

Re:For those who have RTFA issues...

[shird (566377)]

that MSFT can not detect because they do not have a master database of printed keys. that would be a farking nightmare

How so? The number has to be generated and printed right? Why not just record the number at that point of generation. Considering the amount of money involved if they could stamp out piracy, theyd invest the few minutes in adding a database to the computer printing the numbers. I dont think the problem is they dont have this database. I wouldnt be surprised if in the future you do have to have a legit key. Even if its a corp key, it would have to have been issued and not randomly generated. They could then check ip ranges if they really wanted to for that key, but i doubt they would. They could quite readily fine the company that distributed that key however.

Re:For those who have RTFA issues...

[shawn(at)fsu (447153)]

Was there something special about win2k that prevented you from writing down your product key on a piece of paper and storing it with other pieces of important papers?

I could see using a friends disk if you lost yours but you should have been able to use your own key. There are something things that you should know are important. You save tax information, you save receipts in case something you bought is defective, you save warranty papers, why not save your product keys?

If you can't afford it don't use it. No body is forcing anyone under threats of violence to use Windows. For a while I couldn't afford Windows so I used Linux. I didn't want to do something that could leave me open to fines or arrest and mainly I wanted to do what was 'right' as defined by law. Now that I can afford it I will buy a legit copy with a legit key (that I will write down and store) and I will be okay. There will always be Have's and Have Not's in this world. Just because your a Have Not doesn't automatically make it okay for you to use a pirated copy of software.

This wont be MS fault if your using something you shouldn't be using and can't get your updates. Those still using 98 legitimately is a different topic.

Re:For those who have RTFA issues...

[GTRacer (234395)]

Difference is in tangible v. intangible property.

If the bank falls for your sob story and coughs up another twenty, they're out twenty bucks. If MS hands over your key, they aren't out anything except maybe some support time, and they've earned customer goodwill besides!

GTRacer
- DRM still sucks...

Several HUGE differences

[PenguiN42 (86863)]

That does not make sense to me. If I buy a mobile phone, and somehow lose it, I cannot go to the reseller and claim a new phone simply because I "already own it". If I lose it, then it's lost and I will have to buy a new one.

Similarly, if I've lost my software key, then I've lost my proof of ownership, and I'm just as much a pirate as anybody else if I use a friend's key when installing.

No one can expect Microsoft to cover for one's own sloppiness - if you lose your key then you'll have to buy a new one. There's no "I already own this" argument to be made when you've lost it yourself.

First, as the other poster mentioned, a mobile phone is a physical entity that costs something to manufacture, and therefore costs a lot to replace. Therefore, reasonably, the manufacturer shouldn't have to pay for your sloppiness. However, a logical entity such as a software key costs NOTHING to replace, and software costs VIRTUALLY NOTHING to copy.

Second, you own that cell phone that you purchased. It's yours. But you DO NOT OWN SOFTWARE. You own a license to use that softare. And the key is not that license! The key is simply proof of the license, and losing the key does not equal losing the license that you own.

Basically, whether you have the right to use software when you've lost the piece of paper that says "you have a right to use this software" has *nothing* to do with whether you have the right to a new free phone if you lose your old one. The analogy is horribly flawed.

Re:For those who have RTFA issues...

[Deekin_Scalesinger (755062)]

Indeed, unfortunately - practically all of my gaming is done online. NWN, BF42/DC/BF1918, WoW...true a properly firewalled network should not be vulnerable, and I do have a stand alone 'nix firewall box running interference to my network, but I recently built a new gaming box. When the time came for the OS, whether to purchase or pirate, I figured this time, why not spend the dough and do it properly, and not roll the dice on the OS when I had taken the time to do everything else right on the new system.

The other reason? Meebe I'm just getting older, but I figured that MS did provide me with the OS so I can play my favorite games and relax when I get home. I use OO, even on Windows, so an office suite is taken care of. I donate money to open source projects that I use, why not to the vendor of my OS? (let the flames on that last comment begin wheee!)

Will be easy circumvented...

[hlygrail (700685)]

Folks will just start distributing these patches through other arenas (torrent, newsgroups, web sites, etc.), or will develop methods (as they always have) to work around the system checks.

This is just a ruse to get folks to pay less attention to the fact that the MS OS is generally less secure for most people than it should be...

This could be the big push from Win to Linux

[networkz (27842)]

Many people pirate Windows, for many reasons. Cost, availability, etc.

But imagine now if it's becomes a nuisance to crack everypart of the OS which phones home. People will go elsewhere... legal perhaps.... but what about the people who wont pay.

With Linux now coming of age, it seems about right that a significant market share would now drift in the direction of OpenSource operating systems.

Microsoft's Prerogative, IMHO

[goldspider (445116)]

Why should they be expected to support copies of Windows that people didn't pay for? Sure, this is an issue of customer support. But then, the people with 'pirated' copies of Windows aren't Microsoft's customers.

Not good

[TheRealFixer (552803)]

And what happens if the machine you're legitimately trying to update can't be put on the internet? I remember during the blaster virus, some of our laptops were getting infected so fast, we had to make sure the remote users did NOT get online, and we had to send them the security update and blaster cleaner on disk.

So, under Microsoft's new model, we wouldn't have been able to fix those machines, because as soon as we let them on the internet to "validate" their copy of Windows and download the patch, they would have been reinfected and rebooted. Lame.

Linux Uptake

[codepunk (167897)]

Awsome simply awsome the tighter they make their licensing the quicker the uptake for Linux. Hell I don't really know anyone other than some companies that buy legitimate copies of windows. Hopefully they will put a check in Office that will not let you run on a pirated system as well.

Short term revenue gain, long term loss.

They've been doing this since 2002 in a way

[CdBee (742846)]

If you install WinXP Volume licenced edition with the famous FCKGW RHQQ2 (Genius!) serial number then install IE critical updates from Windowsupdate, the computer will start crashing on an occasional basis... its been widely rumoured that early on in the XP lifecycle Microsoft issued a patch which has an additional function of degrading the reliability of pirated copies.

This is reproducible with any XP volume licenced CD using that serial so bad media can be ruled out

This won't push people to Linux

[goldspider (445116)]

If anything, it might nudge some people to a Mac. Apple has the brand recognition, and you can buy "For Macintosh OS X" software in stores. In other words, they know what they're getting with a Mac.

With Linux, on the other hand, most people wouldn't have any idea whether or not they would be able to use the software they want, let alone how to get it even if it did exist for Linux.

Sinister Hacker

[codepunk (167897)]

Ok say some sinister hacker knowing that cd keys are
stored in the registry builds a little one liner that inserts a known comprimised key. You know ms is gonna check for this.

The result is a ton of instantly owned machines since they are unable to install security updates.......brilliant plan

That being said I hope they enforce their licensing pirates are slowing the uptake of Linux, it hurts everyone.

Bad For Security

[iammrjvo (597745)]

I remember reading a Crypto-Gram article on this a while back. Here's some great, relevant commentary from Schneier. The original link is http://www.schneier.com/crypto-gram-0406.html#4 [schneier.com].

The security of your computer and your network depends on two things: what you do to secure your computer and network, and what everyone else does to secure their computers and networks. It's not enough for you to maintain a secure network. If everybody else doesn't maintain their security, we're all more vulnerable to attack. When there are lots of insecure computers connected to the Internet, worms spread faster and more extensively, distributed denial-of-service attacks are easier to launch, and spammers have more platforms from which to send e-mail. The more insecure the average computer on the Internet is, the more insecure your computer is.

It's like malaria: everyone is safer when we all work together to drain the swamps and increase the level of hygiene in our community.

This is the backdrop from which to understand Microsoft's Windows XP security upgrade: Service Pack 2. SP2 is a major security upgrade. It includes features like Windows Firewall, an enhanced personal firewall that is turned on by default, and a better automatic patching feature. It includes a bunch of small security improvements. It makes Windows XP more secure.

In early May, stories were written saying that Microsoft would make this upgrade available to all XP users, both licensed and unlicensed. To me, this was a very smart move on Microsoft's part. Think about all the ways it benefits Microsoft. One, its licensed users are more secure. Two, its licensed users are happier. Three, worms that attack Microsoft products are less virulent, which means Microsoft doesn't look as bad in the press. Microsoft wins, Microsoft's customers win, the Internet wins. It's the kind of marketing move that businessmen write best-selling books about.

Sadly, the press was wrong. Soon after, Microsoft said the initial comments were wrong, and that SP2 would not run on pirated copies of XP. Those copies would not be upgradeable, and would remain insecure. Only legal copies of the software could be secured.

This is the wrong decision, for all the same reasons that the opposite decision was the correct one.

Of course, Microsoft is within its rights to deny service to those who have pirated its products. It makes sense for them to make sure performance or feature upgrades do not run on pirated software. They want to deny people who haven't paid for Microsoft products the benefit of them, and entice them to become licensed users. But security upgrades are different. Microsoft is harming its licensed users by denying security to its unlicensed users.

This decision, more than anything else Microsoft has said or done in the last few years, proves to me that security is not the first priority of the company. Here was a chance to do the right thing: to put security ahead of profits. Here was a chance to look good in the press, and improve security for all their users worldwide. Microsoft claims that improving security is the most important thing, but their actions prove otherwise.

SP2 is an important security upgrade to Windows XP, and I hope it is widely installed among licensed XP users. I also hope it is quickly pirated, so unlicensed XP users can also install it. In order for me to remain secure on the Internet, I need everyone to become more secure. And the more people who install SP2, the more we all benefit.

Activate Windows XP

[topham (32406)]

So last night I was playing Wow for a while and the performance in Orgrimmar was pretty bad. I figured I'd up the ram in my main maachine to fix the problem.

Pulled the ram from another machine, dropped it in and rebooted windows. Windows XP then informed me I had made substantial changes to the machine since I installed XP Pro on it and told me I had to re-activate it.

If this causes me, at a future date, to have issues because another minor change triggers the Activate windows, and it fails for some reason and I can't get security updates I am going to sue their ass.

Thankfully I have a Mac.
(If I had Priated XP I wouldn't even have this concern. I'm sick of being treated like shit after spending a few hundred on stuff.)

Re:What counts as "pirated"?

[halivar (535827)]

Like, if my HPiece-of-shit laptop dies and I "transfer" my XP license to a Dell, does that count as piracy?

Yes, because now you don't buy software. You lease it. >:(

Re:What counts as "pirated"?

[Twanfox (185252)]

It's funny how Microsoft seems to want people to take them seriously when they talk about pirating their stuff, yet pretty much rip off their customers any time they can. System dies and you want to transfer the license? Sorry! You have to buy it again! Why? You paid for it once, now on a system that will no longer function. Provided that you don't repair the old system and bring it online, what valid reason other than "we want more of your money" do they have for such restrictions? What makes them believe they have the authority to make such restrictions in the first place?

Re:Awesome

[garcia (6573)]

How many more people would start taking a hard look at FOSS if they couldn't get their 'free' MS products?

They can still get their "free" MS products. They will continue to get their "free" MS products. Those people will just not update their systems through Windows Update. I imagine that plenty of people that paid for Windows in some form or another still don't bother to update their systems because they don't know or don't care to know.

All this is going to do is create an even more dangerous computing environment on the Internet and give more and more backing to "trusted computing".

Oh look, see, everyone pirates and the pirates are causing all the worms to propagate! Look! DRM will stop that!

Re:Pirated means....

[thegoogler (792786)]

No, for corporate edition your not supposed to use winupdate, your supposed to "streamline" the patches into the installer, and install an already service packed and patched system(or reinstall) on all your workstations, which may even be faster then trying to install a patch on a system with weird settings/corrupted files/messed up registry's.

Re:What happens...

[NoMercy (105420)]

Well it means that a large chunk of machiens will remain open to those who wish to install bot-nets on them and DDoS whoever annoys them on IRC.

I think they'd probably have done a lot better if the next version of DirectX can't install on a illegal version of windows, people generally don't give much of a damn if they can't get security patches, if they can't get the latest game to work however the'll be pissed.

Re:As a legal owner of a copy of WinXP

[fuzzybunny (112938)]

Hi,

It's not a question of whether it's "right" or not. Fact is that there is a tremendous number of pirated Windows copies out there. These will be far more vulnerable than they are now; the result of this will initially be to hurt their owners, but in the end, everyone suffers due to an explosion of botnets/DDoS/spam gateways, etc. etc. etc.

I am even inclined to believe that even semi-clued kiddies will not be unduly affected by this because, as another poster pointed out, obtaining an illicit collection of updates probably won't be tremendously difficult.