Dvorak on Windows Genuine Advantage

PadRacerExtreme writes "Vista includes the much maligned 'Genuine Advantage' layer inside, which ensures that your copy of the OS is legit. If you're running a non-validated copy you get no upgrades, no security protection, nothing. That's all well and good, but what happens if a cracker tweaks that Genuine Advantage layer for its own good? Dvorak sees a huge problem, just waiting to happen. What's the vulnerability?" From the article: "I suspect the policeman [WGA] will actually be hacked before the OS. It might actually be easier for the pirates to create a fake cop that constantly authenticates fake versions of Vista than it will be to create a Vista imitation that can pretend to be a legitimate version. There is some irony to that idea. But that's none of my concern. I'm more worried about some joker creating a virus or exploit that turns the good cop into a bad cop, and I can only imagine the destruction and hassle that will ensue."

sweet

i cant wait to apply this to my hax0red copy of vista!

Sadly

Dvorak's forecast of the future is often wrong.

Re:Sadly

For once, John has gotten it right, even making a more detailed prediction than just "it'll probably be hacked". There are two good reasons (from a black hat perspective) to crack WGA:

1. Make a bootleg copy look authentic.
2. Make an authentic copy look bootleg.

Figureing out how to do one means you have done at least 80-90% of the work to figure out the other. That's essentially twice the normal incentive to crack a Microsoft product. #1 has an obvious financial incentive, but #2 may have one too, if the cracker is willing to consider extortion or similar modes of funding. If the cracker is doing it just to spite MS and/or MS users, the same double whammy applies.

Re:Sadly

#2 has good potential for the cracker as well... if he can make a legit version look like a bootleg copy, then the person will not be able to get upgrades and will be vulnerable to certain attacks on security that may have otherwise been fixed.

Re:Sadly

Current XP WGA still allows you to get critical updates with a failed authentication. Have we heard anything to indicate that you won't at least get critical security patches in Vista without something shown as valid? I'd think they would still allow critical security updates with a "disadvantage", specifically for that reason. MS is taking enough flak from the public over WGA as it is; as long as there's even one false positive, they probably won't be allowed to not give out the critical stuff when they've just released a mammoth OS update, after charging out the wazoo for it, that doesn't yet have anything near a proven security layer.

That said, they're probably foolish enough to try, and the blackhats will rejoice.

Re:Sadly

#1 has an obvious financial incentive, but #2 may have one too, if the cracker is willing to consider extortion or similar modes of funding. If the cracker is doing it just to spite MS and/or MS users, the same double whammy applies.

Personally I think we should write a thank-you note to Gates and Balmer on this one. Think about it -- for years people have warned about issues ranging from monopoly abuse to the dangers of a "software monoculture", yet nothing really has changed (even after the DOJ antitrust "win"). Now we have the prospect of MS figurativly slitting its own throat with this foolishness. If Dvorak's fears are realized, this could be just the thing to push the public at large over the edge in terms of consciousness-raising.

Re:Sadly

Anti-piracy measures only annoy legitimate customers and thwart 14 year old morons

• DRM measures only annoy legitimate customers and confuse the masses
• REAL ID measures only annoy law-abiding citizens and do nothing to stop terrorists
• New passport requirements only put law-abiding citizens at risk and do nothing to stop terrorists
• Anti-gun laws only annoy legitimate customers and don't stop criminals and murderers

I could list about 20 more, but I'm tired of this. Almost any measure or law that reduces the rights/privacy of normal citizens do nothing to thwart (for more than a day or two) those who would pirate, steal, kill, etc. Yet we march on to the same tune, never ever learning from the lessons of the past.

So who's really surprised by WGA? Guess I'll have to head on over to astalavista.box.sk to download a copy of the WGA crack, just in case MS one day decides my copy of Vista is no longer legitimate.

Re:Sadly

every so often he gets something right. if you spray enough bullets on a target, you'll hit it sooner or later. He basically does the same thing, shooting in the dark and hoping to hit the target.

Re:Sadly

Don't say that too loudly, as that comment fits the Slashdot community all too well. People who live in glass houses....

A lot of people have WGA wrong, and are commenting based on old info. At first, WGA did indeed prevent people from downloading security updates. That is no longer true as of sometime around March this year. MS came to their senses on that one, and now the validation is only needed to get fixes that are not security related. Not allowing security updates until validation made worse the chicken and egg problem in which a system could not download patches over the Internet until it'd been patched to prevent it from being pwned the instant it was hooked up to the Internet. Before WGA spoiled things, I worked around that problem by downloading the patches under Knoppix, or by having a CD full of patches that I'd downloaded and burned in Linux. Now that MS has relented, I can once again use Linux to help support Windows.

I hope Vista serves to further highlight fundamental problems with security. Ever since 9/11, there's been even more push for more security, a lot of people talking as if security was pure unadulterated goodness and as if there's no such thing as too much security, and a lot of bad security and abuse of security. Witness such things as confiscation of nail clippers and bottles of shampoo by airport security. When security becomes security for MS or the entertainment industry against evil pirates, that's not security for our benefit anymore however much MS tries to spin it so with such things as the "Advantage" part of the WGA name. Where's a Genuine Advantage program for software we write? When security gets perverted to mean "security for MS profits" and most definitely not "security for users against losing what they've paid for", people notice. When file format lock in gets justified with security, as in "preventing unauthorized programs from accessing and corrupting your valuable data" as if OpenOffice was written by a bunch of irresponsible hackers, that can give security a bad name. When "I can't tell you that for security reasons" is used as a cover for "I don't want to bother finding an answer", security is looking bad. A lot of Windows users have already tentatively decided they're going to stick with XP, because, ironically, they don't trust MS's intentions. So much for security increasing trust.

I particularly like this bit:

"I do not even want to think of the consequences of Vista turning itself off in enterprise situations such as airline reservations or a hospital full of patients on life support. A serious collapse of the authentication network that could not be fixed without sending out discs or one-by-one-downloads will end up in the courts, and you can be certain that the shrink-wrap license agreement that holds Microsoft blameless will be tossed out as bogus."

1. Patients on life support? Is this the new "it's for the chilllldren!" in the software industry? Hospitals and life-support systems seem to come up really often when validation scenarios like this are discussed, yet, I have never, EVER heard of a patient dying because Windows crashed. I suspect this might be due to medical equipment manufacturers not quite being dumber than a bag of hammers and therefore not using Windows in life-critical situations.
   
2. I bet you anything there is a clause in the EULA that says something like "this software is not to be used in life support equipment, nuclear power plants, or other life-critical systems."
   
3. I further bet you that in the unlikely event some cosmically stupid company actually built life-critical systems around Windows Vista and it caused loss of life, that company, not Microsoft, would be held 100% liable for a) not doing due diligence on whether or not their off-the-shelf components were suitable for the intended purpose and b) being dumber than the aforementioned bag of hammers. The EULA wouldn't need to be held enforceable per se, the court would merely need to find that they ought to have read the EULA and from it derived knowledge that Vista should not be used for certain purposes.

Re:I particularly like this bit:

I bet you anything there is a clause in the EULA that says something like "this software is not to be used in life support equipment, nuclear power plants, or other life-critical systems."

That, and the fact that most of our nuclear power facilities are still running on Win2K. I'm not kidding. I work for a company that makes software for nuclear power facilities (and other places) and most of our customers just transitioned from NT4 within the last 2 years. By the time they start using Vista, Microsoft Windows X should be out.

Oh, and yes, I was as surprised as anybody that these places aren't running UNIX.

Re:I particularly like this bit:

No, he's right. Essential control infrastructure (SCADA) in nuclear plants and other industrial facilities runs on Windows, Linux, etc., often unpatched, and often with ineffective firewalling or access controls. The industry is trying to work itself up to do something about the security implications, but seems to have little interest in non-"hacker"-related stability and reliability problems (because they are not exciting enough to convene a Congressional panel over).

-Graham

Re:I particularly like this bit:

Happens all the time. Actually, the worst part is not that worms can hit hospitals, but that most operating systems are very, very poor at handling hardware failures. Most of the 2k/XP BSODs that I've seen resulted from issues with hardware or hardware drivers, and in some cases these are just typical failures -- like the time that XP started randomly hanging because a hard drive motor burned out. Linux only does SLIGHTLY better out of the box, same with BSD. Life-support equipment should NEVER use an operating system like Windows or Linux -- they should be using a realtime operating system designed to handle equipment failures without freezing. This is not a question of cost, this is a question of life.

Re:I particularly like this bit:

Patients on life support? Is this the new "it's for the chilllldren!" in the software industry? Hospitals and life-support systems seem to come up really often when validation scenarios like this are discussed, yet, I have never, EVER heard of a patient dying because Windows crashed. I suspect this might be due to medical equipment manufacturers not quite being dumber than a bag of hammers and therefore not using Windows in life-critical situations.

Perhaps not life support, but I was interested in getting LASIK surgery at one time. I went to a presentation given by a doctor that came highly recommended from some of the locals. When they were showing off the actual laser equipment that performed the surgery, it turned out the machine was controlled entirely from a PC workstation running Windows NT. I asked one of the doctors what would happen if the controller "blue-screened" during the procedure and was told they would have to contact the developers and research that and get back to me. I never received a reply, and they never received my business! I'm not taking any chances with my eyes, I'll stick with glasses.

Re:I particularly like this bit:

I never received a reply, and they never received my business! I'm not taking any chances with my eyes, I'll stick with glasses.

glasses are nothing more than tiny little windows.

Low-hanging fruits

It's always easier to make something do what it's supposed to do (even when it shouldn't) than it is to make it do something it's not designed for.

For instance, chainsaws are designed to cut off limbs. Tree, human, what's the difference?

WGA and successors are designed to disable Microsoft systems. OK, I'm sure that there are those who appreciate the help.

Re:Low-hanging fruits

That's not the point. The point is that Microsoft has designed their OS with a single point of failure, and to top it all off, if anyone were to exploit that point of failure, the deafening ring of poetic justice would be heard the world over.

WGA is a key to every Windows box on the planet and a giant club with which to beat Microsoft over the head if it's every hacked, and you can bet that's not going to go unnoticed by those with the capability to pull this off. It would be the hack of the freaking century.

Re:The day the spam stopped

Whihc brings me to another question. What happens when the WGA cop is triggered. Your machine still functions right? you just can't get updates or fixes for vulnerabilities....

If I recall correctely, you have 30 days to authenticate or the WGA cop disables everything except IE. "Everything" probably includes the ability to be a spam-bot, but I'm still not sure.

Dvorak? What does he know about computers?

The guy writes some symphonies back in the late 1800s, then in the early 1900s designs a keyboard that nobody except a few nerds can type on, and NOW he's criticizing Windows?!?!
Not only is this guy old, he should be commenting on things like piano typewriters or something like that...

TDz.

Re:Dvorak? What does he know about computers?

he should be commenting on things like piano typewriters

It looks like you're composing a letter in the key of G, would you like some help?

Complicated = Buggy

More complicated security simply means more circumstances for the code to be vulnerable. Windows continues to bloat in every direction and as a result, it continues to be an easy target. Now that so many systems areon the web, one wonders if there will ever be an exploit so complicated and devisive that it will shut down a significant portion of the windows user base. If this Security Cop layer of Vista gets hacked, a huge DOS will be easier than ever.

I'm going to start working...

... on a virus right now that effectively shuts down any Vista computer by causing WGA to always detect the OS as a pirated copy.

Actually, for some reason, I had never thought of this before. You probably wouldn't really even have to mess with WGA all that much, just change whatever it's checking to see if the OS is valid. Not sure how easy that would be, but considering the number of false positives that are cropping up on XP, it should be quite doable.

Just change the cd key?

Couldn't a virus just change the local cd key, as documented by MS, to a pirated one? Then effectively they have a machine that can't be updated.

Multiple infections...

Better yet, what happens if the virus repeatedly switches the product key? MS would likely give instructions to victims on how to switch the product key back to the one glued onto the machine's case, but each time you switch it back to a legitimate key, it'd have to reactivate. Eventually, the key will refuse to be activated on suspicion on key sharing.

If MS takes steps to ensure that valid product keys can always be activated, then they'd introduce a new way of pirating keys.

Validating

Not that it is impossible or even unlikely but I am curious how it will get around having to contact microsoft to validate the windows version.

Re:Validating

Microsoft ignores a redirect for microsoft.com in the host file. Try setting it to localhost on a XP machine and see what happens.

Who Polices the Policeman?

It happened in a committee inside Microsoft when someone came up with the brilliant idea of essentially creating a virtual policeman to watch over the operating system to make sure it has the right "papers." This is an interesting idea, but who watches and authenticates the policeman?

I got it! "Windows Genuine Advantage Genuine Advantage."

Re:Who Polices the Policeman?

WGA = WGA's Genuine Advantage... ...some GNU freaks are gonna dock me for that one, but it's SO worth it.

Hold on just a second there chief.

Whether or not you pass WGA, you still get critical security updates. It's not in Microsoft's best interest to have a few million illegal Windows installs out there being compromised because it harms the user base as a whole.

The real problem here is that Dvorak might die old, alone, and invalid. He must come up with this crap to feel like he's important. What if a hacker did this or that? I don't really care unless a hacker actually does it. People have been talking about someone pointing auto-updates to a 3rd party that would be able to install anything, but I've yet to see any widespread auto-update hack.

WGA is the system blackbox ..

Why don't they make Vista out of the same stuff that WGA is made of, that way you wouldn't have any security issues.

Devilsown will make a client-side server

"It might actually be easier for the pirates to create a fake cop that constantly authenticates fake versions of Vista than it will be to create a Vista imitation that can pretend to be a legitimate version."

This is exactly what I was thinking when I heard that volume licensed versions of Vista would no longer take the product key's word for it (bye bye FCKGW), but authenticate and activate with a local server. I bet the first pirated versions of "Vista Pro Corp" will include a proxy patch or HOSTS entry that will point the OS to a server run by a warez release group, or maybe 127.0.0.1 with a host-side server.

Either way, it's going to really suck when people need to run a one or more instances of Vista Ultimate in a VM (yes, Ultimate can run in a VM) for testing and staging but quickly run out of licenses on the local activation server.

Doubt this is possible

Server certificates are the basis for SSL, SSH, HTTPS, etc. AFAIK, nobody can make a fake policeman without faking Microsoft's certificate. I don't think Dvorak's scenario is reasonable.

Windows a time-bomb

"I do not even want to think of the consequences of Vista turning itself off in enterprise situations such as airline reservations or a hospital full of patients on life support."

The Vista cop will likely cache authentication like so many other things. And, airlines, hospitals, and other large organizations won't be moving to vista with any gusto anyway.

Still, the mere idea of a self-disabling software product make me want to use something else even more than a product that breaks down just because its poorly [designed | built].

News Alert

Viruses can cause windows based computers to be unable to function properly, access windows update, or lock out the user.
More news at 11.

Reducing Illegal Copies?

MS gets beat up all the time here on /. - but what if they're right? I mean, what if suddenly all those people that run illegal installations of XP suddenly have to pay up for Vista (even though most people are hesitant to upgrade anyway) because they can't effectively get around the WGA controls. Say, by 2008, there are twice as many Vista installs (according to MS) than XP installs as of today. Wouldn't that prove that MS was correct in forcing this level of validation upon us? Given today's saturated market, the only conclusion would be that illelgal XP installs were replaced with purchased versions of Vista. Just one possible outcome.

Forbidding Vistas: Windows licensing disserves the

Beware. Vista is an OS like no other. I'm for one am not going to upgrade after reading part of the EULA. 4. Problem-solving prohibited. "You may not work around any technical limitations in the software." http://wendy.seltzer.org/blog/archives/2006/10/19/ forbidding_vistas_windows_licensing_disserves_the_ user.html/ [seltzer.org]

So this is a client-side DOS attack?

What I think that he is stating is that one could easily cause denial-of-service on the clients of Windows Update. If you can make the system look tampered with or pirated, that host won't be able to get updates automatically without intervention by the user.

The user will know that their copy is suspected of being pirated, but may not know how to fix it. This could potentially ensure that a large amount of devices that were compromised stay compromised and unpatched for a period of time.

Stop submitting this dolt

He's an idiot. Stop submitting his articles. Nobody in the tech field (should) take(s) him seriously.

He has a point ...

Even though he's occasionally mis-aligned himself, he DOES have a very valid point.

But to what end? Why couldn't any kind of software do this?

Free anti-virus..(not Clam .. it's OSS .. but closed source stuff, why not)
SpyBot S&D
Ad-Aware
Hi-Jack This!

Could ALL be spyware-in-disguise. We don't know. How could we?

It's not just Vista's WGA we need to worry about. I mean, what better way to take over the world. Develop some cool little free app that EVERYONE starts using. Get it installed on a bajillion computers, then it grabs an auto-update and WHAMMO! You've got ... "DUN DUN DUN!!!" SKYNET...

Windows, Pestilence and Plague

Denying unlicensed Windows instances access to security upgrades does to the Internet ecosystem just what denying poor people access to vaccines and other public health does: it creates incubators for plagues. The "underground" class of unlicensed Windows instances will offer criminals, vandals and spies a cesspool in which to multiply, and launch attacks on everyone. Since Microsoft cannot exterminate completely the global unlicensed Windows population, nor ensure licensed instances are invulnerable to these attacks, their WGA program is making everyone less safe.

Please Wait

Whomever creates the crack of the century and turns the good cop bad, Please PLEASE be patient. Don't just send out the bots 2 days after Vista's launch, give Vista a chance to permeate the bowels of the gulible and self opressed - Then - and ONLY THEN can the bots be launched, creating a wondrous show for the rest of use to enjoy.

Microsoft has long been due the fruits of their incidious labor and it is only just that they reap the true rewards.

Is there a front coming through?

Woah! Someone check the weather, 'cause it's gonna be a cold day down in you know where. Dvorak just said something that makes sense! Of course, it's the same chain of thought that's been going on for weeks here at Slashdot, so it may not be his own original reasoning. But nonetheless, that's the first article of his I've read in longer than I can remember that didn't make me want to highlight all the flaws in his reasoning and send them along with proof of their idiocy to his editors.

So if WGA really screws itself up?

what will happen then? A big pile of badwill for M$. OK, if it's overly complicated to hack it will also be overly complicated to administrate by IT departments and also very sensitive for businesses as a whole.

It seems to me that every step M$ takes to make sure that no illegal copies are around it will also create more work for the IT department. And what if there is an unexpected problem popping up causing all legitimate copies to be locked from the users due to a flaw in WGA? Who will be paying the standstill cost? Not M$ in the first turn.

It seems to me that alternative solutions like Linux and the BSD variants will benefit most from this. The latest versions of the Linux distros aren't really that complicated to install and use, even if there still are flaws. (most notably the X11 config, which can be a real pain to get right, even if Fedora Core 5 seems to work acceptable there). Another item that can cause severe dandruff is the SELinux package, but I assume that there are work in progress on that.

What?!

I didn't RTFA, but the quote in the summary might be the first thing I've read that Dvorak wrote that wasn't mindless trolling. He actually made a good point. I wonder how long he can keep it up.

No Incentive to Cause Failure

I really fail to see what incentive a cracker would have in making someone's legitimate copy of Vista appear to be illigitament. Granted, I'm sure somone will write it to see if they can, and it'll make it's way to a few people, but it seems counter productive for any big time cracker to do this.
Most of the people who send out these exploits aren't doing it to piss people off, they are doing it to make money. The thing is, a botnet only works when the zombied machines are running. If you are Joe Cracker, you want those machines up so they can be sending your spam, performing your DDOSes, and collecting information for you to sell to ad companies. What you don't want is for the machine to stop working so that the owner takes it in to be fixed - especially when the person fixing it might just put some antivirus software on there that will stop your bots from running (for a while).

honestly...when online validation began...

i wondered how long it would be before someone either wrote a daemon to handle the task, or even better for some laymens, wrote simple firmware for a cheap home router/firewall that would intercept and handle these requests automatically...when we started seeing l*nksys ports of linux, i thought for sure someone would take those ports to the next level.

Shouldn't this have already happened?

This doesn't sound like news to me.

Activation is already a part of XP, and Genuine Advantage software has already been installed on lots of Windows computers. I'm not saying this will never happen, but it is not like this issue will be new with Vista. Rather, it's a problem for which we are already waiting to happen.

Really?

What's even more unreliable and short sighted than WGA?

Dvorak!

This man is a looney but the second he says something people want to hear they chant his name like he's the new Moses leading you guys out of Egypt? Come on now. Get real.

Any other time 90% of the comments are "Dvo-crack is teh r3tard" but now everyone's all "Maybe this will mean Linux will meet the masses". I've been hearing this for years. Every week or so a new "Microsoft killer" is announced here... I'm sorry but everytime one of these come up we keep hearing that it's the straw that's going to break the camels back but I'm still just not seeing it.

Good thing palladium is unbreakable

Otherwise Dvorak could actually be right!

In any case. I'm guessing this "software cop" will be down in the portions of Windows that are "impossible" for a user to modify. You know, the same part that won't let you play the latest Britney spears album without paying for it. If the Windows Platform Security Initiative has any success, then this "software cop" should remain uncorrupted. If not, people will do whatever the heck they want and Microsoft is going to have a really messed up userbase.

Oh, and don't forget the implications of the DMCA. Anyone caught hacking WGA or palladium is going down for 5-10, whether they're trying to help the situation or not.

Two big issues with his doom and gloom scenario:

Two big problems with his proposed scenario:

#1: After vista 'detects' that your version is not legit, it gives you 30 days to fix that before actually shutting down.

#2: "Once a virus that makes the cop refuse to authenticate Vista hits the Net, then how can the problem be fixed? By definition and the way I see it, this will be an impossibility."

Well, while a small # of users will already be effected, I see something that prevents vista from being upgraded by paying customers is one of the few things that could convince MS to patch out-of-cycle. Fix the bug in WGA and release it after a couple days of QA.

He stole my /. comment...

...so there isn't much point in repeating it [slashdot.org].

Unlikely

I find it very unlikely that someone will create a virus that will massively disable Windows machines around the globe. It won't happen for the same reason viruses typically are not destructive anymore. Once a virus has taken the system out of commission it ceases to spread to other machines. Virii need to keep their hosts alive in order to propogate. They WILL crack it to authenticate illegitimate versions of Windows, because that's like being able to print your own money.