MS To Limit Security Fixes to Legal Copies of Windows

rufey writes "An Associated Press artcile on MSNBC is reporting that Microsoft is going to start restricting access to security updates from pirated copies of its Windows operating systems. Starting in mid 2005, if you have a pirated copy of Windows, the only way to obtain security updates will be through the automatic updates mechanism. And even that method may be restricted at a future date. The article is light on details about what versions of Windows this will affect. Parts of the system to check for a valid copy of Windows is already used when downloading software (such as Media Player) from Microsoft - except that validation is currently optional." EnderWigginsXenocide points out Reuters' version of the story.

Will be easy circumvented...

[hlygrail]

Folks will just start distributing these patches through other arenas (torrent, newsgroups, web sites, etc.), or will develop methods (as they always have) to work around the system checks.

This is just a ruse to get folks to pay less attention to the fact that the MS OS is generally less secure for most people than it should be...

Awesome

[stoolpigeon]

Really the only thing that would be better is if they could devise a way to make it impossible for people to install their software in a manner that violates the license.

How many more people would start taking a hard look at FOSS if they couldn't get their 'free' MS products?

Re:For those who have RTFA issues...

[Anonymous Coward]

doesn't matter.

a copy of XP pro corp and a keygen passes their "check" with flying colors.

they cant stop the bulk of the "pirated" copies out there.

Re:What counts as "pirated"?

[halivar]

Like, if my HPiece-of-shit laptop dies and I "transfer" my XP license to a Dell, does that count as piracy?

Yes, because now you don't buy software. You lease it. >:(

Re:What happens...

[confusion]

The pirated versions will still be getting updates if the user of said software has auto-updates turned on. It's only when you manually run windows update that you get denied.

That may change in the future, however.

The reality is that almost no other commercial software vendor will provide you with updates if you aren't current on maintenance, let alone pirated the software in the first place.

Jerry
http://www.syslog.org/ [syslog.org]

Not good

[TheRealFixer]

And what happens if the machine you're legitimately trying to update can't be put on the internet? I remember during the blaster virus, some of our laptops were getting infected so fast, we had to make sure the remote users did NOT get online, and we had to send them the security update and blaster cleaner on disk.

So, under Microsoft's new model, we wouldn't have been able to fix those machines, because as soon as we let them on the internet to "validate" their copy of Windows and download the patch, they would have been reinfected and rebooted. Lame.

Re:For those who have RTFA issues...

[Anonymous Coward]

they cant stop the bulk of the "pirated" copies out there.

Actually, this has been hashed and re-hashed several times. Its like saying credit card numbers wont work, as companies couldn't keep track of transactions - sounds ridiculous doesn't it. If MS wants to check all legitimate keys against their database and issue a verification code for patches then it CAN be done Corporate version or not.

I'm interested

[JediTrainer]

... in exactly how many machines we're talking about here. Given that every time I've purchased a machine in the last 5 years I've been force-fed a Windows license, how likely is it for someone to have a pirate copy?

I'm still steaming from all the times I've purchased machines to run Linux, yet been forced to buy the OEM Windows license along with it.

And before anyone mentions building a box yourself, that just causes a hassle when it comes to warranties (I want a name brand machine that I can take back if something breaks in its hardware), and companies that allow you to purchase the machine without an OS are virtually nonexistant in my area.

So given that I've been forced to buy a Windows license with every PC I own (whether I use it or not), I'm not sure how it's possible that there's that many pirate copies out there.

They've been doing this since 2002 in a way

[CdBee]

If you install WinXP Volume licenced edition with the famous FCKGW RHQQ2 (Genius!) serial number then install IE critical updates from Windowsupdate, the computer will start crashing on an occasional basis... its been widely rumoured that early on in the XP lifecycle Microsoft issued a patch which has an additional function of degrading the reliability of pirated copies.

This is reproducible with any XP volume licenced CD using that serial so bad media can be ruled out

Re:What happens...

[garcia]

The reality is that almost no other commercial software vendor will provide you with updates if you aren't current on maintenance, let alone pirated the software in the first place.

The reality is that Microsoft Windows is installed on 90% of the machines out there. The reality is that regardless of how the software was aquired it is likely to be vunerable to worms, trojans, etc. The reality is that Microsoft is going to continue to look mighty bad when worms and trojans slam 90% of the computers out there.

After a while the "oh, well, the pirates shouldn't have pirated the OS and then they could have gotten our updates that came 6 months after the worm started" gets old and people don't care anymore.

As I have said before this is the situation that they want to occur as it makes all the more sense to place DRM restrictions on their OS and programs that will run on the OS/hardware.

Re:Pirated means....

[thegoogler]

No, for corporate edition your not supposed to use winupdate, your supposed to "streamline" the patches into the installer, and install an already service packed and patched system(or reinstall) on all your workstations, which may even be faster then trying to install a patch on a system with weird settings/corrupted files/messed up registry's.

Re:For those who have RTFA issues...

[Anonymous Coward]

I don't know about you, but around here, I just go to any of the Internet cafe or LAN game shops, and they all have their legit copies of Windows XP with the CD keys on display, and I'd just copy down a few for future use...

Re:Microsoft's Prerogative, IMHO

[moderators_are_w*nke]

Would be a neat idea though. A Windows exploit that only targets people who have legal copies?

How long until it happens?

No doubt Microsoft are currently (secretly) working on the opposite, a BSOD exploit that only targets illegal copies.

Sinister Hacker

[codepunk]

Ok say some sinister hacker knowing that cd keys are
stored in the registry builds a little one liner that inserts a known comprimised key. You know ms is gonna check for this.

The result is a ton of instantly owned machines since they are unable to install security updates.......brilliant plan

That being said I hope they enforce their licensing pirates are slowing the uptake of Linux, it hurts everyone.

Re:For those who have RTFA issues...

[Anonymous Coward]

ok the home version or the pro retail version...

the keygen works great for both of these too..

hell you can keygen and REGISTER a copy and even call tech support and they happily talk to you!

several people here at work have keygened home versions that MSFT can not detect because they do not have a master database of printed keys. that would be a farking nightmare, only registered keys are stored in the DB.

anyways, at work we just recieved 35 laptops with XP home on them I blew away the install for our corp blanket license.

all those keys are legit and after install with a keygened key you regedit to put in that "dell" key and msft will never EVER know. hell put the farking sticker on the case too (those are REAL easy to peel off without damage.)

nice try msft employee.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:For those who have RTFA issues...

[Mikmorg]

Don't exclude those who do online gaming. Although I think your point is mostly valid.. On the only windows box I have I could care less about security updates. Its routed through a linux box which watches/restricts traffic, and the win client has only installations of programs. All personal data is offsite, so reformatting it is quick & clean. Not to mention I'm not downloading p0rn programs and crap. There are a few possible evils that I could somehow contract on it, yes... but I'd be able to get rid of them easily, without harm to me.

I pwn windows legitimately, but only because I got a license for $5. Windows is like buying a $200 console system if you ask me.

Re:Will be easy circumvented...

[elecngnr]

This is just a ruse to get folks to pay less attention to the fact that the MS OS is generally less secure for most people than it should be...

I would not be surprised that when this new method of getting updates from MS is up and running they start blaming the non-legal copies for the propogation of problems with MS. They will say, even if it is not completely true, that the problems began with computers that were not properly and legally updated. The average computer user will believe it because they don't know any better.

Activate Windows XP

[topham]

So last night I was playing Wow for a while and the performance in Orgrimmar was pretty bad. I figured I'd up the ram in my main maachine to fix the problem.

Pulled the ram from another machine, dropped it in and rebooted windows. Windows XP then informed me I had made substantial changes to the machine since I installed XP Pro on it and told me I had to re-activate it.

If this causes me, at a future date, to have issues because another minor change triggers the Activate windows, and it fails for some reason and I can't get security updates I am going to sue their ass.

Thankfully I have a Mac.
(If I had Priated XP I wouldn't even have this concern. I'm sick of being treated like shit after spending a few hundred on stuff.)

Re:What counts as "pirated"?

[seigniory]

> System dies and you want to transfer the license? Sorry! You have to buy it again! Why? You paid for it once, now on a system that will no longer function.

If you break out the costs, a new XP shrink-wrap license is around $299 for the pro version. You only really pay around $65-$85 for the OEM version.

If you buy the full one, feel free to use it wherever you want.

> What makes them believe they have the authority to make such restrictions in the first place?

It's their software, they set the terms.

Re:Activate Windows XP

[WhiteWolf666]

Try WoW on linux.

Yes, framerates in D3D mode are somewhat less. (Probably 20-30% slower)

OpenGL mode, however, is just as fast, and transgaming has identified the problem with using the minimap indoors.

All the pixel shader effects are supported, by the way.

I've heard people get crash to desktops in WoW. Or have other sorts of stability problems.

Other than the aforementioned minimap issue, which had been a known issuse by transgaming for awhile now, WoW has been 100% rock solid on my system (I.E. absolutely flawless if I play in D3D mode). Zero crashses, ever. Probably about 2 weeks of game time since release.

In fact, I've never installed WoW on windows. Don't have windows running.

Re:For those who have RTFA issues...

[RWerp]

Good ;-) Only that I take stuff from home to work - my PC at work has my private 128MB RAM stick in it.

Re:For those who have RTFA issues...

[shird]

that MSFT can not detect because they do not have a master database of printed keys. that would be a farking nightmare

How so? The number has to be generated and printed right? Why not just record the number at that point of generation. Considering the amount of money involved if they could stamp out piracy, theyd invest the few minutes in adding a database to the computer printing the numbers. I dont think the problem is they dont have this database. I wouldnt be surprised if in the future you do have to have a legit key. Even if its a corp key, it would have to have been issued and not randomly generated. They could then check ip ranges if they really wanted to for that key, but i doubt they would. They could quite readily fine the company that distributed that key however.

I can't agree with this....

[haplo21112]

...the rest of the people in the world on the net have to suffer because someone pirated the OS. Microsoft MUST allow the patching of even pirate copies or they are setting of the biggest virus/bot/spam net in the entire world. I would go so far as to say that the US government should push the issue as a national security problem.

Re:What happens...

[zoftie]

That would run countered to game industry, suddenly those kids won't be running games. Suddenly people will be writing OpenGL games instead. Suddenly platform is not much issue anymore.
I think they want to crimp down on smart business fish that evaded nets of juBSA.

Re:Several HUGE differences

[covertbadger]

Agreed. It's like saying that if you lose your bank card, then your account (and the money in it) is gone forever and you have to open a new one.

Crap... my knoppix hack for updating windows gone.

[cascadefx]

I like to use knoppix and technet to drop updates onto a fresh install before connecting a fledgeling Windows system on a network.

I wonder if we're still going to be able to get access to Technet articles?

Haxors will LOOOOVE this!

[Arslan ibn Da'ud]

Great. By enforcing that your Windows is legal when doing security updates, MS ensures that the world will be full of computers with insecure pirated Windows boxes. Ideal for spammers, haxors & pwners.

It sure beats MS enforcing Windows being legal when you try to actually INSTALL windows. Why, if they did that, the world would be devoid of pirated Windows...just legit, secure Windows. And a few Linux machines here 'n there.

Obviously MS prefers that there be lots of insecure pirated Windows boxes out there. I wonder why...

Sign of things to come

[dekker]

One of our salespeople got some really tenacious spyware on his machine last week. We tried Spybot S&D, AdAware, HijackThis and then finally the new Beta Microsoft Anti-Spyware. I've been scoffing that it was a little ironic that the company who's responsible for Windows being so vulnerable has a lot of gall trying to peddle software to counteract the vulnerability.

Anyway, I digress. In order to download the Microsoft stuff, we had to do a "validation" which entailed entering our WinXP product code, followed by the name of the manufacturer of our laptop, the name of the place we bought it and one of those security codes in an image that you have to transcribe into a text box?!??! I'm surprised I didn't have to show proof of the Windows logo tattooed on my forehead.

BTW, despite notifications from every anti-spyware program that they had cleaned the machine of all spyware, none of them were able to get rid of it completely. None. We're going to have to re-format the whole damn box. In the meantime, I installed Firefox and told the guy only to use IE if he absolutely has to.

Re:They've been doing this since 2002 in a way

[hairykrishna]

The very definition of an unscientific test.

Machines running on this serial key crash on an occasional basis? That makes them more reliable than some legitimate installs! In addition, why would MS do this? Surely just breaking it outright, with an appropriate message, if you have a dodgy key would be better?

Re:For those who have RTFA issues...

[aminorex]

This will last about a week. After that, with each security patch released, a new flock of botnet worms will descend on the vast majority of unpatched windows computers, and headlines will be screaming about how windows security vulnerabilities are destroying the Internet. Steve will then repent.

Re:For those who have RTFA issues...

[aixou]

If you fail to resubscribe do you lose the right to use the software?

I do not want to Acitvate but I can

[Anonymous Coward]

I am a developer with a MSDN license. That's right; I have the right to use their pathetic crap in my work which is all I use it for. I hate to activate their products so I use a crack. Yep, I do not have to but I do it anyway. I hate having them be able to track every computer I use. I hate the fact it seems that every time I do something to a box to change a piece of software or hardware it makes me call again, not everyone connects every computer to the Internet you know. I hate the fact they make me take one extra minute of my precious time to do this. I figured it out by the way, on the machines I work on a lot, it is costing my company an extra $150 a box a year in my wasted time dealing with the crap. Do not think MS has not offered us a Volume license, but that has huge hidden cost for small companies. I hate the ActiveX control has to be on to do this which means I have to have it on by default and then disable it to prevent viral disasters. Until now I have dealt with using a Windows box as my primary platform, but I am so sick of it and them. They treat their own people like criminals, they watch and track every change I do to a machine knowing where it is and even what sort of changes I may have done, and they create hurdle after hurdle to ease of use. They have forgotten that they became 90% of the market because >50% of users use pirated versions of their products. They now arrogantly think they can not be left behind and we, their developers, will act like trained sheep an follow them wherever the go. Well guess what, I like open source I support it. In time I hope it will match MS one day and I will sure as hell aid that process. For example, today I was asked to look at forums, I saw .NET versions and I saw Java and PHP versions. I saw open source versions and I saw closed versions. Well guess which ones I will recommend. Open source products often work well and frankly I would rather spend an extra few minutes tweak their conf file, reading a piece of documentation or listserv to get them working rather that being a MS's lap dog waitng on the phone for permission to user their products. I would rather tweak an open source product's code and give it back to them than pay for a black box. We are not a forum company so we have nothing to lose by this, we just want a good forum and when we give our tweaks back we are helping ourselves and everyone else by making a better product. We are still making money and we are not starting the apocalypse as MS would have you believe. As they say, may they reap what they have sown.

Re:For those who have RTFA issues...

[mxs]

Most people do not understand the significance of a product key. They enter it once (or even never, if the machine came preinstalled), never see it, and don't associate anything with it. It's a serial number on a piece of paper.

Please, count how many pieces of paper with numbers on them you got with your PC, Mouse, Graphics Card, Printer, Gizmos, Toys, USB kitchen sinks, etc. Now, how should a "regular" user decide which one(s) are actually important, and which ones go out with the trash ?
Heck, people don't even remember (or find, if they wrote them down) their passwords. Good luck with keeping track of a useless number for more than a year or two.
If you want to make it sting, let 'em find their original CDs which are now ... you guessed it ... useless ("but I have the CD RIGHT HERE !").

That nonwithstanding, while I have legitimate licenses for quite a few M$ OSs (and the respective license keys, of course), I pretty much always use one of the keys floating around and apply corporate patches. Activation sucks, and so does GUID tracking. Gues come July the good'ole'googl'a'key will have to be revised.

Re:For those who have RTFA issues...

[SlimFastForYou]

Heh, I submitted this same news bit many hours before it was posted but I too had my submission rejected.

In my submission, I noted that as a computer repair tech it can be a pain to get CD keys from customers in order to reinstall their OS, and asked the readers if they thought this would really clamp down on piracy or simply cause a support nightmare for users and repair shops.

I haven't even noticed any discussions on this unfortunately. Many posts seem to be assuming that only pirated copies of XP will be affected. From the looks of things, people will have to produce their key and answer some questions for this new Windows Genuine Advantage.

Its really quite frustrating to have to pirate software because of losing the CD key I recieved X years ago. Personally, I think they should ditch keys and activation altogether - high profile software products such as Windows will always be easier to pirate than earn $150 go to the store, and buy. IMO, the only thing keys do is badger legitimate customers into "pirating" software they purchased - I've seen it happen again and again.