Microsoft Blocks Pirates From Security Essentials Software 291
Posted
by
samzenpus
from the not-for-you dept.
from the not-for-you dept.
CWmike writes "Microsoft will block users running counterfeit copies of Windows from installing the free Security Essentials antivirus software, said Alex Kochis, director of Microsoft's Genuine Windows team, in a post to a company blog. On-again, off-again debates about the wisdom of blocking security-oriented downloads like patches or defensive software have centered around the argument that Microsoft should protect all users, including pirates, since hijacked PCs threaten the entire Windows ecosystem. In this case, though, one analyst isn't buying that line. 'I can't see any justification for making Microsoft give away Security Essentials [to counterfeit Windows users],' said John Pescatore, Gartner's primary security analyst. 'Those people have many other choices, including free. There are plenty of alternatives to Security Essentials,' he said, adding that that makes a difference. Windows patches, on the other hand, aren't available from anyone but Microsoft."
Enlightened self interest (Score:4, Insightful)
Microsoft would be just protecting their own reputation when unknowing users of pirated installs are complaining less about Windows instability and others see fewer attacks from zombie farms. If you created a problem such as IE6, you should do everything in your power to solve it rather than ranting about others. Good for karma, good for pocketbook.
I sort of agree (Score:5, Insightful)
John Pescatore makes a good point. AVG, Avast, etc... are all free antivirus. When MS withholds patches, it can lead to stronger botnets and ID theft. However, antivirus applications are plentiful and the money MS will be investing in this thing makes them justified in not wanting to simply give it away.
As much as I hate to say it, I won't blame Microsoft for this move.
Get Microsoft out of the free OS market. (Score:3, Insightful)
Pirating is illegal.
Pirates are only ones really complaining.
Pirates switch to Linux
End of problem and it will takes windows out of the Free OS market.
Running a pirated Win 7 x64 copy, no problems (Score:1, Insightful)
Just installed on a pirated Win 7 x64. Installs and scans without problems.
A good way to punish pirates (Score:2, Insightful)
...and allow for the propagation of viruses at the same time.
Re:Enlightened self interest (Score:3, Insightful)
Exactly. MS gives out free security tools, we don't sue them for making the stuff insecure in the first place when the zombies DOS our servers.
Piracy love/hate (Score:5, Insightful)
The problem is microsoft has a love/hate relationship with the pirates. They have an absolute need for piracy to be possible but not to become attractive enough (in the first world) to become popular enough to eat into their profits overmuch.
Think about it, Microsoft could eliminate 99% of piracy overnight by using harsh copy protection combined with mandatory Genuine Advantage plus a couple of targeted logic bombs launched against a few of the more flagrant pirate copies. Problem is most pirates these days either built their PC from scratch (else they would have been force fed a license) or bought a PC from a pirate. The DIY crowd is too influential to piss off and what they are doing already stops the bulk of the chopshop pirates in the developed world. If they make pirate windows too unstable in the third world where it is popular they simply can't pay so would be driven to look for alternatives.... and would find them.
So this move is easily understandable, it gives the pirates a nudge but won't overly annoy any of the major groups who pirate. The DIY type who pirates Windows because those guys pirate everything just for fun will have little trouble finding cracked copies of whatever they have been using. At all appearances nobody in the secondary markets updates anything on their damned machines already, considering how much crap spews out.
OH NO! (Score:4, Insightful)
Obligatory analogy (Score:2, Insightful)
Re:*Takes stolen car to dealership for a repair* (Score:5, Insightful)
Of course, this is all assuming the pirated copy didn't come pre-infected...
Wrong title (Score:3, Insightful)
Re:Herd immunity (Score:4, Insightful)
Herd immunity works in biology because the distance to travel to another unprotected host is too far or takes too long for the virus to survive floating around. But with networked computers that isn't really an issue, is it? It might take a little longer to scan ports on more addresses but for an automated virus in a computer whose owner isn't patching it anyway, this isn't a big deal. Everyone who thinks they know better feel free to contradict me, I'm just speculating:
Re:I agree with Pescatore, but... (Score:5, Insightful)
Re:Get Microsoft out of the free OS market. (Score:2, Insightful)
>Yeh but good PC games really only work well in windows
The existence of "good PC games" is a matter of opinion.
Re:I agree with Pescatore, but... (Score:5, Insightful)
I know I may be a bit utopian in my thinking, but wouldn't giving these users a good customer experience (as Microsoft calls it) the best way to convince them that they should in fact go out and buy the software - perhaps not even now, but the next time they upgrade their systems?
No, it would more likely convince them that "hey, I got this great customer experience without even ever spending a dime, why spend money for what I can continue getting for free?" Not that I disagree (or agree for that matter) with allowing pirated users the option to use the software, I just think your logic is off.
Not hurting leet hackers, but fools and poor folks (Score:5, Insightful)
I don't see that many pirated Windows installs but the ones I do see are all from poor people who were given a bootleg XP or Windows 2000 disk with no product code and no questions asked. I mean, fair is fair and Microsoft is selling a product as a business not giving away their OS as a charity but in my experience the people they're hurting are the ones least able to help themselves.
The poor people I'm talking about here are usually seniors with little computer knowledge using out of date hardware and single parent families with few resources. They're not buying new computers and $150 for a Microsoft OS is too steep for their budget.
They're not leet hackers laughing at Microsoft, they're simple folk. One little old lady who had her computer in was completely horrified when I told her that her Windows was pirated, she literally had no idea. Our policy is we don't help you once we discover your Windows is pirated for the simple reason that we have no way of knowing what has been done to the OS or what has been corrupted or is missing. In that case she came in a couple of months later with a legal Windows disk she'd saved up and bought and I installed it for her gratis. I know the price tag hurt her though but she would have no truck with illegal Windows.
Anyway, my point is that these folks are for the most part clueless and are ripe targets for botnetting since they lack the knowledge to acquire and keep an AV updated on their own. Free Avast and Free AVG are available to them but without handholding they'd never figure out how to jump through the hoops to download, install and set these up. The beauty of Microsoft Security Essentials is that they've made it pretty much self-running and idiot-proof. Like I said in my post yesterday, I'd push it out to everyone not already running an AV if I were Microsoft. It increases the general health of the Windows eco-system, makes Windows more secure and run better as a result, which in turn makes the Windows experience better for everyone and increases the likelihood of Windows purchases down the road through good word of mouth.
The leet hackers have the tools to look after themselves. If it were just them running pirated Windows, I'd agree with Microsoft and say stuff 'em. It's not though and things look a lot different on the bottom of the food chain; it's those most unable to protect themselves who get hurt the most.
Re:I agree with Pescatore, but... (Score:3, Insightful)
He's right in that many people who have the tech-savvy to pirate a copy of Windows will know what their options are regarding anti-virus.
Yes because only computer geeks have pirated copies. There's a lot of people out there who don't know that they even have a pirated copy. Computer illiterate people often find help through shady repairmen, friends or relatives. These people come in find that Grandma didn't keep her license key or CD's, but the computer obviously came with XP. So they do her a favor, by reinstalling a pirated copy of windows but they're not there for longterm support.
Re:Herd immunity (Score:2, Insightful)
I would also argue the effectiveness of herd immunity on a medium in which any one machine is capable of connecting directly to any other machine in quick succession. The Internet is one damn big herd and for whatever percent of it this software benefits won't be significant enough to reduce the risk for those that aren't. Plus, I'd imagine a great number of people running pirated Windows are aware of the security risks.
Re:*Takes stolen car to dealership for a repair* (Score:3, Insightful)
I get your point, but I'm just sayin
Re:Herd immunity (Score:1, Insightful)
If they did it once...
Re:Herd immunity (Score:4, Insightful)
You are essentially trusting a complete stranger (from the internet no less) with no responsibility, visibility, or accountability, and running an unknown executable. That is not safe.
Even the cracker/warez websites themselves are typically loaded with malware, spoofing/phishing attempts, etc.
They have a bad reputation for a reason.
Re:OH NO! (Score:5, Insightful)
Probably not. At bare minimum, this means more botnets members available to spam whatever email accounts you use.
Directly safe? Sure. Same as myself, and a lot of others. But indirectly, this doesn't help anyone but people running botnets. It's far more work to deny security updates to some users than it is to just give them to all users. And it's strategically a poor decision because of the INCREASED risk to the protected machines due to the attacks from the unprotected ones.
If this works, and you push it to everyone, you cut down on spam, attacks on your protected machines, and overall, you make the internet a little better place. And before anyone beats me to it, I know damn well that MS and "make the internet a little better place" don't belong in the same paragraph. Bitterly, I wonder if their goal of destroying the internet had any basis in this decision.
Re:I agree with Pescatore, but... (Score:2, Insightful)
"This message came on my screen, I don't know what to do!"
"What does it say?"
"I don't know, I just clicked ok!"
Re:I've got one (Score:3, Insightful)
Unless I am completely mistaken, most botnet infections occur because of user action, not because the computer is allowing remote connections. Linux would be equally vulnerable if unqualified users were using it and installing software on it. When the software they are installing asks for the root password, they would obviously supply the root password, because they are unqualified.
That explains the situation for Windows. Plain and simple, these people using Windows have no business administering a computer, period. I assure you that a botnet infection program can be written for Linux and simply ask the user to do whatever is required during installation. You may discount these because YOU wouldn't do what was requested, but that has nothing to do with what your average Windows-using grandmother would or would not do.
Sorry, you can't make a computer secure that is (a) administered by someone unqualified to do so, and (b) allows software to be installed on it. I would claim an iPod is completely secure. So is a clock radio. If you give a computer user that cannot administer their machine an appliance that cannot have other software installed on it, you can have a secure computer for unqualified users.
A general-purpose programmable computer that requires administration cannot be secure unless it is administered by a qualified person. This is why a lot of corporate systems are indeed secure even through they are running Windows. It is also clearly why other corporate systems are completely insecure and have botnet infections.
Re:I agree with Pescatore, but... (Score:2, Insightful)
I'm not sure what your point is. I'm using the RC Windows 7 right now. It was free, but it's also supported. I installed MSE yesterday.
We're talking about pirates who aren't using the free RC. We're talking about habitual pirates who pirated windows 7 in the face of a free release candidate. They deserve to get a virus.
Re:Piracy love/hate (Score:3, Insightful)
Agreed, Microsoft are like Adobe, they have a love/hate relationship with warez pirates. Adobe actually tolerates piracy to a certain degree, as long as you buy licenses if you do commercial work. When it comes to personal use and learning their products at home, they tend to turn a blind eye. It's good business sense.
Re:Not hurting leet hackers, but fools and poor fo (Score:5, Insightful)
She is highly unlikely to be reliant on any industry vertical software or anything obscure like that (she probably just wants a web browser and email client), and would be much better off with a free OS.
Re:The freedom is not free. (Score:2, Insightful)
In a sense I agree with you - most software (and not only operating systems) were initially (and most still are) designed to be easy to crack. Most software that we call now "industry standards" have started this way.
Piracy became *necessary* because the market *requires* from users adequate knowledge of the industry standards even before applying for a job: you will never get a job in any DTP company if you already are not an expert in Photoshop - they will not give you a copy and allow you three months to learn it (as was the case 15 years ago). The same principle applies to any computer-related business: graphic design, multimedia production, architecture or engineering. Ask any professional how he learned the software tools of the trade and he'll tell you that he learned them at home using pirated copies.
This might explain why currently most Computer Science university departments tend to degenerate into software user training centres. This trend is inevitable, because on the one hand graduates must find a job and on the market side the requirement for a university degrees has become part of the workforce selection mechanism.
Therefore, piracy is inevitable as it is an essential prerequisite for both the evolution of the species (the marketplace) in the computer-related capitalist ecosystem and the survival of the fittest among the workforce. This is the essence of "knowledge society" and we must all be forever indebted to Microsoft for making Windows so easy to crack, because otherwise 90% of us /. readers would have a different job today...
Re:Herd immunity (Score:5, Insightful)
These "cracker/warez websites" you mention is a different matter, they have nothing to do with the actual crackers - no reputable cracking group has a website where they release their (illegal) stuff, everybody knows that. On a site like that you're just as likely to find infected OSS, anything that they think clueless newbies will download will be infected.
A way to defuse the security criticism on Windows? (Score:3, Insightful)
Everyone knows that MS Windows is the main host of botnets, zombies, and general malware on the Internet. Hardly a month passes without Microsoft patching yet another "critical vulnerability". Unfortunately there are reasons why MS Windows is more vulnerable than e.g. MacOs, Unix, FreeBSD, or Linux. For one thing, MS Windows (until Vista) was never designed from the ground up for multi-user operation, security was ever tacked on as an afterthought, the architecture of MS Windows with its miriad add-on's (that tend to carry out _system_ tasks) and the (deliberately) tight coupling between MS Windows and MS applications conveniently makes for multiple points of attack, and once a process is suborned by an attacker there is nothing in MS Windows architecture that's designed to contain it or stand in its way. That's why we see so many infected Windows PC's on the Internet.
Oh yes, there are those who hold that e.g. Linux would suffer the same level of penetration had it had the same level of penetration on the desktop but the fact that about 60% of all Internet traffic is handled by Linux machines (which are far less often compromised) pleads against that. It's not exposure that does it but architecture (and the quality of administration, but that's another issue).
So that being the case, what would benefit Microsoft more than to be able to cast doubt on tales of machines being infected and taken over as "Probably pirated copies; legal Windows versions are protected by MS security updates."?
That would give Microsoft a good reply when called out over the insecurity of MS Windows (e.g. when a large organization is considering what OS it should use in the next 10 years).
What do you think? Might I be anywhere near the mark?
Newsflash: Pirates dont care. (Score:1, Insightful)
This is NOT what happens:
1. Pirate steals windows.
2. Pirate thinks, oh crap, no anti-virus, must buy windows.
3. Pirate not a pirate any more.
This IS what really happens:
1. Pirate steals windows.
2. Pirate steals commercial anti-virus software.
3. Yahrr, drinks rum.
As if they can block them (Score:4, Insightful)
Re:Not hurting leet hackers, but fools and poor fo (Score:1, Insightful)
You actually let her save up and waste her money on a Windows License? And you think you were being KIND by installing it for free?
You could have just taken a small amount of time to show her this new thing... it's called Linux and it's free and easy to use. Talk her through what she normally does (I doubt an old lady NEEDS Windows in the same way some people do)
Jeez. She could have saved the money for her Winter fuel bills or something.
Re:I've got one (Score:4, Insightful)
Wow, I went from a +3, informative, down to 0, flamebait. Nice. Despite the swearing, everything I said was true, and you are wrong. LOTS of Windows malware has spread WITHOUT user interaction, thanks to a slew of MS apps that execute code willy-nilly, for example Klez [wikipedia.org] ("The text portion [of the email] consists of either an HTML internal frame tag which causes buggy e-mail clients to automatically execute the worm...") and Sasser [wikipedia.org] ("Sasser spreads by exploiting the system through a vulnerable network port...") and the Kak worm [wikipedia.org] ("...a VBScript worm that uses a bug in Outlook Express to spread itself.")
Your argument about administering Linux and Windows boils down to "Neither Linux nor Windows can be secured 100%, therefore they're equally bad" and that is NOT the case. If Linux or Mac OS X were dominant they'd have SOME problems, but not the amount that Windows has.
That aside, I agree with you when you say security is not an easy thing. However, security comes in layers, and having an OS that's not equal parts mashed potatoes and swiss cheese is a good start. LOTS of the technologies that could have stopped the spread of MOST malware were WELL KNOWN and EASILY IMPLEMENTED at the time needed but MS just sat on their hands and did NOTHING for YEARS. Buffer overflows can take some work to find but MS has made COUNTLESS stupid decisions over the years, like having Outlook Express automatically execute code sent IN ATTACHMENTS (besides displaying/executing bad HTML/JS/etc in EMAIL CLIENTS) and having lots of services OPEN BY DEFAULT.
Botnets are an example of how MS's shoddy code has made everyone's--not just Windows users--lives worse. So, like I said, MS owes it to the world. Again, the guy in the article is saying "I can't see any justification for making Microsoft give away Security Essentials [to counterfeit Windows users]..." but MS is already giving it away for free to registered users so it's not like they're losing sales. All they'd had to pay for would be bandwidth, and there are already a zillion sites that give away bandwidth to deserving downloads--universities, ISPs, etc. Don't you think every single school in the world would host a copy (AT LEAST for their internal users) to keep their own networks safe? Same for every ISP. Large companies would also distribute it internally. There is NO WEIGHT WHATSOEVER to this inconsiderate asshole's* argument. (-1, here I come!)
* just to be clear that I'm not flaming the wrong person: "this inconsiderate asshole" refers to John Pescatore as quoted in the summary, not the poster to whom I'm replying.