Microsoft Blocks Pirates From Security Essentials Software 291
CWmike writes "Microsoft will block users running counterfeit copies of Windows from installing the free Security Essentials antivirus software, said Alex Kochis, director of Microsoft's Genuine Windows team, in a post to a company blog. On-again, off-again debates about the wisdom of blocking security-oriented downloads like patches or defensive software have centered around the argument that Microsoft should protect all users, including pirates, since hijacked PCs threaten the entire Windows ecosystem. In this case, though, one analyst isn't buying that line. 'I can't see any justification for making Microsoft give away Security Essentials [to counterfeit Windows users],' said John Pescatore, Gartner's primary security analyst. 'Those people have many other choices, including free. There are plenty of alternatives to Security Essentials,' he said, adding that that makes a difference. Windows patches, on the other hand, aren't available from anyone but Microsoft."
I agree with Pescatore, but... (Score:3, Interesting)
He's right in that many people who have the tech-savvy to pirate a copy of Windows will know what their options are regarding anti-virus.
On the other hand, how much does Microsoft actually stand to lose when it comes to giving this away?
I'm willing to bet that they ran the numbers... "how much will the bandwidth cost us" vs "how much do we lose in good will by weakening the herd immunity".
Now that would be an interesting (read: evil) spreadsheet to look at :D
Who exactly are the going to be blocking? (Score:5, Interesting)
Anyone running pirated versions of the OSs eligible for MSE will probable have cracked WGA, and will be able to install this if they wish.
This OS will self destruct in 5, 4, ... (Score:2, Interesting)
*Takes stolen car to dealership for a repair* (Score:4, Interesting)
Everyone can blab on about herd immunity etc but this seems like denying a stolen car a repair under warranty. Systems are going to be used for attacks, it might as well be the pirates systems and not mine. Security these days is more about running faster than your peers, not outrunning the hackers. Microsoft doing this will put paying customers closer to the front of the race. And I am not a microsoft fanboy so don't write some bs about that.
What will everyone want next? Metadata updates for your stolen music from the record companies? As much as I hate some things about companies, you have to draw a line somewhere.
Re:Herd immunity (Score:2, Interesting)
I strongly suspect the same concepts would apply to computers
Unless there are viruses around that attack random IP's. There's no biology equivalent to that. And with p2p (and implicitly pirating) these attacks might not even be detectable. If your computer makes and receives 50-100 network connections per minute legitimately, who's going to notice a couple more?
mind play? (Score:3, Interesting)
Giving this software free to pirates is almost a promotion of piracy - if you get same stuff when you pirate, then there is no downside to do it.
ll
Also, few pirates might feel bad about the fact that their copy is not 'genuine'. And some owners of valid copies might feel satisfied knowing that people who got free ride didn't get the whole package.
Re:Get Microsoft out of the free OS market. (Score:3, Interesting)
Re:Herd immunity (Score:5, Interesting)
The biology equivalent would be if someone sneezed in Beijing and you got the flu in Denver.
Re:I agree with Pescatore, but... (Score:4, Interesting)
I've got one (Score:1, Interesting)
'I can't see any justification for making Microsoft give away Security Essentials [to counterfeit Windows users],' said John Pescatore
How about this: MS owes it to the world for putting out such a shitty, vulnerable operating system for so many years. Since 80% of spam comes from botnets, [arstechnica.com] maybe, just maybe there would be less spam in the world if there weren't so many shitty, easily-exploited Windows boxes out there. Not only should MS give this away, they should make it available for all XP users as well, legit or not. Bill Gates said in 2004 that spam wouldn't be a problem in two years. [cbsnews.com] He had the power to do so all along, he just never did. I'm sure he thought it would be an interesting solution, involving artificial intelligence and cool 3D worlds like in Hackers and Swordfish and Johnny Mnemonic, and lasers and magnets and sharks and God knows what else... not something boring like cleaning up the mess made by his own shitty products.
Re:Obligatory analogy (Score:2, Interesting)
Yeah, it would... but when someone brought in a vehicle reported stolen, i'd also expect that dealer to contact law enforcement immediately, when the dealer discovered the report.
Re:Help Eliminate Software Piracy (Score:2, Interesting)
but left the activation key sticker on the machine, only to be asked to install some version (any version) of MS Windows because they do not have original installation media, and yet believe that the activation key sticker is a license to any version of Windows since they can not use the computer without an operating system installed.
It's the OEM versions of Windows that have these stickers.. The license is permanently tied to the computer and cannot be re-assigned to another computer (per the OEM EULA).
The purchaser has failed to live up to their obligations under the license, and surrender the media when surrendering the sticker.
Anyways, the sticker is confusing. Basically, Microsoft should either stop making the dubm stickers, or print a unique URL on each sticker to permit download the License and backup media corresponding to that copy of Windows (for a nominal download fee, to pay for bandwidth, of course).
Re:Herd immunity (Score:4, Interesting)
Yeah, i keep hearing that repeated. "you are more likely to be infected using cracked software"
I've pirated (and bought) a large variety of software in the last 15 years. And the one time i have ever been infected. it came from a piece of commercial software right on the cd.
The 'pirates' and cracked software are WAY more trustworthy than any company out there. It only takes one or two bad comments to make people avoid using that cracked piece of software. With commercial software it takes thousands of bad installs before it makes the news and people avoid a bad piece of commercial software.
Just having a more tech savy audience the cracked software will be subect to far more scruntity than anything you'd buy off the shelf.
The freedom is not free. (Score:5, Interesting)
The problem is that Windows is intentionally designed to be easy to crack, as a marketing tool. They wanted it to spread as wide as possible. In former Soviet Union about 99% of Windows are cracked versions.
Now they stop critical updates because they want the bot-nets to grow and make the Internet unusable, because they are losing in the Internet to Google. So they destroy the Internet, and the world is returning to the Desktop.
It is quite possible. For example, I cannot already use the torrent, if I use it, then my provider disconnects me next day for several hours. Crime and punishment.
I begin to see a new meaning in the words: The freedom is not free.
Piracy - good for windows, bad for linux? (Score:3, Interesting)
Re:Herd immunity (Score:4, Interesting)
Reducing the number of machines able to be infected reduces spread rate, which increases security since those who do get infected can get rid of it before it finds another host more often.
You forget that geometric progressions don't much care for the spread rate. Let's assume a few things:
1. We want to query every single IPv4 address space (brute force and stupid, since only a little over 2^27, 75%, is actually in use in some fashion).
2. We're going to say that 90% of the machines out there run Windows. Actual estimates vary.
3. If an infection is timed correctly, even an out of band emergency patch will hit less than half [theregister.co.uk] of all machines. So, a worm has 30 days to spread between Patch Tuesdays.
4. For the sake of simplicity, I'm going to assume everyone's bandwidth is a mere 10KB/s bidirectional.
5. Also for the sake of simplicity, I'm going to say that it takes 10KB of data to probe a machine to see if its infected.
6. At any given point in time, I'm going to say only 5% of machines on the internet are accessible (turned on, and can receive connections). I have no factual basis for this -- it's an assumption.
So based on 4 & 5, I can make 1 probe attempt per second.
Last, a disclaimer -- I do not know much about statistics. If I made a mistake, sorry.
So, in a day, a single machine can probe 86,400 IPs, probing the space in a random fashion. Of those, 64,800 (75%) are "in use" in some fashion. 58,320 (90%) of those run Windows. And 2,916 are turned on and receiving connections. 1,458 (half) are unpatched for the first 30 days of the spread. It manages to infect 2 machines in the first hour it runs (rounded down; is actually about 2.5) The next hour, 6.25 machines are infected, and so on and so forth. In 24 hours, 3.5 billion machines have been probed and infected.
Geometric progressions like this are the reason why statistics like "An unpatched windows machine directly connected to the internet is compromised within 8 minutes" exists. The premise "Reducing the number of machines able to be infected reduces spread rate, which increases security" is not valid -- because the spread rate is almost completely irrelevant. Even if I say only 1 machine per hour is infected, in just over 30 hours we have the same number of infected machines -- even though we cut the rate from 2.5 to 1.
If you want to make a difference -- reduce the window of opportunity; PATCH NOW. The rate is wholly irrelevant.
Wait. What? (Score:3, Interesting)
Nevermind the pirates. They get what they paid for. Giving them nothing makes good sense.
What the hell happened to Windows Live OneCare? You know, paying customers?
What does the MSE release say to the people who paid for that Microsoft AV program, among other OneCare services?
The message is pretty clear: "Pay Microsoft and get screwed." Get your OS software for free, because it is nearly free when you buy a new PC. The entire expectation they are building into the market is "Our product and our word is worthless." Releasing this almost seems like an admission that they can't fairly compete in AV products.
Which also says to me "Illegal product dumping." Symantec and CA should sue them silly. This is definitely not a fair way to enter the AV market, not even for the "free" AV's because it absolutely kills their upsell business. I expect DOJ action, or a joint lawsuit on this. A class-action from the OneCare people wouldn't be out of the question either, if they aren't offering refunds to recent purchasers. This release is criminal, in my mind, and utterly undermines the concept of proprietary software that you pay for because it is worth it.
The message to the end-user is: "Our software is not worth buying." The message to the entire security sector is: "Thank you for covering our backsides for all those years, now piss off."
Ugly. This kind of bad faith could (and IMO should) hurt Microsoft. I don't know what they're thinking out in Redmond. They need to rally around the Windows 7 release, not insult vendors and their paying customers.
--
Toro
Re:Piracy love/hate (Score:3, Interesting)
Disappear - yes, they may not notice. Start telling everyone that WinXP is insecure and actually have a proof - damn they will care.