Microsoft Security Updates for Pirated Windows?

zachlipton writes "DSL Reports has an interesting question posted: should users with pirated copies of Windows be allowed to download security updates, such as for Sasser? Apparently, without a valid CD key, users cannot download these updates. Do they get what they deserve, or should they be allowed these updates through Windows Update in order to reduce the impact of these worms on the rest of the net? Should security updates only for worms be made available to pirated users, or also updates for issues that while not posing a risk to other internet users, would open the pirate up to a security hole?"

Already a technical error...

[Anonymous Coward]

Bull. I update my pirate copies of XP all of the time.

Beta versions and corporate license CDs

[frenztech]

I've seen several "corporate" XP cds floating around, as well as some beta versions which contain all XP functionality once patched through Windows Update.

Microsoft disables some CD keys already which are known to be pirated, but I wonder how many valid corporate group cd key installations there are which have been pirated. In that case, it really wouldn't be feasible for MS to disable that cd key, as it would disable that entire company, etc.

For a while...

[HFactor_UM]

...I was using a pirated version of Windows XP. I'm now using a 100% legit copy, thanks to the MSDNAA [umass.edu] and Microsoft's attempt at farming software dependencies.

It's probably in everyone's interest to give out patches to all, even those that Micro$oft knows are illegal copies, as it probably impacts the spread of viruses such as Sasser more than it does their pocketbook.

Re:What about MSDN windows

[Satan's Librarian]

Actually, they do. You have to request a key online on msdn.microsoft.com in the subscribers area, and you get one that's tied to your account - generally good for 10 uses for a professional-level MSDN subscription. It's rather a pain in the arse really, because it means that for those you have to be extremely careful with the number of times you activate them - which can put a bit of a crimp in your plans when you want to run a large test farm for a product with more than 10 PC's.

XP and Longhorn-beta are special that way. Most other packages (2000 included) have generic MSDN keys.

Windows Xp Sp2 Latest Build

[Anonymous Coward]

The latest build( released in the last 4 days ) of the xp service pack2 beta, blocks a whole range of keys. People who have been using the corporate version of xp, using a keygen will find it will find it needs activating when the apply service pack 2.

The keygen(a very very very popular one) generates product keys in the range 640-645. SP2 turns activation back on when it detects this.

xp updates

[arfuni]

I'm pretty sure that most copies of pirated XP floating around (the keyless corporate versions) will let users install everything but service packs. I don't know a lick about international piracy, but I imagine it's the same software.

Not sure what's going on exactly...

[Robotech_Master]

I downloaded the patch to Win XP against Sasser [microsoft.com], and it never even asked me for a CD key. (Which, given that I don't know where mine has gotten to now, is a good thing.)

Re:Microsoft is not a charity

[Anonymous Coward]

It does require a CD key, it's just that Microsft blacklisted some some well known cd keys, like the one starting with FCK...

Re:What about MSDN windows

[Soko]

You would be wrong.

Last time I had an MSDN sub, all the products that required activation off the shelf also required activation when installed from the MSDN CDs. That includes Windows XP, Office XP, Visio 2002 and Windows Server 2003. IIRC, even VS.Net requires activation.

Microsoft ships you all of thier patches with the MSDN update CDs too, so you can test your application and find out what thier latest patches broke and why.

As I said, I haven't had access to MSDN for a couple of years, but I imagine this would still be the case.

Soko

Re:Not sure what's going on exactly...

[StevenMaurer]

Ah yes, but if you actually try to run it on an unpatched system still vulnerable to Sasser, it will ask you to upgrade. And that upgrade requires a key.

I had to do this just a couple hours ago -- on my Tektronix scope (that happens to run Win2k).

Re:Hey lets support the thieves!

[mentin]

They can still download security updates from download area. You don't have to use windowsupdate.com to get updates. Go to technical bulletins, select one that you want to patch, download stand-alone fix.

Re:Updates

[Dun Malg]

Uhhh, you can still download updates with a pirated version of Windows Xp. There are many programs that anyone can easily download, that will generate, and put to use a new serial number that will allow you to use Windows Update.

Even better than that is "Reset5". Updates are allowed for unactivated XP installs that are still in the first 30 days. Reset5 is a little service that runs at startup and magically keeps that 30 day grace period timer set at 30 days. This is actually more than just a handy tool for pirates. I personally use it on my legitimate copy of XP Pro because the stupid piece of crap DE-ACTIVATES ITSELF if I change more than a couple pieces of hardware (something I do with remarkable frequency).

Re:Not sure what's going on exactly...

[|<amikaze]

If they key started with FCKGW then it is considered "Invalid". There were a few other keys that were considered Invalid too. Attempting to install SP1 with one of these keys would pop up a message saying that there's a license problem.

FCKGW-... being they key that was commonly distributed with the first major pirate release of XP (Devil's own).

Re:Windows Xp Sp2 Latest Build

[Powerdog]

If you look at your System Properties, on the General tab it should say "Registered to:". In that section is a number of the form NNNNN-NNN-NNNNNNN-NNNNN. It's the second group of Ns that the poster is referring to (640-645).

Don't use Windows Update

[Gary Destruction]

Go to the Microsoft download center. [microsoft.com] Use the Microsoft Network Security Hotfix Checker Tool [microsoft.com]
Or better yet, use the Microsoft Security Baseline Analyzer Tool [microsoft.com] which includes Hfnetchk.exe.

Windows Update actually deletes downloaded updates once they're installed. You can try to retrieve them before they're installed. But it's easier to just download them from the download center. That way you can qchain 'em if you do a reinstall.

They CAN download security updates

[Zarxrax]

I know people with pirated windows, and they download all the security updates, straight frmo microsofts site. MS makes them available to everyone. You just can't get them off windows update. You can still find them by searching through the site the old fashoined way though.

Google, anyone?

[monkeyfamily]

http://www.microsoft.com/technet/security/tools/mb sahome.mspx [microsoft.com]

"I'm Feeling Lucky", even.

Re:Read carefully

[Anonymous Coward]

It all depends on where you live, in Australia we have a law which says that all terms and conditions must be presented before or at point of sale and that any thing after that is entirely null and void, the M$ EULA fits entirely into this category. The question is do you want to take them to court over it? if 14 states and the DOJ failed what makes you think you stand a hope in hell..

Re:Tricky situation...

[users.pl]

I can confirm this. I've been paid to perform hundreds of installations of pirated Windows, along with providing the pirated CD. My work is cheaper than paying for the legit service and provides the same result. The commoners and technophobes could care less about the details other than a cost-benefit analysis, so they eat it up and I turn a tidy profit eating into Microsoft's bulging one.

Re:What about MSDN windows

[$exyNerdie]

even VS.Net requires activation
Not true for VS.NET. Not for VS.NET 2002 and VS.NET 2003 at least...

Re:What do you expect?

[innocent_white_lamb]

Since when is it their responsibility?

Since they started distributing software that interferes with the stability of everyone else's networks, of course.

Re:Just pirate the patches

[jawtheshark]

That depends... I don't run Windows XP (I run Windows 2000 and Mac OS X), but if I did and if it was a pirated copy, my box wouldn't get infected. Simply because I'm cautious and I have a nice firewall (different box, running OpenBSD). I know, I know, a firewall is just one level of security and doesn't guarantee a full comprimise. It still ensures that I'd be safe of worms like Sasser. A lot would be solved if all users on broadband would have a firewall (preferably a hardware one). I'm pretty sure that many pirates of Windows XP are computer-literate and know how to enable the built-in firewall of XP.

Pirate doesn't equal stupid, it just equals "too cheap to buy a version of Windows". As other posters have stated: Microsoft owes *a lot* to pirates. Imagine what would have happened if Windows 95 would have had "real" copy protection. The migration would have happened a lot slower. Heck, I only "upgraded" to Windows 95 in 97. From OS/2 that is. I loved OS/2. *sniff*

Re:What about MSDN windows

[Anonymous Coward]

Corporate versions are easy to find. I use one at work constantly. Although we have a valid license for every system (who knows when the BSA may come knocking), I keep it for upgrades to the systems or re-installs. Wasting my time for 1/2 hour to get a new registration number is just not productive.

Funny thing about that: although Microsoft claims that they will allow 2 (or 3??) automatic registrations over the 'net without calling, I have found that not to be the case. Since XP was released, reg process for win2k or office2k always reports server down or too busy and then I must call. I haven't gotten any flack from the flunkies passing out reg numbers, but the 1/2 hour wasted is a pain. Microsoft has forced me to pirate a copy of their software to use valid licenses.

Re:What about MSDN windows

[Anonymous Coward]

Which is why there is a Key Generator available on the internet so you can get a non-blacklisted key.

Upgrade works OK for pirated WinXP

[dimss]

95% of Windows installations here in Latvia are from pirated CD. WindowsUpdate works fine for them. Installing and updating of pirated software is eevryday duty of 95% of IT-people in eastern europe.

Re:Beta versions and corporate license CDs

[forged]

People w/o a valid SP1 key, please I implore you, don't look over this way [omnitechdesign.com] =)

Re:What about MSDN windows

[Anonymous Coward]

It isn't. It's called Corporate Pro, and was pirated by Devilsown about a month and a half before Windows XP Launched. You think the Warez community would bother with anything less than the best? Remember, money is (literally) no object to them.

The few pirates I know are all running Advanced Server and Datacenter when they feel like running Windows.

This is False Information

[toaster13]

I'd like to point out to everybody that this is a moot point. You CAN get the update regardless of version a regardless of whether you have pirated your copy of XP. Just see: this [microsoft.com] to download the appropriate version of the update.

Actually, most software in Asia *is* pirated.

[Earle Martin]

Are you racist or something?

Who modded this flamebait tripe as "insightful"?

Perhaps you were ignorant of the fact, but:

In Asia, nearly 54 percent of software programs were pirated. Reducing the rate 10 points to 44 percent by 2006 could create 1.1 million new jobs, increase economic growth by US$170 billion, and generate another US$15 billion in tax revenues.

- according to the Business Software Alliance [bsa.org].

Re:What about MSDN windows

[pmc]

The list of MSDN products that require activation are:

FrontPage Professional 2003
Office 2000 Premium (Brazil & Chinese Versions)
Office 2003 Proofing Tools
Office Professional Enterprise Edition 2003
Office XP Suite (Retail)
OneNote 2003
Project Professional 2002
Project Professional 2003
Project Standard 2003
Publisher 2002
Publisher 2003
Small Business Server 2003
Visio 2002 Professional
Visio 2002 Professional (Chinese Versions)
Visio Professional 2003
Windows "Longhorn" Client Preview
Windows Server 2003 Enterprise Edition
Windows Server 2003 Enterprise Edition (64 bit)
Windows Server 2003 Standard Edition
Windows Server 2003 Web Edition
Windows XP Home Edition (Retail, MSDN)
Windows XP Media Center Edition
Windows XP Professional (64 bit)
Windows XP Professional (Retail, MSDN)
Windows XP Tablet PC Edition MSDN

BTW - retail just means you can use the product for real, and not just for test purposes (this comes with the MSDN universal licence). You are limited to an initial 10 installations (but you don't have to activate every install - 60 days for OS and 50 users for office products). If you use up your 10 uses you can get more activations (I believe - I've not actually tried this).

Comment removed

[account_deleted]

Comment removed based on user account deletion

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Yes we should all pay for this too

[Anonymous Coward]

Won't work... the keys on preinstalled windows are OEM keys. They won't work on a copy of windows that you install from a retail disk, or indeed, install at all. They only work with "restore discs" from your manufacturer.

Re:What about MSDN windows

[Spiked_Three]

I've had an MSDN subscription for years and it has never been a pain in the ass. For temporary test farms you do not even need to activate windows, and that is clearly spelled out in your MSDN agreeement. I know I've activated permenant development machines probably 30-40 times, and again, it has never once been any effort at all. Quit blowing smoke.

Re:What about MSDN windows

[jridley]

You've never been to Asia, apparently. I've talked to several people who have been there, and they were just amazed. There are stores operating openly in malls there that carry NOTHING but pirated software and music. They say everything's a buck a disc. You want The Matrix DVD? $1. Microsoft Office? $1. A music CD? $1.

I've seen articles where they interviewed shop owners, and they just didn't understand what the problem was. They considered the *DISCS* to be the product, not the content, and said they didn't understand, they bought the discs for x, they sell them for x*2, they're doing nothing wrong, what's the problem?

Another friend said it's about the same in Russia, though less open. For about $15, you can buy a CD pack containing Windows, Office, and a selection of games and stuff. Even when someone has the legitimate software, they sometimes use the "pirate pack" because the pirates take the time to have the properly localized versions of everything already set up. I think the Russians know that what they're doing isn't considered "right" though.

Certainly there are big pirating operations everywhere, but in some countries, pirating is the norm, and nobody thinks twice about it.

Re:What about MSDN windows

[Sunda666]

too true, but not anymore... the guys at SRF seemed to come to their senses and released
a java version of the proggie this year (IRPF2004). Runs on OsX, Solaris, Linux, anywhere
that the sun JDK runs. Used it this year and it is very nice. Check it in 2005.

cheers.

Re:What about MSDN windows

[Satan's Librarian]

Perhaps you have a volume license agreement with volume keys, a corporate version of XP, or did not perform installs on 30-40 substantially different PC's. I've always had an individual Professional level subscription. With either, you may reinstall multiple times to a single PC so long as that PC's hardware does not change dramatically without decrementing your usage count more than once for that given PC.

However, there is a limit to the number of different/reconfigured PC's you can install to using the provided key, and yes tracking that can be a pain in the ass. I've worked on projects where we needed to test on lots of PC's over a multiple month period, and we ended up having to basically make a pool of keys from multiple subscriptions so that people with more extreme requirements (like the device driver guys) wouldn't run out of activations.

Yes, we could have constantly reinstalled without activating or kept calling MS tech support, but both of those also qualify as a pain in the ass in my book.

Suck your [microsoft.com] own [extremetech.com] smoke [google.com].

Re:Hey lets support the thieves!

[FuzzyBad-Mofo]

My textbook says, "In one form of dumping, a company sells products abroad at prices below its cost of production. In another, a company exports a large quantity of a product at a lower price than the same product in the home market and drives down the price of the domestic product." (Contemporary Business, 11e). Dumping is an illegal pratice. Of course, that's never stopped Microsoft before. They come from the school that believes laws are just "guidlines" and use their huge cash reserves to pay off any indiscretions.

Re:Read carefully

[optimus2861]

How can an EULA make you stop using the software? Yes, I know there's all the legalese about how the EULA "grants" you the right to install & use the software, but it runs right up against Section 117 of US copyright law that says the owner of a copy of software has the right to install & use that copy on a machine link. [copyright.gov]

So right off the bat the EULA is lying. You already have the right to install and use your copy of the software; Microsoft can't grant you what you already have. Now, nothing says you can't give up this right in a binding contract, so MS would have to successfully argue before a judge that the EULA is a binding contract in order to hold you to its terms.

Fat chance, says I. I can think of a couple of defences right off the bat: coercion (if I don't want to agree to the EULA but exercise my statutory right anyway, the software gives me no means to do so), no consideration (MS doesn't give me anything in exchange for agreeing to its terms), and some take on first-sale doctrine (I bought my copy from a third party, not MS; MS shouldn't get to impose additional terms on me after a sale it wasn't even involved in).

MS has never even taken an end-user to court to attempt to enforce its terms, either, to my knowledge. They came up with product activation instead to act as their own judge.

Two notes: this scenario wouldn't apply to commercial use of the software, especially for firms that sign license agreements before any copies of software change hands; and this assumes you could afford to fight off the MS-megabuck lawyers in the first place.

(Insert usual IANAL disclaimer here.)

Re:I can't believe this question even deserves...

[Junta]

-1, Clueless.

That isn't a point of contention, read at *least* the summary before going off the handle. This is not about security updates for the benefit of the pirate end user, but the impact of having pirate end users incapable of getting security updates propogating worms that make the rest of the good community suffer.

On remote-exploit security updates, now that I see this circumstance, I think they should apply no matter what. Now feature enhancements and reliability fixes for the end user, those should be denied. Those fixes not being applied are far more annoying to the typical end user anyway, so MS would improve the community by fixing even the pirate systems in the ways that impact the community, but keep things hard for the pirate users by leaving their system extra buggy (even above and beyond the normal Windows experience).

me too

[Anonymous Coward]

I wiped the XP offering from this box too (with Debian). So here's my useless key for you to enjoy:

XVJW8-DB93F-2R2XD-XGB3D-3788D

To illustrate how crap things have become with preinstalled doze, my Sony didn't even come with a CD!

Re:What about MSDN windows

[Satan's Librarian]

You are aware that I said 'multiple developers' and 'multiple subscriptions' and 'testing' which is usually considered a part of software development? What's your point?

Okay, here, I'll slow it down a bit for those that don't grok the problems here...

Say I want to test a piece of software with 10 PC's simultaneously for 3 months without reformatting them. That's fine by the license - just activate each and go for it.

Now say I get two new machines in with completely different hardware that is supposedly having an incompatibility with the product. I remove XP on two of the old machines that have proven to work well with the product and do a format, then send them off to IT to be used for whatever. The licensed software has been removed - you'd think one could install it on the two new machines now and run for three more months without problems, yes? No, because of the stupid activation limitations. That's scenario 1.

Now, howabout a situation where there are 2 developers, each with his own MSDN license. Both are working on a single project, but their testing needs are different. Developer A needs to do a lot of different OS/configuration testing, but the actual hardware doesn't matter that much - let's say he's the apps guy. Developer B needs to test on every variation of hardware he can possibly get his hands on, because he's the driver guy working on a USB device. Because of the large variety of USB implementations out there (many of which are flawed in their own special way), he really needs to do hard-core, long term testing on several different machines. So, Developer A and Developer B pool their resources - both are working on the same project within a single room, so it makes sense that they should be able to do that. A gets 5 machines, B gets 15.

Now, combine the two situations and add more developers over a longer period of time. What you have now is a clusterfuck. Despite the fact that your team has legitimately purchased enough licenses to run on all the machines they have at any one time, you now have a definite possibility of a license shortage and you're forced to keep a list of all of the developer keys with tallies on how many times each has been used so you'll have known keys available when it comes time to remove old/broken/obsoleted test machines and bring in new ones.

Now, to add another issue in the mix - if you renew your subscription, you keep the same key and don't get additional reinstalls. So, either you beg your representative to refresh your key or give you a new one, or you're even more limited on test machines unless you cancel your MSDN subscription and buy a new one - getting 10 more installs in the process.

Got it?

Re:Hey lets support the thieves!

[Anonymous Coward]

You cannot install service packs without a valid CD key, neither from windows update, or downloaded. If you have one of the infamous 'corporate' xp keys, it will not let you complete the install. There is a workaroud, however. You can generate a CD-Key and modify your installation's key with simple software tools and a few minutes.

Re:And the truth comes out on Slashdot...

[the pickle]

Microsoft have, um, a bit of a reputation problem as it is :-) and I can't imagine it'd get any better if it became public knowledge that their security updates sometimes deleted the operating system.

Yeah, like that [computerworld.com] hasn't [computerworld.com] happened [stargeek.com] several [netcraft.com] times [securitypipeline.com] already [macobserver.com].

p

Re:Yes we should all pay for this too

[arkanes]

It's actually a little more complicated - at one time (I don't know if this is still true), EVERY major OEM and most minor ones had Windows OEM licenses. The agreement for that license (which got you Windows priced cheap enough to be competetive) required that you pay MS for every PC you sold, whether Windows was shipped with it or not. Therefore, the price for pretty much every PC you could buy included the price for an OEM copy of Windows. THAT was the "Windows Tax" and it was an issue in the antitrust case.

Re:Yes we should all pay for this too

[arkanes]

There was anther (or this may be the same one you're thinking of) involving adobe, where a company bought bundles of Adobe software, cut them open and resold the individual titles. Adobe got pissed off and sued, but the court decided that right of first sale and lack of a formal agreement basically meant that Adobes EULA didn't apply. This was in a CA district court, not federal.

Re: prices below its cost of production

[Anonymous Coward]

That is the key tenet of this argument - MS is not guilty of dumping when the actual cost of *production* per CD is quite low.

Software created (lets just say once) and then put into production - millions of CDs are stamped with the SAME code!!

Therefore cost of production is eXtremely LOW!!

-
I have a /. name - just cant remember the d*mned thing.....

Re:Actually, most software in Asia *is* pirated.

[Puff Daddy]

People who pirate software are breaking the law and it is not "ok," but if the pirates never had the money to purchase in the first place, their pirated copy can hardly be counted as a loss. Whether or not it was ok for them to do it has nothing to do with it.

Re:Yes we should all pay for this too

[morcego]

If you accept the EULA, you are not prohibited from selling your copy of Windows -- you have an inalienable right to do that; just like selling a used book, CD or video cassette. It is an offence for anyone to try to persuade you that you do not have that right.

You are actually wrong about this. You don't buy a copy of Windows. You buy the media and manual, and pay for the rights to use Windows (ie. LICENSE). So you don't actually own it to sell. Non-transferable rights are everywhere to be seen, and enforced many times over on different courts all around the world.

If you don't agree with the EULA, you still can't resell it. You can, however, return it for a full refund. I know of many people who did this: got a computer with windows, and returned the windows license to Microsoft (or an authorized office) for a full refund. This is, so far, the only legal alternative. If someone know of any court rulling otherwise, I would be happy to receive a link to the rulling.

Unless someone whats to take the pain to go to court, and prove that this is wrong, this is how it works.

Re:Actually, most software in Asia *is* pirated.

[Ironica]

He also claimed that if they gave a statistic saying 10,000 people pirated a $5,000 piece of software, it wouldn't actually equate $50 million in losses because many of those people wouldn't have purchased the product in the first place. That's what I was arguing against. You just can't say that, because it actually legitimizes piracy.

What planet are you reading from?

In order to lose $50 million, you have to actually *have* that $50 million, or some way of obtaining it. If you stop those 10k people from pirating that $5k piece of software, you don't get $50 million from it. You get 10k fewer people using the software. It's not the same thing as losing, or gaining, $50 million in sales.

This simple fact of arithmetic has ABSOLUTELY NOTHING to do with whether you believe software piracy is right, wrong, or purple.

Great and all

[Anonymous Coward]

Great and all, but that is just another key that MS will ban when SP2 comes out.

Re:Hey lets support the thieves!

[Myopic]

Just remember: it's not that Microsoft thinks it can get away with breaking the law; rather, Microsoft realizes it can get away with breaking the law.