Forgot your password?
typodupeerror
Security Operating Systems Software Upgrades Windows Your Rights Online

Microsoft Security Updates for Pirated Windows? 1096

Posted by CowboyNeal
from the recalls-for-stolen-cars dept.
zachlipton writes "DSL Reports has an interesting question posted: should users with pirated copies of Windows be allowed to download security updates, such as for Sasser? Apparently, without a valid CD key, users cannot download these updates. Do they get what they deserve, or should they be allowed these updates through Windows Update in order to reduce the impact of these worms on the rest of the net? Should security updates only for worms be made available to pirated users, or also updates for issues that while not posing a risk to other internet users, would open the pirate up to a security hole?"
This discussion has been archived. No new comments can be posted.

Microsoft Security Updates for Pirated Windows?

Comments Filter:
  • by superpulpsicle (533373) on Friday May 07, 2004 @01:34AM (#9081055)
    I am pretty sure MSDN version of windows XP don't have activation keys and such. Does that mean they can't upgrade?
    • by Satan's Librarian (581495) * <mike@codevis.com> on Friday May 07, 2004 @01:40AM (#9081114) Homepage
      Actually, they do. You have to request a key online on msdn.microsoft.com in the subscribers area, and you get one that's tied to your account - generally good for 10 uses for a professional-level MSDN subscription. It's rather a pain in the arse really, because it means that for those you have to be extremely careful with the number of times you activate them - which can put a bit of a crimp in your plans when you want to run a large test farm for a product with more than 10 PC's.

      XP and Longhorn-beta are special that way. Most other packages (2000 included) have generic MSDN keys.

    • It is fair to say that all the pirated versions of windows in china and south east Asia infected with a virus can easily overwhelm any network.

      It would be wise to provide patches for everyone.
      • by Brad Mace (624801) on Friday May 07, 2004 @03:03AM (#9081546) Homepage
        I agree. I understand why they would like to 'punish' pirates, but infected computers hurt *everyone*. /.ers already know that even linux and mac users are affected by major windows viruses. Often the users of infected computers don't even notice, yet they can interfere with huge numbers of other users.

        Restricting patches guarantees hackers a healthy number of drones to use in DDoS attacks, and runs counter to all the other efforts focused on getting users to keep their systems up to date.

        • by Donny Smith (567043) on Friday May 07, 2004 @03:37AM (#9081668)
          Yeah infected computers hurt others but most themselves. I don't give a damn if my neighbor's Windows XP is falling apart because
          a) He either doesn't give a damn about security and hasn't updated OR uses an illegal copy which can't be updated
          b) My own systems are well protected (or perhaps run Linux, etc.).

          Microsoft has no obligation whatsoever to provide any freebies to folks with illegally copied (the P word - "pirated" - seems to be politically incorrect here at Slashdot) versions of Windows. People are not _supposed_ to use such software anyway - Linux and Mac have been viable long before 2001 (Windows XP), I don't see how anyone could have been "locked" into using an illegal copy of Windows XP.

          I propose that Slashdotters who care buy Windows licenses for the underprivileged, the stingy, or the lazy (lazy to learn Linux). Or provide them with free migration (Win->Lin) service.

          (Speaking of updates - if Windows updates should be free, why aren't Red Hat Enterprise Linux security updates free? That's even more critical because it's mostly servers than run this OS. So much for balanced reporting on Slashdot).

          • by pantherace (165052) on Friday May 07, 2004 @04:07AM (#9081773)
            RedHat's security updates are free: in SRPM form, which means you get to compile them, and you can redistribute them.

            Why? RedHat decided to make people pay for service, and considered compiled updates part of the service. Fortunately they still follow the "Always Open" part, and you can download all of RedHat Enterprise Linux & build it yourself. (Why someone would do that, and not just run gentoo is beyond me. (Maybe they like messing with RPMS & they annoynce they are to rebuild & install?))

            Yeah, it is an issue that should be addressed, but people have already. As many people have pointed out: Corperations are often not very wise. (case in point: Red Hat canceling their desktop version, which has led people to change distributions very quickly)

            However, what obligation does Red Hat have to provide those that they don't have a contract with updates? They and Microsoft don't. (Nor does anyone who uses BSD or GPL software: your warranty was where? and your contract was what?) It's just that people who write software or package it tend to not want to have their reputation on security sink to as low as IIS or genuinely want to help others.

          • by kormoc (122955) <{moc.liamg} {ta} {comrok}> on Friday May 07, 2004 @04:07AM (#9081775) Homepage
            Ok, think bout it this way. Your neighbor's Windows XP is now 'owned' by a script kiddy who just ddosed lets say google and actually knocks it off line for a few hours. Hard, but not impossable. Now you can't touch google, google gets hit with a large assed bandwidth bill, and loses respect with the marketing droids.

            So even though your systems are untouched, it still affected you.

            Or lets say your neighbor's Windows XP was used to send tons of spam and thus your isp blocks smtp/pop3 ports so you can't setup your own mail servers, or ftp or http or lots of others, once again, your systems are untouched, but it still can affect you.

            Microsoft has no obligation whatsoever to provide any freebies to folks with illegally copied versions of Windows.

            This is true, but that doesn't mean that it's not going to happen anyway. For example, your neighbor might not even know his/her computer is using illegal software, maybe johnny from down the street set it up for them and just let it go. I know, they should know better, but the fact is, most people just don't. Not giving people updates for no reason they can figure out won't go over to well to microsoft's customers, imho at least.

            I don't see how anyone could have been "locked" into using an illegal copy of Windows XP.

            Noone has, but linux is *not* for everyone. My aunt can use windows because that's what she knows. She could learn linux, but it's too much of a bother for her. Same for mac os. she could learn it, but why bother because what she has works. Now her copy isn't illegal, but there are people like her out there who are using illegal copys.

            I propose that Slashdotters who care buy Windows licenses for the underprivileged, the stingy, or the lazy (lazy to learn Linux). Or provide them with free migration (Win->Lin) service.

            Someone should setup a fund for the windows licenses, so how bout you start it? I'm sure Microsoft wouldn't mind in the least.

            With the free migration service, most LUGs offer a lot of free help and some even have install fests to help install and set it all up for you. The problem is, are you willing to hold people's hands as you walk them though learning the material? Sometimes requiring it to be gone over a few times before the person understands a 'simple' idea? What happens when something goes wrong? Are you going to be willing to go trouble shoot for hours if needed? There's only so much volenteers can do for free.

            (Speaking of updates - if Windows updates should be free, why aren't Red Hat Enterprise Linux security updates free? That's even more critical because it's mostly servers than run this OS. So much for balanced reporting on Slashdot).

            Well, if you think about it, the updates are free, they just aren't prepackaged for your computer. Any compitant admin can install a program from source to fix a problem, so it's more you pay for conveinence.
          • The "P" word (Score:4, Insightful)

            by orasio (188021) on Friday May 07, 2004 @11:32AM (#9084843) Homepage
            Microsoft has no obligation whatsoever to provide any freebies to folks with illegally copied (the P word - "pirated" - seems to be politically incorrect here at Slashdot) versions of Windows.

            The word you are looking for is "copy". Every copy is illegal to the eyes of MS.

            Anyway, "pirate" is a stupid word to use for someone who copies a piece of software. Pirates attacked ships, robbed, raped, killed. There is a difference. Using the word "pirate" is making the assumption that making unauthorized copies of software is equivalent to killing, raping and robbing. It's just a marketing thing that was used by record companies, and it just worked. Now we are using a word that describe a killer, to talk about a person who copies a CD. Think "diamonds are forever", that's a marketing thing that just worked, even though it's not true. It sounds good, and most people who don't know better, believe it's true, while it's just a marketng thing. The problem with the "P" word is that if we keep saying that copying CDs is as bad as raping, killing and robbing, people who don't know better start to believe it's true. That's the power of the language.
            In Uruguay, my country, people who don't know what they are buying, get a computer with a copy of Windows preinstalled (that trend is changing), for which Microsoft gets no money, and know nothing about licenses. I'd rather not call them pirates, just stupid.
      • by gujo-odori (473191) on Friday May 07, 2004 @04:00AM (#9081745)
        I used to live in SE Asia. I have experience with the warez shops there. While I personally was running Linux (it took me over a week to download a set of Debian ISOs!), just about everything and everyone around me was running Warez. It's hard to find anyone in Viet Nam who can afford legitimate, licensed copies, and even harder to find anyone who sells them, unless you buy a new machine (Dell is there, IBM is there, I think HP is too) from a major foreign vendor.

        The warez version of XP Pro for about a buck any software shop will install most XP patches, but will not install SP 1. SP 1 recognizes the key as bogus and refuses to install.

        In any case, it hardly matters. People are on slow and unreliable dial-up connections. DSL is almost unknown. ISDN is not available at all, as far as I could tell. Hardly anyone has the bandwidth to actually patch their machines, and even fewer people have the knowledge or interest (even fewer than here). There are some really great programmers and admins in Viet Nam, but just like there, those highly knowledgeable people are a tiny minority. Most people with computers neither know nor care about anything like keeping them secure.

        So even if MS made all patches available to warez versions of Windows, it would hardly matter in many parts of the world, because the people running them couldn't and/or wouldn't apply the patches anyway.
    • by Oriumpor (446718) on Friday May 07, 2004 @01:48AM (#9081166) Homepage Journal
      There are corporate CDs out there that have been available for quite some time they only require a valid "volume license" cd key to operate. In point of fact, they ignore the stupid Activation BS and are what we use for Unattended installation scripts since they don't require activation once installed.

      Then again I'm not an active member in the Warez community. I would assume something like this would be near holy grail status.
      • by Anonymous Coward on Friday May 07, 2004 @02:32AM (#9081400)
        I'm not exactly 'part of the warez scene' either, but I was easiy able to find corporate editions of XP, win2k, office, and so on, via p2p networks. Valid serial numbers that still allow windows updates are even easier to find.

        I quite frequently use them when I have to reinstall friends computers, because even though they already have an OEM copy of XP home it's tedious going through the activation process for Windows, Office, and whatever other crap got bundled with the computer. They paid for windows with the computer, they get windows. I don't have any ethical problem with it.

      • by Anonymous Coward on Friday May 07, 2004 @03:10AM (#9081567)
        Corporate versions are easy to find. I use one at work constantly. Although we have a valid license for every system (who knows when the BSA may come knocking), I keep it for upgrades to the systems or re-installs. Wasting my time for 1/2 hour to get a new registration number is just not productive.

        Funny thing about that: although Microsoft claims that they will allow 2 (or 3??) automatic registrations over the 'net without calling, I have found that not to be the case. Since XP was released, reg process for win2k or office2k always reports server down or too busy and then I must call. I haven't gotten any flack from the flunkies passing out reg numbers, but the 1/2 hour wasted is a pain. Microsoft has forced me to pirate a copy of their software to use valid licenses.
  • by Anonymous Coward on Friday May 07, 2004 @01:36AM (#9081063)
    Pirates should get updates as much as they get support from any other product they stole: Zero.

    Want software without paying for it? Use Free Software. Theres heaps of it.
  • by britneys 9th husband (741556) on Friday May 07, 2004 @01:36AM (#9081064) Homepage Journal
    If they can pirate the operating system, why can't they just pirate the patches too?
  • Well (Score:5, Interesting)

    by 222 (551054) <stormseeker@@@gmail...com> on Friday May 07, 2004 @01:37AM (#9081074) Homepage
    If they cant download the updates, and havoc is all the more extreme because of poor MS coding, it only shines a brighter light on alternative operating systems.
    Ive been saying forever that the year MS perfects its anti-piracy technique really WILL BE the year of the linux desktop, and this (at least in my eyes) is a step closer to that.
    • Re:Well (Score:5, Interesting)

      by praksys (246544) on Friday May 07, 2004 @01:53AM (#9081206) Homepage
      You hit the nail on the head. MS has no obligation to pirates, and no responsibility for the problems caused by pirates. But the problems caused by these insecure windows machines are a PR black-eye for MS, a pain for their paying customers, and a great reason for the pirates to switch to free software. If the pirates switch then that will eventually cut into the network effect [wikipedia.org] value of windows. If MS had any sense they would provide the patches to all. Fortunately I think it is unlikely.
      • Re:Well (Score:5, Interesting)

        by thogard (43403) on Friday May 07, 2004 @02:45AM (#9081450) Homepage
        MS has an obligation to ensure that their products do not cause harm to others according to nearly ever product safety law in the world. If you steal a Ford pickup and it needs a recall and you kill someone as a result of the defect, Ford won't be let off the hook.

        One of these days Microsoft is going to get nailed by a "innocent third party" law suit and then the avalanche of law suits will start.
      • Re:Well (Score:4, Interesting)

        by ReallyQuietGuy (683431) on Friday May 07, 2004 @07:07AM (#9082331)
        If the pirates switch

        why do you assume they won't just switch to paid Windows?

        "damn it sucks, my windows doesn't work anymore, all this worm stuff on it makes it really fucked up, i can't patch it 'cos, well, its pirated"

        "hey man, just try this CD, it's got this great OS on it and it's called Linux, sorry I mean GNU/Linux, and not only are the security updates free, the entire OS is free and legal!"

        ##next day##

        "hey, man, i dunno what the thing is that you gave me, but i dunno how to use it, and they tell me none of my (also-pirated) games work on it, so i'm gonna go to the store now and cough up that money for windows, thanks anyway"

        you're rated +4 interesting now, but it looks more like +5 wishful thinking. there's a whole ecology around windows that doesn't go away. unless linux can become in some way a "drop in replacement" of windows (distribs with WINE bundled are headed that way but is not there yet, and MS may yet find a way to stop it), any switchers-to-linux will be negligible.

        best of all, winxp's firewall WILL stop most of these worms, so whats most likely gonna happen is these guys are gonna 1. reinstall, 2. live with an unpatched pirated windows but with the firewall on.

    • by js3 (319268) on Friday May 07, 2004 @02:03AM (#9081268)
      It is called the Microsoft Baseline security analyzer. It will tell you which updates you need to get and even point you to the security bulletin page to download it
  • Read carefully (Score:5, Insightful)

    by News for nerds (448130) on Friday May 07, 2004 @01:37AM (#9081075) Homepage
    the EULA attached to the security patches, even when you are legitimate owner of a copy of Windows!
    • Re:Read carefully (Score:5, Insightful)

      by codemachine (245871) on Friday May 07, 2004 @02:09AM (#9081304)
      They can be nasty, but what can you do? If you're administering Windows machines on a network, you can't really decide not to update them (at least not without a lot of trouble). Yes, I'd love to get rid of Windows entirely, but unfortunately it isn't my call.

      I really think it should be illegal for them to change your license in an update anyhow. I mean, do the warranty conditions on your car suddenly change drastically when they replace parts in a recall? I'm sure some of you can come up with better analogies.

      They are basically forcing their users to change the licensing deal well after the initial agreement and purchase. But aren't we paying for the license to use the software in the first place (as the EULAs themselves make clear). How can they change the terms of that license after we've already paid for it? I suppose that is in the EULA somewhere too though.

      So basically we pay for a license giving us the right to use their software. And that license may change at any time at their discretion. Especially if the product is faulty and needs an update.

      Considering the cost of the software, the relative functionality compared to alternatives, and these licensing terms, I have to wonder why is it so many people buy this stuff again?
    • Re:Read carefully (Score:5, Interesting)

      by dtfinch (661405) * on Friday May 07, 2004 @02:53AM (#9081490) Journal
      I'll consider it a serious problem when I wake up outside Microsoft's headquarters missing a kidney or other nonvital organs.

      A EULA is not as binding as a contract is. They can say whatever they want, but they're limited in what can actually be enforced. They can make you stop using the software, and not too much more.

      And they won't want you to stop using Windows, because then you'll have to use something else.
  • by Anonymous Coward on Friday May 07, 2004 @01:38AM (#9081078)
    Bull. I update my pirate copies of XP all of the time.
  • Tricky situation... (Score:5, Interesting)

    by Cyno01 (573917) <Cyno01@hotmail.com> on Friday May 07, 2004 @01:38AM (#9081081) Homepage
    Its microsofts perogotive, theyre not in any way required to support pirated versions of their software, and why should they bother. On the other hand, these worms negativly effect everyone. Although if your smart enough to pirate windows (there are some tricks joe sixpack wouldn't know right away) you should be savy enough to get a keygen of kazza or something. Not that thats how i got XP SP1 or anything...
  • by ResQuad (243184) <slashdot&konsoletek,com> on Friday May 07, 2004 @01:38AM (#9081083) Homepage
    Not saying I pirate windows or anything of the sort. But jsut because they dont get patches doesnt mean they wont pirate. It just means that when worms come out, it will be that much worse. Pirates tend to be a lil smarter, and actually keep their systems up to date.

    I would hate to see sasser or code red hit the large percetage of people that pirate, and CANT patch. Internet go byebye!
  • I've seen several "corporate" XP cds floating around, as well as some beta versions which contain all XP functionality once patched through Windows Update.

    Microsoft disables some CD keys already which are known to be pirated, but I wonder how many valid corporate group cd key installations there are which have been pirated. In that case, it really wouldn't be feasible for MS to disable that cd key, as it would disable that entire company, etc.
  • Of course (Score:5, Interesting)

    by HenryFjord (754739) on Friday May 07, 2004 @01:39AM (#9081091) Homepage
    It is fundamentally a companies sole responsibility to ensure that any flaws within its products are fixed. By using their own mistakes as a punishment for people who pirate that are propagating flawed copies of their software. Microsoft should allow any user of their products regardless of if they have a right to it to have updates. They can fight piracy in more responsible and effective ways, for there are other people who use the network.
    • by mentin (202456) on Friday May 07, 2004 @02:01AM (#9081256)
      I think car thefts should request dealer service and free oil change for cars they have stolen too.

      And if one stole a TV from a shop, and TV is broken, he should be able to bring it back and request a replacement.

  • by stere0 (526823) <slashdotmail@NOSpaM.stereo.lu> on Friday May 07, 2004 @01:39AM (#9081095) Homepage

    Why should it have to pay for the bandwidth to support pirated copies? There is no benefit to them.

    Most if not all infected Sasser users around here had legit but hadn't bothered to update. Real crackers use the corporate version of Windows that apparently doesn't require a CD key for updates.

    • by vida (695022) on Friday May 07, 2004 @01:56AM (#9081225)
      Why should it have to pay for the bandwidth to support pirated copies? There is no benefit to them.

      I think, my friend, that therein lies the issue. Think about it for a minute and try putting yourself in MS place... You already developed your software. You already paid for it. You are spending no money in distributing it. You are not supporting in any way the people w/ pirated windows copies. The bandwith costs are negligible. 95% of all the new desktop computers sold pay a forty or so dollars tax to you. You are sitting on 50 billon dollars in fairly liquid assets. You are scared silly of open source advances... why in the world would you not provide free upgrades to a couple hundred thousand computers when the alternative they might chose is what scares you silly in the first place?

      why are we even discussing this again?

  • Support (Score:3, Insightful)

    by Oriumpor (446718) on Friday May 07, 2004 @01:39AM (#9081096) Homepage Journal
    Support is Free ... duh, not like they have to pay for all that bandwidth or anything. They may be able to afford it, but why would any company (ala: Redhat) be forced to maintain something that wasn't purchased? All real property vs intellectual property ideals aside, that's like blaming Ford that your stolen car can't be serviced.

    I have been of the oppinion that App level firewalls at the ISP level (hell even port blocking during worm-storms) is a necessary function. During the Nachi outbreak ISPs were killing ICMP just because of the sheer mass of pings flying around were bring down gear.

    At the very least, ISPs should be responsible for the prevention of outbound malicious traffic, automated or manual (aka: crackers, kiddies etc.)
    When they knowingly ignore the traffic traversing their network and wreaking havoc on others, I am always disgusted.

    Not that my shit don't stink, but if I got a line spewing worm, it gets pulled till it's clean. Thank goodness for the public sector.

    • Re:Support (Score:5, Insightful)

      by ultranova (717540) on Friday May 07, 2004 @02:29AM (#9081383)
      I have been of the oppinion that App level firewalls at the ISP level (hell even port blocking during worm-storms) is a necessary function. During the Nachi outbreak ISPs were killing ICMP just because of the sheer mass of pings flying around were bring down gear.

      How, excatly speaking, can an ISP know which app generated which packet in a remote machine ?

      And ISP-level port blocking is the foulest evil an ISP can commit, far worse than asymmetric connections or hidden monthly usage limits. Port blocking prevents your computer from being used as anything except a simple surf station; even some FTP sites refuse to work. There is absolutely no justification for this.

      Internet was designed to be a P2P network. Do not break it. Especially just because some people insist on using computers without bothering to learn to maintain them (or hiring someone else to do so).

      At the very least, ISPs should be responsible for the prevention of outbound malicious traffic, automated or manual (aka: crackers, kiddies etc.) When they knowingly ignore the traffic traversing their network and wreaking havoc on others, I am always disgusted.

      Yes, it's so simple and straightforward to tell a good packet from a bad. All it requires... is checking the evil bit !

      An ISP is just a traffick carrier. In no way, shape or form, should they be responsible for the actions of their users. If they are, it will be an additional incentive for them to block all the ports from incoming connections, reducing the value of Internet for all and making interesting and important applications like Freenet [freenetproject.org] impossible. But even if they block all the incoming ports, it still won't stop the worms from spreading (by e-mail), it will simply give them an excuse for the Courts ("Hey, we did our best !"). All pain, no gain.

      As this is self-obvious, I must ask: Are you a RIAA mole, trying to destroy the P2P networks ? Or are you a government mole, trying to destroy the capacity of Internet for applications like Freenet [freenetproject.org] ? Or are you just a particularly clever troll who got modded insightfull by a not-so-clever moderator ?

      Inquiring minds want to know ?-)

      • Re:Support (Score:5, Insightful)

        by mcrbids (148650) on Friday May 07, 2004 @03:11AM (#9081576) Journal
        Wow. All or nothin', eh?

        Really. Given the choice between 90% of users being able to use the net, or 100% of users being unable to use the net, which do you choose?

        It's perfectly reasonable to block certain types of packets during times of need. Is it desirable? No - but it's also not desirable to have worms, viruses, trojans, and other malware in the first place.

        Get over it. Idealism on the 'net ended when it became a commercial entity. Now pragmatism is the rule of order.

        If your ISP blocks ICMP during a ping storm (as the grandparent examples) in order to preserve some semblance of service, and you are offended by that, get another ISP.

        And while you are getting over it, get real, too. Freenet is cool, but it's not going to save mankind, and not everybody in favor of pragmatic use of private resources is a fan of the Record Industry Association.
  • by aerojad (594561) on Friday May 07, 2004 @01:40AM (#9081108) Homepage Journal
    Company profits vs. general good of the internet. I really wonder which one they'll choose.

    (note that I left out writing better software)
    • by codemachine (245871) on Friday May 07, 2004 @02:15AM (#9081329)
      Company profits vs. general good of the internet. I really wonder which one they'll choose.

      (note that I left out writing better software)


      Yeah, because writing better software would both cost money and serve the general good. So they have the same choice to make in that regards. We've all seen how they've made that decision in the past.

      A better pick your poison scenario is this:

      Spending money on bandwidth patching unpaid clients
      vs
      Spending money on bandwidth due to DDOS attacks from unpatched clients
  • Who knows. (Score:5, Funny)

    by modifried (605582) on Friday May 07, 2004 @01:40AM (#9081111) Homepage
    Maybe it's something you could get used to.

    Frank: Hey Bob, could I burn a CD on your computer?
    Bob: Yeah sure.
    Frank: Uhh. It says it's going to shut down in 60 seconds.
    Bob: Yep. Gotta work fast.
  • by Anonymous Coward on Friday May 07, 2004 @01:41AM (#9081115)
    The latest build( released in the last 4 days ) of the xp service pack2 beta, blocks a whole range of keys. People who have been using the corporate version of xp, using a keygen will find it will find it needs activating when the apply service pack 2.

    The keygen(a very very very popular one) generates product keys in the range 640-645. SP2 turns activation back on when it detects this.
    • by Jarnis (266190) on Friday May 07, 2004 @02:30AM (#9081385)
      Irrelevant. Once SP2 final is out, a new keychanger will be around within a day or two. Nobody is just bothering with it right now because MS could just block the volume keys in the next build.

      (And obiviously a new corporate edition of WinXP+SP2 with working volume license key will be out - probably even faster than the SP2 installer)

      But way too many warez windows user is *still* using the first Devils0wn release with a blacklisted key. No SP1 for j00. Perfect host for all kinds of viral stuff...

      Even MS knows it cannot prevent it completely, but by making it hard for the joe average user they are selling new licenses. Like when a joe sixpack goes 'updates don't work *again*? And if I don't update, my comp will be hosed this time next week? I need to bother my brother's kid again and let him to mess up my computer while installing some new warez version? BAH I go buy original.'

      This happens pretty damn often - I work at PC repairs and when we get warez windows PC which is unpatched, we clearly say that either you buy a windows license, or all of the non-hardware problems you have are yours. We won't touch it. Certain age group tends to take their PC back and either live with the problems or get the new warez version, but those who don't care if it costs 100$ for an OEM WinXP tend to fork out money and ask us to fix the damn thing for good. They have used a pirated copy earlier because they felt that the 100$ was 'wasted money' - pirated copy worked just as fine. As soon as it suddenly doesn't work just as fine, they see value in tossing the 100$ at MS.
  • by Maddog2030 (218392) on Friday May 07, 2004 @01:42AM (#9081121)
    We need to create an environment where piracy is looked down upon, not encouraged. Giving them updates is simply encouraging pirate behavior.

    If an infected machine becomes such a problem that they're affecting other people, ISP's should simply revoke a users access until they upgrade to the latest patches and remove the virus. A pirated version of Windows wouldn't be able to get the updates and therefore would probably keep on getting the virus, costing them a great deal of inconvience every time their internet is shut off. Not to mention the knowledge that thier machine is going to be swamped with viruses and that their computer will be completely insecure.

    The best way to get rid of pirates is to make the cost of pirating greater than the cost of buying the software (or finding a legit alternative).
    • by l0ungeb0y (442022) on Friday May 07, 2004 @05:06AM (#9081941) Homepage Journal
      You don't get out much do you?

      Ever noticed the amount of spam and worm traffic that comes out of Asia, Russia and South America?
      Do you have any idea how pervasive warez are in China, Thailand and other countries?

      Maybe you haven't noticed all that spam and virii.
      I for one have firewalled, installed spam assassin, razor, run a second set bayesian filteres on my email client and STILL get spam in my inbox and see funky crap in my server logs.

      Ohhh.... and I don't even RUN WINDOWS.
      All my machines are either OS X or RH 9.

      The fact is, microsoft puts out a product and that product is flawed (no ones perfect). By not allowing ALL users of their product to correct those flaws, they harm EVERYONE regardless of OS used. If you're online in any way, shape or form YOU are effected.

      If Ford had such flaws that would cause a car to veer off course defying it's owners control, a recall would be issued and ALL owners would be elligible. Mind you, regardless if they were the 1st, 2nd 3rd or 4th owner or whether or not they had a Ford service plan or were covered under warranty.

      An OS vuln is no different. And by simply ignoring 100,000 pirated copies of windows XP in China they allow for 100,000 virii hosts to spewn spam worldwide.

      Those 100,000 machines then infect your licensed machine, spam my LAN, and cause a fortune 500 tens if not hundreds of thousands in costs per year in associated cost.

      But hey... as long as those damn pirates don't get anything for free I guess it's ok right?
  • by Temsi (452609) on Friday May 07, 2004 @01:44AM (#9081136) Journal
    The simple answer is yes.
    For the common good of the internet, as well as for the sake of protecting Microsoft's already spotty image, they should be allowed to download hotfixes... after all, they wouldn't need them if Micrsoft had done it right in the first place.

    The corporate answer is no.
    They didn't pay for the software and are therefore ineligible for updates.

    My opinion?
    For the common good, Windows should go away. But until then, everyone running it, legally or not, needs to have access to emergency patches and fixes.
  • by Robotech_Master (14247) * on Friday May 07, 2004 @01:44AM (#9081141) Homepage Journal
    I downloaded the patch to Win XP against Sasser [microsoft.com], and it never even asked me for a CD key. (Which, given that I don't know where mine has gotten to now, is a good thing.)
  • by buro9 (633210) <david@ b u r o 9.com> on Friday May 07, 2004 @01:45AM (#9081144) Homepage
    Of course the initial response is to think that those who have pirated copies must not receive updates.

    As with all things though it's seldom that simple.

    When a company such as Microsoft gain a significant share of the market (yes... monopoly), then the damage that saying no could be could actually threaten the stability of that society were their software to fail sigificantly.

    i.e. If machines cannot be patched with at least the bare security updates, and those machines then assist in the even wider propagation of a virus or worm such that it affects the infrastructure of the Internet as a more general thing.

    Then in those cases, would it not have been a civic duty upon the company to protect the wider Internet and society (of their original shortcomings in allowing the vunerability to exist) regardless.

    So I'm more of the opinion that No should be the answer for all bells and whistles things... such as Media Player. But that all security patches should be installed on every machine possible... regardless of whether that is a machine without a legit key or not.

    Interesetingly, this is probably opposite Microsofts view. As to be able to manipulate market forces they need critical mass in areas suh as Media Player. So I think from their perspective they would probably wish to allow the whistles, but to encourage/force the upgrade to a legal version would probably wish to disallow stability patches (read: security) so that legit systems are more stable.
    • by The Vulture (248871) on Friday May 07, 2004 @01:54AM (#9081214) Homepage
      Microsoft, nor does any other company, have a civic duty - their only duty is to make the shareholders money.

      That said, if a person did not legally acquire a product, they don't deserve support for it, I couldn't care less if it was a product that almost everybody had, and only one company made it.

      I'd be in favor of Microsoft giving out the security update, if they tracked everybody who didn't have a valid license and then tried to sue said user.

      If I bring a stolen car for service at any place that checks the VIN on the car, I can fully expect to be arrested, I don't see why people who copy software should be any different.

      -- Joe
      • by sholden (12227) on Friday May 07, 2004 @02:22AM (#9081355) Homepage
        Microsoft, nor does any other company, have a civic duty - their only duty is to make the shareholders money.

        The scary thing, the *people* actually believe that is how it should be.

        The whole concept of corporate charters seems to have been completely forgotten and the idiotic notion "corporate personhood" accepted without question.

        It didn't take all that long for America to chain itself back up with most of the chains it broke free from in 1776.
  • by The Vulture (248871) on Friday May 07, 2004 @01:45AM (#9081147) Homepage
    You don't deserve the software update.

    Granted, these people not getting the software updates will cause problems for the rest of us, in that they're propagating some sort of virus.

    My solution to that is to shut off the users. If the ISP of this user can prove that the user's PC is infected and sending out the virus, then it should be simple for the ISP to say, "patch it, or we're shutting you down".

    I'm not really fond of ISPs snooping in on my traffic to determine whether or not to cut me off, so they should base it on a complaint system - if somebody complains that you're spreading the virus, then the ISP investigates (I recall lots of people with logs of Code Red attacks). If they find proof that you're spreading the virus, then you're forced to patch, or if you can't, you're shut down.

    Extreme, perhaps, but the only way that people will properly maintain their machines.

    -- Joe
  • by Tokerat (150341) on Friday May 07, 2004 @01:49AM (#9081171) Journal

    On the one hand there is piracy. Even if you say it's an advantage for Microsoft because of more dependency, the truth is that it isn't what they want people doing with their product, and it is illegal. If you want the support you should fork over for the product; after all Windows is about as Not-Free-Software as you can get. Perhaps if it wasn't such as widespread, costs to cover piracy would come down, and Windows would be cheaper and thus more easily availible. A rock and a hard place, people will need to buy before they can afford, and the numbers on actual piracy are way out of the realm of possible statistical analysis.

    That being said, not getting security updates can cause problems for the Internet as a whole, not to mention for valid Windows users as pirate machines which can't be patched propigate viruses. That is more than just a problem for the people with bootleg'd copies themselves, that causes network congestion and performance problems for valid users as well. I know my Apache logs are still crammed with exploit attempts...

    It's a question of responsibility vs. assisting lawbreakers. My (personal, humble) opinion is that Microsoft should allow security patches to all copies of Windows as it defeats expliots and worms/virii much quicker, but as for feature upgrades and bug fixes which are not a security issue, Microsoft should withold those unless the user has a valid serial key. True seriousness about security means defeating the problem for more than just customers, it means providing a better enviroment for everyone. This, I believe, is the root of the problem in the Microsoft attitude, and it's kind of sad that the largest software company on Earth can't see far enough past their bottom line to make such a move.

    No one is (or should) ask them to give away anything more than saftey.
  • by Gary Destruction (683101) * on Friday May 07, 2004 @02:39AM (#9081432) Journal
    Go to the Microsoft download center. [microsoft.com] Use the Microsoft Network Security Hotfix Checker Tool [microsoft.com]
    Or better yet, use the Microsoft Security Baseline Analyzer Tool [microsoft.com] which includes Hfnetchk.exe.

    Windows Update actually deletes downloaded updates once they're installed. You can try to retrieve them before they're installed. But it's easier to just download them from the download center. That way you can qchain 'em if you do a reinstall.
  • Clean the web (Score:4, Interesting)

    by Mr Europe (657225) on Friday May 07, 2004 @02:55AM (#9081501)
    It it's clear that MS has no obligation to support stolen software. If you steal property you should be ready for some kind of problems.

    Yet I see that the point is that MS is making a mistake in not giving security fixes to everyone.

    Here's why: There will be millions of pirated XP's also in future. They will have trouble in fixing their system. During that period they are harming the network experience of all of us. And they do have a significant effect, because of their huge amount. Finally they find a solution from firewalls or installing other OS's, such as Linux or OS/X !

    If 50% of worlds PC's carry pirated XP and 10 % of those will end up in moving to Linux, we will have quite a boost for Linux ! I don't mind that..
  • by 2WheelCowboy (773711) on Friday May 07, 2004 @02:59AM (#9081523)
    If the Microsoft PR machine is smart they'll withhold security updates from pirated copies. Then they can blame the spread of viruses and worms on the evil software pirates who are running the insecure systems.
  • by Nice2Cats (557310) on Friday May 07, 2004 @03:42AM (#9081684)
    We treat anybody who walks into a hospital, regardless of where his or her wounds come from -- this is one of those famous "cornerstones of civilization". In this case, it is even worse, because the people affected pose a threat to everybody else, too.

    So: Would we treat somebody in a hospital because he caught an infectious disease while doing something illegal? Yes. Then, the same should be true for patches.

  • analogy time (Score:4, Insightful)

    by Qrlx (258924) on Friday May 07, 2004 @04:48AM (#9081889) Homepage Journal
    Q: If I steal a car, and some defect in that car leads to my injury, can I sue GM and win?

    A: Definitely Yes.

    Why is this different?

    I know it's different because right now we can't sue MS for any damages even if we didn't steal Windows.

    It seems to me that if they apply a double standard to products acquired legally vs. products that aren't legal, they are opening themselves up to some sort of implied warrantability for the legal product. Which of course they don't want to do.

    It has gotten *really* bad with all the spyware, malware, and viruses these days. It's starting to look like the "death of a thousand cuts" we hear so much about. I wonder how many of these worms, etc. are put out there with the goal of bringing MS down?
  • by pointbeing (701902) on Friday May 07, 2004 @06:25AM (#9082215)
    I was at a shindig in Redmond last month and Steve Ballmer took this very question from the floor.

    He didn't exactly have an answer, other than to say they were still looking at the problem - but from what he did say MS is acutely aware of the problem.

    I think my solution would be to allow security updates only. During this trip I had a long discussion with a pile of MS executives about community and /. came up more than a couple of times in the conversation ;-)

  • by gotan (60103) on Friday May 07, 2004 @06:55AM (#9082297) Homepage
    If MS in the future decides that patches are a premium-service (with premium license-fees), then so be it. I also think that anyone who uses MS-software should pay their price.

    If you don't like their prices or their conditions turn to the alternatives.
  • my answer: no (Score:5, Insightful)

    by hany (3601) on Friday May 07, 2004 @08:14AM (#9082575) Homepage

    should users with pirated copies of Windows be allowed to download security updates?

    My answer: No.

    1. As much as I do not like the price of Windows (too high for what one gets for the money) you have to either try to restore competition in this particular market (which will lover the price of Windows to some real numbers) or change your demands and use something else (Mac, Linux, ...) or something else. It's maybe unfair there is no alternative producer of Windows but stealing does not make that better, quite contrary (helps Microsoft keep the monopoly while they have 90%+ market share also thanks to those users with illegal copies).

    2. If users of illegal copies (they) get (with permission from Microsoft) those patches, they wont be stealing (patches) from Microsoft. But they will have screwed comparison tables "Windows vs. ProductX" in a way as "Windows are for free (0 monetary cost)". It will make them unwiling to switch (either to legal copy of Windows or legal copy of some other product be it free or commercial). Thus it'll help Microsoft to keep their unfairly acquired monopoly much longer and screw the market/economy/people/... much more. If Microsoft is going to give permissions to users of illegal copies of their products to use patches, I'll consider it anticompetitive and illegal move from them.

    3. If [they] will be allowed to use those patches, market/economy/people may mistakenly see it as a move to the right direction (from security point of view) while the true right move - more OS diversity on desktop PCs - will be pushed away. Security will hurs, market/economy/people will hurt.

    For sure, there will be short-range benefits in allowing [them] to use those patches, but in the long term I do not see it as good decision (good for market/economy/people).

  • by amichalo (132545) on Friday May 07, 2004 @09:09AM (#9082962)
    The question posed has striking similarities to the question of public healthcare. In the US, the EMTALA [emtala.com] (Emergency Medical Treatment and Active Labor Act) requires hospitals and clinics to give life saving and stabilizing care to anyone, regardless of proof of insurance and/or ability to pay.

    This is primarily a welfare service for the individual but has corporate benefits as well such as the reduction of communicable disease from those who would otherwise go untreated.

    Without getting offtopic into the US healthcare system, I think the article brings up a similar point. If a software update is meant to benefit the end user only, in that it fixes or enables a new feature, that is one thing, but for the health of the public Internet, security patches that prevent malicious and communicable computer virii should be publicly available...by law.

    It is more important to keep the Internet available to individuals, businesses, and research institutions as well as governments that rely upon it every day for communication and control of critical systems, than to ensure that a small percentage of the population is not illegally pirating software.

I tell them to turn to the study of mathematics, for it is only there that they might escape the lusts of the flesh. -- Thomas Mann, "The Magic Mountain"

Working...