Microsoft Security Updates for Pirated Windows? 1096
zachlipton writes "DSL Reports has an interesting question posted: should users with pirated copies of Windows be allowed to download security updates, such as for Sasser? Apparently, without a valid CD key, users cannot download these updates. Do they get what they deserve, or should they be allowed these updates through Windows Update in order to reduce the impact of these worms on the rest of the net? Should security updates only for worms be made available to pirated users, or also updates for issues that while not posing a risk to other internet users, would open the pirate up to a security hole?"
What about MSDN windows (Score:3, Interesting)
Re:What about MSDN windows (Score:4, Informative)
XP and Longhorn-beta are special that way. Most other packages (2000 included) have generic MSDN keys.
Re:What about MSDN windows (Score:4, Informative)
Okay, here, I'll slow it down a bit for those that don't grok the problems here...
Say I want to test a piece of software with 10 PC's simultaneously for 3 months without reformatting them. That's fine by the license - just activate each and go for it.
Now say I get two new machines in with completely different hardware that is supposedly having an incompatibility with the product. I remove XP on two of the old machines that have proven to work well with the product and do a format, then send them off to IT to be used for whatever. The licensed software has been removed - you'd think one could install it on the two new machines now and run for three more months without problems, yes? No, because of the stupid activation limitations. That's scenario 1.
Now, howabout a situation where there are 2 developers, each with his own MSDN license. Both are working on a single project, but their testing needs are different. Developer A needs to do a lot of different OS/configuration testing, but the actual hardware doesn't matter that much - let's say he's the apps guy. Developer B needs to test on every variation of hardware he can possibly get his hands on, because he's the driver guy working on a USB device. Because of the large variety of USB implementations out there (many of which are flawed in their own special way), he really needs to do hard-core, long term testing on several different machines. So, Developer A and Developer B pool their resources - both are working on the same project within a single room, so it makes sense that they should be able to do that. A gets 5 machines, B gets 15.
Now, combine the two situations and add more developers over a longer period of time. What you have now is a clusterfuck. Despite the fact that your team has legitimately purchased enough licenses to run on all the machines they have at any one time, you now have a definite possibility of a license shortage and you're forced to keep a list of all of the developer keys with tallies on how many times each has been used so you'll have known keys available when it comes time to remove old/broken/obsoleted test machines and bring in new ones.
Now, to add another issue in the mix - if you renew your subscription, you keep the same key and don't get additional reinstalls. So, either you beg your representative to refresh your key or give you a new one, or you're even more limited on test machines unless you cancel your MSDN subscription and buy a new one - getting 10 more installs in the process.
Got it?
that @$(*& really adds value, doesn't it? (Score:4, Interesting)
We still got audited. So we had a double penalty of staff time: fix the problem before the audit, then prove it was fixed. Neither case advanced the organizational mission. It was pure loss, friction . All the time I was doing that, I wasn't fixing things that were broken. I wasn't making the net more secure. I wasn't installing new things.
I will grant that a company can set the terms of use for their products as they wish. They should be aware that hamfisted, user-hostile enforcement mechanisms like this are driving customers like me away. At comparable functionality, even with higher costs, I prefer the Free as in Speech solution.
Should I experience a difficult implementation due to lack of developer/test resources in an Open Source project, I experience necessary pain. That is to say, any problems I have with getting it working are a natural result of the state of the project I'm working with. Licensing friction is unnecessary pain. It's the unnatural result of the developers going out of their way to put up obstacles.
Unnecessary pain hurts way more than necessary pain for similar stimulus levels.
Gotta say, props to the commercial software outfits that have simple concurrent licensing setups that actually work. It's the ones that suck that cost you future business.
Re:What about MSDN windows (Score:3, Insightful)
It would be wise to provide patches for everyone.
Re:What about MSDN windows (Score:5, Insightful)
Restricting patches guarantees hackers a healthy number of drones to use in DDoS attacks, and runs counter to all the other efforts focused on getting users to keep their systems up to date.
Re:What about MSDN windows (Score:4, Insightful)
a) He either doesn't give a damn about security and hasn't updated OR uses an illegal copy which can't be updated
b) My own systems are well protected (or perhaps run Linux, etc.).
Microsoft has no obligation whatsoever to provide any freebies to folks with illegally copied (the P word - "pirated" - seems to be politically incorrect here at Slashdot) versions of Windows. People are not _supposed_ to use such software anyway - Linux and Mac have been viable long before 2001 (Windows XP), I don't see how anyone could have been "locked" into using an illegal copy of Windows XP.
I propose that Slashdotters who care buy Windows licenses for the underprivileged, the stingy, or the lazy (lazy to learn Linux). Or provide them with free migration (Win->Lin) service.
(Speaking of updates - if Windows updates should be free, why aren't Red Hat Enterprise Linux security updates free? That's even more critical because it's mostly servers than run this OS. So much for balanced reporting on Slashdot).
Re:What about MSDN windows (Score:4, Interesting)
Why? RedHat decided to make people pay for service, and considered compiled updates part of the service. Fortunately they still follow the "Always Open" part, and you can download all of RedHat Enterprise Linux & build it yourself. (Why someone would do that, and not just run gentoo is beyond me. (Maybe they like messing with RPMS & they annoynce they are to rebuild & install?))
Yeah, it is an issue that should be addressed, but people have already. As many people have pointed out: Corperations are often not very wise. (case in point: Red Hat canceling their desktop version, which has led people to change distributions very quickly)
However, what obligation does Red Hat have to provide those that they don't have a contract with updates? They and Microsoft don't. (Nor does anyone who uses BSD or GPL software: your warranty was where? and your contract was what?) It's just that people who write software or package it tend to not want to have their reputation on security sink to as low as IIS or genuinely want to help others.
Comment removed (Score:5, Insightful)
The "P" word (Score:4, Insightful)
The word you are looking for is "copy". Every copy is illegal to the eyes of MS.
Anyway, "pirate" is a stupid word to use for someone who copies a piece of software. Pirates attacked ships, robbed, raped, killed. There is a difference. Using the word "pirate" is making the assumption that making unauthorized copies of software is equivalent to killing, raping and robbing. It's just a marketing thing that was used by record companies, and it just worked. Now we are using a word that describe a killer, to talk about a person who copies a CD. Think "diamonds are forever", that's a marketing thing that just worked, even though it's not true. It sounds good, and most people who don't know better, believe it's true, while it's just a marketng thing. The problem with the "P" word is that if we keep saying that copying CDs is as bad as raping, killing and robbing, people who don't know better start to believe it's true. That's the power of the language.
In Uruguay, my country, people who don't know what they are buying, get a computer with a copy of Windows preinstalled (that trend is changing), for which Microsoft gets no money, and know nothing about licenses. I'd rather not call them pirates, just stupid.
Re:What about MSDN windows (Score:5, Insightful)
The warez version of XP Pro for about a buck any software shop will install most XP patches, but will not install SP 1. SP 1 recognizes the key as bogus and refuses to install.
In any case, it hardly matters. People are on slow and unreliable dial-up connections. DSL is almost unknown. ISDN is not available at all, as far as I could tell. Hardly anyone has the bandwidth to actually patch their machines, and even fewer people have the knowledge or interest (even fewer than here). There are some really great programmers and admins in Viet Nam, but just like there, those highly knowledgeable people are a tiny minority. Most people with computers neither know nor care about anything like keeping them secure.
So even if MS made all patches available to warez versions of Windows, it would hardly matter in many parts of the world, because the people running them couldn't and/or wouldn't apply the patches anyway.
Re:What about MSDN windows (Score:5, Insightful)
Alas, this is only becuase of Microsoft's interesting position where security or safety flaws in their products never have any consequences whatsoever for Microsoft, only for Microsoft's customers. If only Microsoft were in some fashion accountable for the messes their products made on the internet, then acting wisely would be profitable...
Re:Yes we should all pay for this too (Score:5, Insightful)
And you are VERY wrong if you think that piracy will shrink their market share. I personally would be very happy if Microsoft stamped out EVERY pirate version, because their market share would be pretty small. Microsoft grew based on the piracy, and they know it. Now they are reaching the saturation point, and really only now have they started trying to make the pirates pay, because they are no longer contributing to the increase in profits, because the market share is so relatively high. They have known in the past that they can't stomp too hard or they would lose market share, but now they no longer care, and they can pull out the "the soul-stealing demonic copyright infringing people" (or pirates) sympathy/stupid-law-making card out.
Re:Yes we should all pay for this too (Score:4, Funny)
> plus crash randomly.
And how would they differ from the regular versions, anyway?!
cheers.
Re:Yes we should all pay for this too (Score:5, Interesting)
Re:Yes we should all pay for this too (Score:4, Informative)
Re:Yes we should all pay for this too (Score:4, Insightful)
Which, means that yes, technically we have to live with such stupidities as I can't give away my old PC with Windows installed on it to someone else when I buy a new PC, and if I want to decomission some outdated system and install my existing Windows license on new hardware, I can't.
It's a good thing the damn licensing agreements are unenforceable.
Re:Yes we should all pay for this too (Score:4, Informative)
Re:Yes we should all pay for this too (Score:5, Insightful)
Since I got my laptop with XP on, and clicked "I do not agree", reformatted and installed Slackware, I don't see what such an EULA has to do with me. I never agreed to the EULA, I never had any contact with Microsoft. The PC manufacturer gave me something I didn't want with the hardware, I had to spend time and effort cleaning it off the hard drive, and I'm giving away the last remnant unused.
Here's my unused key for Windows XP Home edition:
VQDYD-CBPCT-MR2JV-6WR9Y-Y6HX3
First come, first served!
me too (Score:5, Informative)
XVJW8-DB93F-2R2XD-XGB3D-3788D
To illustrate how crap things have become with preinstalled doze, my Sony didn't even come with a CD!
Re:Yes we should all pay for this too (Score:4, Insightful)
If you were using a legal key obtained from a Linux user who purchased a copy of Windows without agreeing to the EULA, to activate a borrowed Windows CD, then you would be entirely within your rights under the "any necessary step" provision -- especially as the purchase was made under duress and under protest {which fact it might help to write on the cheque or payment card receipt}. Where someone is physically preventing you from doing something which you have a legal right to do, then you are entitled to use reasonable force. This defence will fail, however, if the court believes that you could have accomplished your intention using less force. Show me a court that wouldn't consider installing a "pirated" copy of Windows to be less forceful than, say, holding a knife to someone's throat and demanding that they sell you a laptop without Windows.
If you accept the EULA, you are not prohibited from selling your copy of Windows -- you have an inalienable right to do that; just like selling a used book, CD or video cassette. It is an offence for anyone to try to persuade you that you do not have that right.
Note that none of this has ever been tested in court. And the numbers of people prepared to jump through all the hoops are so small, that Microsoft could afford to pay compensation equivalent to several times the theoretical amount refundable, by way of "hush money".
Re:Yes we should all pay for this too (Score:5, Interesting)
Nowadays people use it to refer to the fact that you can't buy a major brand PC without Windows installed. Even IBM, at one point, who were competing with MS with OS/2, wouldn't sell you a computer without Windows. That had to do with the cliff pricing tactics MS used.
It's still hard to find a major brand you can buy "naked" or with an alternative OS. I know a bunch of idiots are going to respond about how that's not true, that you can buy a Dell, for example, with Linux - but I said it's "hard", not impossible. They do not make it easy.
Notebooks are the worst.
So often enough people who might run an alternative OS will buy a prebuilt system with Windows on it, even if they don't want it.
In other words, MS makes money off of almost every prebuilt PC sold (probably upwards of 99%). That's the MS tax.
Here's another one for you - let's say you bought a prebuilt computer with Windows XP. One day after the warranty expires, you spill coffee on it and fry it, and decide to just buy another PC - now you've bought two licenses of Windows XP but only use one. Yes, again, you CAN build your own PC or find a "naked" one somewhere, and then you can give MS all your private information over the phone, trying to explain you had to replace your computer all the while they think you are a pirate, but most people just buy the pre-built system and pay the "MS Tax".
Any geek can easily avoid it, though, and since most users of alternate OS' are geeks, I fail to see the big deal. Of course, if we hadn't fought it for years and years, you still wouldn't be able to buy a naked PC.
Re:Yes we should all pay for this too (Score:5, Insightful)
Differences being
a) there's not only one company that makes seatbelts, and won't sell you any if you don't install them on every seat
b) you don't have to pay for 5 seatbelts if you get a 2-seater sports car
c) that seatbelts are mandated by government, not by some corporation that makes them but does not make cars
So actually it's nothing like it at all.
Re:Yes we should all pay for this too (Score:4, Informative)
Re:Yes we should all pay for this too (Score:5, Funny)
When a tunnel was built in a city, he ordered the arquitects to stand in it, and ordered 10 tanks to drive slowly above the tunnel with the crew below to see if the tunnel would hold the weight.
I'm sure you can tell the quality of the work that was done here in that time.
Actually, most software in Asia *is* pirated. (Score:5, Informative)
Who modded this flamebait tripe as "insightful"?
Perhaps you were ignorant of the fact, but:
- according to the Business Software Alliance [bsa.org].Re: The Economics of Piracy (Score:5, Insightful)
Many "pirates" can not afford to buy the music/software that they download.
(I'm not saying that this gives them any right to infringe on others' copyrights.
I'm just saying that the BSA's figures are exaggerated.)
Re:Actually, most software in Asia *is* pirated. (Score:5, Insightful)
But I also think there's a reason why there's "BS" in "BSA". Their statistics make me want to puke. They do such bullshit statistics as taking a pirated CD from Taiwan or China which includes some expensive piece of softwware, like 3D Studio Max, and say "see, there's 5000 USD worth of software on this CD. We think 10,000 chinese kids bought this CD for 5$, which robbed us of 50,000,000 USD."
That's utter bullshit. Most of those Asian and Eastern European pirates do not need 3D Studio Max and wouldn't buy it anyway, even if they could afford to. (Which they can't. As was said before, a chinese family would need to pay _all_ their income for _two_ _years_ to afford a license. Again: _all_ their income. That is, leaving them with no money for food, rent, clothes, etc.)
We're not talking 10,000 professional designers and architects who actually need it, we're talking mostly kids who much around with it a bit to make some skins for mods for old games. Maybe 1 of them will actually release an obscure mod, the rest just mucked a round a bit with it, uninstalled it and moved on to something else.
Would all 10,000 of them have bought 3D Studio Max if they couldn't pirate it? No. _I_ wouldn't buy it either, much as (1) I could easily afford it, and (2) I'm tempted to try modding "X2 - The Threat." (Which, sadly, only supports exporting stuff from 3DS MAX.) Now I don't pirate it either, but even I think it would be utterly retarded to pay $4000 on tools to mod a $40 game.
Yet the BSA would want me to believe that 10,000 dirt-poor kids from Taiwan would. That's so much bullshit, it could fertilize a few acres.
Re:Actually, most software in Asia *is* pirated. (Score:5, Insightful)
Not similar. If you don't have a Ferrari, and you steal one, you've deprived someone else of the Ferrari they had, changing what others have. If I were to ``pirate'' the mythical copy of 3DSMax, what have I deprived any other entity of?
You've taken someone's Ferrari. I've duplicated their Ferrari. The only person that loses anything (by the BSA's logic) is an Italian car maker. In this case, I can't afford either the Ferrari or 3DS. Therefore, there is 0 net loss by the {manufacturer|copyright holder}.Does it make this morally right? Hell no. But is it equivalent to stealing a physical object from someone? No. If I'm just a cheap bastard and copy a work that has a cost of $0.99US (downloading a single song when it is available from iTunes [and I'm on either Windows or a Mac]), I consider that a less moral act than copying 3DS, simply because I could pay for it. And yes, I would consider someone stealing food to be significantly less immoral than stealing a luxury. Still wrong, but more justifiable.
</rant>
Re:Actually, most software in Asia *is* pirated. (Score:5, Insightful)
-- Bill Gates
I think that Bill Gates quote has less bullshit than _any_ quote from the BSA.
Re:Actually, most software in Asia *is* pirated. (Score:5, Insightful)
But I do think it would create new jobs. Just not jobs at Microsoft.
See for example how Via makes some living selling cheap C3 CPUs. Yes, they're not fast chips. But here's how it works: some poor chinese wants to get a computer. He/she can't pirate a CPU, and can't afford to pay 400$ for a top of the line Intel chip. So he/she gets a 40$ VIA chip instead.
Which in turn keeps some people employed at VIA.
That's how it would work for software too.
If noone could pirate MS Office, a lot more of them would look into Open Office or some locally produced software. And a lot more people would be willing to tell their government or their boss "stop asking me to send you this stuff in MS Word or MS Excel. I'm not going to pay 450$ at home, out of my own pocket, just because you're too stupid to accept plain text files."
Or if so many Chinese and Eastern Europeans were't pirating those $40 games, a lot of them would be willing to pay, say, $5 for something produced by a small company in their own country. Especially for countries which by sheer size are potentially a huge market, like Russia or China, and where salaries are very low, I can see how someone could afford to produce cheaper games locally _if_ someone bought them. Most of those wouldn't be as good as Id's or Epic's games, but they'd be playable. And they'd keep a lot of talented programmers and designers in their own country employed.
Except in practice everyone there pirates the games, so such a market doesn't exist. And as a consequence those jobs don't exist either.
So, yes, piracy does cost jobs, economic growth and tax revenue. The only catch is: not at the big corporations, like BSA seems to think.
Re:What about MSDN windows (Score:5, Informative)
I've seen articles where they interviewed shop owners, and they just didn't understand what the problem was. They considered the *DISCS* to be the product, not the content, and said they didn't understand, they bought the discs for x, they sell them for x*2, they're doing nothing wrong, what's the problem?
Another friend said it's about the same in Russia, though less open. For about $15, you can buy a CD pack containing Windows, Office, and a selection of games and stuff. Even when someone has the legitimate software, they sometimes use the "pirate pack" because the pirates take the time to have the properly localized versions of everything already set up. I think the Russians know that what they're doing isn't considered "right" though.
Certainly there are big pirating operations everywhere, but in some countries, pirating is the norm, and nobody thinks twice about it.
Re:What about MSDN windows (Score:5, Interesting)
Then again I'm not an active member in the Warez community. I would assume something like this would be near holy grail status.
Re:What about MSDN windows (Score:5, Interesting)
I quite frequently use them when I have to reinstall friends computers, because even though they already have an OEM copy of XP home it's tedious going through the activation process for Windows, Office, and whatever other crap got bundled with the computer. They paid for windows with the computer, they get windows. I don't have any ethical problem with it.
Re:What about MSDN windows (Score:5, Informative)
Funny thing about that: although Microsoft claims that they will allow 2 (or 3??) automatic registrations over the 'net without calling, I have found that not to be the case. Since XP was released, reg process for win2k or office2k always reports server down or too busy and then I must call. I haven't gotten any flack from the flunkies passing out reg numbers, but the 1/2 hour wasted is a pain. Microsoft has forced me to pirate a copy of their software to use valid licenses.
Hey lets support the thieves! (Score:5, Insightful)
Want software without paying for it? Use Free Software. Theres heaps of it.
Re:Hey lets support the thieves! (Score:5, Funny)
But if they don't update, then the rest with legal copies is also affected when pirates computers get infected by worms.
I have a modest proposition: MS should made for pirates a "special" version of the security update: one that will disable the whole TPC/IP stack
Muahahahahaha!!!!! Take that, Mr. Pirate!!!!
Re:Hey lets support the thieves! (Score:4, Funny)
at last, someone with some real credentials.
Re:Hey lets support the thieves! (Score:4, Insightful)
Windows free, 24x7 support, and even CD Recording.
Re:Hey lets support the thieves! (Score:5, Informative)
Re:OS racists! (Score:4, Interesting)
Re:Hey lets support the thieves! (Score:5, Interesting)
I totally agree, however Microsoft should horon their "pirates." After all, if it weren't for the people who illegally copy and distribute Windows, the Microsoft market share would not be what it is right now. Microsoft owes a lot to "pirates."
-JemRe:Hey lets support the thieves! (Score:5, Interesting)
It is the same scheme crack dealers use in schools and IMO it should be prohibited. If you do not enforce a license you must lose your rights as entitled by the license.
Re:Hey lets support the thieves! (Score:5, Informative)
My textbook says, "In one form of dumping, a company sells products abroad at prices below its cost of production. In another, a company exports a large quantity of a product at a lower price than the same product in the home market and drives down the price of the domestic product." (Contemporary Business, 11e). Dumping is an illegal pratice. Of course, that's never stopped Microsoft before. They come from the school that believes laws are just "guidlines" and use their huge cash reserves to pay off any indiscretions.
Just pirate the patches (Score:5, Insightful)
Well (Score:5, Interesting)
Ive been saying forever that the year MS perfects its anti-piracy technique really WILL BE the year of the linux desktop, and this (at least in my eyes) is a step closer to that.
Re:Well (Score:5, Interesting)
Re:Well (Score:5, Interesting)
One of these days Microsoft is going to get nailed by a "innocent third party" law suit and then the avalanche of law suits will start.
Re:Well (Score:4, Funny)
This isn't +5 interesting, this is +5 wishful thinking.
Re:Well (Score:4, Interesting)
why do you assume they won't just switch to paid Windows?
"damn it sucks, my windows doesn't work anymore, all this worm stuff on it makes it really fucked up, i can't patch it 'cos, well, its pirated"
"hey man, just try this CD, it's got this great OS on it and it's called Linux, sorry I mean GNU/Linux, and not only are the security updates free, the entire OS is free and legal!"
##next day##
"hey, man, i dunno what the thing is that you gave me, but i dunno how to use it, and they tell me none of my (also-pirated) games work on it, so i'm gonna go to the store now and cough up that money for windows, thanks anyway"
you're rated +4 interesting now, but it looks more like +5 wishful thinking. there's a whole ecology around windows that doesn't go away. unless linux can become in some way a "drop in replacement" of windows (distribs with WINE bundled are headed that way but is not there yet, and MS may yet find a way to stop it), any switchers-to-linux will be negligible.
best of all, winxp's firewall WILL stop most of these worms, so whats most likely gonna happen is these guys are gonna 1. reinstall, 2. live with an unpatched pirated windows but with the firewall on.
But they CAN download updates! (Score:5, Interesting)
Google, anyone? (Score:5, Informative)
"I'm Feeling Lucky", even.
Re:Well (Score:5, Interesting)
This reminds me of the immortal words of Steve Ballmer:
"I'd rather have someone using a pirated copy of my software instead of a legitimate copy of someone else's."
Read carefully (Score:5, Insightful)
Re:Read carefully (Score:5, Insightful)
I really think it should be illegal for them to change your license in an update anyhow. I mean, do the warranty conditions on your car suddenly change drastically when they replace parts in a recall? I'm sure some of you can come up with better analogies.
They are basically forcing their users to change the licensing deal well after the initial agreement and purchase. But aren't we paying for the license to use the software in the first place (as the EULAs themselves make clear). How can they change the terms of that license after we've already paid for it? I suppose that is in the EULA somewhere too though.
So basically we pay for a license giving us the right to use their software. And that license may change at any time at their discretion. Especially if the product is faulty and needs an update.
Considering the cost of the software, the relative functionality compared to alternatives, and these licensing terms, I have to wonder why is it so many people buy this stuff again?
Re:Read carefully (Score:5, Funny)
I go downtown and lure small children into my car with candy, money, and toys. Then I drive them to my house and ask them to click on I Agree, Yes, or Ok.
Re:Read carefully (Score:5, Interesting)
A EULA is not as binding as a contract is. They can say whatever they want, but they're limited in what can actually be enforced. They can make you stop using the software, and not too much more.
And they won't want you to stop using Windows, because then you'll have to use something else.
Already a technical error... (Score:5, Informative)
Tricky situation... (Score:5, Interesting)
Re:Tricky situation... (Score:5, Insightful)
A great deal of windows piracy is by people who have absolutely no idea what they're doing. Other people do the pirating for them, and they just use the OS the same as if they had bought it.
oooooooooo lord yes (Score:3, Insightful)
I would hate to see sasser or code red hit the large percetage of people that pirate, and CANT patch. Internet go byebye!
Beta versions and corporate license CDs (Score:5, Informative)
Microsoft disables some CD keys already which are known to be pirated, but I wonder how many valid corporate group cd key installations there are which have been pirated. In that case, it really wouldn't be feasible for MS to disable that cd key, as it would disable that entire company, etc.
Re:Beta versions and corporate license CDs (Score:5, Informative)
Of course (Score:5, Interesting)
Re:Of course (Score:4, Funny)
And if one stole a TV from a shop, and TV is broken, he should be able to bring it back and request a replacement.
Re:And the truth comes out on Slashdot... (Score:4, Interesting)
The other side of the argument is that Microsoft should have no obligation to support illegal copies, and indeed should reduce the functionality of illegal copies in order to encourage people to buy a copy instead; this is the philosophy MS currently follow, to some extent, by having Windows Update and service packs not install on copies with a bad CD-key.
The problem with using patches as an area of reduced functionality is that most people don't particularly care about the security of their computer at the best of times, so it's not a big deterrent to illegal copying; at the same time, illegal copies getting worms and such affects everyone on the Internet, whether they're illegal Windows users, legit Windows users, or not even using Windows.
(There's also the argument that Microsoft have tacitly encouraged illegal copies in the past in order to get more market share, which I think might be what you're referring to, but the above applies whether you believe this or not.)
Microsoft should set the updates to automatically remove the operating system from anyone who is not a legit user
False positives under MS's current policy are merely an annoyance, but if they followed your policy and their warez-detection algorithm got any false positives whatsoever, it'd wipe the OS of a legit user - I for one wouldn't appreciate that. Microsoft have, um, a bit of a reputation problem as it is
I can't imagine it would kill that many warezed copies either (once word got around), it'd just encourage anyone with an illegal copy not to install patches, and since that has a negative effect on the rest of the Internet, it'd be irresponsible.
*** now talking on #hypothetical-warez-channel - Topic: Get your XP isos here!
<w4r3z-k1dd1e> don't install yesterday's critical update whatever you do, I got burned by it
<@l33t_d00d> how's that?
<w4r3z-k1dd1e> it deleted my OS!
<w4r3z-k1dd1e> had to reinstall it
<@l33t_d00d> lol, didn't you know?
<@l33t_d00d> some of the patches do stuff like that
<@l33t_d00d> safest way is to skip them all
<w4r3z-k1dd1e> doesn't that make your pc not secure?
<@l33t_d00d> heh, whatever
<@l33t_d00d> that's what *they* tell you
<w4r3z-k1dd1e> ah, k
*** l33t_d00d has changed topic to "Remember kids, patches are for the weak"
Is that really what you want the warez kiddies to be thinking, and if so, would your answer change when the next Code Red/Nimda/Slammer/Sasser/... turns up?
Microsoft is not a charity (Score:5, Insightful)
Why should it have to pay for the bandwidth to support pirated copies? There is no benefit to them.
Most if not all infected Sasser users around here had legit but hadn't bothered to update. Real crackers use the corporate version of Windows that apparently doesn't require a CD key for updates.
Re:Microsoft is not a charity (Score:5, Insightful)
I think, my friend, that therein lies the issue. Think about it for a minute and try putting yourself in MS place... You already developed your software. You already paid for it. You are spending no money in distributing it. You are not supporting in any way the people w/ pirated windows copies. The bandwith costs are negligible. 95% of all the new desktop computers sold pay a forty or so dollars tax to you. You are sitting on 50 billon dollars in fairly liquid assets. You are scared silly of open source advances... why in the world would you not provide free upgrades to a couple hundred thousand computers when the alternative they might chose is what scares you silly in the first place?
why are we even discussing this again?
Support (Score:3, Insightful)
I have been of the oppinion that App level firewalls at the ISP level (hell even port blocking during worm-storms) is a necessary function. During the Nachi outbreak ISPs were killing ICMP just because of the sheer mass of pings flying around were bring down gear.
At the very least, ISPs should be responsible for the prevention of outbound malicious traffic, automated or manual (aka: crackers, kiddies etc.)
When they knowingly ignore the traffic traversing their network and wreaking havoc on others, I am always disgusted.
Not that my shit don't stink, but if I got a line spewing worm, it gets pulled till it's clean. Thank goodness for the public sector.
Re:Support (Score:5, Insightful)
How, excatly speaking, can an ISP know which app generated which packet in a remote machine ?
And ISP-level port blocking is the foulest evil an ISP can commit, far worse than asymmetric connections or hidden monthly usage limits. Port blocking prevents your computer from being used as anything except a simple surf station; even some FTP sites refuse to work. There is absolutely no justification for this.
Internet was designed to be a P2P network. Do not break it. Especially just because some people insist on using computers without bothering to learn to maintain them (or hiring someone else to do so).
Yes, it's so simple and straightforward to tell a good packet from a bad. All it requires... is checking the evil bit !
An ISP is just a traffick carrier. In no way, shape or form, should they be responsible for the actions of their users. If they are, it will be an additional incentive for them to block all the ports from incoming connections, reducing the value of Internet for all and making interesting and important applications like Freenet [freenetproject.org] impossible. But even if they block all the incoming ports, it still won't stop the worms from spreading (by e-mail), it will simply give them an excuse for the Courts ("Hey, we did our best !"). All pain, no gain.
As this is self-obvious, I must ask: Are you a RIAA mole, trying to destroy the P2P networks ? Or are you a government mole, trying to destroy the capacity of Internet for applications like Freenet [freenetproject.org] ? Or are you just a particularly clever troll who got modded insightfull by a not-so-clever moderator ?
Inquiring minds want to know ?-)
Re:Support (Score:5, Insightful)
Really. Given the choice between 90% of users being able to use the net, or 100% of users being unable to use the net, which do you choose?
It's perfectly reasonable to block certain types of packets during times of need. Is it desirable? No - but it's also not desirable to have worms, viruses, trojans, and other malware in the first place.
Get over it. Idealism on the 'net ended when it became a commercial entity. Now pragmatism is the rule of order.
If your ISP blocks ICMP during a ping storm (as the grandparent examples) in order to preserve some semblance of service, and you are offended by that, get another ISP.
And while you are getting over it, get real, too. Freenet is cool, but it's not going to save mankind, and not everybody in favor of pragmatic use of private resources is a fan of the Record Industry Association.
MSFT Can Pick Its Poison (Score:5, Funny)
(note that I left out writing better software)
Re:MSFT Can Pick Its Poison (Score:4, Insightful)
(note that I left out writing better software)
Yeah, because writing better software would both cost money and serve the general good. So they have the same choice to make in that regards. We've all seen how they've made that decision in the past.
A better pick your poison scenario is this:
Spending money on bandwidth patching unpaid clients
vs
Spending money on bandwidth due to DDOS attacks from unpatched clients
Who knows. (Score:5, Funny)
Frank: Hey Bob, could I burn a CD on your computer?
Bob: Yeah sure.
Frank: Uhh. It says it's going to shut down in 60 seconds.
Bob: Yep. Gotta work fast.
Re:Who knows. (Score:5, Funny)
Windows Xp Sp2 Latest Build (Score:4, Informative)
The keygen(a very very very popular one) generates product keys in the range 640-645. SP2 turns activation back on when it detects this.
Re:Windows Xp Sp2 Latest Build (Score:5, Interesting)
(And obiviously a new corporate edition of WinXP+SP2 with working volume license key will be out - probably even faster than the SP2 installer)
But way too many warez windows user is *still* using the first Devils0wn release with a blacklisted key. No SP1 for j00. Perfect host for all kinds of viral stuff...
Even MS knows it cannot prevent it completely, but by making it hard for the joe average user they are selling new licenses. Like when a joe sixpack goes 'updates don't work *again*? And if I don't update, my comp will be hosed this time next week? I need to bother my brother's kid again and let him to mess up my computer while installing some new warez version? BAH I go buy original.'
This happens pretty damn often - I work at PC repairs and when we get warez windows PC which is unpatched, we clearly say that either you buy a windows license, or all of the non-hardware problems you have are yours. We won't touch it. Certain age group tends to take their PC back and either live with the problems or get the new warez version, but those who don't care if it costs 100$ for an OEM WinXP tend to fork out money and ask us to fix the damn thing for good. They have used a pirated copy earlier because they felt that the 100$ was 'wasted money' - pirated copy worked just as fine. As soon as it suddenly doesn't work just as fine, they see value in tossing the 100$ at MS.
Why should they be able to? (Score:5, Interesting)
If an infected machine becomes such a problem that they're affecting other people, ISP's should simply revoke a users access until they upgrade to the latest patches and remove the virus. A pirated version of Windows wouldn't be able to get the updates and therefore would probably keep on getting the virus, costing them a great deal of inconvience every time their internet is shut off. Not to mention the knowledge that thier machine is going to be swamped with viruses and that their computer will be completely insecure.
The best way to get rid of pirates is to make the cost of pirating greater than the cost of buying the software (or finding a legit alternative).
Re:Why should they be able to? (Score:5, Insightful)
Ever noticed the amount of spam and worm traffic that comes out of Asia, Russia and South America?
Do you have any idea how pervasive warez are in China, Thailand and other countries?
Maybe you haven't noticed all that spam and virii.
I for one have firewalled, installed spam assassin, razor, run a second set bayesian filteres on my email client and STILL get spam in my inbox and see funky crap in my server logs.
Ohhh.... and I don't even RUN WINDOWS.
All my machines are either OS X or RH 9.
The fact is, microsoft puts out a product and that product is flawed (no ones perfect). By not allowing ALL users of their product to correct those flaws, they harm EVERYONE regardless of OS used. If you're online in any way, shape or form YOU are effected.
If Ford had such flaws that would cause a car to veer off course defying it's owners control, a recall would be issued and ALL owners would be elligible. Mind you, regardless if they were the 1st, 2nd 3rd or 4th owner or whether or not they had a Ford service plan or were covered under warranty.
An OS vuln is no different. And by simply ignoring 100,000 pirated copies of windows XP in China they allow for 100,000 virii hosts to spewn spam worldwide.
Those 100,000 machines then infect your licensed machine, spam my LAN, and cause a fortune 500 tens if not hundreds of thousands in costs per year in associated cost.
But hey... as long as those damn pirates don't get anything for free I guess it's ok right?
Simple answer, but not... (Score:5, Insightful)
For the common good of the internet, as well as for the sake of protecting Microsoft's already spotty image, they should be allowed to download hotfixes... after all, they wouldn't need them if Micrsoft had done it right in the first place.
The corporate answer is no.
They didn't pay for the software and are therefore ineligible for updates.
My opinion?
For the common good, Windows should go away. But until then, everyone running it, legally or not, needs to have access to emergency patches and fixes.
Not sure what's going on exactly... (Score:4, Informative)
Re:Not sure what's going on exactly... (Score:5, Informative)
FCKGW-... being they key that was commonly distributed with the first major pirate release of XP (Devil's own).
The obvious answer is no, but it may not right. (Score:5, Insightful)
As with all things though it's seldom that simple.
When a company such as Microsoft gain a significant share of the market (yes... monopoly), then the damage that saying no could be could actually threaten the stability of that society were their software to fail sigificantly.
i.e. If machines cannot be patched with at least the bare security updates, and those machines then assist in the even wider propagation of a virus or worm such that it affects the infrastructure of the Internet as a more general thing.
Then in those cases, would it not have been a civic duty upon the company to protect the wider Internet and society (of their original shortcomings in allowing the vunerability to exist) regardless.
So I'm more of the opinion that No should be the answer for all bells and whistles things... such as Media Player. But that all security patches should be installed on every machine possible... regardless of whether that is a machine without a legit key or not.
Interesetingly, this is probably opposite Microsofts view. As to be able to manipulate market forces they need critical mass in areas suh as Media Player. So I think from their perspective they would probably wish to allow the whistles, but to encourage/force the upgrade to a legal version would probably wish to disallow stability patches (read: security) so that legit systems are more stable.
Re:The obvious answer is no, but it may not right. (Score:4, Insightful)
That said, if a person did not legally acquire a product, they don't deserve support for it, I couldn't care less if it was a product that almost everybody had, and only one company made it.
I'd be in favor of Microsoft giving out the security update, if they tracked everybody who didn't have a valid license and then tried to sue said user.
If I bring a stolen car for service at any place that checks the VIN on the car, I can fully expect to be arrested, I don't see why people who copy software should be any different.
-- Joe
Re:The obvious answer is no, but it may not right. (Score:5, Insightful)
The scary thing, the *people* actually believe that is how it should be.
The whole concept of corporate charters seems to have been completely forgotten and the idiotic notion "corporate personhood" accepted without question.
It didn't take all that long for America to chain itself back up with most of the chains it broke free from in 1776.
If you're not legally licensed, (Score:4, Insightful)
Granted, these people not getting the software updates will cause problems for the rest of us, in that they're propagating some sort of virus.
My solution to that is to shut off the users. If the ISP of this user can prove that the user's PC is infected and sending out the virus, then it should be simple for the ISP to say, "patch it, or we're shutting you down".
I'm not really fond of ISPs snooping in on my traffic to determine whether or not to cut me off, so they should base it on a complaint system - if somebody complains that you're spreading the virus, then the ISP investigates (I recall lots of people with logs of Code Red attacks). If they find proof that you're spreading the virus, then you're forced to patch, or if you can't, you're shut down.
Extreme, perhaps, but the only way that people will properly maintain their machines.
-- Joe
A tough call, indeed. (Score:5, Insightful)
On the one hand there is piracy. Even if you say it's an advantage for Microsoft because of more dependency, the truth is that it isn't what they want people doing with their product, and it is illegal. If you want the support you should fork over for the product; after all Windows is about as Not-Free-Software as you can get. Perhaps if it wasn't such as widespread, costs to cover piracy would come down, and Windows would be cheaper and thus more easily availible. A rock and a hard place, people will need to buy before they can afford, and the numbers on actual piracy are way out of the realm of possible statistical analysis.
That being said, not getting security updates can cause problems for the Internet as a whole, not to mention for valid Windows users as pirate machines which can't be patched propigate viruses. That is more than just a problem for the people with bootleg'd copies themselves, that causes network congestion and performance problems for valid users as well. I know my Apache logs are still crammed with exploit attempts...
It's a question of responsibility vs. assisting lawbreakers. My (personal, humble) opinion is that Microsoft should allow security patches to all copies of Windows as it defeats expliots and worms/virii much quicker, but as for feature upgrades and bug fixes which are not a security issue, Microsoft should withold those unless the user has a valid serial key. True seriousness about security means defeating the problem for more than just customers, it means providing a better enviroment for everyone. This, I believe, is the root of the problem in the Microsoft attitude, and it's kind of sad that the largest software company on Earth can't see far enough past their bottom line to make such a move.
No one is (or should) ask them to give away anything more than saftey.
Don't use Windows Update (Score:4, Informative)
Or better yet, use the Microsoft Security Baseline Analyzer Tool [microsoft.com] which includes Hfnetchk.exe.
Windows Update actually deletes downloaded updates once they're installed. You can try to retrieve them before they're installed. But it's easier to just download them from the download center. That way you can qchain 'em if you do a reinstall.
Clean the web (Score:4, Interesting)
Yet I see that the point is that MS is making a mistake in not giving security fixes to everyone.
Here's why: There will be millions of pirated XP's also in future. They will have trouble in fixing their system. During that period they are harming the network experience of all of us. And they do have a significant effect, because of their huge amount. Finally they find a solution from firewalls or installing other OS's, such as Linux or OS/X !
If 50% of worlds PC's carry pirated XP and 10 % of those will end up in moving to Linux, we will have quite a boost for Linux ! I don't mind that..
Great opportunity to blame the pirates (Score:5, Interesting)
Just like hospitals (Score:5, Insightful)
So: Would we treat somebody in a hospital because he caught an infectious disease while doing something illegal? Yes. Then, the same should be true for patches.
analogy time (Score:4, Insightful)
A: Definitely Yes.
Why is this different?
I know it's different because right now we can't sue MS for any damages even if we didn't steal Windows.
It seems to me that if they apply a double standard to products acquired legally vs. products that aren't legal, they are opening themselves up to some sort of implied warrantability for the legal product. Which of course they don't want to do.
It has gotten *really* bad with all the spyware, malware, and viruses these days. It's starting to look like the "death of a thousand cuts" we hear so much about. I wonder how many of these worms, etc. are put out there with the goal of bringing MS down?
We're not the only people wondering about this... (Score:4, Interesting)
He didn't exactly have an answer, other than to say they were still looking at the problem - but from what he did say MS is acutely aware of the problem.
I think my solution would be to allow security updates only. During this trip I had a long discussion with a pile of MS executives about community and /. came up more than a couple of times in the conversation ;-)
Anyone using MS-software is subject to MS-policies (Score:4, Interesting)
If you don't like their prices or their conditions turn to the alternatives.
my answer: no (Score:5, Insightful)
should users with pirated copies of Windows be allowed to download security updates?
My answer: No.
As much as I do not like the price of Windows (too high for what one gets for the money) you have to either try to restore competition in this particular market (which will lover the price of Windows to some real numbers) or change your demands and use something else (Mac, Linux, ...) or something else. It's maybe unfair there is no alternative producer of Windows but stealing does not make that better, quite contrary (helps Microsoft keep the monopoly while they have 90%+ market share also thanks to those users with illegal copies).
If users of illegal copies (they) get (with permission from Microsoft) those patches, they wont be stealing (patches) from Microsoft. But they will have screwed comparison tables "Windows vs. ProductX" in a way as "Windows are for free (0 monetary cost)". It will make them unwiling to switch (either to legal copy of Windows or legal copy of some other product be it free or commercial). Thus it'll help Microsoft to keep their unfairly acquired monopoly much longer and screw the market/economy/people/... much more. If Microsoft is going to give permissions to users of illegal copies of their products to use patches, I'll consider it anticompetitive and illegal move from them.
If [they] will be allowed to use those patches, market/economy/people may mistakenly see it as a move to the right direction (from security point of view) while the true right move - more OS diversity on desktop PCs - will be pushed away. Security will hurs, market/economy/people will hurt.
For sure, there will be short-range benefits in allowing [them] to use those patches, but in the long term I do not see it as good decision (good for market/economy/people).
Welfare for Netizens (Score:5, Insightful)
This is primarily a welfare service for the individual but has corporate benefits as well such as the reduction of communicable disease from those who would otherwise go untreated.
Without getting offtopic into the US healthcare system, I think the article brings up a similar point. If a software update is meant to benefit the end user only, in that it fixes or enables a new feature, that is one thing, but for the health of the public Internet, security patches that prevent malicious and communicable computer virii should be publicly available...by law.
It is more important to keep the Internet available to individuals, businesses, and research institutions as well as governments that rely upon it every day for communication and control of critical systems, than to ensure that a small percentage of the population is not illegally pirating software.
Re:Updates (Score:5, Informative)
Even better than that is "Reset5". Updates are allowed for unactivated XP installs that are still in the first 30 days. Reset5 is a little service that runs at startup and magically keeps that 30 day grace period timer set at 30 days. This is actually more than just a handy tool for pirates. I personally use it on my legitimate copy of XP Pro because the stupid piece of crap DE-ACTIVATES ITSELF if I change more than a couple pieces of hardware (something I do with remarkable frequency).
Re:Hey! Are you getting Sasser with me? (Score:5, Insightful)
You sound like the people in the porn industry who try to justify having sex without condoms.
If you have no antivirus software, how can you be so sure that there are no viruses?
LK
Re:warranty on my stolen car (Score:5, Insightful)
Mostly correct, but my anal self must correct one detail here. Most of things you mentioned aren't even fair use. Their simply your rights. Ownership of a copyrighted work belongs to the public even while the copyright still exists.
THAT is why you have the right to do anything that wasn't explicitly put into the copyright holders hands when granted the copyright.
Copyright grants control over distribution, most of the examples you mentioned are "use" which copyright grants no control over because copying WITHOUT distributing anything is within your domain.
Fair use on the other hand is a set of circumstances under which you have the right to distribute a copyright'd work (or a portion thereof) despite the holder of the copyright. For example you may quote a copyrighted work in a research paper giving credit. Because of fair use you may distribute that research paper far and wide.
Your rights and fair use apply regardless of whether you've purchased the material or not, they apply if you have it. It's distributing that is copyright infringment, not using.
Re:I can't believe this question even deserves... (Score:4, Informative)
That isn't a point of contention, read at *least* the summary before going off the handle. This is not about security updates for the benefit of the pirate end user, but the impact of having pirate end users incapable of getting security updates propogating worms that make the rest of the good community suffer.
On remote-exploit security updates, now that I see this circumstance, I think they should apply no matter what. Now feature enhancements and reliability fixes for the end user, those should be denied. Those fixes not being applied are far more annoying to the typical end user anyway, so MS would improve the community by fixing even the pirate systems in the ways that impact the community, but keep things hard for the pirate users by leaving their system extra buggy (even above and beyond the normal Windows experience).