Microsoft Security Updates for Pirated Windows? 1096
zachlipton writes "DSL Reports has an interesting question posted: should users with pirated copies of Windows be allowed to download security updates, such as for Sasser? Apparently, without a valid CD key, users cannot download these updates. Do they get what they deserve, or should they be allowed these updates through Windows Update in order to reduce the impact of these worms on the rest of the net? Should security updates only for worms be made available to pirated users, or also updates for issues that while not posing a risk to other internet users, would open the pirate up to a security hole?"
What about MSDN windows (Score:3, Interesting)
Well (Score:5, Interesting)
Ive been saying forever that the year MS perfects its anti-piracy technique really WILL BE the year of the linux desktop, and this (at least in my eyes) is a step closer to that.
Tricky situation... (Score:5, Interesting)
Of course (Score:5, Interesting)
Re:What about MSDN windows (Score:1, Interesting)
Why should they be able to? (Score:5, Interesting)
If an infected machine becomes such a problem that they're affecting other people, ISP's should simply revoke a users access until they upgrade to the latest patches and remove the virus. A pirated version of Windows wouldn't be able to get the updates and therefore would probably keep on getting the virus, costing them a great deal of inconvience every time their internet is shut off. Not to mention the knowledge that thier machine is going to be swamped with viruses and that their computer will be completely insecure.
The best way to get rid of pirates is to make the cost of pirating greater than the cost of buying the software (or finding a legit alternative).
Re:What about MSDN windows (Score:5, Interesting)
Then again I'm not an active member in the Warez community. I would assume something like this would be near holy grail status.
i can patch (Score:1, Interesting)
Can't they... (Score:3, Interesting)
Re:Well (Score:3, Interesting)
---
Re:Well (Score:5, Interesting)
But they CAN download updates! (Score:5, Interesting)
Re:What about MSDN windows (Score:3, Interesting)
Re:Support (Score:2, Interesting)
Re:Windows Xp Sp2 Latest Build (Score:3, Interesting)
Re:Windows Xp Sp2 Latest Build (Score:5, Interesting)
(And obiviously a new corporate edition of WinXP+SP2 with working volume license key will be out - probably even faster than the SP2 installer)
But way too many warez windows user is *still* using the first Devils0wn release with a blacklisted key. No SP1 for j00. Perfect host for all kinds of viral stuff...
Even MS knows it cannot prevent it completely, but by making it hard for the joe average user they are selling new licenses. Like when a joe sixpack goes 'updates don't work *again*? And if I don't update, my comp will be hosed this time next week? I need to bother my brother's kid again and let him to mess up my computer while installing some new warez version? BAH I go buy original.'
This happens pretty damn often - I work at PC repairs and when we get warez windows PC which is unpatched, we clearly say that either you buy a windows license, or all of the non-hardware problems you have are yours. We won't touch it. Certain age group tends to take their PC back and either live with the problems or get the new warez version, but those who don't care if it costs 100$ for an OEM WinXP tend to fork out money and ask us to fix the damn thing for good. They have used a pirated copy earlier because they felt that the 100$ was 'wasted money' - pirated copy worked just as fine. As soon as it suddenly doesn't work just as fine, they see value in tossing the 100$ at MS.
only for critical issues (Score:3, Interesting)
The fact is that piracy levels are there. If updates against these critical security issues are not publically available, then the infected pirated machines are a social nuisance. These people are unlikely to buy a legitimate version anyway.
However, it should stop at critical issues: anything related to bug fixes or performance or reliability issues only available to licensed users.
Look at some of the AV companies: they do provide free disinfectant tools for critical issues: you can download and use these even if you are not the AV customer. However, if you want true AV support, then you do need to buy the product for the licensed updates.
Re:Hey lets support the thieves! (Score:5, Interesting)
I totally agree, however Microsoft should horon their "pirates." After all, if it weren't for the people who illegally copy and distribute Windows, the Microsoft market share would not be what it is right now. Microsoft owes a lot to "pirates."
-JemRe:What about MSDN windows (Score:5, Interesting)
I quite frequently use them when I have to reinstall friends computers, because even though they already have an OEM copy of XP home it's tedious going through the activation process for Windows, Office, and whatever other crap got bundled with the computer. They paid for windows with the computer, they get windows. I don't have any ethical problem with it.
Yes we should all pay for this too (Score:3, Interesting)
this seem only fair since providing service to pirates will only encourage piracy and shrink their market share. On the other hand since you get value out of not being bombarded with viruses and virus spawned spam you of course are happy to pay this small fee even if you install linux.
what do you think? How much would you pay to get MS to do this?
Re:Well (Score:5, Interesting)
One of these days Microsoft is going to get nailed by a "innocent third party" law suit and then the avalanche of law suits will start.
Re:Hey lets support the thieves! (Score:5, Interesting)
It is the same scheme crack dealers use in schools and IMO it should be prohibited. If you do not enforce a license you must lose your rights as entitled by the license.
Re:Read carefully (Score:5, Interesting)
A EULA is not as binding as a contract is. They can say whatever they want, but they're limited in what can actually be enforced. They can make you stop using the software, and not too much more.
And they won't want you to stop using Windows, because then you'll have to use something else.
it is no prob to use windows update (Score:2, Interesting)
as soon (or slightly before if memory serves?) their was a number of work arounds for the 'keys' m$ disabled with SP1,
I have a large number of 'friends' running XP pro with corp 'keys' and all have been able to use windows update without much difficulty.. other than changing keys for SP1 but no biggie.
of course for the slightly less 'advanced' warez copy users out there they may have difficulties.
As long as all the people in China and other SE Asian countries refuse / can't afford to pay M$ prices for software 'fixes' for m$ anti piracy efforts seem likely to presist. M$ can 'raise the bar' for how much work it is to successfully pirate and then update their os
Clean the web (Score:4, Interesting)
Yet I see that the point is that MS is making a mistake in not giving security fixes to everyone.
Here's why: There will be millions of pirated XP's also in future. They will have trouble in fixing their system. During that period they are harming the network experience of all of us. And they do have a significant effect, because of their huge amount. Finally they find a solution from firewalls or installing other OS's, such as Linux or OS/X !
If 50% of worlds PC's carry pirated XP and 10 % of those will end up in moving to Linux, we will have quite a boost for Linux ! I don't mind that..
Great opportunity to blame the pirates (Score:5, Interesting)
Something to think about (Score:3, Interesting)
Re:What about MSDN windows (Score:3, Interesting)
NT Server product key accepts all 1's (Score:3, Interesting)
Re:Well (Score:5, Interesting)
This reminds me of the immortal words of Steve Ballmer:
"I'd rather have someone using a pirated copy of my software instead of a legitimate copy of someone else's."
Re:The obvious answer is no, but it may not right. (Score:2, Interesting)
You are very much mistaken. Microsoft, like any other company, can only function as it does by the grace of our civil society and its rules. Among which, the rules that protect (to an absurd extend imo) Microsofts intellectual property. Pirated copies are only pirated copies because we as a society say so, not because MS says so. Same goes for private property in general.
MS, and all other companies that profit from the possibilities and protection our society gives them owe that society.
They sure as hell have a civic duty. As do we all.
Re:Hey lets support the thieves! (Score:2, Interesting)
There is a problem with that. I don't call myself a Lixux zealot, and in fact, I triple-boot XP/ME/Mdk 10. I live in a dorm where I know of at least two people on my floor alone who have snaked copies of XP Pro. I try to convey to these people that Linux is out there and is free, if they really don't want to pay for XP. Yet, I get the distinct impression that their motive for snaking XP isn't just to have a free OS, but because they are used to Windows, and have this need to conform to the majority of the online population. They probably believe it to be uncool to use Linux.
I also think they would have an illegal XP if just to feel rebelious rather than play it safe and have Linux on their computer. So I don't think pointing them to legitamite free software is going to get them to dump their illegal copy of XP.
I find it odd that in America, we have goals of individuality, yet, some people choose to let the majority overly influence their choices. They do everything that 75% of Americans do because they want to express their individuality. Do I smell a contradiction here?
Re:Support (Score:2, Interesting)
A stolen car which poses a danger to legitimate road users will normally be removed from the roads fairly quickly if it is really causing a problem, thus removing any threat an unroadworthy stolen car can pose to other road users and, importantly, in a way which does not disadvantage legitimate road users.
A pirate copy of XP will be used regardless of it being infected by many virii (Sasser excluded seeing as it shuts down most infected PCs
Eventually a there will probably be at least one flaw affecting each of the most popular ports. Blocking these would render the internet effectively useless, so unless another better method can be found, we have the choice of either blocking EVERY access to potentially vulnerable (ALL) services, or we allow infected PC's to remain, putting an unnecessary load on networks worldwide and eventually most likely destroying said networks.
User base (Score:2, Interesting)
Should they provide support to people that pirate their products? No. But if it means losing out on their user base; shouldn't they?
Re:Yes we should all pay for this too (Score:3, Interesting)
Maybe Microsoft should be charged for every byte of bandwidth that their stupid programming practices chew up when one of these viruses run rampant.
This would force Microsoft to clean up their act. They might actually start thinking about security instead of just paying lip service to it. Then, whether copies of Windows are pirated or legitimate, we just wouldn't have to deal with as much crap on the Internet!
Re:What about MSDN windows (Score:4, Interesting)
Why? RedHat decided to make people pay for service, and considered compiled updates part of the service. Fortunately they still follow the "Always Open" part, and you can download all of RedHat Enterprise Linux & build it yourself. (Why someone would do that, and not just run gentoo is beyond me. (Maybe they like messing with RPMS & they annoynce they are to rebuild & install?))
Yeah, it is an issue that should be addressed, but people have already. As many people have pointed out: Corperations are often not very wise. (case in point: Red Hat canceling their desktop version, which has led people to change distributions very quickly)
However, what obligation does Red Hat have to provide those that they don't have a contract with updates? They and Microsoft don't. (Nor does anyone who uses BSD or GPL software: your warranty was where? and your contract was what?) It's just that people who write software or package it tend to not want to have their reputation on security sink to as low as IIS or genuinely want to help others.
Updates are readily available (Score:2, Interesting)
I have then made CDs containing Symantecs Sasser removal tool and the hotfix for both Windows 2000 and XP and made copies to pass around to friends and family that still run Windows.
So even if Windows Update requires a valid key for Windows XP users, the updates are still readily available. Albeit, not quite as easy as Windows Update, but if you run pirated software, you deserve to suffer just a bit.
Re:Yes we should all pay for this too (Score:2, Interesting)
Windows PR (Score:3, Interesting)
Personally, if I were a PR at Microsoft, I'd be giving those patches away. The less overall damage systems running Windows would get because of security exploits, the best the PR. Furthermore, it would allow me to give the possibility to give the "we care" speech...
On the other hand, as an Open Source advocate as I am, I believe these issues should be exploited to the maximum. Not only is most Open Source software more immune to such problems but the patching speed is of critical importance for most enterprise users, and as far as I'm concerned, that would be the main entry point into the household.
Re:Yes we should all pay for this too (Score:5, Interesting)
Re:Microsoft is not a charity (Score:3, Interesting)
Re:Yes we should all pay for this too (Score:3, Interesting)
So, even having the key, you would still be illegal.
You can be very sure Microsoft have ways to track the license number so the reseler.
We're not the only people wondering about this... (Score:4, Interesting)
He didn't exactly have an answer, other than to say they were still looking at the problem - but from what he did say MS is acutely aware of the problem.
I think my solution would be to allow security updates only. During this trip I had a long discussion with a pile of MS executives about community and /. came up more than a couple of times in the conversation ;-)
Re:And the truth comes out on Slashdot... (Score:4, Interesting)
The other side of the argument is that Microsoft should have no obligation to support illegal copies, and indeed should reduce the functionality of illegal copies in order to encourage people to buy a copy instead; this is the philosophy MS currently follow, to some extent, by having Windows Update and service packs not install on copies with a bad CD-key.
The problem with using patches as an area of reduced functionality is that most people don't particularly care about the security of their computer at the best of times, so it's not a big deterrent to illegal copying; at the same time, illegal copies getting worms and such affects everyone on the Internet, whether they're illegal Windows users, legit Windows users, or not even using Windows.
(There's also the argument that Microsoft have tacitly encouraged illegal copies in the past in order to get more market share, which I think might be what you're referring to, but the above applies whether you believe this or not.)
Microsoft should set the updates to automatically remove the operating system from anyone who is not a legit user
False positives under MS's current policy are merely an annoyance, but if they followed your policy and their warez-detection algorithm got any false positives whatsoever, it'd wipe the OS of a legit user - I for one wouldn't appreciate that. Microsoft have, um, a bit of a reputation problem as it is
I can't imagine it would kill that many warezed copies either (once word got around), it'd just encourage anyone with an illegal copy not to install patches, and since that has a negative effect on the rest of the Internet, it'd be irresponsible.
*** now talking on #hypothetical-warez-channel - Topic: Get your XP isos here!
<w4r3z-k1dd1e> don't install yesterday's critical update whatever you do, I got burned by it
<@l33t_d00d> how's that?
<w4r3z-k1dd1e> it deleted my OS!
<w4r3z-k1dd1e> had to reinstall it
<@l33t_d00d> lol, didn't you know?
<@l33t_d00d> some of the patches do stuff like that
<@l33t_d00d> safest way is to skip them all
<w4r3z-k1dd1e> doesn't that make your pc not secure?
<@l33t_d00d> heh, whatever
<@l33t_d00d> that's what *they* tell you
<w4r3z-k1dd1e> ah, k
*** l33t_d00d has changed topic to "Remember kids, patches are for the weak"
Is that really what you want the warez kiddies to be thinking, and if so, would your answer change when the next Code Red/Nimda/Slammer/Sasser/... turns up?
Re:Of course (Score:3, Interesting)
It would be very nice if that was true, but it is not. Neither Windows, nor OS X, nor Linux can work connected to internet without regular patching - this is reality of software development. You can setup a firewal, but you still have to patch IE or Mozilla, probably Office or OpenOffice, etc.
In current state of the art, patching is like oil change and other regular services.
Unlike Ford, which has to guarantee some minimum safety features, neither Windows, nor OS X, nor Linux guarantee you anything. And obviously, Ford would not be liable for accident which happened to a car which went 50k without an oil change.
Anyone using MS-software is subject to MS-policies (Score:4, Interesting)
If you don't like their prices or their conditions turn to the alternatives.
Re:What about MSDN windows (Score:3, Interesting)
This is what we call "market forces".
Like many things in the real world, they don't act at "Internet speed"...
Re:Well (Score:4, Interesting)
why do you assume they won't just switch to paid Windows?
"damn it sucks, my windows doesn't work anymore, all this worm stuff on it makes it really fucked up, i can't patch it 'cos, well, its pirated"
"hey man, just try this CD, it's got this great OS on it and it's called Linux, sorry I mean GNU/Linux, and not only are the security updates free, the entire OS is free and legal!"
##next day##
"hey, man, i dunno what the thing is that you gave me, but i dunno how to use it, and they tell me none of my (also-pirated) games work on it, so i'm gonna go to the store now and cough up that money for windows, thanks anyway"
you're rated +4 interesting now, but it looks more like +5 wishful thinking. there's a whole ecology around windows that doesn't go away. unless linux can become in some way a "drop in replacement" of windows (distribs with WINE bundled are headed that way but is not there yet, and MS may yet find a way to stop it), any switchers-to-linux will be negligible.
best of all, winxp's firewall WILL stop most of these worms, so whats most likely gonna happen is these guys are gonna 1. reinstall, 2. live with an unpatched pirated windows but with the firewall on.
Re:What about MSDN windows (Score:3, Interesting)
That's a little trick we engineers like to call math. See, there are as many computers in asia as there are in the rest of the world combined. Add to that the fact that Microsoft has admitted to leniency in pirating and the fact that business people KNOW that in Bangkok they can buy a burned XP cd for around 8$ and you can easily believe the original statement.
If the original statement said something to the effect of "yeah on my network its just the chinese people that get viruses", that would be racist. But pointing out that the largest distribution of computers is statistically likely to have the largest distribution of viruses.
Re:ISPs should take responsibility for their netwo (Score:2, Interesting)
I used to be a nasty pirate myself, until I saw the light. MS enforcing their 'rights' can only be a good thing, since it will shy people (at least people from poor countres) away form their products, thus making the internet safer. But for now it is simply wiser to give updates to the pirates.
cheers.
Pirates Could Pay MS, Get Updates & Amnesty (Score:3, Interesting)
Re:OS racists! (Score:4, Interesting)
Re:What about MSDN windows (Score:2, Interesting)
I guess the same thing could happen with WindowsXP...someone generates your key and then you look like the pirate because to the microsoft servers, this key is showing up on two [or more] computers.
So, imagine how you, the legitimate consumer would feel being denied updates and accused of being a pirate because of a real pirate.
ARRRGGGHHHHH! Darn crooks.
I can't believe this question even deserves... (Score:3, Interesting)
YOU DIDN'T PAY FOR WINDOWS hence they DON'T OWE YOU SHIT for support, why is this so hard to understand.
Yes, they shouldn't be allowed updates (Score:1, Interesting)
Re:Of course (Score:2, Interesting)
I think that offering working upgrades to pirates is more like offering clean needles to IV drug addicts rather than free oil changes to carjackers -- it's in everybody's best intrest for them to be free of AIDS or other diseases transmitted by needles. Even though they're breaking the law by taking illegal drugs, it's certainly a much better policy to offer the needles than to let AIDS act as a deterrent to illegal drug use.
No updates for pirates-no music for downloaders? (Score:2, Interesting)
I STILL don't get why people think downloading is their right and stealing is OK.
Re:Well (I completely disagree) (Score:3, Interesting)
Faulty products are faulty products. If Microsoft fails to offer a repair to a product it knows is defective. Unlike the stolen Ford, our pirate friends may have tried to get the patch and were denied it. Microsoft now has knowledge of a defective instance of the product and has knowingly refused to make the necessary safety corrections. Regardless of the legal status of the ownership, the product liability remains. The fact that the "product" is digital is what makes it not quite fit the traditional product mold. All the disclaimers won't help either,as known defects _will_ make you liable no matter what. As a PE, if I say in my contract "that's not my responsibility" but the "not by me" design is clearly faulty, I'm still liable.
If they can prove it has been stolen from them, they should notify the autorities of the theft and have the product returned to them for repair or destruction.
(I'm not advocating piracy - I have legal copies of XP - but making a patch unavailable is wrong. How would you get the sasser patch if your inet connex was down due to sasser? My parents couldn't, because I couldn't get the patch and write it to disc for them, and they own a legal copy of XP home.)
Re:Beta versions and corporate license CDs (Score:3, Interesting)
However, he claims the numbers are not copyrighted nor trademarked, so the law does not forbid posting them. Since it seems he has published them for some time and still not directly been sued by Microsoft, this might actually be true.
Re:Well (Score:3, Interesting)
Funny as the way I recall it seems the software industry in general through the power of EULA's require you to not hold them responsible for anything even though you are a paying consumer. One of the only industries that I am aware of that you can do this.
I believe the _only_ obligation is to its share holders. I may be wrong however...
Re:Yes we should all pay for this too (Score:5, Interesting)
Nowadays people use it to refer to the fact that you can't buy a major brand PC without Windows installed. Even IBM, at one point, who were competing with MS with OS/2, wouldn't sell you a computer without Windows. That had to do with the cliff pricing tactics MS used.
It's still hard to find a major brand you can buy "naked" or with an alternative OS. I know a bunch of idiots are going to respond about how that's not true, that you can buy a Dell, for example, with Linux - but I said it's "hard", not impossible. They do not make it easy.
Notebooks are the worst.
So often enough people who might run an alternative OS will buy a prebuilt system with Windows on it, even if they don't want it.
In other words, MS makes money off of almost every prebuilt PC sold (probably upwards of 99%). That's the MS tax.
Here's another one for you - let's say you bought a prebuilt computer with Windows XP. One day after the warranty expires, you spill coffee on it and fry it, and decide to just buy another PC - now you've bought two licenses of Windows XP but only use one. Yes, again, you CAN build your own PC or find a "naked" one somewhere, and then you can give MS all your private information over the phone, trying to explain you had to replace your computer all the while they think you are a pirate, but most people just buy the pre-built system and pay the "MS Tax".
Any geek can easily avoid it, though, and since most users of alternate OS' are geeks, I fail to see the big deal. Of course, if we hadn't fought it for years and years, you still wouldn't be able to buy a naked PC.
Re:Just pirate the patches (Score:2, Interesting)
Fact: professional software costs a shitload of money that most home users can't afford.
Fact: using pirated software builds both familiarity and brand loyalty
Fact: most free software cannot hold a candle to the commercial software it attempts to emulate (see GIMP vs Photoshop argument)
Keeping those three points in mind, companies like Microsoft and Adobe secretly don't care that you didn't pay for your copy of Windows or Photoshop.. it's the perfect scenario: Person pirates sofware. Person feels like a rebel and is doubly excited to use it. Person learns software and becomes dependant on it. Person gains employment. Person's employer purchases software for person to do their job. Software company profits. Simple as that. Piracy sucks for game companies, but in my opinion really helps large software powerhouses.
-Rylfaeth
Re:Yes we should all pay for this too (Score:2, Interesting)
Unfortunately google searches don't have it where I can find it easily.
True but irrelevant. Attractive nuisance. (Score:3, Interesting)
That's true. But it's also irrelevant.
Once the exploits are out there, the only ways to make them STOP trashing the net (short of taking out the machines) is to apply the patch. Blocking distribution of the security patch to unlicensed copies insures there will be a much larger number of infected machines chattering away than if it is open.
Selling millions of copies of software that is susceptable to infection and expecting them to remain uninfected is like laying out millions of uncovered petri dishes full of culture medium and expecting them to remain sterile. If nothing else, Microsoft bears some of the responsibility according to the doctrine of "attractive nuisance".
In case you're not aware of it: Consider a chemical company that keeps concentrated sulphuric acid in an uncovered, unfenced, outdoor tank that looks like a swimming pool. Is it the chemical company's fault if, some summer afternoon, some neighborhood kids jump in and/or push each other in? In US law: Absolutely!
By deploying a massively virus/worm susceptable system Microsoft has created an attractive nuisance. Yes the primary responsibility for damage when it is exploited rests with the exploiters. But when they "light a fire" that starts an ongoing process of consuming the neighborhood, it's Microsoft's responsibility to help put it out.
And it's in Microsoft's interest to do so, before somebody wises up and starts using the attractive nuisance doctrine to make them pay for the damage.
Re:Hey lets support the thieves! (Score:2, Interesting)
That will install updates.
Yes, I patched DCOM on a machine without SP1
this way.
Re:Yes we should all pay for this too (Score:3, Interesting)
At the moment I'm typing this on a Sager NP4780-S which I bought four months ago. Besides being a far better machine than almost anything sold by the likes of Dell or HP, I ordered it without an operating system. It took me about 30 minutes of screwing around online to locate it and make my decision.
Re: The Economics of Piracy (Score:2, Interesting)
that @$(*& really adds value, doesn't it? (Score:4, Interesting)
We still got audited. So we had a double penalty of staff time: fix the problem before the audit, then prove it was fixed. Neither case advanced the organizational mission. It was pure loss, friction . All the time I was doing that, I wasn't fixing things that were broken. I wasn't making the net more secure. I wasn't installing new things.
I will grant that a company can set the terms of use for their products as they wish. They should be aware that hamfisted, user-hostile enforcement mechanisms like this are driving customers like me away. At comparable functionality, even with higher costs, I prefer the Free as in Speech solution.
Should I experience a difficult implementation due to lack of developer/test resources in an Open Source project, I experience necessary pain. That is to say, any problems I have with getting it working are a natural result of the state of the project I'm working with. Licensing friction is unnecessary pain. It's the unnatural result of the developers going out of their way to put up obstacles.
Unnecessary pain hurts way more than necessary pain for similar stimulus levels.
Gotta say, props to the commercial software outfits that have simple concurrent licensing setups that actually work. It's the ones that suck that cost you future business.