Microsoft Blocks Pirates From Security Essentials Software 291
CWmike writes "Microsoft will block users running counterfeit copies of Windows from installing the free Security Essentials antivirus software, said Alex Kochis, director of Microsoft's Genuine Windows team, in a post to a company blog. On-again, off-again debates about the wisdom of blocking security-oriented downloads like patches or defensive software have centered around the argument that Microsoft should protect all users, including pirates, since hijacked PCs threaten the entire Windows ecosystem. In this case, though, one analyst isn't buying that line. 'I can't see any justification for making Microsoft give away Security Essentials [to counterfeit Windows users],' said John Pescatore, Gartner's primary security analyst. 'Those people have many other choices, including free. There are plenty of alternatives to Security Essentials,' he said, adding that that makes a difference. Windows patches, on the other hand, aren't available from anyone but Microsoft."
Herd immunity (Score:5, Informative)
I strongly suspect the same concepts would apply to computers, and allowing pirates to have this protection would indeed provide greater security to ALL the unprotected windows users. Thus, the choices for MS are 1) increase security for all users (paying or not) by allowing even pirates to download in order to increase the protection via herd immunity or 2) increase company profit by trying to coerce hackers into buying a copy by not allowing them this download. Since the latter will never happen, all MS is really doing is simply missing an opportunity to increase security because they *think* they can increase profit. Alternatively, maybe they think they are simply teaching those pirates a lesson, but sadly it would be at the expense of others.
Re: (Score:2, Interesting)
I strongly suspect the same concepts would apply to computers
Unless there are viruses around that attack random IP's. There's no biology equivalent to that. And with p2p (and implicitly pirating) these attacks might not even be detectable. If your computer makes and receives 50-100 network connections per minute legitimately, who's going to notice a couple more?
Re:Herd immunity (Score:5, Informative)
What?
More infected machines = more machines doing said attacking
If you have 1 machine infected, you have 50 connections. If you have 10, you have 10 fold the number of connections, which makes it easier for them to find the 25% of machines (that's a steady number) that are unprotected. Reducing the number of machines able to be infected reduces spread rate, which increases security since those who do get infected can get rid of it before it finds another host more often.
In biology, that would be the equivalent of changing the time between the symptoms' appearance and the patient's becoming contagious, assuming symptoms come before someone is contagious. If you have a longer timeframe, the virus is more likely too be killed before it infects someone else. The same applies here, in exactly the same way.
Re:Herd immunity (Score:5, Interesting)
The biology equivalent would be if someone sneezed in Beijing and you got the flu in Denver.
Re: (Score:2)
That happened to a cousin of a friend of a close friend of mine!
Re:Herd immunity (Score:4, Interesting)
Reducing the number of machines able to be infected reduces spread rate, which increases security since those who do get infected can get rid of it before it finds another host more often.
You forget that geometric progressions don't much care for the spread rate. Let's assume a few things:
1. We want to query every single IPv4 address space (brute force and stupid, since only a little over 2^27, 75%, is actually in use in some fashion).
2. We're going to say that 90% of the machines out there run Windows. Actual estimates vary.
3. If an infection is timed correctly, even an out of band emergency patch will hit less than half [theregister.co.uk] of all machines. So, a worm has 30 days to spread between Patch Tuesdays.
4. For the sake of simplicity, I'm going to assume everyone's bandwidth is a mere 10KB/s bidirectional.
5. Also for the sake of simplicity, I'm going to say that it takes 10KB of data to probe a machine to see if its infected.
6. At any given point in time, I'm going to say only 5% of machines on the internet are accessible (turned on, and can receive connections). I have no factual basis for this -- it's an assumption.
So based on 4 & 5, I can make 1 probe attempt per second.
Last, a disclaimer -- I do not know much about statistics. If I made a mistake, sorry.
So, in a day, a single machine can probe 86,400 IPs, probing the space in a random fashion. Of those, 64,800 (75%) are "in use" in some fashion. 58,320 (90%) of those run Windows. And 2,916 are turned on and receiving connections. 1,458 (half) are unpatched for the first 30 days of the spread. It manages to infect 2 machines in the first hour it runs (rounded down; is actually about 2.5) The next hour, 6.25 machines are infected, and so on and so forth. In 24 hours, 3.5 billion machines have been probed and infected.
Geometric progressions like this are the reason why statistics like "An unpatched windows machine directly connected to the internet is compromised within 8 minutes" exists. The premise "Reducing the number of machines able to be infected reduces spread rate, which increases security" is not valid -- because the spread rate is almost completely irrelevant. Even if I say only 1 machine per hour is infected, in just over 30 hours we have the same number of infected machines -- even though we cut the rate from 2.5 to 1.
If you want to make a difference -- reduce the window of opportunity; PATCH NOW. The rate is wholly irrelevant.
Re: (Score:2)
AIDS(the S is for syndrome, it's not a plurality) is only unique due to it's spread (as HIV) in bodily fluids. How does this make it's spread different?
It could be argued that there are no individuals who are immune to HIV. The number of cases of HIV are centered around Africa, and there aren't enough cases for ruling out the possibility of immunity. Either way, one could consider proper education a form of immunity.
Re:Herd immunity (Score:4, Insightful)
Herd immunity works in biology because the distance to travel to another unprotected host is too far or takes too long for the virus to survive floating around. But with networked computers that isn't really an issue, is it? It might take a little longer to scan ports on more addresses but for an automated virus in a computer whose owner isn't patching it anyway, this isn't a big deal. Everyone who thinks they know better feel free to contradict me, I'm just speculating:
Re: (Score:2)
Re: (Score:2, Insightful)
Re:Herd immunity (Score:4, Interesting)
Yeah, i keep hearing that repeated. "you are more likely to be infected using cracked software"
I've pirated (and bought) a large variety of software in the last 15 years. And the one time i have ever been infected. it came from a piece of commercial software right on the cd.
The 'pirates' and cracked software are WAY more trustworthy than any company out there. It only takes one or two bad comments to make people avoid using that cracked piece of software. With commercial software it takes thousands of bad installs before it makes the news and people avoid a bad piece of commercial software.
Just having a more tech savy audience the cracked software will be subect to far more scruntity than anything you'd buy off the shelf.
Re:Herd immunity (Score:4, Insightful)
You are essentially trusting a complete stranger (from the internet no less) with no responsibility, visibility, or accountability, and running an unknown executable. That is not safe.
Even the cracker/warez websites themselves are typically loaded with malware, spoofing/phishing attempts, etc.
They have a bad reputation for a reason.
Re: (Score:2)
What sites are you visiting? If you're getting malware/trojans, it's because you're visiting the sites of spammers/scammers who just happen to be offering hacked versions of other people's cracks as a come-on, much like some fake porn sites. Their sole aim is to rip people off and make money.
Real hackers/crackers don't put trojans and viruses in their releases, obviously.
Re:Herd immunity (Score:5, Insightful)
These "cracker/warez websites" you mention is a different matter, they have nothing to do with the actual crackers - no reputable cracking group has a website where they release their (illegal) stuff, everybody knows that. On a site like that you're just as likely to find infected OSS, anything that they think clueless newbies will download will be infected.
Re: (Score:2)
Actually,
Re: (Score:2)
There is no way MS's security software is going to sweep over the market. Even 15 years ago when Microsoft put in MSAV into their release of DOS, it did not dent sales in Norton's product. In fact, it actually helped the industry because Microsoft set the baseline that all other AV programs have to leapfrog.
MSE also doesn't cover all bases that third party vendors do. For example, if I have to deal with someone's PC that is infected and they don't have any media with them, there is a good chance that wit
Re: (Score:2)
I was actually surprised that Security Essentials found two trojans that both AVG Free and Avast! missed - so I suppose a single free scanner probably isn't going to be enough.
Re: (Score:2)
These days , there is barely a difference in protection between free and paid versions.
They use the same virus databases.
The only difference is the interface , and the rate of updates.
AVG works fine for me.
I agree with Pescatore, but... (Score:3, Interesting)
He's right in that many people who have the tech-savvy to pirate a copy of Windows will know what their options are regarding anti-virus.
On the other hand, how much does Microsoft actually stand to lose when it comes to giving this away?
I'm willing to bet that they ran the numbers... "how much will the bandwidth cost us" vs "how much do we lose in good will by weakening the herd immunity".
Now that would be an interesting (read: evil) spreadsheet to look at :D
Re:I agree with Pescatore, but... (Score:5, Insightful)
Re:I agree with Pescatore, but... (Score:5, Insightful)
I know I may be a bit utopian in my thinking, but wouldn't giving these users a good customer experience (as Microsoft calls it) the best way to convince them that they should in fact go out and buy the software - perhaps not even now, but the next time they upgrade their systems?
No, it would more likely convince them that "hey, I got this great customer experience without even ever spending a dime, why spend money for what I can continue getting for free?" Not that I disagree (or agree for that matter) with allowing pirated users the option to use the software, I just think your logic is off.
Re:I agree with Pescatore, but... (Score:4, Interesting)
Re: (Score:2, Insightful)
I'm not sure what your point is. I'm using the RC Windows 7 right now. It was free, but it's also supported. I installed MSE yesterday.
We're talking about pirates who aren't using the free RC. We're talking about habitual pirates who pirated windows 7 in the face of a free release candidate. They deserve to get a virus.
Re: (Score:2)
I have paid for Mandriva in the past.
It helps if you limit something to paying customers. PCLinuxOS (stupid name, not a bad product) has a faster repo to which updates are rolled out first for those who pay. I quite like that model as a customer, but none of the other distros do.
Re: (Score:3, Insightful)
He's right in that many people who have the tech-savvy to pirate a copy of Windows will know what their options are regarding anti-virus.
Yes because only computer geeks have pirated copies. There's a lot of people out there who don't know that they even have a pirated copy. Computer illiterate people often find help through shady repairmen, friends or relatives. These people come in find that Grandma didn't keep her license key or CD's, but the computer obviously came with XP. So they do her a favor, by reinstalling a pirated copy of windows but they're not there for longterm support.
Re: (Score:2)
What the hell does that mean? They can't read the screen?
Re: (Score:2, Insightful)
"This message came on my screen, I don't know what to do!"
"What does it say?"
"I don't know, I just clicked ok!"
Re: (Score:2)
Living in a country where no-one (not even corporate users) pays for Windows it is certainly true that its not only geeks who have pirated copies. I doubt most users even think about it.
Expecting end users to keep license keys is not reasonable. They do not understand what they are or how they work.
Enlightened self interest (Score:4, Insightful)
Microsoft would be just protecting their own reputation when unknowing users of pirated installs are complaining less about Windows instability and others see fewer attacks from zombie farms. If you created a problem such as IE6, you should do everything in your power to solve it rather than ranting about others. Good for karma, good for pocketbook.
Re: (Score:3, Insightful)
Exactly. MS gives out free security tools, we don't sue them for making the stuff insecure in the first place when the zombies DOS our servers.
I sort of agree (Score:5, Insightful)
John Pescatore makes a good point. AVG, Avast, etc... are all free antivirus. When MS withholds patches, it can lead to stronger botnets and ID theft. However, antivirus applications are plentiful and the money MS will be investing in this thing makes them justified in not wanting to simply give it away.
As much as I hate to say it, I won't blame Microsoft for this move.
Heh (Score:3, Funny)
And, if your hacked bootleg Windows system went online to pay for a legitimate key, that would be "priceless".
Re: (Score:2)
They are giving it away, just not to pirates. I don't see the distinction as particularly meaningful.
If the analyst's comments are indicative of Microsoft's thinking, I'm not sure I understand it. "It's important to protect PCs from viruses that harm everybody, so we're going to go ahead and give patches to pirates of the product we're selling. BUT WE
Re: Give them the AntiVirus (Score:2)
Re: (Score:2)
It's called an "incentive to purchase".
Get Microsoft out of the free OS market. (Score:3, Insightful)
Pirating is illegal.
Pirates are only ones really complaining.
Pirates switch to Linux
End of problem and it will takes windows out of the Free OS market.
Re: (Score:2)
Pirates do it for games and movies. Good luck with that.
Re: (Score:2)
Yeh but good PC games really only work well in windows; not that I want it that way, but its reality. (I run linux, guys. Please don't tell me about the poor-ass shabby junkjob programs that resemble games on linux.. i've tried them and they generally suck).
I'm very glad to see the console market consuming gaming; it will have a noticeable impact on the number of MS OS installs in the future for sure.
Re: (Score:2, Insightful)
>Yeh but good PC games really only work well in windows
The existence of "good PC games" is a matter of opinion.
Re: (Score:2)
The existence of "good PC games" is a matter of opinion.
Don't look at "good" then, look at the sales figures and/or player base - those are objective, and will tell you all you need to know.
Re: (Score:2)
Opinions are just like assholes. Everyone has one, they all stink, and the biggest assholes stink the worst. Unless you have a fetish, and happen to like big asses.
millions of opinions != and !> my personal opinion
Linux rocks, windows sucks, and precious few games have ever been published that were worth ten bucks, let alone the sticker price. For guidance, Age of Empires was worth about 7 bucks, and AOE sequels might be worth a dollar each.
Re: (Score:2)
Re: (Score:3, Interesting)
Re: (Score:2)
Pirates switch to Linux
End of problem and it will takes windows out of the Free OS market.
Someday - and it can't come too soon, to my way of thinking - the geek will understand why OSX and Windows own 99% of the desktop.
The pirate gets his free OS.
The honest Joe who shops for Windows or the Mac is in the market for a household appliance or an office workhorse sold under warranty.
The attractive OEM hardware and software bundle. Factory tested. All hardware and software issues resolved before it ships.
No g
If I were a Pirate... (Score:2)
And the same folks that abuse the word "pirate" get all bent out of shape on the whole "stealing vs copyright infringement" argument.
Re: (Score:2)
"Making copies without explicit permission of the copyright holder is also illegal under Copyright law."
This is what the "IP owners" would like you to believe. In fact, it is legal to make a backup copy, or more accurately, a "working copy" for use at the desk, then put the original disk into storage for safekeeping. This helps to protect against theft, amongst other things. Someone steals my disk, I just go to storage, make a new "working copy", and put the original back where it belongs. In storage.
Re: (Score:2)
Who exactly are the going to be blocking? (Score:5, Interesting)
Anyone running pirated versions of the OSs eligible for MSE will probable have cracked WGA, and will be able to install this if they wish.
Pirated AV is much more detectable (Score:2)
An antivirus is useless without constant updates, which makes it relatively easy to reveal cracked copies and/or duplicate serial numbers.
In fact, I see a number of people here in Russia who pay for the AV but not for Windows, Office, or e.g. Photoshop. Why? They are tired of constantly searching for cracks and getting infected in the meantime.
Now those freeloaders are given a choice: a pirated OS and paid-for AV, or a paid-for OS and a free AV.
Smart move.
Re: (Score:2)
That, and those running legitimate versions of Windows who had to crack WGA due to false positives. I've helped fix a couple of installs now, which I KNOW were legitimate, but which got the black counterfeiting desktop of doom. One was an HP just out of warranty, run by a clueless user who hadn't done anything other than surf, email, and play solitaire.
When I get calls from a panicked friend because they did everything right, had a good AV, anti-spyware, used firefox, and never did anything risky,
Re: (Score:2)
Further translation, with a subtraction of sensationalism:
Even the betas of this software performed a WGA check at installation.
That the released version continues to perform WGA checks does not constitute news.
So there's really nothing to see here.
A good way to punish pirates (Score:2, Insightful)
...and allow for the propagation of viruses at the same time.
This OS will self destruct in 5, 4, ... (Score:2, Interesting)
Windows XP (Score:3, Informative)
my only option if I don't already have a legitimate copy is to pirate it, given that you can no longer purchase it.
(granted I could still buy Vista with downgrade licence... but I don't want to pay for something I will never use)
Re: (Score:3, Funny)
granted I could still buy Vista with downgrade licence.
Granted I could still buy Vista with a upgrade license .
There, fixed that for ya!
Re: (Score:2)
That took all of 3 seconds to find.
Piracy love/hate (Score:5, Insightful)
The problem is microsoft has a love/hate relationship with the pirates. They have an absolute need for piracy to be possible but not to become attractive enough (in the first world) to become popular enough to eat into their profits overmuch.
Think about it, Microsoft could eliminate 99% of piracy overnight by using harsh copy protection combined with mandatory Genuine Advantage plus a couple of targeted logic bombs launched against a few of the more flagrant pirate copies. Problem is most pirates these days either built their PC from scratch (else they would have been force fed a license) or bought a PC from a pirate. The DIY crowd is too influential to piss off and what they are doing already stops the bulk of the chopshop pirates in the developed world. If they make pirate windows too unstable in the third world where it is popular they simply can't pay so would be driven to look for alternatives.... and would find them.
So this move is easily understandable, it gives the pirates a nudge but won't overly annoy any of the major groups who pirate. The DIY type who pirates Windows because those guys pirate everything just for fun will have little trouble finding cracked copies of whatever they have been using. At all appearances nobody in the secondary markets updates anything on their damned machines already, considering how much crap spews out.
Re: (Score:2)
Re: (Score:2)
Re: (Score:3, Insightful)
Agreed, Microsoft are like Adobe, they have a love/hate relationship with warez pirates. Adobe actually tolerates piracy to a certain degree, as long as you buy licenses if you do commercial work. When it comes to personal use and learning their products at home, they tend to turn a blind eye. It's good business sense.
Re: (Score:3)
You're kidding, right? The whole DIY crowd could disappear off of the face of the earth tomorrow and Microsoft wouldn't even notice.
Re: (Score:3, Interesting)
Disappear - yes, they may not notice. Start telling everyone that WinXP is insecure and actually have a proof - damn they will care.
*Takes stolen car to dealership for a repair* (Score:4, Interesting)
Everyone can blab on about herd immunity etc but this seems like denying a stolen car a repair under warranty. Systems are going to be used for attacks, it might as well be the pirates systems and not mine. Security these days is more about running faster than your peers, not outrunning the hackers. Microsoft doing this will put paying customers closer to the front of the race. And I am not a microsoft fanboy so don't write some bs about that.
What will everyone want next? Metadata updates for your stolen music from the record companies? As much as I hate some things about companies, you have to draw a line somewhere.
Re:*Takes stolen car to dealership for a repair* (Score:5, Insightful)
Of course, this is all assuming the pirated copy didn't come pre-infected...
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I've heard of it happening, and I've heard of shop owners who've gotten busted for it.
Re: (Score:2)
Then what is the issue. The system either has AV software and it stops the attackers, or it doesn't and they get in. Regardless it is not affecting a paying users system.
Re: (Score:2)
Re: (Score:3, Insightful)
I get your point, but I'm just sayin
Re: (Score:2, Flamebait)
Oh no you didn't. You didn't just say that people should actually pay for things they want on slashdot, did you?
That is absurd and you will be modded appropriately.
------
You want to know what I always wonder? There are probably thousands of people on slashdot that use linux/FOSS, but work for companies coding software for windows only. I always wonder why the workplace turns these big proponents into cowards and they never do anything to make real changes happen that they could *actually* be a part of.
Bu
mind play? (Score:3, Interesting)
Giving this software free to pirates is almost a promotion of piracy - if you get same stuff when you pirate, then there is no downside to do it.
ll
Also, few pirates might feel bad about the fact that their copy is not 'genuine'. And some owners of valid copies might feel satisfied knowing that people who got free ride didn't get the whole package.
Re: (Score:2)
Giving this software free to pirates is almost a promotion of piracy - if you get same stuff when you pirate, then there is no downside to do it.
There's an obvious flaw with that thinking. Pirates and crackers often work together. Why do you think many people prefer cracked/pirated versions of software (or DVD's) to the originals?
When Windows product activation punished me for reinstalling Windows, I decided to get a cracked copy with no product activation/genuine advantage shit. It was so much easier.
And it's practically useless to restrict security updates from "pirates". Pirated windows users who really care about security, just pirate a copy of
Re: (Score:2)
OH NO! (Score:4, Insightful)
Re: (Score:2, Redundant)
http://www.linuxgenuineadvantage.org [linuxgenui...antage.org]
Re:OH NO! (Score:5, Insightful)
Probably not. At bare minimum, this means more botnets members available to spam whatever email accounts you use.
Directly safe? Sure. Same as myself, and a lot of others. But indirectly, this doesn't help anyone but people running botnets. It's far more work to deny security updates to some users than it is to just give them to all users. And it's strategically a poor decision because of the INCREASED risk to the protected machines due to the attacks from the unprotected ones.
If this works, and you push it to everyone, you cut down on spam, attacks on your protected machines, and overall, you make the internet a little better place. And before anyone beats me to it, I know damn well that MS and "make the internet a little better place" don't belong in the same paragraph. Bitterly, I wonder if their goal of destroying the internet had any basis in this decision.
Obligatory analogy (Score:2, Insightful)
Re: (Score:2)
If Ford said they would install free car alarms in every Ford, do you think that would apply to cars that had been reported stolen?
Then some jackass wanders into the conversation and states that the cost to Ford for making the car alarms and hiring people to install them is not equal to the cost of just letting people download something you're effectively giving away for free (or at a very small loss, if you're thinking about bandwidth costs).
And if it isn't about the cost of adding this on, then why would Microsoft be disallowing this? To feel like they're on moral high ground?
Re: (Score:2, Interesting)
Yeah, it would... but when someone brought in a vehicle reported stolen, i'd also expect that dealer to contact law enforcement immediately, when the dealer discovered the report.
Wrong title (Score:3, Insightful)
No big deal (Score:2)
If the pirates want it, they can just get it from wherever they got their pirated copy of Windows.
Not hurting leet hackers, but fools and poor folks (Score:5, Insightful)
I don't see that many pirated Windows installs but the ones I do see are all from poor people who were given a bootleg XP or Windows 2000 disk with no product code and no questions asked. I mean, fair is fair and Microsoft is selling a product as a business not giving away their OS as a charity but in my experience the people they're hurting are the ones least able to help themselves.
The poor people I'm talking about here are usually seniors with little computer knowledge using out of date hardware and single parent families with few resources. They're not buying new computers and $150 for a Microsoft OS is too steep for their budget.
They're not leet hackers laughing at Microsoft, they're simple folk. One little old lady who had her computer in was completely horrified when I told her that her Windows was pirated, she literally had no idea. Our policy is we don't help you once we discover your Windows is pirated for the simple reason that we have no way of knowing what has been done to the OS or what has been corrupted or is missing. In that case she came in a couple of months later with a legal Windows disk she'd saved up and bought and I installed it for her gratis. I know the price tag hurt her though but she would have no truck with illegal Windows.
Anyway, my point is that these folks are for the most part clueless and are ripe targets for botnetting since they lack the knowledge to acquire and keep an AV updated on their own. Free Avast and Free AVG are available to them but without handholding they'd never figure out how to jump through the hoops to download, install and set these up. The beauty of Microsoft Security Essentials is that they've made it pretty much self-running and idiot-proof. Like I said in my post yesterday, I'd push it out to everyone not already running an AV if I were Microsoft. It increases the general health of the Windows eco-system, makes Windows more secure and run better as a result, which in turn makes the Windows experience better for everyone and increases the likelihood of Windows purchases down the road through good word of mouth.
The leet hackers have the tools to look after themselves. If it were just them running pirated Windows, I'd agree with Microsoft and say stuff 'em. It's not though and things look a lot different on the bottom of the food chain; it's those most unable to protect themselves who get hurt the most.
Re:Not hurting leet hackers, but fools and poor fo (Score:5, Insightful)
She is highly unlikely to be reliant on any industry vertical software or anything obscure like that (she probably just wants a web browser and email client), and would be much better off with a free OS.
Non-WGA does not mean counterfeit (Score:5, Informative)
"Microsoft will block users running counterfeit copies of Windows..."
No, try this rewording instead:
"Microsoft will block users not running WGA certified copies of Windows..."
It can be non-counterfeit and yet not registered or certified by the Windows Genuine "Advantage" stuff. It can even be non-counterfeit and REJECTED by WGA.
Pirates? (Score:5, Funny)
What if it was your daughter... (Score:2, Funny)
What if some dope was screwing your daughter and there was nothing you could do about it, but somehow you could magically make him wear a condom. Wouldn't you put the condom on him (magically)?
The freedom is not free. (Score:5, Interesting)
The problem is that Windows is intentionally designed to be easy to crack, as a marketing tool. They wanted it to spread as wide as possible. In former Soviet Union about 99% of Windows are cracked versions.
Now they stop critical updates because they want the bot-nets to grow and make the Internet unusable, because they are losing in the Internet to Google. So they destroy the Internet, and the world is returning to the Desktop.
It is quite possible. For example, I cannot already use the torrent, if I use it, then my provider disconnects me next day for several hours. Crime and punishment.
I begin to see a new meaning in the words: The freedom is not free.
Re: (Score:2)
Microsoft does not need a fast functional network where billions of users can collaborate, use various web-applications.
They need a wild unsafe broken environment, where computers of honest and lucky licensed users will be like Desktop castles in an ocean of evil and malware.
As they stopped critical updates, the bot-nets will find a way to use it to their advantage. It takes two to dance.
Re: (Score:3, Informative)
The problem is that Windows is intentionally designed to be easy to crack, as a marketing tool.
This used to be true in older days, and even XP WGA was a half-assed attempt which was trivially cracked, but it seems that things have changed somewhat since Vista.
I recall trying to find an activation crack for Vista that would also enable Windows Update (i.e. let you pass validation online) about two months after Vista was released ... and yes, they were there - but installation was quite messy, requiring bootloader hacks and such. I didn't really see it improve for a few more months - in fact, some of t
Piracy - good for windows, bad for linux? (Score:3, Interesting)
Wait. What? (Score:3, Interesting)
Nevermind the pirates. They get what they paid for. Giving them nothing makes good sense.
What the hell happened to Windows Live OneCare? You know, paying customers?
What does the MSE release say to the people who paid for that Microsoft AV program, among other OneCare services?
The message is pretty clear: "Pay Microsoft and get screwed." Get your OS software for free, because it is nearly free when you buy a new PC. The entire expectation they are building into the market is "Our product and our word is worthless." Releasing this almost seems like an admission that they can't fairly compete in AV products.
Which also says to me "Illegal product dumping." Symantec and CA should sue them silly. This is definitely not a fair way to enter the AV market, not even for the "free" AV's because it absolutely kills their upsell business. I expect DOJ action, or a joint lawsuit on this. A class-action from the OneCare people wouldn't be out of the question either, if they aren't offering refunds to recent purchasers. This release is criminal, in my mind, and utterly undermines the concept of proprietary software that you pay for because it is worth it.
The message to the end-user is: "Our software is not worth buying." The message to the entire security sector is: "Thank you for covering our backsides for all those years, now piss off."
Ugly. This kind of bad faith could (and IMO should) hurt Microsoft. I don't know what they're thinking out in Redmond. They need to rally around the Windows 7 release, not insult vendors and their paying customers.
--
Toro
This Pescatore guy .... (Score:3, Funny)
seems a bit fishy to me ....
A way to defuse the security criticism on Windows? (Score:3, Insightful)
Everyone knows that MS Windows is the main host of botnets, zombies, and general malware on the Internet. Hardly a month passes without Microsoft patching yet another "critical vulnerability". Unfortunately there are reasons why MS Windows is more vulnerable than e.g. MacOs, Unix, FreeBSD, or Linux. For one thing, MS Windows (until Vista) was never designed from the ground up for multi-user operation, security was ever tacked on as an afterthought, the architecture of MS Windows with its miriad add-on's (that tend to carry out _system_ tasks) and the (deliberately) tight coupling between MS Windows and MS applications conveniently makes for multiple points of attack, and once a process is suborned by an attacker there is nothing in MS Windows architecture that's designed to contain it or stand in its way. That's why we see so many infected Windows PC's on the Internet.
Oh yes, there are those who hold that e.g. Linux would suffer the same level of penetration had it had the same level of penetration on the desktop but the fact that about 60% of all Internet traffic is handled by Linux machines (which are far less often compromised) pleads against that. It's not exposure that does it but architecture (and the quality of administration, but that's another issue).
So that being the case, what would benefit Microsoft more than to be able to cast doubt on tales of machines being infected and taken over as "Probably pirated copies; legal Windows versions are protected by MS security updates."?
That would give Microsoft a good reply when called out over the insecurity of MS Windows (e.g. when a large organization is considering what OS it should use in the next 10 years).
What do you think? Might I be anywhere near the mark?
As if they can block them (Score:4, Insightful)
Re: (Score:2, Interesting)
but left the activation key sticker on the machine, only to be asked to install some version (any version) of MS Windows because they do not have original installation media, and yet believe that the activation key sticker is a license to any version of Windows since they can not use the computer without an operating system installed.
It's the OEM versions of Windows that have these stickers.. The license is permanently tied to the computer and cannot be re-assigned to another computer (per the OEM EUL
Re: (Score:3, Insightful)
Unless I am completely mistaken, most botnet infections occur because of user action, not because the computer is allowing remote connections. Linux would be equally vulnerable if unqualified users were using it and installing software on it. When the software they are installing asks for the root password, they would obviously supply the root password, because they are unqualified.
That explains the situation for Windows. Plain and simple, these people using Windows have no business administering a compu
Re:I've got one (Score:4, Insightful)
Wow, I went from a +3, informative, down to 0, flamebait. Nice. Despite the swearing, everything I said was true, and you are wrong. LOTS of Windows malware has spread WITHOUT user interaction, thanks to a slew of MS apps that execute code willy-nilly, for example Klez [wikipedia.org] ("The text portion [of the email] consists of either an HTML internal frame tag which causes buggy e-mail clients to automatically execute the worm...") and Sasser [wikipedia.org] ("Sasser spreads by exploiting the system through a vulnerable network port...") and the Kak worm [wikipedia.org] ("...a VBScript worm that uses a bug in Outlook Express to spread itself.")
Your argument about administering Linux and Windows boils down to "Neither Linux nor Windows can be secured 100%, therefore they're equally bad" and that is NOT the case. If Linux or Mac OS X were dominant they'd have SOME problems, but not the amount that Windows has.
That aside, I agree with you when you say security is not an easy thing. However, security comes in layers, and having an OS that's not equal parts mashed potatoes and swiss cheese is a good start. LOTS of the technologies that could have stopped the spread of MOST malware were WELL KNOWN and EASILY IMPLEMENTED at the time needed but MS just sat on their hands and did NOTHING for YEARS. Buffer overflows can take some work to find but MS has made COUNTLESS stupid decisions over the years, like having Outlook Express automatically execute code sent IN ATTACHMENTS (besides displaying/executing bad HTML/JS/etc in EMAIL CLIENTS) and having lots of services OPEN BY DEFAULT.
Botnets are an example of how MS's shoddy code has made everyone's--not just Windows users--lives worse. So, like I said, MS owes it to the world. Again, the guy in the article is saying "I can't see any justification for making Microsoft give away Security Essentials [to counterfeit Windows users]..." but MS is already giving it away for free to registered users so it's not like they're losing sales. All they'd had to pay for would be bandwidth, and there are already a zillion sites that give away bandwidth to deserving downloads--universities, ISPs, etc. Don't you think every single school in the world would host a copy (AT LEAST for their internal users) to keep their own networks safe? Same for every ISP. Large companies would also distribute it internally. There is NO WEIGHT WHATSOEVER to this inconsiderate asshole's* argument. (-1, here I come!)
* just to be clear that I'm not flaming the wrong person: "this inconsiderate asshole" refers to John Pescatore as quoted in the summary, not the poster to whom I'm replying.
Comment removed (Score:4, Informative)