Re: Why not patch all windows and not just legal copies

---

• From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
• Date: Sat, 17 Jun 2006 19:01:39 -0700

---

The debate raged for a few months over a couple years ago (between
some MSFT people and some MVPs) with the reasoning being much
as some of what you presented - i.e. vast network impacts from illicit
and corrupted systems. That was when automatic updates was just
emerging as an effective force (hmmm, perhaps that raging debate was
more like three years ago now).
There were some surprising reasons presented.
One obvious one that you are apparently overlooking is that it is not
a simple matter to patch something that is not in a known condition
(i.e. a valid patch to valid OS binaries could blow away illicit binaries);
and that there might be legal issues as a result in some countries.
There were other issues, more subtle than I can recall/repeat.
Now, MS did recognize the parts of the argument about the unhealthy
state of the network globally due to unfit systems, and not much later
brought out the almost free lite versions of XP available in some parts
of the world. Since that time they have also made investments in
anti-malware technologies and you have seen these being rolled out
to legitimate OS owners at from zero to little cost, and they also made
major investment in things pumped into XP via SP2.
While at the time I questioned some of their decisions about leaving
the rogue, illegal systems to fend for themselves. In retrospect now
it seems that they were right. Not only did not making patches available
make "owning" an illegal system less attractive, it has probably also had
an impact on the size of that population (the network sicknesses raged
intensely among the unprotected/unprotectable). At the same time, the
aggressive push to get all legitimate machines made into loyal clients of
the automatic update service seems to have had a vast impact on the
patch-state of legitimate machines on a gross average.

"Michael Davis (Comcast.Net)" <netguru@xxxxxxxxxxx> wrote in message
news:uz8Q5vlkGHA.4224@xxxxxxxxxxxxxxxxxxxxxxx

It seems to me that its a bad idea to deny owners of illegal copies of
windows the ability to patch their computers. Windows is running on
hundereds of millions of computers and hundreds of millions of computers
are not being patched. Here are the issues which lead to the perfect storm
we are in right now.

1. Computer programming languages like C that do not check for buffer
overflow (require that the programmer code for buffer overflow checking
within the application itself)

2. monolithic adoption of a singular operating system for servers and
client computing.

3. stolen code for NT 4.0, Windows 2000 and Windows XP.

4. majority of Microsoft code run in pacific rim and former USSR is not
legit

Microsoft Policy requiring validation to patch operating systems.

5. windows available from WAREZ and other download sites, hacked, infected
etc.

6. rapid adoption of new code practices without consideration of the
security consequences

7. botnets composed of compromised systems

8. adware, spyware, malware, virus (to me, if I didnt install it, its a
virus)

9. The Internet and nature of TCP/IP

To fight this perfect storm Billions of dollars are being spent to simply
stay current. Meaning that the legit systems are constantly being
assaulted by botnets comprised of hacked unpatched computers and networks
have to respond to new emerging threats arising from the sea of unpatched
computers.

It is simply prudent to realize the nature of the situation and allow all
windows systems to be patched or at the very least someone should offer
3rd party alternative patches to bootleg since we know they will not buy
Windows and they are being exploited.

.

---

• Follow-Ups:
  • Re: Why not patch all windows and not just legal copies
    • From: Michael Davis \(Comcast.Net\)

• References:
  • Why not patch all windows and not just legal copies
    • From: Michael Davis \(Comcast.Net\)

• Prev by Date: Re: Why not patch all windows and not just legal copies
• Next by Date: Re: Why not patch all windows and not just legal copies
• Previous by thread: Re: Why not patch all windows and not just legal copies
• Next by thread: Re: Why not patch all windows and not just legal copies
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Why not patch all windows and not just legal copies ... If bootleg systems received patches, ... Now that reasoning is flawed. ... Can we harden Windows to resist arbitrary attacks? ... windows the ability to patch their computers. ... (microsoft.public.security) Re: Why not patch all windows and not just legal copies ... If bootleg systems received patches, ... Can we harden Windows to resist arbitrary attacks? ... windows the ability to patch their computers. ... (microsoft.public.security) Re: Learning process ... a million users on Windows would be ... Most of the patches are fixes for problems in security and a lot of ... pile of games or the SQL blaster which required 2 patchs - patch 1, ... holes *aren't* patched almost immediately. ... (alt.comp.lang.learn.c-cpp) Re: Why not patch all windows and not just legal copies ... Security is about reducing attack surfaces, ... dont patch ... Can we harden Windows to resist arbitrary attacks? ... of windows the ability to patch their computers. ... (microsoft.public.security) Re: Why not patch all windows and not just legal copies ... Security is about reducing attack surfaces, ... dont patch ... Can we harden Windows to resist arbitrary attacks? ... windows the ability to patch their computers. ... (microsoft.public.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)