Re: Why not patch all windows and not just legal copies

Joe Richards [MVP] wrote:

If people are getting their binaries from questionable sources it
doesn't matter what MSFT allows in terms of patching. Who knows what has
been added to the host of services. That is a risk taken by those who
get their software, any software, this way.

This argument was actually argued back and forth with MSFT for Windows
XP SP2. We won and all machines were allowed to download SP2. This puts
a firewall on each and every Windows XP PC which blocks active attacks
against a specific machine. If someone chooses to turn that firewall
off, again, as in the paragraph above, that is the risk assumed by the
people doing it. Also if someone uses software to connect to other
machines and download content (this includes web, email, P2P, _anything_
that brings untrusted code to the local machine) there is no way to
protect against that. Every spyware, AV, advanced heuristic mechanism
can be cracked if someone is stupid enough to just blindly run code.

There is no way for Microsoft to positively guarantee that PCs are safe
to the global community that cannot be sidestepped and still introduce
dangers. Even approaching it gets into the area of big brother and
disallowing any control to the users of their own PCs which I feel is
far worse than individual machines getting infected.

As much as I hate it, I actually think that requiring the validation is
one of the best ways for Microsoft to work against pirated copies as it
helps clean up the copies people have gotten by accident or sheer
stupidity while the folks who know what they are doing wrong may realize
that life isn't as easy anymore for them.

Again, if someone is stupid enough to us untrustable binaries, there
isn't anything anyone can do about it.

joe


--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm



Michael Davis (Comcast.Net) wrote:
It seems to me that its a bad idea to deny owners of illegal copies of
windows the ability to patch their computers. Windows is running on
hundereds of millions of computers and hundreds of millions of computers
are not being patched. Here are the issues which lead to the perfect
storm we are in right now.

1. Computer programming languages like C that do not check for buffer
overflow (require that the programmer code for buffer overflow checking
within the application itself)

2. monolithic adoption of a singular operating system for servers and
client computing.

3. stolen code for NT 4.0, Windows 2000 and Windows XP.

4. majority of Microsoft code run in pacific rim and former USSR is not
legit

Microsoft Policy requiring validation to patch operating systems.

5. windows available from WAREZ and other download sites, hacked,
infected etc.

6. rapid adoption of new code practices without consideration of the
security consequences

7. botnets composed of compromised systems

8. adware, spyware, malware, virus (to me, if I didnt install it, its a
virus)

9. The Internet and nature of TCP/IP

To fight this perfect storm Billions of dollars are being spent to simply
stay current. Meaning that the legit systems are constantly being
assaulted by botnets comprised of hacked unpatched computers and networks
have to respond to new emerging threats arising from the sea of unpatched
computers.

It is simply prudent to realize the nature of the situation and allow all
windows systems to be patched or at the very least someone should offer
3rd party alternative patches to bootleg since we know they will not buy
Windows and they are being exploited.



Again, this really boils down to two things: Microsoft's profits vs the
Malware community using Microsoft security holes on copied Microsoft
software to push spyware, malware and execute DOS attacks. Personally I
believe that Microsoft has a responsibility to midagate their security
vulnerabilities, pirated or not!

Imhotep

--
*************************************
Pass a Net Neutrality Law in the US!!!!

Save the Internet:
http://www.savetheinternet.com/

Its our net:
http://www.itsournet.org/

*************************************
.

Relevant Pages

  • Re: upgrading frm XP Home to Pro
    ... Windows XP Home - unless ... The machines in question would access the central file repository ... Windows XP Home computers using very quickly (unless you record a lot of ... connects to the Internet, but I bet there is some sort of Cable/DSL Router ...
    (microsoft.public.windowsxp.general)
  • Re: OT: my new PC rocks!!
    ... "hardware mix and match" for home users, where they could slot in any ... that with the PC's delibrately "loose" architecture then machines ... slowness of Windows software to cater for something that no-one seems ... The only advatange of Microsoft stuff; The installs tend to be less ...
    (alt.lang.asm)
  • Re: USB-2, NTFS, Audio, Reliability
    ... rather suspicious of USB-2 and NTFS (windows) file systems. ... Spread over three computers, dozens of drives (SATA for use ... tweaked XP machines ("tweaked" ... tell you this is why I use only ECC memory in my machines. ...
    (rec.audio.pro)
  • Re: Why not patch all windows and not just legal copies
    ... Why should they care about patches except to get additional functionality when they still haven't paid for the initial functionality? ... Anyone who said they were running a pirated machine and insisted they were safe I would insist they were an idiot and had no clue unless they took the Windows XP CD and hacked it themselves with their own code. ... Joe Richards Microsoft MVP Windows Server Directory Services ... windows the ability to patch their computers. ...
    (microsoft.public.security)
  • Re: [Full-Disclosure] lame bitching about xpsp2
    ... >*nix way) you still would whine because they are also working on extending ... >are concerned that you will have to learn Windows, ... >I recall nimda and I don't recall my Windows machines getting infected even ... >BeOS isn't going to cause a great desire to learn computers. ...
    (Full-Disclosure)