Re: Why not patch all windows and not just legal copies

Joe Richards [MVP] wrote:

And I don't think it is actually possible to fully do it unless they
completely control the OS to the point that the user has no choice
whatsoever which to me makes the OS worthless.

There is nothing MSFT can do to prevent users from doing things that are
bad for them. If someone chooses to use pirated software, all sorts of
bad things can happen and MSFT is not the one at fault. The best MSFT
can do is help convince folks to not give unwarranted trust in delivery
mechanisms that MSFT doesn't themselves control. Even that can be
compromised but the chances are far less likely of any kind of
widespread issue as there is with using pirated software.

As a stockholder of MSFT, my thoughts are purely MSFT shouldn't be doing
anything to patch copies of their OS or software that wasn't purchased.
As a security person I think they should patch folks up to SP2 to get
the firewall on the box so they have a decent amount of protection that
can only be defeated by the user themselves and that is why I fought for
it. The previous comments of "someone walking right through the
firewall" is a joke. All of the examples were of users requesting
something, not someone actively busting through the firewall. Again, you
can't stop users requesting something and running stupid things.


--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm



imhotep wrote:
Joe Richards [MVP] wrote:

If people are getting their binaries from questionable sources it
doesn't matter what MSFT allows in terms of patching. Who knows what has
been added to the host of services. That is a risk taken by those who
get their software, any software, this way.

This argument was actually argued back and forth with MSFT for Windows
XP SP2. We won and all machines were allowed to download SP2. This puts
a firewall on each and every Windows XP PC which blocks active attacks
against a specific machine. If someone chooses to turn that firewall
off, again, as in the paragraph above, that is the risk assumed by the
people doing it. Also if someone uses software to connect to other
machines and download content (this includes web, email, P2P, _anything_
that brings untrusted code to the local machine) there is no way to
protect against that. Every spyware, AV, advanced heuristic mechanism
can be cracked if someone is stupid enough to just blindly run code.

There is no way for Microsoft to positively guarantee that PCs are safe
to the global community that cannot be sidestepped and still introduce
dangers. Even approaching it gets into the area of big brother and
disallowing any control to the users of their own PCs which I feel is
far worse than individual machines getting infected.

As much as I hate it, I actually think that requiring the validation is
one of the best ways for Microsoft to work against pirated copies as it
helps clean up the copies people have gotten by accident or sheer
stupidity while the folks who know what they are doing wrong may realize
that life isn't as easy anymore for them.

Again, if someone is stupid enough to us untrustable binaries, there
isn't anything anyone can do about it.

joe


--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm



Michael Davis (Comcast.Net) wrote:
It seems to me that its a bad idea to deny owners of illegal copies of
windows the ability to patch their computers. Windows is running on
hundereds of millions of computers and hundreds of millions of
computers are not being patched. Here are the issues which lead to the
perfect storm we are in right now.

1. Computer programming languages like C that do not check for buffer
overflow (require that the programmer code for buffer overflow checking
within the application itself)

2. monolithic adoption of a singular operating system for servers and
client computing.

3. stolen code for NT 4.0, Windows 2000 and Windows XP.

4. majority of Microsoft code run in pacific rim and former USSR is not
legit

Microsoft Policy requiring validation to patch operating systems.

5. windows available from WAREZ and other download sites, hacked,
infected etc.

6. rapid adoption of new code practices without consideration of the
security consequences

7. botnets composed of compromised systems

8. adware, spyware, malware, virus (to me, if I didnt install it, its a
virus)

9. The Internet and nature of TCP/IP

To fight this perfect storm Billions of dollars are being spent to
simply stay current. Meaning that the legit systems are constantly
being assaulted by botnets comprised of hacked unpatched computers and
networks have to respond to new emerging threats arising from the sea
of unpatched computers.

It is simply prudent to realize the nature of the situation and allow
all windows systems to be patched or at the very least someone should
offer 3rd party alternative patches to bootleg since we know they will
not buy Windows and they are being exploited.



Again, this really boils down to two things: Microsoft's profits vs the
Malware community using Microsoft security holes on copied Microsoft
software to push spyware, malware and execute DOS attacks. Personally I
believe that Microsoft has a responsibility to midagate their security
vulnerabilities, pirated or not!

Imhotep


I guess we will see what MS does...I do hope they make the responsible
choice...

Imhotep

--
*************************************
Pass a Net Neutrality Law in the US!!!!

Save the Internet:
http://www.savetheinternet.com/

Its our net:
http://www.itsournet.org/

*************************************
.

Relevant Pages

  • Re: Why not patch all windows and not just legal copies
    ... Why should they care about patches except to get additional functionality when they still haven't paid for the initial functionality? ... Anyone who said they were running a pirated machine and insisted they were safe I would insist they were an idiot and had no clue unless they took the Windows XP CD and hacked it themselves with their own code. ... Joe Richards Microsoft MVP Windows Server Directory Services ... windows the ability to patch their computers. ...
    (microsoft.public.security)
  • Re: Why not patch all windows and not just legal copies
    ... If someone chooses to use pirated software, all sorts of bad things can happen and MSFT is not the one at fault. ... Joe Richards Microsoft MVP Windows Server Directory Services ... This argument was actually argued back and forth with MSFT for Windows ... windows the ability to patch their computers. ...
    (microsoft.public.security)
  • Re: Why not patch all windows and not just legal copies
    ... This argument was actually argued back and forth with MSFT for Windows ... We won and all machines were allowed to download SP2. ... There is no way for Microsoft to positively guarantee that PCs are safe ... windows the ability to patch their computers. ...
    (microsoft.public.security)
  • RE: [Full-Disclosure] whoch DCOM exploit code are they speaking a bout here?
    ... > Microsoft Corp.'s Windows operating system. ... > computers last month. ... Computer users who applied an earlier patch ...
    (Full-Disclosure)
  • Re: Blocking unwanted updates
    ... MSFT WANTS to do something, its amazing how quickly they can ... determine if a machine is underpowered to handle a particular app, ... the versions of Windows, since 95 anyway, there always seems to be ... I am not Microsoft nor do I represent Microsoft. ...
    (microsoft.public.windowsxp.basics)