Thursday, October 05, 2006

Vista_logoWell, honestly, it's about time.

Bloggers are all over the story, and are espousing a variety of opinions, but I have wondered for years when Microsoft would finally crack down on software thieves and simply not allow their software to run unless it was legitimately licensed. I'm responsible for cutting a big check each year to Microsoft to pay for the software we use at the company I work at. It costs me more, in effect, because others are taking without paying.

So, Windows Vista will detect piracy and take action. In Microsoft's words:

"Collectively termed the Microsoft Software Protection Platform, the new technologies will introduce improvements in how Microsoft software activates, is validated online and behaves when tampering or hacking is detected."

Thinking about this from a security guy's perspective, one thing bothers me: Turning off the anti-malware capabilities on unlicensed copies? Are you kidding me? That means the rest of the world falls victim to everyone out there that's running pirated Windows? Please, please, please change this one - Microsoft might be a victim, but no need to invite the rest of the world into that club. And it looks like Richi Jennings agrees with me on that one. That's just poor prioritization. Hopefully someone will rethink the approach in that specific area...

Elsewhere, Ed Bott at ZDNet has written a very good piece describing the changes and his thoughts on the matter. He has some important point, ones that Microsoft should make sure they have thought completely through and have a plan for - especially where it comes to Volume License customers. Those are the people you don't want to aggravate, for sure.

Among Bott's comments:

Microsoft denies that this is a "kill switch" for Windows Vista, even giving it a separate question and answer in its mock interview announcing the program. Technically, they're right, I suppose. Switching a PC into a degraded functionality where all you can do is browse the Internet doesn't kill it; but it's arguably a near-death experience. The accompanying white paper describes the experience in more detail:

By choosing "Access your computer with reduced functionality," the default Web browser will be started and the user will be presented with an option to purchase a new product key. There is no start menu, no desktop icons, and the desktop background is changed to black. The Web browser will fully function and Internet connectivity will not be blocked. After one hour, the system will log the user out without warning. It will not shut down the machine, and the user can log back in. Note: This is different from the Windows XP RFM experience, which limits screen resolution, colors, sounds and other features. [emphasis added]

My head practically exploded when I read this sentence describing the new, improved punishment regimen: "Windows Vista will have a reduced functionality mode but one that is enhanced." Enhanced reduced functionality? Orwell would be proud.

Snarky as ever, Engadget reports:

Well, Microsoft has fired the first salvo in this war on pirates -- according to The Associated Press, the Redmond crew will be taking "much harsher steps to curtail piracy" than in years past. First, the company will "deny access" to some of the "most anticipated features," including Windows Aero, the new GUI. Then, Vista will start issuing ransom demands (we're not kidding about this part), demanding that a legitimate copy be bought within 30 days, or else. What would such consequences entail? How about limiting Web access to an hour at a time? Further, what about not being able to open documents from the desktop or "run other programs such as Outlook e-mail software" ? However, the article goes on to say: "Microsoft said it won't stop a computer running pirated Vista software from working completely, and it will continue to deliver critical security updates." So for those of you keeping score, Microsoft wants to make using your computer as miserable as possible, while keeping it as "safe" as possible, ok?

People out there will whine and complain and say it's not fair, that it's all a bunch of red tape and people will be inconvenienced (and they might be right about that one point), and a million other things that go along with the typical victim mentality (sorry guys, but possession of stolen goods is illegal, even if it's inconvenient, and possessing stolen stuff unknowingly doesn't make the goods any less stolen). And Microsoft needs to make sure that legitimate users are not impacted in a truly meaningful and workable way. But the fact of the matter is that Microsoft is right on this one. In fact, it seems to me that if I ran a company that created software for use by consumers and businesses, and if I wanted to make sure it was being legitimately used and paid for, I'd just keep it from working at all if it was obviously stolen.

But the politics of huge-mega-corporation-attacked-by-angry-mob is a multi-billion-dollar business, apparently.

Glad to see they're finally doing something about it, though.

Some Techmeme-tracked discussion on the topic:

Technorati tags: , , , ,



Add/Read: Comments [8]
IT Security | Safe Computing | Tech | Things that Suck
Thursday, October 05, 2006 6:51:25 AM (Pacific Standard Time, UTC-08:00)
#  
Thursday, October 05, 2006 5:46:37 PM (Pacific Standard Time, UTC-08:00)
I disagree with your assertion that software costs will go down by cracking down on piracy. That mindset doesn't mesh with the principles of capitalism as we know it. The truth of the matter is Microsoft will spend millions to make the billions it wasn't making -- REGARDLESS of the cost to the end user.

Microsoft has tried relentlessly to recreate the wild profitability and success story of Windows 95. Four desktop operating system releases later, that lightning hasn't struck. And don't kid yourself, it won't strike again in our lifetime.

J. MERRILL

Friday, October 06, 2006 4:31:13 AM (Pacific Standard Time, UTC-08:00)
I have no philosophical problem with Microsoft doing this, I do have some strong practical concerns though. This seems like a perfect hacker target. All you have to do is figure out how to crash someone's reg key and they're done. Denial of service brought to you by MS. The negative publicity from a single attack or severe bug based on this feature may cost as much as piracy. In the wake of burning laptops, rootkits and other embarassments, Microsoft is risking a lot to squeeze out those last few millions.

As an analogy, GM could put a kill swich on every car and if you miss a payment, the car turns off. But the minute something goes horribly wrong, intentional or not, the company would be toast.

Imagine, for a minute what a bug in Vista might do. A Vista bug in this feature shuts down several PC's in the Finance department of a small, publicly traded company during their month end close. They're late with their SEC filings. The SEC opens an investigation. Microsoft gets sued. Win or lose, the company switches to Linux because the CEO and CFO are scared to death of the SEC and don't want this to ever happen again.

I think this is a more dangerous feature than MS realizes.

Mark
Tuesday, October 10, 2006 8:30:57 AM (Pacific Standard Time, UTC-08:00)
I agree with Jonathan. I'm not a Microsoft hater, but I think you're a little naive to think that Microsoft would charge you less for their software if they could somehow stop piracy tomorrow. They've had activation setup in XP and Office for several years now. The "pirates" haven't been stopped (and never will), but people like you and me that might have otherwise been tempted to install one (or 10) too many copies of the $450 Office Professional on their network have. This has undoubtedly recouped millions of dollars annually for the company. Have prices decreased at all? No-- they've actually gone up "modestly".

The one thing that SHOULD encourage Microsoft to lower their prices, competition, hasn't. They are facing an unprecedented loss of marketshare in the face of Linux, MacOS, and inevitably, to web applications like Google. For every uncommitted pirate they thwart, I wonder if they are not losing 10 loyal customers to companies that don't have to spend so much time trying to keep the 300lb gorilla fed.
Thursday, November 30, 2006 8:57:11 PM (Pacific Standard Time, UTC-08:00)
Regardless who is right or wrong, it is a constant battle. The main difference is if a 'pirate' gets locked out of the computer, he/she expects it and always has a back up plan. Where if an average user to bought it legit gets locked out of their computer, they have to go through the trouble of calling Microsoft to fix the problem and prove that they own a legit copy of the software.

Take care all.
Thursday, February 08, 2007 10:22:01 AM (Pacific Standard Time, UTC-08:00)
I understand that Microsoft wants to battle piracy, and on the surface its a great idea. I dont think MS is going for the average kiddie downloading a cracked version of vista. I think they're more concerned with the more large scale piracy rings in Asia that sell pirated copies as legit.

However, this has a few issues that affect me directly as a sysadmin at a large state university. First off, we have some labs that have sensitive data so they're not connected to the network or able to access the net. Im told this will be a problem. Im hoping I was misinformed.

The larger issue is MS has said that if they find a copy of vista has been pirated, they shut it down (or cripple it, whichever). We have a site license at this school. A user uses an application to retrieve the cd key from the registry and posts it online. Microsoft knows all these comuters all over the world using our red key cant all be valid so they shut them all down while they figure it all out. Sure eventually it'd get straightened out, but the school would grind to a halt until then. What happens if it happened during finals? Or worse, during registration?

I have a feeling a small disaster like this is going to happen somewhere and MS will be forced to rework this part of Vista. I dont even want to think about what could happen if someone could forge the "shut down the PC' notice.

Dan
Dan M
Friday, June 01, 2007 11:56:13 AM (Pacific Standard Time, UTC-08:00)
"People out there will whine and complain and say it's not fair, that it's all a bunch of red tape and people will be inconvenienced (and they might be right about that one point), and a million other things that go along with the typical victim mentality (sorry guys, but possession of stolen goods is illegal, even if it's inconvenient, and possessing stolen stuff unknowingly doesn't make the goods any less stolen). And Microsoft needs to make sure that legitimate users are not impacted in a truly meaningful and workable way. But the fact of the matter is that Microsoft is right on this one. In fact, it seems to me that if I ran a company that created software for use by consumers and businesses, and if I wanted to make sure it was being legitimately used and paid for, I'd just keep it from working at all if it was obviously stolen."

But legitimate users ARE impacted in a truly meaningful way. As in, 90% of the programs that people actually USE will not even run. Rainbow and Aladdin HASP drivers are not compatible with Vi$$$sta, and billions of computer users are basically put out until the software companies deal with this. Basically, this huge inconvenience exists because WHY? Because Vista DOES NOT support the basic MIDI GAMEPORT.

This also legitimately INCONVENIENCES Legitimate users who use MIDI instruments. Seeing as how they now have to buy 500 dollar interfaces that convert the consistent MIDI to Inconvenient and inconsistent USB.

Need I go on? No, because this is just one in several hundred INCONVENIENCES forced upon us by Microsoft.

The choice? To continue to use XP which supports the software that uses Aladdin and Rainbow based HASP protection.

Also, I apologize, but an Operating system is NOT the same as buying Pro Tools: And SHOULD NOT have to be validated, activated, verified or anything of the sort. An OS should NOT have to have a product ID plus an internet connection and then the 1500 steps MS makes you take to prove that you BOUGHT it. When I buy a STEAK, I do not need to prove that it is not stolen before I EAT it. And an OS is, as essential as STEAK, or, if you are a vegetarian, Beans and Rice. "Crippling" an OS in any way for any reason is RIDICULOUS.

SCENARIO: Hospital, and all the machines are on a VISTA network, and they will not work any other way, which is what BILL GATE$ wants. Doctor is OPERATING on a man and the anesthesia is running on a CELERON with 512 running Vista. Celeron System CRASHES- and all the information for the patient is IN the computer, and nowhere else. You see the problem don't you? So does my sister in law, who works as SCRIPPS.

An OS should not have to be proved that it was purchased. DATA should NOT have ANY form of encryption on it that CAN NOT be opened in an emergency.

MS OFFICE is a container for such information. OFFICE 2003 was bad enough with MDE files that absolutely CANNOT be opened unless you know the exact password or security code.

HOW MUCH WORSE OFFICE 2007 and VISTA: A Double THREAT. So, I am sorry, but I am on the side of the pirated copies of Vista and Office: And THANKS BE TO GOD that there are people what will basically disregard stuff written by idiots in the paragraph I quoted, and that as of NOW, there are several CRACKS and PATCHES that validate your VISTA without connection to the internet, and bypass the 30-day crippling thing: And as far as office, there is no reason to use Office 2007.

SO> "Vista FINALLY Cripples Illegitimate copies of Vista?" No, NOPE. I got it running, 4 months past the 30-day trial. Running with AERO. And everything else. And I praise God that people will risk WHATEVER to fight this kind of communism imposed on use by Microsoft.

Friday, June 01, 2007 12:26:06 PM (Pacific Standard Time, UTC-08:00)
Oh Yah... This guy Dan M states it profoundly:

The larger issue is MS has said that if they find a copy of vista has been pirated, they shut it down (or cripple it, whichever). We have a site license at this school. A user uses an application to retrieve the cd key from the registry and posts it online. Microsoft knows all these comuters all over the world using our red key cant all be valid so they shut them all down while they figure it all out. Sure eventually it'd get straightened out, but the school would grind to a halt until then. What happens if it happened during finals? Or worse, during registration?


What right does Microsoft have, to enter you school? What right do they have to enter MY Living room, without my consent? NONE. Not even the government, even with the patriot act, can do this, not without a reason that relates to national security. MS is not the government, although Gates WANTS to be. Last I looked, the police cannot even legally search my trash, not withouit a warrant.

If the news of this feature is true, and I doubt it, cos I have been runnign Vista since the week after it came out, and I actually did install a legit copy, I just never activated it and registered it, cos it is none of MS's business... I have not seen anythign in the OS that can be exploited in this way unless it is through an account. Just as XP had a couple of accounts, users could nto access, that existed for Remote Access by MS (which was a really dumb feature, really, it just is an invitation that says, "Come on MS, hack me, read my hard drive, my email, and my personal info"- In XP those accounts can be shut off, disabled, or, you can change the password so MS can't get into it without a hwole bunch of trouble.

VISTA muist have a few of these accounts, and in Ultimagte Edition, I have shut them off, as much as I could find them. Basically, you have to totally disable "Remote Admin"

Now to Dan M, if you want to prevent the Product ID (and product ID with Vista is not really an issue... because Vista can be installed sans the product ID and you have 30 days use right there... a temporary Product ID will be generated) - Well, keep those Remote Admin accounts and features SHUT OFF and your Product ID will be relatively safe. Also, for network installs, you can make a Batch that will do a "hands Free" or Unattended Install of Vista... And if you include the Product ID in the batch, it cannot be seen unless someone extracts the script for the batch file, and that can be protected as well.

But, the scenerio p0resented is just another of very BAD things that can happen because of Vista.

The main thing people have to do is first, BOYCOTT this piece of crap OS. NOTHING is wrong with XP, and MS has committed at least another 5 years to support it.

Another thing you can do, is that there is a "Vista Extreme Edition" out there, that someone made: They ripped all the extraneous CRAP: DRM crap, Aero crap, extra networking and the worthless and bizarre IPv6 crap, totally out of it. You can use your own Product ID to install it. It will look and act mainly like XP, and it works pretty good, except they removed the ability of the system to do a LAN. So, you want to use NOVELL for that anyway.

But the solutuion for this PROBLEM OS is basic: REFUSE to USE it. Whenb you buy a new PC, Delete Vista, Install XP. XP MCE is pretty solid. The only reason why windows 98 came out was because of FAT32 anyway. The only reason for Windows 2000 and XP was for NTFS to be used in a non-Windows NT environment (Ie, Private Sector). But as you can see with Vista, there are NO new disk formatting systems. All that is new about Vista is that you have to give your permission so that you can get up to take a leak.

And I resent having to ask Microsoft if I can eat, or sleep, or take a pee. I FINALLY found a way to remove ALL of the "You do not have permission to open this file, shortcut, folder" crfap in Vista, it was a nightmare and I came across it my sheer accident. But now, I can open all those shortcuts in the "My Documents" folder.

Do your school a favour... Keep using XP. Nothing wrong with it. You can even buy cheep Gateway computers and when you delete Vista and install XP MCE, they haul arse.

Cheers,

xWx
Tuesday, January 15, 2008 8:55:25 PM (Pacific Standard Time, UTC-08:00)
Okay, I have a major problem with this and it is called false negatives.

Take my situation for example, I have a legitimate Windows XP Home license that came with my HP Laptop that I bought at the local Future Shop, so it's safe to say the license is legitimate. But recently after using Linux for about a year now I had to reinstall Windows XP.

There were several problems I had not the least of which was a busted DVD Drive. So I "acquired" a fresh copy of Windows XP Install CD and set it up to run from a USB Stick. It worked fine until I entered my legitimate key and it said no. I could have used a pirated copy of XP Pro that I do have for reasons I don't care to disclose...but I am better then that, seems Microsoft isn't.

I agree with you, I am firmly against piracy, but this is ridiculous, I call it militant copyrighting, where the holders put their business model before customer service and severely restrict the use of a product because of a few bad apples. Now they have the full right to do this, it's their product, however some people have this tendency to confuse the right to do something with it being the right thing to do. They are getting enough bad publicity from Vista, this is just another nail in the coffin.

One last thing, this new technology will be hacked in less then a year I can see it now.
Tim Perry
Comments are closed.