Dvorak on Windows Genuine Advantage 236
PadRacerExtreme writes "Vista includes the much maligned 'Genuine Advantage' layer inside, which ensures that your copy of the OS is legit. If you're running a non-validated copy you get no upgrades, no security protection, nothing. That's all well and good, but what happens if a cracker tweaks that Genuine Advantage layer for its own good? Dvorak sees a huge problem, just waiting to happen. What's the vulnerability?" From the article: "I suspect the policeman [WGA] will actually be hacked before the OS. It might actually be easier for the pirates to create a fake cop that constantly authenticates fake versions of Vista than it will be to create a Vista imitation that can pretend to be a legitimate version. There is some irony to that idea. But that's none of my concern. I'm more worried about some joker creating a virus or exploit that turns the good cop into a bad cop, and I can only imagine the destruction and hassle that will ensue."
Devilsown will make a client-side server (Score:5, Informative)
This is exactly what I was thinking when I heard that volume licensed versions of Vista would no longer take the product key's word for it (bye bye FCKGW), but authenticate and activate with a local server. I bet the first pirated versions of "Vista Pro Corp" will include a proxy patch or HOSTS entry that will point the OS to a server run by a warez release group, or maybe 127.0.0.1 with a host-side server.
Either way, it's going to really suck when people need to run a one or more instances of Vista Ultimate in a VM (yes, Ultimate can run in a VM) for testing and staging but quickly run out of licenses on the local activation server.
Forbidding Vistas: Windows licensing disserves the (Score:5, Informative)
Re:Hold on just a second there chief. (Score:3, Informative)
Wrong. One of our other sites just got nailed by a trojan because some machines weren't updating because they had never installed WGA. I found this behaviour several months ago and ran windows update on the offending machines just to install WGA. (we use WSUS for updates) The machines mysteriously resumed updating after installing WGA. Fortunately I check the patch status of windows machines around here. Obviously our sister site didn't and got burned by MS withholding updates from a company that gives millions to microsoft every year.
Stop submitting this dolt (Score:3, Informative)
Re:Validating (Score:5, Informative)
Re:Low-hanging fruits (Score:3, Informative)
Not as much as you'd think. Corporate Windows systems generally have updates disabled anyway, at least from Microsoft. The whole Windows Update system was designed to allow corps to run their own update server, so that they could a) pick and choose what updates they want to go to what boxes and b) use the mechanism to not only install their own software, but to prevent modification to the software. The corporate boxen rigged this way don't talk back to Microsoft at all, they talk to their own in-house update system.
Re:I particularly like this bit: (Score:3, Informative)
http://www.microsoft.com/windowsautomotive/defaul
Hopefully it doesn't have anything to do with the car itself, only GPS things and the like.
Re:I particularly like this bit: (Score:4, Informative)
Re:I particularly like this bit: (Score:4, Informative)
-Graham