Dvorak on Windows Genuine Advantage 236
PadRacerExtreme writes "Vista includes the much maligned 'Genuine Advantage' layer inside, which ensures that your copy of the OS is legit. If you're running a non-validated copy you get no upgrades, no security protection, nothing. That's all well and good, but what happens if a cracker tweaks that Genuine Advantage layer for its own good? Dvorak sees a huge problem, just waiting to happen. What's the vulnerability?" From the article: "I suspect the policeman [WGA] will actually be hacked before the OS. It might actually be easier for the pirates to create a fake cop that constantly authenticates fake versions of Vista than it will be to create a Vista imitation that can pretend to be a legitimate version. There is some irony to that idea. But that's none of my concern. I'm more worried about some joker creating a virus or exploit that turns the good cop into a bad cop, and I can only imagine the destruction and hassle that will ensue."
Sadly (Score:5, Insightful)
Low-hanging fruits (Score:5, Insightful)
For instance, chainsaws are designed to cut off limbs. Tree, human, what's the difference?
WGA and successors are designed to disable Microsoft systems. OK, I'm sure that there are those who appreciate the help.
I'm going to start working... (Score:2, Insightful)
Actually, for some reason, I had never thought of this before. You probably wouldn't really even have to mess with WGA all that much, just change whatever it's checking to see if the OS is valid. Not sure how easy that would be, but considering the number of false positives that are cropping up on XP, it should be quite doable.
Re:Sadly (Score:2, Insightful)
Re:Sadly (Score:3, Insightful)
I agree with you, and I generally can't stand even reading his articles... but he's probably got a pretty safe prediction with this one. It seems that those who say "It'll probably be hacked" are seldom disproven.
WGA is the system blackbox .. (Score:2, Insightful)
Doubt this is possible (Score:4, Insightful)
Re:Low-hanging fruits (Score:5, Insightful)
WGA is a key to every Windows box on the planet and a giant club with which to beat Microsoft over the head if it's every hacked, and you can bet that's not going to go unnoticed by those with the capability to pull this off. It would be the hack of the freaking century.
Re:Sadly (Score:4, Insightful)
Re:Sadly (Score:5, Insightful)
1. Make a bootleg copy look authentic.
2. Make an authentic copy look bootleg.
Figureing out how to do one means you have done at least 80-90% of the work to figure out the other. That's essentially twice the normal incentive to crack a Microsoft product. #1 has an obvious financial incentive, but #2 may have one too, if the cracker is willing to consider extortion or similar modes of funding. If the cracker is doing it just to spite MS and/or MS users, the same double whammy applies.
Re:Doubt this is possible (Score:3, Insightful)
Faking the certificate would only be necessary for falsifying updates and so on. I'm actually surprised you haven't seen more malware through auto-update attacks for Windows, though I suspect those clever enough to do it are perhaps clever enough not to have that detected. It's decidedly trickier than fooling WGA into thinking a machine has an invalid copy of the OS.
Re:The day the spam stopped (Score:4, Insightful)
If I recall correctely, you have 30 days to authenticate or the WGA cop disables everything except IE. "Everything" probably includes the ability to be a spam-bot, but I'm still not sure.
I particularly like this bit: (Score:5, Insightful)
Re:Sadly (Score:3, Insightful)
honestly...when online validation began... (Score:1, Insightful)
Actually no (Score:3, Insightful)
XP installs are almost all OEM copies, Vista will be the same way. The only people it affects are white box PC's (which are rare these days). Every PC that comes from a name vendor already has a license for Windows, which makes me wonder who the target is for these WGA activation patches.
Really? (Score:2, Insightful)
Dvorak!
This man is a looney but the second he says something people want to hear they chant his name like he's the new Moses leading you guys out of Egypt? Come on now. Get real.
Any other time 90% of the comments are "Dvo-crack is teh r3tard" but now everyone's all "Maybe this will mean Linux will meet the masses". I've been hearing this for years. Every week or so a new "Microsoft killer" is announced here... I'm sorry but everytime one of these come up we keep hearing that it's the straw that's going to break the camels back but I'm still just not seeing it.
Re:Reducing Illegal Copies? (Score:2, Insightful)
Now since I mentioned it, let's look at the digital music industry parallel. Given that I'm a cheap bastard and don't want to pay for my music downloads, I'm not ready to stop downloading pirated music (Although I do buy CD's still). Others (lots of Slashdotters) however, object morally to the DRM that infests all of the legit music downloads. They don't have the freedom to do what you want with the music like you do with CD's and mp3's. Hackers are still cracking the DRM and will continue to do so no matter how much DRM you put in. Solution, don't give people a reason to pirate it. Sell mp3's, no AAC or WMA. The people will explore ways of using/sharing/whatever the music that no one ever thought of and further advance the way we handle media.
Jerry's Final Word: Stop treating the consumers like two cent whores out to make a quick buck and screw you over! Most of us dont' want to break the law, but if you push us beyond reasonable means, you better be ready to accept the consequences.
Re:Sadly (Score:5, Insightful)
I could list about 20 more, but I'm tired of this. Almost any measure or law that reduces the rights/privacy of normal citizens do nothing to thwart (for more than a day or two) those who would pirate, steal, kill, etc. Yet we march on to the same tune, never ever learning from the lessons of the past.
So who's really surprised by WGA? Guess I'll have to head on over to astalavista.box.sk to download a copy of the WGA crack, just in case MS one day decides my copy of Vista is no longer legitimate.
Re:Validating (Score:1, Insightful)
The work-around for Microsoft is to have a particular response that means 'Authentic' no matter what. They can tell their server to send that for a few weeks, and everybody gets their patches and the problem is fixed. (Until the next hacker hooks in.) The problem with the fixed, 'Authentic' response is that once someone discovers it, they can redirect their WGA traffic to a server somewhere that sends that response no matter what. They may not be able to get their updates without manually downloading them, but that's not going to stop people for long (if at all).
Two big issues with his doom and gloom scenario: (Score:3, Insightful)
#1: After vista 'detects' that your version is not legit, it gives you 30 days to fix that before actually shutting down.
#2: "Once a virus that makes the cop refuse to authenticate Vista hits the Net, then how can the problem be fixed? By definition and the way I see it, this will be an impossibility."
Well, while a small # of users will already be effected, I see something that prevents vista from being upgraded by paying customers is one of the few things that could convince MS to patch out-of-cycle. Fix the bug in WGA and release it after a couple days of QA.
Re:Sadly (Score:5, Insightful)
Re:Forbidding Vistas: Windows licensing disserves (Score:3, Insightful)
Re:Sadly (Score:5, Insightful)
Don't say that too loudly, as that comment fits the Slashdot community all too well. People who live in glass houses....
A lot of people have WGA wrong, and are commenting based on old info. At first, WGA did indeed prevent people from downloading security updates. That is no longer true as of sometime around March this year. MS came to their senses on that one, and now the validation is only needed to get fixes that are not security related. Not allowing security updates until validation made worse the chicken and egg problem in which a system could not download patches over the Internet until it'd been patched to prevent it from being pwned the instant it was hooked up to the Internet. Before WGA spoiled things, I worked around that problem by downloading the patches under Knoppix, or by having a CD full of patches that I'd downloaded and burned in Linux. Now that MS has relented, I can once again use Linux to help support Windows.
I hope Vista serves to further highlight fundamental problems with security. Ever since 9/11, there's been even more push for more security, a lot of people talking as if security was pure unadulterated goodness and as if there's no such thing as too much security, and a lot of bad security and abuse of security. Witness such things as confiscation of nail clippers and bottles of shampoo by airport security. When security becomes security for MS or the entertainment industry against evil pirates, that's not security for our benefit anymore however much MS tries to spin it so with such things as the "Advantage" part of the WGA name. Where's a Genuine Advantage program for software we write? When security gets perverted to mean "security for MS profits" and most definitely not "security for users against losing what they've paid for", people notice. When file format lock in gets justified with security, as in "preventing unauthorized programs from accessing and corrupting your valuable data" as if OpenOffice was written by a bunch of irresponsible hackers, that can give security a bad name. When "I can't tell you that for security reasons" is used as a cover for "I don't want to bother finding an answer", security is looking bad. A lot of Windows users have already tentatively decided they're going to stick with XP, because, ironically, they don't trust MS's intentions. So much for security increasing trust.
Re:Forbidding Vistas: Windows licensing disserves (Score:2, Insightful)
Hell, I think that they may be referring to "don't try to run Vista RC2 after the beta license expires". Or "don't try to install drivers that are known to cause crashes and are forbidden to be installed".
Dvorak just likes to talk about stuff (Score:2, Insightful)
Re:I particularly like this bit: (Score:3, Insightful)
Even if it is, that doesn't automatically take Wintel machines out of the loop.
A friend of mine develops industrial control systems, many of which are life-safety critical. The actual devices are controlled by PLCs, which are pretty damned bulletproof, but the control and monitoring software runs on Wintel machines. A Windows crash won't automatically wipe out the ammonia generating facility (where they heat natural gas to something like 5000* at 1500 atmospheres and then react it with superheated steam -- the walls of the control facility are 4' thick), but it will kill your ability to monitor the process, meaning you still have to hit the Big Red Button if you can't get the control interface back online within a reasonable time.
On a similar line, the Wintel machines in a hospital don't have to be running the life-support systems, they can just be storing all the patient records that doctors need to make diagnoses, set prescriptions, schedule treatments, and so on. A person who dies because the doctors couldn't get the necessary information in a timely manner is just as dead as the person who dies because the Machine That Goes 'Ping' BSOD'd at the wrong time. At an individual level, that doesn't generate much noise, but if someone dies because a major hospital's entire network goes down, the press will be on it like stink on sewage.
And while I'm sure Microsoft's legal team has already written the company an escape clause for just such situations (hell, they barely guarantee that there's a working CD inside the box), that won't stop someone who's just lost lots of money and face from suing anyway. At worst, they'll end up just as badly screwed as they were going in, and there's always a chance they might be able to win something. Besides, the court victory for Microsoft would be hollow, compared to the cost of the PR disaster and subsequent log-rolling to keep or win future contracts for large Vista installations.
Re:Sadly (Score:3, Insightful)
2. If it really is that "virtually impossible" to make counterfeits pass, someone who fails at it may well decide to use what they have learned trying to do the reverse attack in compensation. If their motive is either money or spite, they can still succeed with the easier attack.
3. People sometimes get beaten after flashing loads of cash in cheap dives. People also sometimes get beaten after makeing disparaging comments about other people's mothers. So... What's it do to the overall chance of a beating if you enter the cheap dive and loudly announce you are carrying enough cash to buy everyone on the block's mother? Microsoft is giving lots of black hat types with lots of different motives an incentive to target this particular code, agreed?