Dvorak on Windows Genuine Advantage

PadRacerExtreme writes "Vista includes the much maligned 'Genuine Advantage' layer inside, which ensures that your copy of the OS is legit. If you're running a non-validated copy you get no upgrades, no security protection, nothing. That's all well and good, but what happens if a cracker tweaks that Genuine Advantage layer for its own good? Dvorak sees a huge problem, just waiting to happen. What's the vulnerability?" From the article: "I suspect the policeman [WGA] will actually be hacked before the OS. It might actually be easier for the pirates to create a fake cop that constantly authenticates fake versions of Vista than it will be to create a Vista imitation that can pretend to be a legitimate version. There is some irony to that idea. But that's none of my concern. I'm more worried about some joker creating a virus or exploit that turns the good cop into a bad cop, and I can only imagine the destruction and hassle that will ensue."

Re:Sadly

[RailGunner]

In this case, however, he's probably right.
Anti-piracy measures only annoy legitimate customers and thwart 14 year old morons - the "professional" pirates will eventually crack WGA, they have too much illicit profit incentive not to crack it and pirate it.

So I think it will happen, and MS will spend too much money, time, and effort in combating piracy instead of actually making a OS that's worth a damn. Let's face it - when all they do is pop up a message box when a process wants elevated permissions, and not require a password - too many users are conditioned to just click "OK".

Why is this a problem? Because it won't make Vista any more secure or protected, it'll just be *your* fault instead of MS's fault that you were infected with a virus. Whereas if they at least required a password, most mom & pop AOL'er might actually have a second thought about why this "N@k3d Brotney Speeris" screensaver needs additional permissions to run, and might not reflexivly click "OK".

Reducing Illegal Copies?

[CycleFreak]

MS gets beat up all the time here on /. - but what if they're right? I mean, what if suddenly all those people that run illegal installations of XP suddenly have to pay up for Vista (even though most people are hesitant to upgrade anyway) because they can't effectively get around the WGA controls. Say, by 2008, there are twice as many Vista installs (according to MS) than XP installs as of today. Wouldn't that prove that MS was correct in forcing this level of validation upon us? Given today's saturated market, the only conclusion would be that illelgal XP installs were replaced with purchased versions of Vista. Just one possible outcome.

Just change the cd key?

[a16]

Couldn't a virus just change the local cd key, as documented by MS, to a pirated one? Then effectively they have a machine that can't be updated.

He has a point ...

[robpoe]

Even though he's occasionally mis-aligned himself, he DOES have a very valid point.

But to what end? Why couldn't any kind of software do this?

Free anti-virus..(not Clam .. it's OSS .. but closed source stuff, why not)
SpyBot S&D
Ad-Aware
Hi-Jack This!

Could ALL be spyware-in-disguise. We don't know. How could we?

It's not just Vista's WGA we need to worry about. I mean, what better way to take over the world. Develop some cool little free app that EVERYONE starts using. Get it installed on a bajillion computers, then it grabs an auto-update and WHAMMO! You've got ... "DUN DUN DUN!!!" SKYNET...

Windows, Pestilence and Plague

[Doc Ruby]

Denying unlicensed Windows instances access to security upgrades does to the Internet ecosystem just what denying poor people access to vaccines and other public health does: it creates incubators for plagues. The "underground" class of unlicensed Windows instances will offer criminals, vandals and spies a cesspool in which to multiply, and launch attacks on everyone. Since Microsoft cannot exterminate completely the global unlicensed Windows population, nor ensure licensed instances are invulnerable to these attacks, their WGA program is making everyone less safe.

The day the spam stopped

[goombah99]

Someday in the future a worm will set off a wildfire, disabling every windows box in the world in a single day. Everyone else will only notice that there suddenly was no more spam and wonder why. Then the spammers will notice all their bots are dead and they will create a new worm that goes out and fixes the vulerability in the few remaining zombies they have left.. So mircosoft's problem will be solved by the spammers faster than you can say Patch-tuesday.

Whihc brings me to another question. What happens when the WGA cop is triggered. Your machine still functions right? you just can't get updates or fixes for vulnerabilities....

Please Wait

[Geccie]

Whomever creates the crack of the century and turns the good cop bad, Please PLEASE be patient. Don't just send out the bots 2 days after Vista's launch, give Vista a chance to permeate the bowels of the gulible and self opressed - Then - and ONLY THEN can the bots be launched, creating a wondrous show for the rest of use to enjoy.

Microsoft has long been due the fruits of their incidious labor and it is only just that they reap the true rewards.

So if WGA really screws itself up?

[Z00L00K]

what will happen then? A big pile of badwill for M$. OK, if it's overly complicated to hack it will also be overly complicated to administrate by IT departments and also very sensitive for businesses as a whole.

It seems to me that every step M$ takes to make sure that no illegal copies are around it will also create more work for the IT department. And what if there is an unexpected problem popping up causing all legitimate copies to be locked from the users due to a flaw in WGA? Who will be paying the standstill cost? Not M$ in the first turn.

It seems to me that alternative solutions like Linux and the BSD variants will benefit most from this. The latest versions of the Linux distros aren't really that complicated to install and use, even if there still are flaws. (most notably the X11 config, which can be a real pain to get right, even if Fedora Core 5 seems to work acceptable there). Another item that can cause severe dandruff is the SELinux package, but I assume that there are work in progress on that.

Re:Sadly

[mark-t]

#2 has good potential for the cracker as well... if he can make a legit version look like a bootleg copy, then the person will not be able to get upgrades and will be vulnerable to certain attacks on security that may have otherwise been fixed.

No Incentive to Cause Failure

[miyako]

I really fail to see what incentive a cracker would have in making someone's legitimate copy of Vista appear to be illigitament. Granted, I'm sure somone will write it to see if they can, and it'll make it's way to a few people, but it seems counter productive for any big time cracker to do this.
Most of the people who send out these exploits aren't doing it to piss people off, they are doing it to make money. The thing is, a botnet only works when the zombied machines are running. If you are Joe Cracker, you want those machines up so they can be sending your spam, performing your DDOSes, and collecting information for you to sell to ad companies. What you don't want is for the machine to stop working so that the owner takes it in to be fixed - especially when the person fixing it might just put some antivirus software on there that will stop your bots from running (for a while).

Re:I particularly like this bit:

[d3ac0n]

I bet you anything there is a clause in the EULA that says something like "this software is not to be used in life support equipment, nuclear power plants, or other life-critical systems."

That, and the fact that most of our nuclear power facilities are still running on Win2K. I'm not kidding. I work for a company that makes software for nuclear power facilities (and other places) and most of our customers just transitioned from NT4 within the last 2 years. By the time they start using Vista, Microsoft Windows X should be out.

Oh, and yes, I was as surprised as anybody that these places aren't running UNIX.

Re:Validating

[jawtheshark]

I have my own DNS server on a dedicated BSD machine. Let them try to block that one ;-)

Technically, I see no reason why someone couldn't make a small DNS caching service that installs on a Windows machine and then set all DNS lookups to be redirected to localhost:53, bypassing the %SystemRoot%\System32\drivers\etc\hosts file.

Re:Sadly

[Anonymous Coward]

August was keyboard guy's name, not John

Multiple infections...

[supersat]

Better yet, what happens if the virus repeatedly switches the product key? MS would likely give instructions to victims on how to switch the product key back to the one glued onto the machine's case, but each time you switch it back to a legitimate key, it'd have to reactivate. Eventually, the key will refuse to be activated on suspicion on key sharing.

If MS takes steps to ensure that valid product keys can always be activated, then they'd introduce a new way of pirating keys.

Re:Reducing Illegal Copies?

[ElleyKitten]

Not everyone who has pirated Windows XP would purchase Vista if WGA locks them out. Many won't pay for it/can't afford it (which is why they're pirating in the first place) and not everyone's existing computer can run Vista. Some will, of course, but some will switch to Linux. Linux is usable enough now, and someone who's desperate/mad that they can't run Windows anymore without paying microsoft money will likely try the free option. Not everyone who gets lock ut with WGA will go to Linux, but enough that I think this is a stupid move by Microsoft. A person running pirated XP today might buy a new PC with Vista later, or might encourage friends/family to. A person running Linux today is very unlikely to purchase Vista in the future and will encourage friends/family to switch. Microsoft has all the big name shops (well, besides Apple) selling only Windows boxes. That's the only anti-piracy they need (not that I appreciate that), and the only kind that won't bite them in the ass. Of course, I'm a Linux user, so I'm not complaining. :-)

Re:Sadly

[supabeast!]

I think it would be far easier to patch WGA in order to make it FAIL authentication than it would be to make a counterfeit Windows version PASS authentication...

It's definitely going to be easier. All one will have to do is figure out where WGA stores the registration code, replace it with one that's known to fail WGA, and then cause the system to try and authenticate. Of course, the end user will then just be able to re-enter the good key, which on an OEM system is usually stuck to the front of the machine, so a really good trojan will send the original key to an army of zombie which automatically try to activate with it repeatedly, so that Microsoft flags the key as one released by pirates and refuses to ever activate it again.

Re:Actually no

[CycleFreak]

XP installs are almost all OEM copies, Vista will be the same way.

That's a good point - and one that I hadn't considered. I agree - 99.9% of the people with PCs running XP will not run out and buy Vista just because. Especially not at that price point.

I buy components and build my own PCs, so I have to buy the OS. Looks like a very likely choice for my next home-built PC is Linux.

Re:I particularly like this bit:

[Fatal Darkness]

Patients on life support? Is this the new "it's for the chilllldren!" in the software industry? Hospitals and life-support systems seem to come up really often when validation scenarios like this are discussed, yet, I have never, EVER heard of a patient dying because Windows crashed. I suspect this might be due to medical equipment manufacturers not quite being dumber than a bag of hammers and therefore not using Windows in life-critical situations.

Perhaps not life support, but I was interested in getting LASIK surgery at one time. I went to a presentation given by a doctor that came highly recommended from some of the locals. When they were showing off the actual laser equipment that performed the surgery, it turned out the machine was controlled entirely from a PC workstation running Windows NT. I asked one of the doctors what would happen if the controller "blue-screened" during the procedure and was told they would have to contact the developers and research that and get back to me. I never received a reply, and they never received my business! I'm not taking any chances with my eyes, I'll stick with glasses.

Re:Sadly

[Virgil Tibbs]

if somebody perfect #2 and makes it easy then MS will be in a bit of a mess because as far as they are concerned that person is not legitimate so their system will be flawed and they will have to introduce something for people who dont hasve legit copies to get legit copies and all the related problems that will bring

Re:Sadly

[Firehed]

Current XP WGA still allows you to get critical updates with a failed authentication. Have we heard anything to indicate that you won't at least get critical security patches in Vista without something shown as valid? I'd think they would still allow critical security updates with a "disadvantage", specifically for that reason. MS is taking enough flak from the public over WGA as it is; as long as there's even one false positive, they probably won't be allowed to not give out the critical stuff when they've just released a mammoth OS update, after charging out the wazoo for it, that doesn't yet have anything near a proven security layer.

That said, they're probably foolish enough to try, and the blackhats will rejoice.

Re:Sadly

[vhogemann]

Better,

Why dont setup some bootnets to authenticate every possible product key at Microsoft Site? This way rendering the registration process useless, as they wouldnt be able to differentiate the good ones from the fake ones!

Microsoft's genuine disadvantage..

[bdwoolman]

When Microsoft was making its bones in the early 1980s one of their big advantages was their no-copy-protection software philosophy. Copy protection was a big swinging deal back then. Everyone had it. Software manufacturers were paranoid to a fault over piracy and user reproduction. The protection was very breakable, but ordinary users found it impossible to deal with. Lotus 1-2-3, other operating systems, they all did it. It was a mess. Backups were a nightmare, system recovery was hard.

One company didn't do it. Microsoft got miles of cool points for making their operating system, and eventually their applications, easy to copy. There were legal barriers to reproduction but no technical barriers. People bought MS at premium prices because they could copy. System administrators knew they would have no difficulty making backups, or "educational" copies to take home to put on their systems. They also knew that things would not be difficult if they had to do a reinstallation. It was viral marketing at its most effective. The license agreement of course forbade such practices, but Microsoft winked at personal duplication. Licenses had to be bought, of course, because support was needed, especially in a large enterprise. My personal opinion is that the bugs in early iterations of Microsoft software were their insurance against wholesale ripoff. This is just a feeling.

I thought activation was a big mistake. I actually do think it slowed the adoption of XP if you can recall back that far. However it was easy to crack so the viral thing happened. Anyway Microsoft continued to thrive. I was living in Eastern Europe at the time of XP's introduction and cracked copies were everywhere. Pirate copies of the beta were in the electronics market in the months running up to final release. I am in Western Europe now so I don't know what the Russian and Ukrainian guys have done with WGA, but I can only guess. Vista will be zooted as soon as it hits the market. The Russian and Chinese pirates will not be slowed down at all from putting cracked versions onto hardware. Legitimate customers however will have no end of headaches. It's a crying shame.

The fact that this WGA is vulnerable to hacks is merely the bitter coating on the poison pill of this new form of copy protection, which is always a bad idea because it hurts your customers. DRM and copy protection are ideas that corporate lawyers dream up. Marketing men instinctively know they suck.

I actually think Vista might not even fly very well. Net services are coming. Linux could be attractive to eterprise in some circumstances. And there is always Apple waiting in the wings with good stuff. Corporate prejudice against the "toy computer" might well melt now that the OS is riding on an Intel platform. And there is also the iPod effect. Nothing sells like success.

Meanwhile, Microsoft's latest patch automatically installed itself and rebooted my computer even though I have set the update options to stop at the download. Feh! I didn't have any process running, so I skated, but that is practically a crime in my book. If Vista is going to walk all over me like that I won't want the thing. Certainly I am going to wait as long as I can before I get it. And if I can get away without getting it I won't get it.

Re:I particularly like this bit:

[The_Morgan]

The thing I've noticed about industrial automation is that the programming software is typically made so that electrical engineers can write and maintain the code/logic. They have no training in computer security. Also if there is any disconnect between the customers and the programmers(term used loosely), such that the customers were not the ones writing the original sequence of operation or the logic wasn't written by the company that installed the system and does owner training, the security situation can be very dire.

I can't count the number of times I got requests to make a control system web accessable just so the 'janitor' could check that one temperature that he thought was the endall to keeping his process running.

For a industry that has a lot of promise it sure has a lot of growing up to do.

Re:Sadly

[penguinrenegade]

If an army of zombies keep trying NEW codes - simple math says that in a matter of weeks nearly ALL Vista codes could be flagged as pirated. Making WGA point to false positives could be the death knell for Vista.