Dvorak on Windows Genuine Advantage 236
PadRacerExtreme writes "Vista includes the much maligned 'Genuine Advantage' layer inside, which ensures that your copy of the OS is legit. If you're running a non-validated copy you get no upgrades, no security protection, nothing. That's all well and good, but what happens if a cracker tweaks that Genuine Advantage layer for its own good? Dvorak sees a huge problem, just waiting to happen. What's the vulnerability?" From the article: "I suspect the policeman [WGA] will actually be hacked before the OS. It might actually be easier for the pirates to create a fake cop that constantly authenticates fake versions of Vista than it will be to create a Vista imitation that can pretend to be a legitimate version. There is some irony to that idea. But that's none of my concern. I'm more worried about some joker creating a virus or exploit that turns the good cop into a bad cop, and I can only imagine the destruction and hassle that will ensue."
Re:Sadly (Score:3, Interesting)
Anti-piracy measures only annoy legitimate customers and thwart 14 year old morons - the "professional" pirates will eventually crack WGA, they have too much illicit profit incentive not to crack it and pirate it.
So I think it will happen, and MS will spend too much money, time, and effort in combating piracy instead of actually making a OS that's worth a damn. Let's face it - when all they do is pop up a message box when a process wants elevated permissions, and not require a password - too many users are conditioned to just click "OK".
Why is this a problem? Because it won't make Vista any more secure or protected, it'll just be *your* fault instead of MS's fault that you were infected with a virus. Whereas if they at least required a password, most mom & pop AOL'er might actually have a second thought about why this "N@k3d Brotney Speeris" screensaver needs additional permissions to run, and might not reflexivly click "OK".
Reducing Illegal Copies? (Score:1, Interesting)
Just change the cd key? (Score:5, Interesting)
He has a point ... (Score:3, Interesting)
But to what end? Why couldn't any kind of software do this?
Free anti-virus..(not Clam
SpyBot S&D
Ad-Aware
Hi-Jack This!
Could ALL be spyware-in-disguise. We don't know. How could we?
It's not just Vista's WGA we need to worry about. I mean, what better way to take over the world. Develop some cool little free app that EVERYONE starts using. Get it installed on a bajillion computers, then it grabs an auto-update and WHAMMO! You've got
Windows, Pestilence and Plague (Score:3, Interesting)
The day the spam stopped (Score:3, Interesting)
Whihc brings me to another question. What happens when the WGA cop is triggered. Your machine still functions right? you just can't get updates or fixes for vulnerabilities....
Please Wait (Score:5, Interesting)
Microsoft has long been due the fruits of their incidious labor and it is only just that they reap the true rewards.
So if WGA really screws itself up? (Score:3, Interesting)
It seems to me that every step M$ takes to make sure that no illegal copies are around it will also create more work for the IT department. And what if there is an unexpected problem popping up causing all legitimate copies to be locked from the users due to a flaw in WGA? Who will be paying the standstill cost? Not M$ in the first turn.
It seems to me that alternative solutions like Linux and the BSD variants will benefit most from this. The latest versions of the Linux distros aren't really that complicated to install and use, even if there still are flaws. (most notably the X11 config, which can be a real pain to get right, even if Fedora Core 5 seems to work acceptable there). Another item that can cause severe dandruff is the SELinux package, but I assume that there are work in progress on that.
Re:Sadly (Score:5, Interesting)
No Incentive to Cause Failure (Score:3, Interesting)
Most of the people who send out these exploits aren't doing it to piss people off, they are doing it to make money. The thing is, a botnet only works when the zombied machines are running. If you are Joe Cracker, you want those machines up so they can be sending your spam, performing your DDOSes, and collecting information for you to sell to ad companies. What you don't want is for the machine to stop working so that the owner takes it in to be fixed - especially when the person fixing it might just put some antivirus software on there that will stop your bots from running (for a while).
Re:I particularly like this bit: (Score:5, Interesting)
That, and the fact that most of our nuclear power facilities are still running on Win2K. I'm not kidding. I work for a company that makes software for nuclear power facilities (and other places) and most of our customers just transitioned from NT4 within the last 2 years. By the time they start using Vista, Microsoft Windows X should be out.
Oh, and yes, I was as surprised as anybody that these places aren't running UNIX.
Re:Validating (Score:3, Interesting)
I have my own DNS server on a dedicated BSD machine. Let them try to block that one ;-)
Technically, I see no reason why someone couldn't make a small DNS caching service that installs on a Windows machine and then set all DNS lookups to be redirected to localhost:53, bypassing the %SystemRoot%\System32\drivers\etc\hosts file.
Re:Sadly (Score:1, Interesting)
Multiple infections... (Score:4, Interesting)
If MS takes steps to ensure that valid product keys can always be activated, then they'd introduce a new way of pirating keys.
Re:Reducing Illegal Copies? (Score:3, Interesting)
Re:Sadly (Score:3, Interesting)
It's definitely going to be easier. All one will have to do is figure out where WGA stores the registration code, replace it with one that's known to fail WGA, and then cause the system to try and authenticate. Of course, the end user will then just be able to re-enter the good key, which on an OEM system is usually stuck to the front of the machine, so a really good trojan will send the original key to an army of zombie which automatically try to activate with it repeatedly, so that Microsoft flags the key as one released by pirates and refuses to ever activate it again.
Re:Actually no (Score:2, Interesting)
That's a good point - and one that I hadn't considered. I agree - 99.9% of the people with PCs running XP will not run out and buy Vista just because. Especially not at that price point.
I buy components and build my own PCs, so I have to buy the OS. Looks like a very likely choice for my next home-built PC is Linux.
Re:I particularly like this bit: (Score:5, Interesting)
Perhaps not life support, but I was interested in getting LASIK surgery at one time. I went to a presentation given by a doctor that came highly recommended from some of the locals. When they were showing off the actual laser equipment that performed the surgery, it turned out the machine was controlled entirely from a PC workstation running Windows NT. I asked one of the doctors what would happen if the controller "blue-screened" during the procedure and was told they would have to contact the developers and research that and get back to me. I never received a reply, and they never received my business! I'm not taking any chances with my eyes, I'll stick with glasses.
Re:Sadly (Score:2, Interesting)
Re:Sadly (Score:4, Interesting)
That said, they're probably foolish enough to try, and the blackhats will rejoice.
Re:Sadly (Score:3, Interesting)
Why dont setup some bootnets to authenticate every possible product key at Microsoft Site? This way rendering the registration process useless, as they wouldnt be able to differentiate the good ones from the fake ones!
Microsoft's genuine disadvantage.. (Score:5, Interesting)
One company didn't do it. Microsoft got miles of cool points for making their operating system, and eventually their applications, easy to copy. There were legal barriers to reproduction but no technical barriers. People bought MS at premium prices because they could copy. System administrators knew they would have no difficulty making backups, or "educational" copies to take home to put on their systems. They also knew that things would not be difficult if they had to do a reinstallation. It was viral marketing at its most effective. The license agreement of course forbade such practices, but Microsoft winked at personal duplication. Licenses had to be bought, of course, because support was needed, especially in a large enterprise. My personal opinion is that the bugs in early iterations of Microsoft software were their insurance against wholesale ripoff. This is just a feeling.
I thought activation was a big mistake. I actually do think it slowed the adoption of XP if you can recall back that far. However it was easy to crack so the viral thing happened. Anyway Microsoft continued to thrive. I was living in Eastern Europe at the time of XP's introduction and cracked copies were everywhere. Pirate copies of the beta were in the electronics market in the months running up to final release. I am in Western Europe now so I don't know what the Russian and Ukrainian guys have done with WGA, but I can only guess. Vista will be zooted as soon as it hits the market. The Russian and Chinese pirates will not be slowed down at all from putting cracked versions onto hardware. Legitimate customers however will have no end of headaches. It's a crying shame.
The fact that this WGA is vulnerable to hacks is merely the bitter coating on the poison pill of this new form of copy protection, which is always a bad idea because it hurts your customers. DRM and copy protection are ideas that corporate lawyers dream up. Marketing men instinctively know they suck.
I actually think Vista might not even fly very well. Net services are coming. Linux could be attractive to eterprise in some circumstances. And there is always Apple waiting in the wings with good stuff. Corporate prejudice against the "toy computer" might well melt now that the OS is riding on an Intel platform. And there is also the iPod effect. Nothing sells like success.
Meanwhile, Microsoft's latest patch automatically installed itself and rebooted my computer even though I have set the update options to stop at the download. Feh! I didn't have any process running, so I skated, but that is practically a crime in my book. If Vista is going to walk all over me like that I won't want the thing. Certainly I am going to wait as long as I can before I get it. And if I can get away without getting it I won't get it.
Re:I particularly like this bit: (Score:2, Interesting)
I can't count the number of times I got requests to make a control system web accessable just so the 'janitor' could check that one temperature that he thought was the endall to keeping his process running.
For a industry that has a lot of promise it sure has a lot of growing up to do.
Re:Sadly (Score:3, Interesting)