Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Dvorak on Windows Genuine Advantage

Zonk posted more than 7 years ago | from the good-cop-hacked-cop dept.

236

PadRacerExtreme writes "Vista includes the much maligned 'Genuine Advantage' layer inside, which ensures that your copy of the OS is legit. If you're running a non-validated copy you get no upgrades, no security protection, nothing. That's all well and good, but what happens if a cracker tweaks that Genuine Advantage layer for its own good? Dvorak sees a huge problem, just waiting to happen. What's the vulnerability?" From the article: "I suspect the policeman [WGA] will actually be hacked before the OS. It might actually be easier for the pirates to create a fake cop that constantly authenticates fake versions of Vista than it will be to create a Vista imitation that can pretend to be a legitimate version. There is some irony to that idea. But that's none of my concern. I'm more worried about some joker creating a virus or exploit that turns the good cop into a bad cop, and I can only imagine the destruction and hassle that will ensue."

cancel ×

236 comments

sweet (1, Funny)

Anonymous Coward | more than 7 years ago | (#16503955)

i cant wait to apply this to my hax0red copy of vista!

Sadly (5, Insightful)

Null Perception (914562) | more than 7 years ago | (#16503959)

Dvorak's forecast of the future is often wrong.

Re:Sadly (2, Insightful)

DynamoJoe (879038) | more than 7 years ago | (#16504049)

I agree (his Mac columns are stellar examples of rectocranial insertion syndrome), but in this case I bet he's got a point. Which is kind of a bummer. I mean, it's Dvorak, leader of the clueless.

Re:Sadly (3, Insightful)

TobyRush (957946) | more than 7 years ago | (#16504061)

Dvorak's forecast of the future is often wrong.

I agree with you, and I generally can't stand even reading his articles... but he's probably got a pretty safe prediction with this one. It seems that those who say "It'll probably be hacked" are seldom disproven.

Re:Sadly (5, Insightful)

Artifakt (700173) | more than 7 years ago | (#16504319)

For once, John has gotten it right, even making a more detailed prediction than just "it'll probably be hacked". There are two good reasons (from a black hat perspective) to crack WGA:

1. Make a bootleg copy look authentic.
2. Make an authentic copy look bootleg.

Figureing out how to do one means you have done at least 80-90% of the work to figure out the other. That's essentially twice the normal incentive to crack a Microsoft product. #1 has an obvious financial incentive, but #2 may have one too, if the cracker is willing to consider extortion or similar modes of funding. If the cracker is doing it just to spite MS and/or MS users, the same double whammy applies.

Re:Sadly (2, Insightful)

RKBA (622932) | more than 7 years ago | (#16504797)

1. Make a bootleg copy look authentic.
2. Make an authentic copy look bootleg.
I think it would be far easier to patch WGA in order to make it FAIL authentication than it would be to make a counterfeit Windows version PASS authentication, because of the cryptography involved (ie; probably all that would be required to make it fail would be to patch a conditional jump instruction in the executable code, but cracking the cryptography involved to pass authentication would be virtually impossible).

Re:Sadly (4, Interesting)

mark-t (151149) | more than 7 years ago | (#16504803)

#2 has good potential for the cracker as well... if he can make a legit version look like a bootleg copy, then the person will not be able to get upgrades and will be vulnerable to certain attacks on security that may have otherwise been fixed.

Re:Sadly (2, Interesting)

RailGunner (554645) | more than 7 years ago | (#16504131)

In this case, however, he's probably right.
Anti-piracy measures only annoy legitimate customers and thwart 14 year old morons - the "professional" pirates will eventually crack WGA, they have too much illicit profit incentive not to crack it and pirate it.

So I think it will happen, and MS will spend too much money, time, and effort in combating piracy instead of actually making a OS that's worth a damn. Let's face it - when all they do is pop up a message box when a process wants elevated permissions, and not require a password - too many users are conditioned to just click "OK".

Why is this a problem? Because it won't make Vista any more secure or protected, it'll just be *your* fault instead of MS's fault that you were infected with a virus. Whereas if they at least required a password, most mom & pop AOL'er might actually have a second thought about why this "N@k3d Brotney Speeris" screensaver needs additional permissions to run, and might not reflexivly click "OK".

Re:Sadly (4, Insightful)

IAmTheDave (746256) | more than 7 years ago | (#16505017)

Anti-piracy measures only annoy legitimate customers and thwart 14 year old morons

  • DRM measures only annoy legitimate customers and confuse the masses
  • REAL ID measures only annoy law-abiding citizens and do nothing to stop terrorists
  • New passport requirements only put law-abiding citizens at risk and do nothing to stop terrorists
  • Anti-gun laws only annoy legitimate customers and don't stop criminals and murderers

I could list about 20 more, but I'm tired of this. Almost any measure or law that reduces the rights/privacy of normal citizens do nothing to thwart (for more than a day or two) those who would pirate, steal, kill, etc. Yet we march on to the same tune, never ever learning from the lessons of the past.

So who's really surprised by WGA? Guess I'll have to head on over to astalavista.box.sk to download a copy of the WGA crack, just in case MS one day decides my copy of Vista is no longer legitimate.

Re:Sadly (1)

RailGunner (554645) | more than 7 years ago | (#16505193)

Guess I'll have to head on over to astalavista.box.sk to download a copy of the WGA crack, just in case MS one day decides my copy of Vista is no longer legitimate.

Nah - just head on over to distrowatch.com and pick a Linux distro. I personally dumped Windows at home 5 years ago and I've never looked back.

You can argue whether or not the Linux Penguin is retarded, but at least you know he means no harm...

Re:Sadly (4, Insightful)

nuckin futs (574289) | more than 7 years ago | (#16504201)

every so often he gets something right. if you spray enough bullets on a target, you'll hit it sooner or later. He basically does the same thing, shooting in the dark and hoping to hit the target.

I particularly like this bit: (4, Insightful)

Old Man Kensey (5209) | more than 7 years ago | (#16504691)

"I do not even want to think of the consequences of Vista turning itself off in enterprise situations such as airline reservations or a hospital full of patients on life support. A serious collapse of the authentication network that could not be fixed without sending out discs or one-by-one-downloads will end up in the courts, and you can be certain that the shrink-wrap license agreement that holds Microsoft blameless will be tossed out as bogus."

  1. Patients on life support? Is this the new "it's for the chilllldren!" in the software industry? Hospitals and life-support systems seem to come up really often when validation scenarios like this are discussed, yet, I have never, EVER heard of a patient dying because Windows crashed. I suspect this might be due to medical equipment manufacturers not quite being dumber than a bag of hammers and therefore not using Windows in life-critical situations.
  2. I bet you anything there is a clause in the EULA that says something like "this software is not to be used in life support equipment, nuclear power plants, or other life-critical systems."
  3. I further bet you that in the unlikely event some cosmically stupid company actually built life-critical systems around Windows Vista and it caused loss of life, that company, not Microsoft, would be held 100% liable for a) not doing due diligence on whether or not their off-the-shelf components were suitable for the intended purpose and b) being dumber than the aforementioned bag of hammers. The EULA wouldn't need to be held enforceable per se, the court would merely need to find that they ought to have read the EULA and from it derived knowledge that Vista should not be used for certain purposes.

Re:I particularly like this bit: (4, Interesting)

d3ac0n (715594) | more than 7 years ago | (#16505149)

I bet you anything there is a clause in the EULA that says something like "this software is not to be used in life support equipment, nuclear power plants, or other life-critical systems."

That, and the fact that most of our nuclear power facilities are still running on Win2K. I'm not kidding. I work for a company that makes software for nuclear power facilities (and other places) and most of our customers just transitioned from NT4 within the last 2 years. By the time they start using Vista, Microsoft Windows X should be out.

Oh, and yes, I was as surprised as anybody that these places aren't running UNIX.

Re:Sadly (1)

crabpeople (720852) | more than 7 years ago | (#16504867)

Of course, I thought thats why he kept being posted, to make us all feel more learned in comparison. If he was right about technological changes everyone would be using his stupid keyboard by now.

Low-hanging fruits (5, Insightful)

overshoot (39700) | more than 7 years ago | (#16503985)

It's always easier to make something do what it's supposed to do (even when it shouldn't) than it is to make it do something it's not designed for.

For instance, chainsaws are designed to cut off limbs. Tree, human, what's the difference?

WGA and successors are designed to disable Microsoft systems. OK, I'm sure that there are those who appreciate the help.

Re:Low-hanging fruits (1)

192939495969798999 (58312) | more than 7 years ago | (#16504081)

If you want to disable windows, there are much easier ways to do it than WGA, just look at the massive list of bots, viruses, etc. that if you're not up to date on patches and protection, can wreck your machine post haste!

Re:Low-hanging fruits (5, Insightful)

dsanfte (443781) | more than 7 years ago | (#16504163)

That's not the point. The point is that Microsoft has designed their OS with a single point of failure, and to top it all off, if anyone were to exploit that point of failure, the deafening ring of poetic justice would be heard the world over.

WGA is a key to every Windows box on the planet and a giant club with which to beat Microsoft over the head if it's every hacked, and you can bet that's not going to go unnoticed by those with the capability to pull this off. It would be the hack of the freaking century.

The day the spam stopped (2, Interesting)

goombah99 (560566) | more than 7 years ago | (#16504453)

Someday in the future a worm will set off a wildfire, disabling every windows box in the world in a single day. Everyone else will only notice that there suddenly was no more spam and wonder why. Then the spammers will notice all their bots are dead and they will create a new worm that goes out and fixes the vulerability in the few remaining zombies they have left.. So mircosoft's problem will be solved by the spammers faster than you can say Patch-tuesday.

Whihc brings me to another question. What happens when the WGA cop is triggered. Your machine still functions right? you just can't get updates or fixes for vulnerabilities....

Re:The day the spam stopped (3, Insightful)

Phisbut (761268) | more than 7 years ago | (#16504667)

Whihc brings me to another question. What happens when the WGA cop is triggered. Your machine still functions right? you just can't get updates or fixes for vulnerabilities....

If I recall correctely, you have 30 days to authenticate or the WGA cop disables everything except IE. "Everything" probably includes the ability to be a spam-bot, but I'm still not sure.

Re:The day the spam stopped (1)

Mister Whirly (964219) | more than 7 years ago | (#16504855)

WGA exists now - how come this "magical hack" hasn't happened already??? And I'm sure if lowly Slashdotters are talking about it's potential for abuse, MS has thought of it too. Isn't it amazing that every few months you read about "the big hack" that is the Achilles heel of Windows and will bring down XX% of the world's computers - and it still hasn't happened. MS not only is still around, but still domminant.

Re:Low-hanging fruits (1)

Krizdo4 (938901) | more than 7 years ago | (#16504663)

Hack of the century?
No.
Way too obvious and likely to succeed.

What would be impressive if someone managed to have WGA in a way that gave them root access to Macs and Linux machines enmass.
Especially since they're completely unrelated.
Hacking Windows happens way to often to be cool anymore. You just expect it now.

Re:Low-hanging fruits (1)

disasm (973689) | more than 7 years ago | (#16504683)

no, poetic justice would be someone exploiting WGA to install ubuntu and move over all settings from windows without any user interaction, and while we're at it, have some virus like behavior and pass it around to everyone in your address book/cache/excel and word docs/everyone on your subnet/everyone on the internet ;-) Now that would be poetic justice, of course then all the computer shops that just fix spyware/viruses would all go out of business, how sad would that be...

Re:Low-hanging fruits (1, Flamebait)

CodeBuster (516420) | more than 7 years ago | (#16504229)

Yes, but this particular method has added irony of turning the tables on "the man" which fits in rather nicely with whole ethos of the malware authors and their fellow travelers.

Re:Low-hanging fruits (1)

Jah-Wren Ryel (80510) | more than 7 years ago | (#16504379)

fits nicely with whole ethos of the malware authors and their fellow travelers.

Cute dig at the Free software supporters. Ya got balls to make it so blatant right in the middle of the enemy camp here on slashdot. Just for the record, Free software is NOT communisim any more than copyright is communisim, and nothing about Free software is sympathetic to malware.

Re:Low-hanging fruits (1)

Pharmboy (216950) | more than 7 years ago | (#16504273)

If you want to disable windows, there are much easier ways to do it than WGA, just look at the massive list of bots, viruses, etc. that if you're not up to date on patches and protection, can wreck your machine post haste!

Not true. All of those NEED the operating system to work to either show you ads, or to send spam from your computer. If your computer is disabled, then they have failed. I CAN see someone making a virus that will make your Vista install appear to be bogus, just to wreak havok on:

1. Microsoft
2. America
3. Capitalism
4. Infidels
5. Other

This doesn't affect me personally as I have already decided that there is no way Vista will make it into my house, but it will affect me indirectly if customers/family/friends can't get online. MS is about to shoot themselves in the foot again, and just like with 9x/NT, I think they are underestimating hackers ability to carve up their little OS.

Re:Low-hanging fruits (1)

voice_of_all_reason (926702) | more than 7 years ago | (#16504285)

Yeah, but a bot attack disbling security updates would really screw with a corporate environment. IT's choices would probably be only to a) let the unpatched machines go until they could fix it, risking haxxoring of sensitive information or b) take down the network until they can sort things out.

Wouldn't either of these things be more of a hassle than simply rebuilding machines that got hosed by a virus? (I dunno, I'm not IT)

Re:Low-hanging fruits (2, Informative)

Otto (17870) | more than 7 years ago | (#16505069)

Yeah, but a bot attack disbling security updates would really screw with a corporate environment.

Not as much as you'd think. Corporate Windows systems generally have updates disabled anyway, at least from Microsoft. The whole Windows Update system was designed to allow corps to run their own update server, so that they could a) pick and choose what updates they want to go to what boxes and b) use the mechanism to not only install their own software, but to prevent modification to the software. The corporate boxen rigged this way don't talk back to Microsoft at all, they talk to their own in-house update system.

Re:Low-hanging fruits (1)

slashbob22 (918040) | more than 7 years ago | (#16504421)

Ironically, that is the point of hacking the WGA. If you hacked it in such a way where you could make the WGA turn on the system, then the computer would not be able to update itself and MS would have to figure out some way to re-authenticate all the systems AND would likely be forced to patch all systems in the process. Not only that, but every system that was unable to patch could be exploited by bots and other viruses.

Sure, if you turned WGA on users through a exploit, MS would lose massive credibility. In that case, the only people who are protected have been able to patch before being exploited OR aren't running genuine systems.

Re:Low-hanging fruits (1)

gbjbaanb (229885) | more than 7 years ago | (#16504577)

No, no-one wants to disable Windows. They want to disable downloading the security fix that gobshite spamking has exploited to install his Trojan emailer/DoSer/Phisher.

Not to mention disabling the ability to update the WGA tool too.

Re:Low-hanging fruits (0)

Anonymous Coward | more than 7 years ago | (#16504125)

I agree.

After someone creates a virus that disables automatic updates by making the software look pirated, the OS can not update itself and will therefore be really vulnerable to all other threats.

I'm sure they thought of this though..

Re:Low-hanging fruits (0)

voice_of_all_reason (926702) | more than 7 years ago | (#16504333)

I'm sure they thought...

You are already incorrect.

Re:Low-hanging fruits (0)

Anonymous Coward | more than 7 years ago | (#16504345)

it dosent even need to last long enough to stop any critical updates. If the computer was to go into lockdown mode, im sure a virus and other malware would be the least of the userses worries, and would probably stop the malware itself (a good worm can wreck havec if this is possible, a good virus would only use it for extortion and nothing else, you dont want a good botnet to stop working for you, unless that it what you want..)

You can already do that! (1)

Tei (520358) | more than 7 years ago | (#16504189)

If you hate enough some random guy, create a small application that will rename boot.ini something else (boot.dat?). Nothing more, nothing else. This will cross any antivirus, is not a virus. Will kill that poor bastard on the next reboot.

Of course, with WGA will be much more espectacular and fun, but you can already cripple a system with a simple change.

Dvorak? What does he know about computers? (5, Funny)

Anonymous Coward | more than 7 years ago | (#16503993)

The guy writes some symphonies back in the late 1800s, then in the early 1900s designs a keyboard that nobody except a few nerds can type on, and NOW he's criticizing Windows?!?!
Not only is this guy old, he should be commenting on things like piano typewriters or something like that...

TDz.

Re:Dvorak? What does he know about computers? (0)

Anonymous Coward | more than 7 years ago | (#16504289)

Dvorak? What does he know about computers?

A lot. He used to hang out with Charles Babbage. I'm wondering how he got so dumb since then.

Re:Dvorak? What does he know about computers? (3, Funny)

revery (456516) | more than 7 years ago | (#16504953)

he should be commenting on things like piano typewriters

It looks like you're composing a letter in the key of G, would you like some help?

yes it will be fucked up its windows (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#16504013)

What do you idiots expect? Microsoft is all of a sudden going to ship secure and bugfree software? What a joke! Get a Mac or at least install Linux!

Re:yes it will be fucked up its windows (0, Flamebait)

Volante3192 (953645) | more than 7 years ago | (#16504083)

Most of us don't expect MS to release secure and bugfree software. What we don't expect is such blatent reaming of their customer base. Treat the user as a criminal, and they have to become one anyway.

MS is turning into an *AA in their business practice: Their cash cows are dying and instead of looking for new interpretations to their products, they refuse to believe their model is incorrect and enact strongarm tactics to keep people locked in. WGA, legal courses and even not-so-subtle threats documented as research.

It's not working for the *AAs; it won't work for their software.

Re:yes it will be fucked up its windows (1)

j0kkk3l (778886) | more than 7 years ago | (#16504955)

Their cash cows are dying
I would like to see some proof for this statement. MS is far from dieing, as are Office and Windows. Windows still has a 90+ % marketshare in Personal Computers. Just look at how 5 years without a new desktop OS has hardly scratched them.

Re:yes it will be fucked up its windows (0, Troll)

FudRucker (866063) | more than 7 years ago | (#16504831)

why mod parent down as flamebait?, he is speaking the unvarnished truth...

considering microsoft's heavy hand & draconian EULA and abuse of monopoly powers, the parents post is a practicle suggestion... --not posting anony_mouse_cow_herd

Imagine all you like (0, Troll)

nih (411096) | more than 7 years ago | (#16504033)

I can only imagine the destruction and hassle that will ensue

well, as long as you only imagine it, whats the problem again?

Complicated = Buggy (2)

crazyjeremy (857410) | more than 7 years ago | (#16504035)

More complicated security simply means more circumstances for the code to be vulnerable. Windows continues to bloat in every direction and as a result, it continues to be an easy target. Now that so many systems areon the web, one wonders if there will ever be an exploit so complicated and devisive that it will shut down a significant portion of the windows user base. If this Security Cop layer of Vista gets hacked, a huge DOS will be easier than ever.

I'm going to start working... (2, Insightful)

jizziknight (976750) | more than 7 years ago | (#16504037)

... on a virus right now that effectively shuts down any Vista computer by causing WGA to always detect the OS as a pirated copy.

Actually, for some reason, I had never thought of this before. You probably wouldn't really even have to mess with WGA all that much, just change whatever it's checking to see if the OS is valid. Not sure how easy that would be, but considering the number of false positives that are cropping up on XP, it should be quite doable.

Just change the cd key? (4, Interesting)

a16 (783096) | more than 7 years ago | (#16504381)

Couldn't a virus just change the local cd key, as documented by MS, to a pirated one? Then effectively they have a machine that can't be updated.

Re:I'm going to start working... (0)

Anonymous Coward | more than 7 years ago | (#16504403)

I wonder what happens if you hack the ethernet driver to randomize the MAC address on every boot?

Re:I'm going to start working... (1)

joe 155 (937621) | more than 7 years ago | (#16504681)

I'll assume that you were joking then (although I suppose that if anyone would have the ability they might be on here...) but what you mention, if it was possible would really screw MS over.

Imagine a virus which is very hard to get rid of, if not a rootkit which for the average user (read: knows nothing about computer) would as good be impossible to get rid of, then MS's WGA policy would have to stop. Say someone gets this virus and doesn't know how to detect or remove it they'll be ringing MS up and complaining loudly, they won't be able to get security updates, which will make them complain more loudly... MS will either have to let go of WGA (since most of the people it would stop would now be legal coppies) or come up with a complicated system to try and re-introduce the WGA check in a different way... it might be impossibe.

Re:I'm going to start working... (1)

shawb (16347) | more than 7 years ago | (#16504805)

The thing about WGA is, it doesn't actually prevent you from using the computer. It prevents you from using Windows Update. So what you do is release the code into the wild that kills WGA meaning all infected computers will not be patched. THEN you release a virus into the wild that utilizes a vulnerability that has not been patched by Microsoft yet. Finally, you do whatever you want with the constantly growing botnet. DOS attacks, spam, spying on users, running a distributed password/encryption cracking utility... whatever. Shutting down their computers would be a waste at that time. You control all Windows computers that had WGA killed by the original exploit, as well as all pirated copies that wouldn't get the updates anyways.

THAT's the danger of WGA.

Re:I'm going to start working... (1)

peragrin (659227) | more than 7 years ago | (#16505051)

No WGA in Vista has an Auto off feature. if you don't authenticate within 30 days You can only use the machine one hour a day, and you can only use IE during that hour.

I personaly hope MSFT gets widespread distribution of Vista before someone pulls out that virus that disables WGA from authenticating properly. Maybe twith 30-50 million users calling in complaining will MSFT stop being so greedy.

Idiotic ramblings (0, Flamebait)

setuid_w00t (1009665) | more than 7 years ago | (#16504043)

Isn't Dvorak basically just an Internet whore? Why does slashdot link to his articles?

Re:Idiotic ramblings (1)

voice_of_all_reason (926702) | more than 7 years ago | (#16504369)

"wga or gtfo?"

Validating (1)

Damastus the WizLiz (935648) | more than 7 years ago | (#16504057)

Not that it is impossible or even unlikely but I am curious how it will get around having to contact microsoft to validate the windows version.

Re:Validating (1)

Fezmid (774255) | more than 7 years ago | (#16504167)

I've never used Vista, but what about changing the LMHOSTS file to point wga.microsoft.com (or whatever) to a different server on the NET that says "Your copy of Windows is broken! Disabling now."

Re:Validating (1)

phreak404 (241139) | more than 7 years ago | (#16504173)

How about an entry in \windows\system32\drivers\etc\hosts for microsoft.com?

Re:Validating (4, Informative)

SScorpio (595836) | more than 7 years ago | (#16504513)

Microsoft ignores a redirect for microsoft.com in the host file. Try setting it to localhost on a XP machine and see what happens.

Re:Validating (3, Interesting)

jawtheshark (198669) | more than 7 years ago | (#16505189)

I have my own DNS server on a dedicated BSD machine. Let them try to block that one ;-)

Technically, I see no reason why someone couldn't make a small DNS caching service that installs on a Windows machine and then set all DNS lookups to be redirected to localhost:53, bypassing the %SystemRoot%\System32\drivers\etc\hosts file.

Re:Validating (1)

db32 (862117) | more than 7 years ago | (#16504191)

I'm not a programmer, and I don't know the in detail methods of WGA, but off the top of my head I can think of a few methods. Intercept the "call home" and either rewrite what is sent home to be a known good until they block it or redirect the "call home" to a local approval service installed as part of the "fix". I realize when you hit the MS sites for updates and the like the second may not work, but faking a good response to yourself would at least get WGA to pull its nag/disabling claws back out of your system.

Re:Validating (0)

Anonymous Coward | more than 7 years ago | (#16504225)

overwrite/replace the dnsapi.dll file so that the computer is directed to a different server[s]. tough stuff.

Re:Validating (1)

Mateo_LeFou (859634) | more than 7 years ago | (#16504245)

Is that necessary? Let it contact microsoft if it wants. The thing to exploit is what it says to microsoft when it calls. I don't know how it works, but it prolly takes a snapshot of a bunch of files & directories and sends that to MS. Sprinkle weird stuff in those places and you'll get false negatives aplenty.

Re:Validating (1, Insightful)

Anonymous Coward | more than 7 years ago | (#16505057)

That's exactly it. Simply hook in and mess with whatever process Windows uses to send the authentication message. The message will be different than what it should be, so whatever Microsoft's WGA server sends back won't match the box. Instant disabling. We already know it's possible to hook into Windows DLLs in a way that is transparent to software running on the box (see the Sony root-kit, and various copy-protection methods used on games), so it's just a matter of time until someone creates a hook that disrupts the WGA process, and distributes that hook with a worm.

The work-around for Microsoft is to have a particular response that means 'Authentic' no matter what. They can tell their server to send that for a few weeks, and everybody gets their patches and the problem is fixed. (Until the next hacker hooks in.) The problem with the fixed, 'Authentic' response is that once someone discovers it, they can redirect their WGA traffic to a server somewhere that sends that response no matter what. They may not be able to get their updates without manually downloading them, but that's not going to stop people for long (if at all).

Who Polices the Policeman? (5, Funny)

w0d3h0us3 (966674) | more than 7 years ago | (#16504063)

It happened in a committee inside Microsoft when someone came up with the brilliant idea of essentially creating a virtual policeman to watch over the operating system to make sure it has the right "papers." This is an interesting idea, but who watches and authenticates the policeman?
I got it! "Windows Genuine Advantage Genuine Advantage."

Re:Who Polices the Policeman? (5, Funny)

Volante3192 (953645) | more than 7 years ago | (#16504157)

WGA = WGA's Genuine Advantage... ...some GNU freaks are gonna dock me for that one, but it's SO worth it.

Re:Who Polices the Policeman? (1)

voice_of_all_reason (926702) | more than 7 years ago | (#16504427)

Stop messing with my head!

//also, monkeys are not donkeys

Re:Who Polices the Policeman? (1)

JordanL (886154) | more than 7 years ago | (#16505173)

Would that be like "New NT Technology"? (For the uninitiated, NT was an acronym inside Microsoft which stood for "New Technology", and Microsoft turned it into a brand.)

Hold on just a second there chief. (2)

nilbog (732352) | more than 7 years ago | (#16504077)

Whether or not you pass WGA, you still get critical security updates. It's not in Microsoft's best interest to have a few million illegal Windows installs out there being compromised because it harms the user base as a whole.

The real problem here is that Dvorak might die old, alone, and invalid. He must come up with this crap to feel like he's important. What if a hacker did this or that? I don't really care unless a hacker actually does it. People have been talking about someone pointing auto-updates to a 3rd party that would be able to install anything, but I've yet to see any widespread auto-update hack.

Re:Hold on just a second there chief. (2, Informative)

LunaticTippy (872397) | more than 7 years ago | (#16504235)

Whether or not you pass WGA, you still get critical security updates

Wrong. One of our other sites just got nailed by a trojan because some machines weren't updating because they had never installed WGA. I found this behaviour several months ago and ran windows update on the offending machines just to install WGA. (we use WSUS for updates) The machines mysteriously resumed updating after installing WGA. Fortunately I check the patch status of windows machines around here. Obviously our sister site didn't and got burned by MS withholding updates from a company that gives millions to microsoft every year.

Re:Hold on just a second there chief. (1)

geekoid (135745) | more than 7 years ago | (#16504459)

Not having a plan for a probable scenerio(WGA fails for some reason) is a poor way to manage systems.

Get a Mac (0)

Anonymous Coward | more than 7 years ago | (#16504119)

I'm glad I switched last year. I don't have to care for all that Microsoft crap anymore.

WGA is the system blackbox .. (1, Insightful)

rs232 (849320) | more than 7 years ago | (#16504139)

Why don't they make Vista out of the same stuff that WGA is made of, that way you wouldn't have any security issues.

Devilsown will make a client-side server (4, Informative)

spyrochaete (707033) | more than 7 years ago | (#16504143)

"It might actually be easier for the pirates to create a fake cop that constantly authenticates fake versions of Vista than it will be to create a Vista imitation that can pretend to be a legitimate version."

This is exactly what I was thinking when I heard that volume licensed versions of Vista would no longer take the product key's word for it (bye bye FCKGW), but authenticate and activate with a local server. I bet the first pirated versions of "Vista Pro Corp" will include a proxy patch or HOSTS entry that will point the OS to a server run by a warez release group, or maybe 127.0.0.1 with a host-side server.

Either way, it's going to really suck when people need to run a one or more instances of Vista Ultimate in a VM (yes, Ultimate can run in a VM) for testing and staging but quickly run out of licenses on the local activation server.

Re:Devilsown will make a client-side server (1)

vespazzari (141683) | more than 7 years ago | (#16504967)

Wow, i actually know exactly what you mean by FCKGW, i dont know what is worse, the fact that i recognize it or that i have used it that many times.

Doubt this is possible (3, Insightful)

MobyDisk (75490) | more than 7 years ago | (#16504145)

Server certificates are the basis for SSL, SSH, HTTPS, etc. AFAIK, nobody can make a fake policeman without faking Microsoft's certificate. I don't think Dvorak's scenario is reasonable.

Re:Doubt this is possible (1)

geekoid (135745) | more than 7 years ago | (#16504239)

you only nede to make the OS think it is the correct certificate.

Re:Doubt this is possible (1)

badfish99 (826052) | more than 7 years ago | (#16504367)

It should be possible, so long as you can authenticate against a local server. Just clone the server.

It would certainly be difficult if Microsoft retained control of all the authentication servers. But then it would be impossible to install Windows on a machine not connected to the internet.

Re:Doubt this is possible (2, Insightful)

FellowConspirator (882908) | more than 7 years ago | (#16504389)

No need to fake the certificate, just tweak WGA to check versus a bogus certificate, or check a bogus creddential against the valid certificate. Either event will flag the system as invalid and the functionality will disable appropriately.

Faking the certificate would only be necessary for falsifying updates and so on. I'm actually surprised you haven't seen more malware through auto-update attacks for Windows, though I suspect those clever enough to do it are perhaps clever enough not to have that detected. It's decidedly trickier than fooling WGA into thinking a machine has an invalid copy of the OS.

Windows a time-bomb (1)

MECC (8478) | more than 7 years ago | (#16504151)

"I do not even want to think of the consequences of Vista turning itself off in enterprise situations such as airline reservations or a hospital full of patients on life support."

The Vista cop will likely cache authentication like so many other things. And, airlines, hospitals, and other large organizations won't be moving to vista with any gusto anyway.

Still, the mere idea of a self-disabling software product make me want to use something else even more than a product that breaks down just because its poorly [designed | built].

News Alert (4, Funny)

Anonymous Coward | more than 7 years ago | (#16504165)

Viruses can cause windows based computers to be unable to function properly, access windows update, or lock out the user.
More news at 11.

Reducing Illegal Copies? (2, Interesting)

CycleFreak (99646) | more than 7 years ago | (#16504177)

MS gets beat up all the time here on /. - but what if they're right? I mean, what if suddenly all those people that run illegal installations of XP suddenly have to pay up for Vista (even though most people are hesitant to upgrade anyway) because they can't effectively get around the WGA controls. Say, by 2008, there are twice as many Vista installs (according to MS) than XP installs as of today. Wouldn't that prove that MS was correct in forcing this level of validation upon us? Given today's saturated market, the only conclusion would be that illelgal XP installs were replaced with purchased versions of Vista. Just one possible outcome.

Actually no (2, Insightful)

tkrotchko (124118) | more than 7 years ago | (#16504929)

The upgrade market for PC's is very small. Those days were long ago when Windows 3.1 and Windows 95 were the hot OS. There's no incentive to pay $200 for a copy of an OS when $500 gets you a whole new machine with a copy already installed.

XP installs are almost all OEM copies, Vista will be the same way. The only people it affects are white box PC's (which are rare these days). Every PC that comes from a name vendor already has a license for Windows, which makes me wonder who the target is for these WGA activation patches.

Re:Reducing Illegal Copies? (2, Insightful)

businessnerd (1009815) | more than 7 years ago | (#16504993)

I think the main problem is not that Microsoft (or anyone) wants to prevent/stop priacy. They have every right to. The problem is how they go about doing this. Basically, they are shooting themselves in the feet and are assuming their customers are guilty until proven innocent (see any parallels here to the RI/MPAA?). The way you deal with piracy is to address the demand for piracy. People are always going to pirate/counterfeit almost everything that's not already free (beer and speech). Look at the market for counterfeit merchandise. So what drives more people to use priated software or buy counterfeit goods? Price is a good starting place. Windows is DAMN expensive, and for those don't see Mac or Linux as an option (pussies) it's essential. So you get a cracked version. Just like the fashion obsessed MUST have a Louis Viton or Prada handbag, but can't afford it, so they buy the knock-off and hope no one notices. Second, you can go after the criminals without inconveniencing your customers. All you have to do is search for the distributers and shut them down/prosecute. There is no need for Microsoft to stay one step a head of the hacker's latest exploit, all they have to do (or the police have to do) is stay one step ahead of the latest ditribution methods. You find a site hosting cracked copies of XP, you have the ISP shut it down, you track who put it up, you prosecute. But like I said earlier, you have to address the demand as well. Microsoft really needs to lower the price. Afterall, they've already told you that you NEED Windows and that there is no substitute. If XP only cost $50, more people would buy it legitimately because they can afford it, less reason for them to knowingly break the law to get it.

Now since I mentioned it, let's look at the digital music industry parallel. Given that I'm a cheap bastard and don't want to pay for my music downloads, I'm not ready to stop downloading pirated music (Although I do buy CD's still). Others (lots of Slashdotters) however, object morally to the DRM that infests all of the legit music downloads. They don't have the freedom to do what you want with the music like you do with CD's and mp3's. Hackers are still cracking the DRM and will continue to do so no matter how much DRM you put in. Solution, don't give people a reason to pirate it. Sell mp3's, no AAC or WMA. The people will explore ways of using/sharing/whatever the music that no one ever thought of and further advance the way we handle media.

Jerry's Final Word: Stop treating the consumers like two cent whores out to make a quick buck and screw you over! Most of us dont' want to break the law, but if you push us beyond reasonable means, you better be ready to accept the consequences.

Forbidding Vistas: Windows licensing disserves the (5, Informative)

CoJeff (1015665) | more than 7 years ago | (#16504205)

Beware. Vista is an OS like no other. I'm for one am not going to upgrade after reading part of the EULA. 4. Problem-solving prohibited. "You may not work around any technical limitations in the software." http://wendy.seltzer.org/blog/archives/2006/10/19/ forbidding_vistas_windows_licensing_disserves_the_ user.html/ [seltzer.org]

So this is a client-side DOS attack? (1)

un1xl0ser (575642) | more than 7 years ago | (#16504293)

What I think that he is stating is that one could easily cause denial-of-service on the clients of Windows Update. If you can make the system look tampered with or pirated, that host won't be able to get updates automatically without intervention by the user.

The user will know that their copy is suspected of being pirated, but may not know how to fix it. This could potentially ensure that a large amount of devices that were compromised stay compromised and unpatched for a period of time.

You missed the best part (1)

overshoot (39700) | more than 7 years ago | (#16504701)

Ah, but you didn't follow through to the conclusion: the fix, according to Microsoft, is to buy another license!

Now, I wonder how upset they're going to be if something like this gets loose? Hmmm....

Stop submitting this dolt (3, Informative)

jzuska (65827) | more than 7 years ago | (#16504301)

He's an idiot. Stop submitting his articles. Nobody in the tech field (should) take(s) him seriously.

should have left it web based (1)

Wizzerd911 (1003980) | more than 7 years ago | (#16504313)

didn't WGA used to be an activex on the windows update site? What was wrong with that? It sure would have worked a lot better leaving the genuine validation function on a webserver. They'd have to make it not go crazy if the computer wasn't connected to the internet though but who isn't?

He has a point ... (2, Interesting)

robpoe (578975) | more than 7 years ago | (#16504423)

Even though he's occasionally mis-aligned himself, he DOES have a very valid point.

But to what end? Why couldn't any kind of software do this?

Free anti-virus..(not Clam .. it's OSS .. but closed source stuff, why not)
SpyBot S&D
Ad-Aware
Hi-Jack This!

Could ALL be spyware-in-disguise. We don't know. How could we?

It's not just Vista's WGA we need to worry about. I mean, what better way to take over the world. Develop some cool little free app that EVERYONE starts using. Get it installed on a bajillion computers, then it grabs an auto-update and WHAMMO! You've got ... "DUN DUN DUN!!!" SKYNET...

Re:He has a point ... (0)

Anonymous Coward | more than 7 years ago | (#16505147)

Linux says, "Follo mee eef yoo wahnt to LIHVE!"

- the Win-inator

Windows, Pestilence and Plague (2, Interesting)

Doc Ruby (173196) | more than 7 years ago | (#16504449)

Denying unlicensed Windows instances access to security upgrades does to the Internet ecosystem just what denying poor people access to vaccines and other public health does: it creates incubators for plagues. The "underground" class of unlicensed Windows instances will offer criminals, vandals and spies a cesspool in which to multiply, and launch attacks on everyone. Since Microsoft cannot exterminate completely the global unlicensed Windows population, nor ensure licensed instances are invulnerable to these attacks, their WGA program is making everyone less safe.

Please Wait (5, Interesting)

Geccie (730389) | more than 7 years ago | (#16504503)

Whomever creates the crack of the century and turns the good cop bad, Please PLEASE be patient. Don't just send out the bots 2 days after Vista's launch, give Vista a chance to permeate the bowels of the gulible and self opressed - Then - and ONLY THEN can the bots be launched, creating a wondrous show for the rest of use to enjoy.

Microsoft has long been due the fruits of their incidious labor and it is only just that they reap the true rewards.

Is there a front coming through? (3, Funny)

SuperMog2002 (702837) | more than 7 years ago | (#16504519)

Woah! Someone check the weather, 'cause it's gonna be a cold day down in you know where. Dvorak just said something that makes sense! Of course, it's the same chain of thought that's been going on for weeks here at Slashdot, so it may not be his own original reasoning. But nonetheless, that's the first article of his I've read in longer than I can remember that didn't make me want to highlight all the flaws in his reasoning and send them along with proof of their idiocy to his editors.

"destruction and hassle"? perhaps not... (0)

Anonymous Coward | more than 7 years ago | (#16504671)

"destruction and hassle"? perhaps... or maybe not... if it leads to Microsoft having to strip off WGA, I say bring it on!

So if WGA really screws itself up? (2, Interesting)

Z00L00K (682162) | more than 7 years ago | (#16504793)

what will happen then? A big pile of badwill for M$. OK, if it's overly complicated to hack it will also be overly complicated to administrate by IT departments and also very sensitive for businesses as a whole.

It seems to me that every step M$ takes to make sure that no illegal copies are around it will also create more work for the IT department. And what if there is an unexpected problem popping up causing all legitimate copies to be locked from the users due to a flaw in WGA? Who will be paying the standstill cost? Not M$ in the first turn.

It seems to me that alternative solutions like Linux and the BSD variants will benefit most from this. The latest versions of the Linux distros aren't really that complicated to install and use, even if there still are flaws. (most notably the X11 config, which can be a real pain to get right, even if Fedora Core 5 seems to work acceptable there). Another item that can cause severe dandruff is the SELinux package, but I assume that there are work in progress on that.

What?! (1)

somethinghollow (530478) | more than 7 years ago | (#16504817)

I didn't RTFA, but the quote in the summary might be the first thing I've read that Dvorak wrote that wasn't mindless trolling. He actually made a good point. I wonder how long he can keep it up.

No Incentive to Cause Failure (2, Interesting)

miyako (632510) | more than 7 years ago | (#16504841)

I really fail to see what incentive a cracker would have in making someone's legitimate copy of Vista appear to be illigitament. Granted, I'm sure somone will write it to see if they can, and it'll make it's way to a few people, but it seems counter productive for any big time cracker to do this.
Most of the people who send out these exploits aren't doing it to piss people off, they are doing it to make money. The thing is, a botnet only works when the zombied machines are running. If you are Joe Cracker, you want those machines up so they can be sending your spam, performing your DDOSes, and collecting information for you to sell to ad companies. What you don't want is for the machine to stop working so that the owner takes it in to be fixed - especially when the person fixing it might just put some antivirus software on there that will stop your bots from running (for a while).

honestly...when online validation began... (1, Insightful)

Anonymous Coward | more than 7 years ago | (#16504865)

i wondered how long it would be before someone either wrote a daemon to handle the task, or even better for some laymens, wrote simple firmware for a cheap home router/firewall that would intercept and handle these requests automatically...when we started seeing l*nksys ports of linux, i thought for sure someone would take those ports to the next level.

Shouldn't this have already happened? (1)

Jack Pallance (998237) | more than 7 years ago | (#16504883)

This doesn't sound like news to me.

Activation is already a part of XP, and Genuine Advantage software has already been installed on lots of Windows computers. I'm not saying this will never happen, but it is not like this issue will be new with Vista. Rather, it's a problem for which we are already waiting to happen.

Check out Microsoft's wrongdoing! (0)

Anonymous Coward | more than 7 years ago | (#16504885)

Right here http://malfy.org/ [malfy.org]

Really? (1, Insightful)

east coast (590680) | more than 7 years ago | (#16504931)

What's even more unreliable and short sighted than WGA?

Dvorak!

This man is a looney but the second he says something people want to hear they chant his name like he's the new Moses leading you guys out of Egypt? Come on now. Get real.

Any other time 90% of the comments are "Dvo-crack is teh r3tard" but now everyone's all "Maybe this will mean Linux will meet the masses". I've been hearing this for years. Every week or so a new "Microsoft killer" is announced here... I'm sorry but everytime one of these come up we keep hearing that it's the straw that's going to break the camels back but I'm still just not seeing it.

Re:Really? (1)

bennomatic (691188) | more than 7 years ago | (#16505141)

Hey man, Even a broken clock (at least an analog one) is right twice a day. If people didn't acknowledge that Dvorak is right when he is, then they'd be as silly as he often is.

Good thing palladium is unbreakable (1)

ebyrob (165903) | more than 7 years ago | (#16505047)

Otherwise Dvorak could actually be right!

In any case. I'm guessing this "software cop" will be down in the portions of Windows that are "impossible" for a user to modify. You know, the same part that won't let you play the latest Britney spears album without paying for it. If the Windows Platform Security Initiative has any success, then this "software cop" should remain uncorrupted. If not, people will do whatever the heck they want and Microsoft is going to have a really messed up userbase.

Oh, and don't forget the implications of the DMCA. Anyone caught hacking WGA or palladium is going down for 5-10, whether they're trying to help the situation or not.

Two big issues with his doom and gloom scenario: (2, Insightful)

araemo (603185) | more than 7 years ago | (#16505143)

Two big problems with his proposed scenario:

#1: After vista 'detects' that your version is not legit, it gives you 30 days to fix that before actually shutting down.

#2: "Once a virus that makes the cop refuse to authenticate Vista hits the Net, then how can the problem be fixed? By definition and the way I see it, this will be an impossibility."

Well, while a small # of users will already be effected, I see something that prevents vista from being upgraded by paying customers is one of the few things that could convince MS to patch out-of-cycle. Fix the bug in WGA and release it after a couple days of QA.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...