Decius wrote:
] In the stupidest security move microsoft has made to date,
] they've decided that pirated copies of microsoft products
] should not recieve security patches.
]
] What's next, 'How to write a worm', published by Microsoft
] Press?
]
] [ This was inevitable. Its a good idea for their business and
] a bad idea for computer security on the whole. Its hard to
] argue that Microsoft has a moral obligation to patch stolen
] software, but on the other hand this is going to make a bad
] situation worse. ]

Personally, I have no major problems with this for four reasons. The first being that Microsoft made this product with the expectation that people would pay for it, and they should be at least making /some/ money from it (and I mean some money from each copy, not just money from some of the copies). The second being that software piracy is completely and utterly out of control--when Joe Anybody can score a pirated copy of something, piracy has lost it's challenge and has ceased to become a darwinian factor in geek development. The third reason being that I'm looking forward to laughing as Mictosoft attempts to keep ahead of the pirates distributing hacks to fool WindowsUpdate into thinking there's a legit copy of Windows there.

The fourth and final reason being related to both the third and fourth reasons... There's just tons of script kiddies out there distributing worms that do nothing but attempt to copy the registration keys for various commercial software packages from their victims registries so that they can use them, and since these codes are basically unique and tied to use of the software, they might as well be stealing the software right off the users' hard drive. This new initiative of Microsoft's is going to result in the kiddies focusing on collecting (and redistributing) XP activation keys, which is going to force the kiddies to see for themselves how bad things have gotten (as a large portion of the keys they will steal will turn out to be bad) as well as eventually result in festering heaptons of bad publicity for Microsoft as these stolen keys lock legitimate users out of Windows Update and cause them to have to call the activation hotline. When both sides lose and I'm on neither, I consider it a win for me. :)

Beh, good for the security industry. Good for linux. Good for "Internet Snow Days"

--
E2

] [ This was inevitable. Its a good idea for their business and
] a bad idea for computer security on the whole. Its hard to
] argue that Microsoft has a moral obligation to patch stolen
] software, but on the other hand this is going to make a bad
] situation worse. ]

If Microsoft made a car which was a hazard on the road, it shouldn't make a difference whether or not it's stolen. The fact remains that they have created a public nuisance. They should have a moral obligation to at least minimize the plagues caused by their incompetence.

Decius wrote:
] [ This was inevitable. Its a good idea for their business and
] a bad idea for computer security on the whole. Its hard to
] argue that Microsoft has a moral obligation to patch stolen
] software, but on the other hand this is going to make a bad
] situation worse. ]

It may have been inevitable, but I think one has a moral responsibility to fix problems they cause. Remember, the biggest victim of vulnerble code is the internet as a whole, not the person who may be using microsofts products without a license. I think you can make a very strong case for microsoft having a moral obligation to provide patches for everyone.

Just in case anyone was interested, I talked about this onm episode 80 of BRR (http://radio.binrev.com) in regards to the new Microsoft anti-spyware download and the new "Genuine" program where all windows copies must be "Microsoft Authentic" to download apps and updates.