XP Service Pack 2 Bomb

[JohnBoucher]

I have no way of determining if this is true, but this geting some attention

Windows SP2 Denies Access to Illegal CD Keys

"This time around Microsoft may have found a much more destructive way to get rid off Illegal copies of WindowsXp than Service Pack1. Users installing SP1 on illegal copies would simply get a 'This is a pirated copy' error message. But now Microsoft has armed itself with a huge list of illegal CD keys ensuring that not only does the SP2 not install, but also destroys the computer hard drive by rendering it unusable."

[Madison]

Destroying personal property is probably not on the list of approved things to do to combat computer software piracy.

Also, despite what many people think, legitimate reporters won't often randomly capitalize 'Illegal', nor will they screw up the nomenclature of Windows XP.

[Tristan Lall]

Quote:

Originally Posted by JohnBoucher

not only does the SP2 not install, but also destroys the computer hard drive by rendering it unusable."

I call FUD.

It would be completely illegal for them to do that. Consider: many pirated CD keys are from corporate editions; if the rightful owner used a CD key that had been ripped off, and consequently had any data whatsoever damaged by intentional means, the lawyers would tear Microsoft apart immediately. And rightfully so.

But really, even a pirating user who had some data damaged might have legal recourse to file suit. (Though the case wouldn't necessarily be a slam dunk.)

(Read the comments for that article. Several posters call it like it is.)

Edit: Ack! M beat me to it!

[Nick Fury]

A: It's not illegal for them to do that. They write the EULAs and the users agree to 'em.

B: The corporate keys are a weird loop hole and they are probably the solution that will be used by piraters

C: Even if the corporate keys aren't used by piraters, MS still has to release security patches that can be downloaded and run without the "windows update" utility. This means that cracks and patches will be used by the pirates.

D: It means more viruses for MS to deal with and take blame for.... sucks for them.

EDIT: As proof of 'A' I suggest everyone actually sit down and READ the Windows XP EULA. It is quite a piece of work if I do say so myself. It is a legally binding license and MS has far more lawyers and legal power than a pirate so I'm fairly certain these issues have been addressed.

[Tristan Lall]

Quote:

Originally Posted by Nick Fury

A: It's not illegal for them to do that. They write the EULAs and the users agree to 'em.

...

EDIT: As proof of 'A' I suggest everyone actually sit down and READ the Windows XP EULA. It is quite a piece of work if I do say so myself. It is a legally binding license and MS has far more lawyers and legal power than a pirate so I'm fairly certain these issues have been addressed.

Regarding "A", there are certain flags in one of the installation files which dictate whether the user is presented with an EULA, and required to press <F8> to continue. If the user recieved installation media from someone other than Microsoft, and that media did not include the EULA, they never actually agreed to it. (Note that the licence is for the use of the software, not the media--you are allowed, and IT departments are encouraged, to customize .iso and similar files for rapid installations. A process called slipstreaming is typically used for this purpose.)

From here:

Quote:

Originally Posted by Microsoft

By adding the OemSkipEula key to the [Unattended] section of the answer file, you can automate Setup to affirm that you have read and accepted the End User License Agreement (EULA) for Windows XP Professional. Before using this entry to install Windows XP Professional on behalf of an organization other than your own, you must confirm that the end user (whether an individual or a single entity) has received, read, and accepted the terms of the Windows XP Professional EULA. OEMs cannot specify this key for computers being sold to end users. By adding the OemSkipEula key to the [Unattended] section of the answer file, you can automate Setup to affirm that you have read and accepted the End User License Agreement (EULA) for Windows XP Professional. Before using this entry to install Windows XP Professional on behalf of an organization other than your own, you must confirm that the end user (whether an individual or a single entity) has received, read, and accepted the terms of the Windows XP Professional EULA. OEMs cannot specify this key for computers being sold to end users.

The person supplying the media might be in violation of an agreement, but this is quite likely immaterial to the person who just had data erased. For this reason, there is not necessarily any proof that an EULA was agreed upon, even if the software is being used.

While by Section 13 of the Windows XP Pro EULA (and similar sections in other EULAs, I'd imagine), Microsoft disclaims all liability, it is still subject to the discretion of a court--the court can choose to accept this provision, or nullify it, if it was determined to be unreasonable. (I'd call the above a pretty good reason to declare Microsoft liable, under certain circumstances--they would have willfully deleted data which they were not authorized to modify, by EULA or otherwise.)

Quote:

Originally Posted by Nick Fury

B: The corporate keys are a weird loop hole and they are probably the solution that will be used by piraters

C: Even if the corporate keys aren't used by piraters, MS still has to release security patches that can be downloaded and run without the "windows update" utility. This means that cracks and patches will be used by the pirates.

D: It means more viruses for MS to deal with and take blame for.... sucks for them.

As for "B", the corporate keys account for a large portion (perhaps a majority) of their business for XP Pro--it's not a weird loophole!

"C" is correct--the hassle involved with compromised systems spreading malicious code (and the resulting mess being blamed on "Micro$oft" and "the devil Bill Gates") isn't worth it. Patches need to work. (Service Packs are partially a collection of patches, but also include the major revisions to the OS. I'd expect them to keep fixing the holes with hotfixes, but hotfixes do not address the inherent problems with the code, nor make major changes.)

I'm not sure of the reasoning for "D", because people will still create viruses, either way. Microsoft supports RTM, SP1, SP1a, and (will support) SP2 versions of XP anyway--so any exploits addressed in SP2 will still have patches issued for SP1 and RTM variants. It really is more efficient for the virus writers to target vulnerabilities that affect the entire NT codebase, rather than focus on those that only target a particular flavour of XP.

Quote:

Originally Posted by Manoel

Microsoft'd rather have people using pirated Windows versions than any Linux variant, eh?

He's right. (Though Microsoft is loath to admit it, "free" Windows is still a net gain for them, because it furthers their acceptance in the market--even with their dominant position, this is a reasonable thing for them to covet.)

[Nick Fury]

Actually, with every version of windows XP the user (not necessarily the end user) must accept a license agreement. I'm not talking about the "f8" one you get when you accept the one from a disc install of XP but rather the one that you get to click "I agree" to when you first turn on that new computer. That license essentially says that you are responsible and held accountable for all actions taken in regards to the software on that computer and that if you want to return it all for a full refund then you should go for it (most people don't but that's a different story).

The real catch is if the pirate is held accountable under that license? The pirate didn't technically pay for that license, so is the pirate held accountable under it?

As for D. Most new viri replicate themselves using polymorphic code and such. When MS fails to patch infected machines it means that those machines are going to sit unpatched thus causing viri to have a prolonged existance. So when new users plug their machine in, it means a greater chance of infection for the new machine. Once again, sucks for MS.

BTW, I'm playing devil's advocate here. I use gentoo 2004.0 (built from stage 1).

EDIT: I'm almost willing to bet that an MS EULA will hold up in court based on the fact that MS has a legal team that I wouldn't dare want to take on. MS also has a lot of money to make sure their EULA's are enforced. As for them not being tested in court, I would have to disagree. I'm too lazy to hit up Thomas, greplaw, or findlaw for results right now but I'm fairly certain that some EULAs have been held up in court.

EDIT #2: I highly suggest you people start reading what you click "I agree" to. You seem to think that a EULA does not transfer ownership but ownership isn't the problem. How many viruses get released each year? MS doesn't take responsibility for data lost based on these viruses. What makes you think they are going to take responsibility for you losing data, esspecially when you are running a copy of their software you didn't pay for? They aren't required to supply patches to anyone if they chose not to, it would be suicide for them not to but they still don't have to. I don't see where you people are coming from on this one.

[FizMan]

I imagine EULA's are more there for the sake of trying to protect Microsoft's (and whatever other company wrote the EULA for whatever software) butt when it comes to legal troubles later on from like, "Windows exposed my child to internet pornography; I'm sueing you in damages of 15 million CDN" (so $50 USD). Also, not so much to go and fine individual piraters, but to go after exceptional cases of mass distribution.

[Kyle Fenton]

It has been rumored that software developers from large firms have created viruses, disguised like a legitimate program that will wipe out a users hard drive. Usually they put them on anonymous P2P networks. This is to scare downloaders into not downloading applications.

I can say for certain that Microsoft is not dumb enough to wipe out people’s hard drives. There would be lawsuits and bad press galore.

But I am almost certain that they will probably disable WinXP, if it detects that it is on an illegal system.

If you look here. You can see how much Microsoft wants to stop all illegal piracy of its products. But I think it is a lost cause. There will be always be a work around to it.

[Jeff Rodriguez]

Hmm, I few weeks ago I heard that MS was going to give sp2 to everyone, even illegal versions, because they have had so many problems.
After some searching I found the article, and it turns out it was more than a few weeks ago,
http://computertimes.asia1.com.sg/ne...4,2292,00.html


Concerning EULAs, I don't know how legally binding they are anymore. Has anyone here ever read one BEFORE they installed the program? I remember my Dad arguing with Compuserve, back in the day. When they refered him to the EULA he responded with "Come on, You know nobody reads those things!" We got 3 months of free service from that.
Now, I know that one customer getting a little free service is nothing for them, but it does show that EULAs are ridiculous. I doubt that if it were to go to court, they same argument would be used that nobody reads them, and the jury would agree.

[Nick Fury]

The argument that "no one reads them" seems outlandish if used in court, IMHO. My reasoning is thar you have to click the "I agree that I have read and understand the above terms and conditions" button. That button to me says you are getting involved with a contract. I'm not gonna claim this to be true because I'm a lazy bum and don't want to look up court results right now (and I gotta go to work in 30 minutes) but from what little I absorbed from my father (who is a retired business teacher) EULAs are pretty legally binding, much the same as any other contract. True, a judge does get to decide if the EULA will be honored in the end but given the fact that we are talking about an end user that isn't using a legal copy of windows, I'm willing to bet the judge is going to sign with Microsoft. Also, once again, MS has money. They have a lot of it too. Money buys you things in the legal system of the US. Anybody remember the OJ trial?

And again, what makes you think MS is going to take responsibility for damage done to your drive when you didn't pay for a legal copy of windows? They aren't obligated and don't take responsibility for damage done by any viri currently to LEGAL copies. So what makes you think they have to provide you with service for an illegal copy?

EDIT: I have read through a few EULA agreements: the one that came with Napster. The one that came with photoshop 7 and the windows 2000 pro EULA. Not to mention the whole of the GPL (which isn't really a EULA) I haven't read them word for word but I have skimmed over them enough to know that by using the software I'm ultimately responsible for what happens to my system, not the company that made the software.

[Tristan Lall]

Quote:

Originally Posted by Nick Fury

And again, what makes you think MS is going to take responsibility for damage done to your drive when you didn't pay for a legal copy of windows? They aren't obligated and don't take responsibility for damage done by any viri currently to LEGAL copies. So what makes you think they have to provide you with service for an illegal copy?

The distinction is willful vs. accidental damage. Microsoft can disclaim liability for accidental damage (though the court may choose to not recognize it), but they cannot disclaim intentional damage. Proving it is/was intentional should be easy enough--so long as they can subpoena Microsoft to furnish the source code....

[Nick Fury]

I would love to see this case tried because the first thing is that MS isn't going to give up source without a very long and drawn out fight. I point to SCO case. SCO isn't nearly as powerful as MS and they haven't shown any code yet. Secondly you are still talking about a pirate Vs a capitalist company. Under the current circumstance and media hype surrounding piracy and the fact that it is constantly portrayed in a bad light, no court or judge is likely to take a case like this serious. Also, intentional damage isn't being caused by Microsoft because you can't update a product you didn't pay for. The only person causing damage is the virus writer (I'm not gonna say if that is intentional or not, it's irrelevant). The fact of the matter is that MS is discouraging piracy of their products. Also, updates and such are a service, not a part of the product. I already brought up the point that the pirate didn't pay for the license so is the pirate entitled to the service that the license provides? (although the WinXP EULA doesn't provide a service for updates).

As per the movie/record industry deleting files form a hard drive. This is a different matter altogether. These people don't have the right to create malicious code just as much as I don't have that right to. I don't care if you have a devine purpose or not, you don't have the right to destory data on my systems without my permission. MS isn't destorying data though, they aren't releasing viruses they are only denying access to updates, which is understandable in my opinion.

[Tristan Lall]

To preface this post, I think that it has to be restated that the article alleges that Microsoft is planning to issue code that would render a user's hard drive unusable, if certain licencing conditions are not met. (I consider that possibility to be remote.) The allegation is therefore one of willful damage, rather than a mere witholding of service (which is justified, if not necessarily prudent).

Quote:

Originally Posted by Nick Fury

I would love to see this case tried because the first thing is that MS isn't going to give up source without a very long and drawn out fight. I point to SCO case. SCO isn't nearly as powerful as MS and they haven't shown any code yet.

Actually, you don't need to see the code from the start. Just have the court order a test of the software in question. A blacklisted CD key is used on a new XP installation, and SP2 installed. Repeat this test several times, (under the supervision of notaries public and computer experts) and analyze the results of the tests (to eliminate other causes of failure). If a predictable pattern of data damage results, it's a smoking gun--it would very possibly be enough to convince the court to subpoena it out of Microsoft (and/or to compel MS employees to testify about it).

Now it's not a perfect idea--the destructive code could have been written to make this difficult (e.g. randomize the damage). But it's a start.

Quote:

Originally Posted by Nick Fury

Secondly you are still talking about a pirate Vs a capitalist company. Under the current circumstance and media hype surrounding piracy and the fact that it is constantly portrayed in a bad light, no court or judge is likely to take a case like this serious. Also, intentional damage isn't being caused by Microsoft because you can't update a product you didn't pay for. The only person causing damage is the virus writer (I'm not gonna say if that is intentional or not, it's irrelevant). The fact of the matter is that MS is discouraging piracy of their products. Also, updates and such are a service, not a part of the product. I already brought up the point that the pirate didn't pay for the license so is the pirate entitled to the service that the license provides? (although the WinXP EULA doesn't provide a service for updates).

You don't have to be a pirate to be affected--what if a corporate key was stolen (e.g. by ex-IT department personnel), and unbeknownst to the company, was distributed. Microsoft would have to ensure that it contacted the rightful owner of the software, issued them a new key, and ensured that traces of the old key had been removed (so that no hapless co-op student would use the wrong key on an upgrade, and destroy someone's workstation). All this, before even blacklisting the key. Failure to do that much could be considered negligence, if Microsoft had a duty to inform it's customer that it was about to do something drastic with that customer's key, which had the potential to do serious property damage as a result of normal use, and instruct them how to remedy the situation--irrespective of whether Microsoft were found culpable of sabotage for including the code in the first place.

Quote:

Originally Posted by Nick Fury

As per the movie/record industry deleting files form a hard drive. This is a different matter altogether. These people don't have the right to create malicious code just as much as I don't have that right to. I don't care if you have a devine purpose or not, you don't have the right to destory data on my systems without my permission. MS isn't destorying data though, they aren't releasing viruses they are only denying access to updates, which is understandable in my opinion.

The original article accuses Microsoft of doing just this--intentionally putting destructive code in their product, for the express purpose of destroying data, and possibly hardware. (Yes, you really can do serious damage to hardware with code--it isn't at all easy, but malicious firmware updates immediately come to mind.)

They'd never get away with it. If you don't believe me, just look at the anti-Microsoft climate that prevails in the U.S. these days--a handful of insignificant government employees (from a redundant department, but that's another discussion) recommend that Internet Explorer be put out to pasture, and lo and behold, media outlets take the opportunity to pick on Microsoft's errors, real and fabricated. Whether Microsoft is in the right or the wrong they'll be massacred in the press if they pull a stunt like that.

[mtrawls]

Quote:

Originally Posted by Nick Fury

A: It's not illegal for them to do that. They write the EULAs and the users agree to 'em.
...
It is a legally binding license and MS has far more lawyers and legal power than a pirate so I'm fairly certain these issues have been addressed.

(emphasis mine)

Wazzuh!?! Come again? It should be mentioned that EULAs have as yet to be tested in a court of law, and their binding legal ability is in *serious* question. Consider: the user buys the product, but only gets to read the EULA afterwards, by the time of which the user cannot take it back on the grounds that the user disagrees with the provisions in the EULA, -- forced compliance, if you will. Then consider the quasi-legally significant point that next to no one actually reads the blasted things. And MS could very well put in a provision that the user owes Bill their first born son (and for all I know that provision is lurking in there somewhere), and the user could agree to it with the supposedly "legally binding" EULA, -- yet no court of law would possibly hold such a proposition as valid. Ignore for a moment the huge negative publicity that Microsoft would undergo with such a move (and too the point that it is to Microsoft's advantage to patch even pirated copies). As a matter of pure legality, MS could not perform such a move. If they did, their EULA would come under serious scrutiny, which would be bad for their business practice. And, try to think how a judge could rule that MS had authority to erase or do anything harmful to the user's hard drive. MS would have to own it, but by running a piece of software, pirated or not, no ownership is transferred.

Edit: blasted! beated because of my woefully stringent editing standards. (okay, okay, ... I got distracted by something shiny. but I was editing)

[Jay H 237]

I agree with M Krass and Tristan Lall. Microsoft doesn't own the hard drives and that would be destroying non-Microsoft property. If this story is true Microsoft will have even bigger issues than thier current security ones. The only thing they could legally do is inhibit the illegal copies of XP from working and not "damaging" the hard drive.