backtop

Software Windows Vista Activation Cracked Yet Again
Brandon Hill (Blog) - December 26, 2006 11:28 AM
Print E-mail del.icio.us 102 comment(s) - last by GaryJohnson.. on Jan 2 at 7:26 PM
Another day, another Vista activation crack

It was just a week ago that Microsoft's Jim Allchin was talking about Windows Vista security and how the operating system would fend off attacks from malicious code and hackers. Allchin made no mention, however, of the recent successful attempts at cracking Windows Vista's activation scheme.

Earlier this month, pirates found a way to spoof Microsoft's Key Management Service (KMS) server using a VMware image. The software hack allowed pirates to run copies of Windows Vista Business and Enterprise for up to 180 days.

The folks over at Engadget have come across another exploit that allows users to permanently activate Windows Vista using crack files and some registry trickery. The TimeStop Vista cracks only works on 32-bit versions of Windows Vista, so those looking to crack 64-bit versions of the operating system may be out of luck.

The crack effectively stops the countdown times to mandatory Vista activation and freezes the countdown timer at 43,200 minutes (30 days). The countdown timer will not reduce any lower than 30 days.

The makers of the crack note at the bottom of their "instruction manual" that "This article is for educational and informational purpose only." Microsoft likely isn't taking too kindly to this latest activation breach and likely already has a team working to patch up the exploit.

Despite Microsoft’s best efforts to shut down this latest exploit, it does leave us wondering just how secure this new operating system if it can be poked at and prodded this early after release.

Comments     Threshold


This article is over a month old, voting and posting comments is disabled
By bamacre on 12/26/2006 1:04:03 PM , Rating: 5
"Despite Microsoft’s best efforts to shut down this latest exploit, it does leave us wondering just how secure this new operating system if it can be poked at and prodded this early after release."

I haven't even looked at Vista yet, and I know nothing about hacking, but it seems to be that hacking MS's verification of Vista has nothing to do with Vista's other means of security. Hacking the verification is of no concern to customers, only to MS. What is of concern to customers is Vista's security against hackers, viruses, and malwares.




By ZackB on 12/26/2006 1:33:35 PM , Rating: 3
This is 100% true. No one would want an operating system that was impervious to alteration by the end-user. This hack involves installing a driver and has nothing to do with the security of Vista, which is pretty good.


By FITCamaro on 12/26/2006 1:43:59 PM , Rating: 2
I agree. Activation key exploits in no way compromise the actual security of the OS.

And to the guy complaining about the ad, what picture did you want them to put there? A site has to make money. As long as its just pictures I'm cool with it. The ones I don't like are the stupid intellitext ones like on THG (move your mouse over a word and it gives you a worthless ad) and the kind that aren't pop ups but make something fly on your screen blocking what you're reading until you're finally able to locate the close button(and they can hide it pretty well sometimes) like on IGN.


By Lord Evermore on 12/26/2006 2:34:10 PM , Rating: 2
AnandTech uses IntelliText as well. DT doesn't but I think maybe because people would get really pissed off having their comments changed to ad links. Might not even be kosher since it's a form of editing the post.

I bet there's a Windows Update posted to fix this that says it's to fix a problem that could allow someone to gain control of your PC or something ridiculous like that. Or they just call it an update to Windows Genuine Advantage.


By Bremen7000 on 12/26/2006 3:52:21 PM , Rating: 2
You can turn off AT's IntelliText in the Prefs, so it doesn't bother me anymore. I'm fine with regular ads, but IntelliText annoys me to no end.


By FITCamaro on 12/26/2006 4:59:15 PM , Rating: 2
I can't find that preference. Where is it?


By Lord Evermore on 12/27/2006 12:41:40 AM , Rating: 2
I don't even know of a "preferences" for the AnandTech site (not the forums). And there's certainly no option to turn off any ads in the forums (although they don't use IntelliText there).


By freon on 12/26/2006 6:01:11 PM , Rating: 2
That was exactly my thoughts on this. The activation application is a completely separate entity from the OS itself. It's really just Microsoft's problem to deal with to fight piracy, not OS security.
We will see how "secure" the actual OS is once it has widespread deployment in a couple months.


news?
By msva124 on 12/26/2006 2:57:30 PM , Rating: 1
As long as there are computers without internet connections, activation schemes will always be cracked.

The only way would be to require a constantly active internet connection to even use the product. Even then they would find ways to get around it at first.




RE: news?
By msva124 on 12/26/2006 3:05:35 PM , Rating: 1
And as for the rest of Vista, didn't we go over this already? Nobody is going to use it. It will achieve security through obscurity.

Isn't there some kind of website where you can bet on certain things like "The Departed will win the Oscar" or "Vista is going to bomb"? I would like to throw a few hundred bucks in.


RE: news?
By masher2 (blog) on 12/26/2006 4:50:09 PM , Rating: 1
> "And as for the rest of Vista...Nobody is going to use it...Isn't there some kind of website where you can bet on certain things like "The Departed will win the Oscar" or "Vista is going to bomb"? I would like to throw a few hundred bucks in. "

Make it a few thousand and I'll bet you directly. I'll even give you 2:1 odds. DT can hold the stakes for us.


RE: news?
By msva124 on 12/26/2006 7:52:33 PM , Rating: 2
One problem. Those websites are contractually obligated to pay you when you win the bet. You and me are not. Neither of us will pay up if we lose.

And 2:1 odds? So if I bet $2,000 and Vista bombs, you pay me $4,000? Big whoop. How about 10:1 odds?


RE: news?
By masher2 (blog) on 12/27/06, Rating: 0
RE: news?
By msva124 on 12/27/2006 3:31:29 AM , Rating: 2
I am serious about doing it through an established betting website, not direct person to person through an escrow service that I have never used before. That is just asking for trouble.


RE: news?
By msva124 on 12/27/2006 3:33:15 AM , Rating: 2
Do you work for Microsoft, by the way? The only reason I ask is that TomZ, another poster here who I frequently debated with, was suspected of being an MS employee.


RE: news?
By Sharky974 on 12/27/2006 6:32:25 AM , Rating: 2
I think you work for Apple MSVA124. You must be trying to sabotage microsoft products.

By the way, everybody with common sense knows Vista will continue MS's OS monopoly. Even the sensible microsoft haters here will admit it. That's how a monopoly is, it just continues through sheer momentum.


RE: news?
By msva124 on 12/27/2006 3:06:03 PM , Rating: 2
Sabotage Microsoft's products by....posting mean things about them on online forums? Yeah, that's likely to work.

I do not work for Apple, Microsoft, or any other tech company. And I do not have common sense, if what you mean by common sense is the ability to predict the future. I don't "know" Vista is going to do badly. I just think it will.


RE: news?
By The Boston Dangler on 12/26/2006 7:15:37 PM , Rating: 2
Vista will bomb? This, and that meatball whining about "MICROSUCKS", are the dumbest things I've read in weeks


RE: news?
By msva124 on 12/26/2006 8:08:12 PM , Rating: 2
Wanna bet?


surprised?
By Saist on 12/26/2006 9:50:39 PM , Rating: 2
I found this line to be, well, hilarious:

-------
Despite Microsoft’s best efforts to shut down this latest exploit, it does leave us wondering just how secure this new operating system if it can be poked at and prodded this early after release.
-------

Many of the security features were already being cracked a year ago or more on the beta's that were going out. Over the past 6 months as the final release firmed up, the known exploits didn't stop. We knew literal months ago that Vista was no more secure than a properly configured and hardware firewalled protected Windows XP or Linux OS.

The end fact is, it's still going to take work to protect any computer system, any OS. Vista has changed nothing in a System's Administrator job, end of story. We don't have to wonder. We know that inherently, any Microsoft product will be less secure out of the box than it's competitor. We know that people will still be earning paychecks fixing that.




RE: surprised?
By Sharky974 on 12/26/06, Rating: 0
RE: surprised?
By Saist on 12/27/2006 3:23:29 AM , Rating: 3
Slight problem with that Sharky.

Mind telling me what Web-server powers the majority of Web-sites in use today? And what Operating system is the basis for the most servers in use today?

I'll answer for you: Apache and Linux.

Despite having a majority in server usage for games, banking, shopping, web-pages, ftp, or anything else where a server is used, you don't hear about major Zero-Day or Near-Zero-Day exploits for Linux or Apache.

The line that Microsoft products are less secure because they have a majority in the consumer market is inherently based on several false assumptions.

The first assumption is that Microsoft products are easier to crack. This is based on the sheer number of exploits that make appearances in the wild. However, there is very little code documentation available for Microsoft software. With Linux and Apache there is ample documentation available, and even beginners in coding can grasp the way the programs actually work. The fact is, it is easier to modify a program that is fully documented rather than one that is not. If malicious crackers wanted to make SoBig and IloveYou look like childs play, they would have attacked Linux and Apache servers.

The second assumption is that all of the computers sold by Microsoft-Licensed OEMS remain with a Microsoft OS. This is partially based in the so quoted "Microsoft Tax." Nearly every complete computer system sold on the market ships with a Microsoft OS. However, even a casual browsing of Distrowatch, or casual browsing of the forums for Ubuntu, Mepis, PClinuxOS, and other versions of Linux show something startling. There aren't just hundreds of posts from people reporting they've "switched", there are several hundred thousand posts. The problem, if you want to call it that, is that there is no reliable metric for determining what Operating System somebody is running on their computer. So, while it's safe to say that Microsoft probably has greater than 50% market share, assigning any percentage above that to Microsoft ignores ample evidence to the contrary.

The third assumption is that all cracks are equal. Now, I have not personally done this, but I do know people have taken the time to dig down through Symnatec's reports on Windows and Linux vulnerabilities and existing exploits for those vulnerabilities. Now, we've all heard the marketing from Microsoft that it is more secure than Linux, and we've all heard from Linux developers that Microsoft isn't telling the whole story. Symnatec bears that out. We've all heard about the penetration rates for Windows virus's. Hundreds of computers are affected each month by a new vulnerability. Spyware and Adware code is on a rampage. However, when looking at Open-Source OS's like Linux, and Applications like Apache, over 70% of the reported viral exploits available only have been found in Symnatec's testing labs, with a penetration of 2 computers.

So, not all cracks are equal. Not all exploits are going to do the same damage, or initialize in the same manner. There are several people who do care about cracking Linux and Apache. They just have paying Jobs from the likes of IBM, Novell, RedHat, and Ubuntu.

Now, please stop the F.U.D. that Microsoft products are less secure because of Market Share. Confirmed majority marketshare is only true in one particular market, and does not apply or indicate the industry as a whole.


RE: surprised?
By Saist on 12/27/2006 3:39:47 AM , Rating: 2
Something else popped up in my mind when I was re-posting the contents to blogger, mainly because I'm getting tired of people repeating Sharky's F.U.D. line all the time. Vista isn't even out yet for the average user. I can't go down to Best Buy and get a copy of Vista off the shelf right now. Most manufacturers are not even selling HomePC's with Vista right now, almost all holiday models are all Windows Xp.

So, right now, Vista doesn't even have .01% of the home market, and it's server penetration rate is far less. There is also a known issue with SQL Server 2005 Express, which does not run on Vista.

So, right now, Vista has the overall penetration of say, BeOS, RISC-OS, or maybe Amiga. I just wanted to point out how this brings the market-share ratio F.U.D. into perspective. Vista does not even have the market share of BeOS, and it already has more major published vulnerabilities and expliots than either 3 of it's market-share peers.


RE: surprised?
By Sharky974 on 12/27/2006 6:37:51 AM , Rating: 2
Please. Hackers are the most Politically correct group known to man. 90% of them hate microsoft and that's that. I doubt anybody even ever tries to hack those other OS's. Vista, probably has ten million hackers after it from day one, trying to embarras microsoft through slanted articles such as this on we are posting on. Vista could be a thousand times more secure than linux, and still more exploits would be found for Vista.

You think you'e alone hating MS Saist? no. People like you are hackers, and they try only to hack MS OS, not the other guys.


RE: surprised?
By Sharky974 on 12/27/2006 6:46:32 AM , Rating: 2
Oh, and you're kidding yourself if you dont believe MS has the same 80-90% OS share they've always had.

There only real competition is Apple, because Linux is not an alternative for the technically illiterate.


RE: surprised?
By Christopher1 on 12/27/2006 7:17:36 AM , Rating: 2
True. That is totally, absolutely true. I have seen people who have wrote exploits for Linux, OSX and other OS's in their spare time. The reason they don't use them - not worth their time.

The facts are that Vista IS a whole lot more secure than XP, and MAGNITUDES more secure than 9X. It just not perfect, and the activation system probably WASN'T meant to be absolutely secure (because some systems may have problems with it, and Microsoft has to provide a way to bypass activation for those systems).


Pretty nice exploit, but activation was not cracked
By ZackB on 12/26/2006 1:28:13 PM , Rating: 3
...only the client portion was hacked.

It uses a kernel mode driver to prevent the timer from counting down. Anything can be done on any local operating system if you add a kernel component. This is a sideways, client-only attack which allows a client to use a temporary license longer than is normally allowed (same as Frankenbuild). Since the timer is enforced on the client, it can be disabled (by the driver). I wouldn't expect validation to succeed for very long... very cool though.




RE: Pretty nice exploit, but activation was not cracked
By ViRGE on 12/26/2006 4:28:41 PM , Rating: 3
It's a fairly useless hack in the long run. It lets you use Vista indefinitely, but since invalid keys are locked out of Windows Update and most Microsoft downloads, there's not much use for a Vista machine that can't be patched to be kept secure.


By JonnyBlaze on 12/26/2006 5:44:01 PM , Rating: 2
Did you read it? You install windows with no product key. It uses a default key which works with windows update.



By Sharky974 on 12/27/2006 6:41:47 AM , Rating: 2
If that was true it would be worth it. But I'm sure it's not true, or MS will detect it soon.

Otherwise why is there no undectable hack for XP after all these years? There's not even a serial floating around that MS doesn't know is blacklisted.

Believe me I tried all that stuff. There's no valid serial any hacker can give you that will stop Windows update from knowing your machine is bogus. The hackers failed again.


By walmartshopper on 1/2/2007 11:54:23 AM , Rating: 2
Actually, there's a new crack floating around called WGA Patcher which contains a keygen and a utility to change your key. Even though I have a valid key, I tried it out of curiosity, thinking that it wouldn't really work. But I tried it with 5 different generated keys, and every single one got me validated with WGA.


hey
By sprockkets on 12/26/2006 12:30:53 PM , Rating: 1
What about the level of protection in place for hdcp? Seems like they put more effort into that than protecting xp itself haha.




RE: hey
By obeseotron on 12/26/2006 1:10:31 PM , Rating: 2
If you don't want to deal with hdcp, don't try to watch encrypted videos. Everything that plays on XP will play on Vista without any need of hdcp, only things that won't play on XP at all need it.

Companies like MS and Apple do the minimum amount they need to in order to placate the content companies, because they have nothing to gain through DRM, and arguably lots to gain from media piracy (sell more iPods and MCE PCs).


RE: hey
By mindless1 on 12/26/2006 2:24:38 PM , Rating: 2
Not entirely true, there is no end to the requests a "content company" could make and in the end, placating them just means they don't have to make content universally playable.

What if MS just said NO. What if we all just said NO. Content holders have to produce a product that will play on existing devices consumers have, else no market for it. In fact they do have aspirations for financial gain through content and other licensing control technology, but they know it can't be thrust on consumers all at once instead of one chunk at a time. If you think this is all there will be you are crazy.


RE: hey
By hadifa on 12/26/2006 4:44:31 PM , Rating: 2
quote:
What if MS just said NO. What if we all just said NO


Those are very big "IFs". What if we all just! said no to wars and all the military budgets spent on something useful.
What if there were no hackers or thieves and every one decides to purchase software instead of pirating them.

A world without wars, hackers and thieves, that would be boring and provides no inspiration for games ;-).


RE: hey
By xception1011 on 12/26/2006 10:10:33 PM , Rating: 2
Microsoft may have lots to gain from DRM. Check out this link:

http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_c...


If you can't afford it, then go with OEM!
By Etern205 on 12/26/2006 9:58:55 PM , Rating: 2
What is the point of cracking a OS activation?
Is it because it proves that your smart or something?
If you are then prove it where it's productive!

OS crack is getting pretty annoying and
it's a real pain especially for computer technicians
because if let's say one day a customer brings in a
computer with a crack Vista OS (which you can't tell) and he says he's having trouble connecting to the internet.
So then how are you able to know if that OS is a cracked version and then force him to get one, or try fix
his system the whole day and waste time!?





By codeThug on 12/27/2006 12:54:17 AM , Rating: 2
quote:
What is the point of cracking a OS activation?


cuz it's there...


By mindless1 on 12/27/2006 2:48:45 AM , Rating: 2
Well we could even speculate that MS circulated it, to get people to try Vista who wouldn't have otherwise, hoping they'd find enough merit in it to buy when the temporary crack fails. Getting the supposed, technically included users on board with Vista by any means also results in more peer support during it's early teething-pains.

Getting a knowledgebase out in the wild early is a quite valueable asset to MS, and I don't mean THEIR KB articles which tend to be a bit pointles early in a product cycle, though admittedly have been better in the past couple years than those preceeding. They have done a lot of work in that area.


By INeedCache on 12/28/2006 1:51:58 AM , Rating: 2
They can't prove it where it's productive, as they're just much too clever for that. It's always easier to break and destroy than it is to create. I suspect they're simply just not up to the task. It's just as easy to be moral than immoral, so they just make that wrong choice. We have not come across anyone yet in our shop using a pirated copy. If we did, we would simply turn them in to Microsoft and move on. I really enjoy those monthly updates from Microsoft that tell us who they are prosecuting this month for piracy. Some people in these forums seem fixated on hating Microsoft, or some other company. How sad to waste such time, energy, and emotion on something so useless.


By Sharky974 on 12/26/2006 11:26:00 PM , Rating: 2
What Anandtech wont tell you, because they are in the business like most tech sites of slandering microsoft, is that microsoft has already beaten the pirates, the war is over.

Sure, you can pirate MS OS's, but it gets more of a pain in the ass every day, even for the moderatly tech savvy like myself, let alone your average user.

The headline should have read "Vista activation cracked, microsoft renders said crack useless already" because that's basically what's going on these days. The only way to run a cracked MS OS is to basically never connect to MS servers (whereupon they will download to you a new, uncracked WGA on a regular basis, which then you can only wait around for another temporary crack of, ad infinitum), an increasingly futile option.

I'm really surprised at how impotent the hackers have become, and how they freely admit how inelegant there solution to crack MS OS's typically are nowdays. They will often express frustration or note that they would have really liked to crack this component or that component, but weren't able to, but here's this pain in the ass workaround for you.

Hey, I pirated XP. It means I cant easily get neat things like IE7 or WMP11 (to stream to my Xbox360). Yes I know there are cracks for these too, but if the solutions look ugly or temporary in nature I avoid them). I have thrown in the towel, and will be buying Windows Vista legitimatly.




By NoSoftwarePatents on 12/27/2006 1:08:40 AM , Rating: 2
No, the war is NEVER over-software will always be pirated/cracked in an on-going battle. There are no exceptions to this general rule, as software has been pirated long before the Apple 2+ days (that's when I got into computers).

WGA was defeated over and over again, especially when Microsoft first brought it out-and most users don't NEED every single "feature" in Microsoft operating systems.

Microsoft's "Plays For Sure"-whatever technology was defeated over and over again, so they changed their strategy and filed a lawsuit against an anonymous target under the falsehood that their source code was stolen or whatever excuse they need to justify their inability to defeat their security mechanisms.


By mindless1 on 12/27/2006 3:05:40 AM , Rating: 2
Please don't pretend you are savvy if you have to presuppose Windows has to connect to MS' site regularly.

I doubt you're surprised at how impotent hackers have become, you seem more interested in trying to do damage control for your team - a team that doesn't need you and hasn't since the day they became too large to do business against. It's always amusing when someone does that - tries to defend MS. Guess what? They aren't the underdog, they aren't struggling, if they had no defense from you they would continue on just as if they did.

Know how it would effect MS if they never fixed this crack? It wouldn't, it's just about ego. Those who don't want to pay for Vista can keep runing XP, or maybe the worst would be to move to 'nix as it establishes a larger user base which tends to have a snowball effect.

Don't you even realize why all these minor hacks? It's because MS is not addressing customer needs. WHen they dominated the market to become the only chose in fully supported commercial OS, everyone was stuck with whatever they wanted to do. The frustration if any is not being beaten in crackproof OS, it's not having the OS you want to buy, available for purchase. That's what a free market is supposed to provide.

Anandtech is not slandering MS, if anything there is a decidedly pro-MS bias here. On many sites if you wrote what you had, rather than any kind of conversation you'd just be called an idiot or shill.

Want to know why some hackers, hack? Because "it's there". It's a challege, something to do. That's the way it always was and there will always be that element in the userbase. It doesn't have to be a permanent crack, it doesn't have to be to run pirate windows instead of paying. It's not able throwing in a towel, it's just something senseless to do like climbing a mountain because it's there. We can all concede that the amount of time it would take to do all that hacking is less than the overhead on an OEM PC that came with Vista, so it's not a contest about who wins, it's having a challege just for the mental exercise of it.

Some people do crossword puzzles instead. Does it make them better or worse? Depends on the end result, I don't feel someone who buys a copy of Vista should be looked down upon for experimenting with it any way they want to, but they should not be releasing their discoveries to the general populace including activation hacks, security flaws, or anything else not plainly obvious.

So there you are, I've probably managed to offend everyone a little bit but that it what the middle ground tends to do when others always try to see black and white.


By Sharky974 on 12/27/2006 6:57:05 AM , Rating: 2
I agree, Vista will be hacked, and most any program will be hacked "because it's there".

The question is one of viability. Will the 99% of the great unwashed find it worthwhile to pirate said product? Or will it be too arcane and difficult, too many barriers in the way, for them to bother?

I have watched that pendulum swing heavily in MS favor just in the past few years. Pirating XP back in the day was a breeze. But later on it got more and more troublesome upkeeping that pirated install. Now comes word there are no more non-activation needed versions of Vista (the way Xp pro doesn't need activation so everybody pirates it). That's just another blow.

As I said, with MS changing there EULA to allow unlimited transfers (I need that because I rebuild my PC all the time) I will probably be paying for Vista. MS has harrased me into it. And most "average joe's" just get a PC from Wal Mart or Best Buy. They'll all be paying for it too. The vast, vast majority of people will pay for Vista, and MS has "won".

In some ways I dont mind. I'll have to get the retail version which will run 200 bucks. But considering it should be good for at least five years, it's not so bad I guess. Not that I'm happy about it, but oh well.


=__=
By omgitsLong on 12/26/2006 12:39:24 PM , Rating: 2
releases, cracked, delay for patching, and then it all repeats

=/




RE: =__=
By XtAzY on 12/26/2006 12:51:56 PM , Rating: 2
history repeats itself...


RE: =__=
By codeThug on 12/26/2006 4:21:07 PM , Rating: 3
Compliments of the Department of Redundancy Department .


Great crack, one of the many that will follow
By slickr on 12/27/2006 2:57:26 AM , Rating: 1
Yes i will use these cracks in Vista but if Microsoft was smart enoguh to make the Vista premium basic cheaper, lets say
80 euros i wouldent even bother with cracks. Now i don't think Vista premium basic is worth 180 and not to talk about the more expensive packets. The bigest changes i see is only a face-lift and DX10 along with more protected activasion way. I will end up using microsoft Vista but only after 6-7 months of it's release.
To the point now it shoulden't be expected that noone will crack vista's activasion, it's just a reality logical thing that can be done.
Although i'm sure microsoft will patch this activasion there will be other cracks that will let you activate Vista.
One is by cracking the kernel and changing the bios date and time to fool vista countdown driver!
So what i'm saying is there will always be ways to crack OS's no mather how good are protected as there are always more inteligent or more knowlegable people that the one that made Vista that will crack it. That crack can be then seld, put freely on internet, or used in illegal CD copies of Vista.
Now the main point is that that is a good thing for all that don't have the money to pay for Vista or don't want to pay for vista or don't think it's worthed paying so much for a OS.
If things were diferent with linux i'd say many users will use it rather that only companies and corporations.
But for the casual users well try playing games with linux or use any program that you wan't. It's simply not possible and thats why most will not use linux(which is free for users)but will use activasion cracks!




RE: Great crack, one of the many that will follow
By Sharky974 on 12/27/2006 7:15:23 AM , Rating: 2
And those activation cracks are useless if you want microsoft's regular security updates. Plus whatever other do-dads they decided to require authentication before you download.

At least XP lets pirates auto-update for security. Just not manually. Will they continue that with Vista?

Or you can keep up with the crack rat race I guess, in order to keep being able to use microsoft.com.


By Christopher1 on 12/27/2006 7:20:08 AM , Rating: 2
Actually, Microsoft has already had to sign agreement with at least the US saying that they will allow ALL XP and Vista systems to connect for security and critical updates.

Anything else however, you will not be able to get.


HA-Larious
By TimberJon on 12/26/2006 4:35:07 PM , Rating: 2
To even think that any one brand or type of software is un-crackable is unrealistic in the most realistic way possible.

ANYTHING is exploitable. Smart idea to allow legal ethical hacker courses. *Pats whoever allowed that on the back* Great idea, that one.




Did this turn into slashdot?
By imaheadcase on 12/26/2006 6:48:02 PM , Rating: 2
Vista bashing about problems not related to security? Must be slashdot.




By crystal clear on 12/27/2006 8:06:50 AM , Rating: 2
This will send shockwaves down M$ all the way-up & down-

Quote-

Underground hackers are hawking zero-day exploits for Microsoft's new Windows Vista operating system at $50,000 a pop, according to computer security researchers at Trend Micro.

The Windows Vista exploit—which has not been independently verified—was just one of many zero-days available for sale at an auction-style marketplace infiltrated by the Tokyo-based anti-virus vendor.

ADVERTISEMENT In an interview with eWEEK, Trend Micro's chief technology officer, Raimund Genes, said prices for exploits for unpatched code execution flaws are in the $20,000 to $30,000 range, depending on the popularity of the software and the reliability of the attack code.

ALSO-
The Trend Micro discovery highlights the true financial value of software vulnerability information and serves as further confirmation that a lucrative underground market exists for exploit code targeting unpatched flaws.

Source-
http://www.eweek.com/article2/0,1895,2073611,00.as...

Quote-

Last October, the U.S. Secret Service announced arrests in "Operation Firewall," which targeted sites like Shadowcrew.com, Carderplanet.com and key members of the online carding community.

The three groups ran Web sites that exchanged new techniques and methods to commit online fraud and hijacked sensitive personal information.

After the "Operation Firewall" crackdown, Melnick said the brazen activity subsided.

"A lot of the English-language sites were knocked out after those arrests. It had been quiet for several months, but we're noticing that the Russian sites are back. The WMF issue confirms they are back."

"It won't surprise me at all if we have another WMF incident a few months from now. There are dozens of these sites with hackers offering zero-day code for sale all the time. They even have a mechanism to test the code to make sure it is legitimate and will get past anti-virus software," Melnick added

Source-
http://www.eweek.com/article2/0,1895,1918198,00.as...






Some usefull advice.
By crystal clear on 12/27/2006 8:26:38 AM , Rating: 2
This is good reading for the average user-
Quote-

Carole Theriault (Sophos' Senior Security Consultant): For the average home user, Vista is a good option. There are some excellent security enhancements in it that will make it far more difficult for hackers and malware writers to attack these machines. Of course, there may be some niggles in the initial release, but even so, it will be far more secure than XP.

Vista may be of concern to those users who would like to use old applications (some of them will not run in Vista by default), but users need to balance the pros of having better integrated security versus running older applications. XP users who feel cautious about running Vista initially will want to make sure that they run SP2 on their machine. SP2 offers far better security than running XP alone.

Laura Yecies (general manager of Check Point's consumer division - ZoneAlarm): We wouldn't advise consumers to center their computer purchase around an operating system. If you purchase a Windows XP system, you can always choose to upgrade later. Either way, with XP or Vista, you'll still want a good independent software solution to protect you from today's attacks. While Vista marketing touts increased security, we also expect a new OS be analogous to waving a red cape in front of a bull...hackers won't be able to resist the challenge. That may result in even more vulnerabilities for a consumer to patch.

Olga Kobzareva (Kaspersky's Head of Corporate Communications): From a security point of view, of course Windows Vista has several improvements which make it more secure than Windows XP SP2. But still there can't be any 100% safe operating system, and we have to remind the users that migrating from XP to Vista doesn't mean there's no need for antivirus software. Windows Vista will still need separate antivirus solutions to be installed.

David Perry (Trend Micro's director of global education): Microsoft tells us that Vista will have the best security ever, but a lot of that security will come not from the Vista OS itself. Much of the new security is tied to the 2007 release of applications like Outlook and Internet Explorer (inside Microsoft these are commonly called the "2k7" releases). Our testing (at Trend Micro) shows that, with proper Internet Security software, Vista is actually safer.

The end user really can't lose right now -- any modern name brand computer you buy right now will come with a free upgrade to Vista -- so you can get that new computer for Christmas, and wait to see how things shake out.

Source-
http://www.securityfocus.com/columnists/425





Hmm...
By encryptkeeper on 12/28/2006 9:53:39 AM , Rating: 2
So...where can I get this glorious sounding hack?




Priorities
By crystal clear on 12/30/2006 5:32:31 AM , Rating: 2
"The site was recently singled out as a specific infraction preventing Russia from entering the World Trade Organization. Soon after, The Bilateral Negotiations on Russia's Accession to the World Trade Organization outlined that pirate music websites within Russia will be taken down by June 2007 -- specifically mentioning AllofMP3.com."

Unquote-
AllofMP3.com-why only this site-why not a whole list of sites
"that are catergorized as Hacker site & other similar sites."
These sites create havoc all over the world-
I recently made a post-"from Russia with love......
From Russia with Love..........................
By crystal clear on 12/27/06, Rating: 2
By crystal clear on 12/27/2006 8:06:50 AM , Rating: 2
http://www.dailytech.com/article.aspx?newsid=5470

So lets not concentrate only on music-there other more important issues than music that need to attended to.
Stop those Hackers,Virus authors,on line piracy & fraud etc




new
By pacmann on 12/26/06, Rating: -1
ad
By ksherman on 12/26/06, Rating: -1
RE: ad
By shabby on 12/26/2006 12:40:35 PM , Rating: 5
Have you ever heard of adblock for firefox? I havent see an ad in a long time.


RE: ad
By ksherman on 12/26/06, Rating: -1
RE: ad
By MustaineC on 12/26/2006 3:35:18 PM , Rating: 5
Then learn to live with the ads.


RE: ad
By KaiserCSS on 12/28/2006 7:57:14 PM , Rating: 2
You know, if you added a letter, it would read:

Then learn to live with AIDS.

There's my useless $.02 for the day.


RE: ad
By FITCamaro on 12/26/06, Rating: 0
RE: ad
By robdam on 12/26/2006 5:37:36 PM , Rating: 2
Use IE tab Add-on to "trick" websites into thinking yuo uase IE but in reality you have FF.

https://addons.mozilla.org/firefox/1419/



RE: ad
By oTAL (blog) on 12/26/2006 11:14:22 PM , Rating: 2
*lol*
not even close to how it really works, but a good sugestion nonetheless.
I's not about what the site thinks your browser is (mostly)... it's about how your browser (just a program like others on your PC) translates the information it receives from the server. Web pages are not pictures... they are a complex, dynamic, mutable way to convey information. Therefore it must be read, interpreted and presented.
Imagine the million different ways you can present a table with data and you get the picture. In an ideal world where standards were 100% clear and respected, every browser would show pages the same way. In reality, the same page may be presented very differently, which usually transaltes to "broken" pages on FF, mostly due to bad programming on the site and IEs disregard for standards.


RE: ad
By Sharky974 on 12/27/06, Rating: 0
RE: ad
By Lord Evermore on 12/27/2006 12:29:06 AM , Rating: 2
IE fails to properly render everything according to the standards (although I don't think any others are perfectly compliant either). If they just allowed sloppy code, fine, that's a good thing that it's fault tolerant, but it doesn't render non-sloppy code properly, and that's the real argument.

Additionally there's the Microsoft-contrived tweaks and extensions that only IE supports, which in and of themselves weren't bad things, they just weren't standard. Nobody made the developers use those things, but it was available, and 90% of Internet users could see it properly for so long, and I think in some cases there wasn't a standard that allowed similar functionality for some features, that they became almost de facto standards.

The MS Java virtual machine for example, performed like a champ and everybody loved it, but it allowed additional, non-standard Java code which made resulting applets platform specific, which is why Sun had it shut down. Nobody made any developers use that code, it was just easier and allowed them to make better applets.


RE: ad
By Fritzr on 12/31/2006 6:37:24 PM , Rating: 2
I remember the MS Java debate. It boiled down to MSJava having a switch to select platform independent Java or Java with MSWindows only extensions. It shipped with MS only selected.

Sun's position was that most users didn't change any settings that didn't need changing.

Result MSJava programs often included MSWindows specific code without warning. Anyone not using MSJava compatible JVM got runtime errors.

Of course they could have solved the problem by requiring all endusers to use the latest MS Windows. Sun instead chose to require MSJava to be compliant with industry standards.

On fault tolerance. I've seen the issue discussed elsewhere and is considered both good and bad
Good: The code does not have to be completely bugfree as minor bugs are edited by the browser
Bad: Since no warnings or messages are given for the majority of these tolerant behaviors, the developer is unaware of the bug until new browsers stop tolerating it
Also for the bad, new browsers under development must include tolerance for undocumented bugs that the industry leaders tolerate & do not document. As the leaders improve their tolerance the new entries have an ever growing (unpublished) list of bugs they need to tolerate instead of flag.

IEx has the attitude that this fault tolerance is a feature and needs to be extended even further. It makes it very difficult to test HTML generators when the browser used to test the code refuses to flag errors.


RE: ad
By NoSoftwarePatents on 12/27/2006 12:58:16 AM , Rating: 2
Negative-IE 6 does not correctly render some web standards, such as CSS. You have to write some custom code in IE6 to get the standard to *appear* to work correctly.

http://www.positioniseverything.net/explorer.html



RE: ad
By Sharky974 on 12/27/2006 6:19:45 AM , Rating: 1
I dont know if what you say is true, but I'm willing to bet FF doesn't render every last thing correctly either.


RE: ad
By Hare on 12/27/2006 6:36:28 AM , Rating: 2
There's no such thing as perfect browser. They each have their flaws and quirks. IE6 is just notorious for being extremely bad when it comes to standard HTML and CSS.

FF is not perfect but it's miles ahead of IE6. IE6 is a bad joke. Luckily IE7 is a lot better (something I'm thankful of as a web developer). Saves huge amounts of time not having to do IE6 specific hacks (when IE7 is more widely adopted).


RE: ad
By alcalde on 12/28/2006 10:18:26 PM , Rating: 2
When I quit Bed Bath & Beyond in 2005, they were still using Access 97 - and even that was "not approved/supported". A lot of reporting was done with version 5.0 of Impromptu, which was discontinued in 2003 (at version 8.0).

Circa 18 months later, they are using Access 2003. The funny part is I'd argued that their data warehouse would not be ready in their 18 month timeframe and Impromptu/97 would not be able to handle their data volume within 18 months' time. No one wanted to be the one to spend more money (although the company had over 1 billion in the bank), or admit that was their motivation, so they argued insanity instead. I quit with one day's notice. Almost exactly 18 months later, they get the Access upgrade they told me then was not an option, right on my time schedule. Sigh...


RE: ad
By dluther on 12/26/2006 7:06:30 PM , Rating: 2
Dude,

Thanks for that little tip.

If I thought FF was fast before, wow!

I never realized how many ads were on this page alone.

Again, thanks!


RE: ad
By skyyspam on 12/26/06, Rating: -1
RE: ad
By mindless1 on 12/26/2006 2:19:50 PM , Rating: 2
Is being elite enough to figure out how to deprive one of your chosen news resources, of ad revenue, an admirable thing?

I hate ads, but sometimes click through anyway just to add some traffic. I prefer the option to do it rather than nuisances like intellitext which I do block.


RE: ad
By msva124 on 12/26/2006 2:53:39 PM , Rating: 3
Yeah, blocking ads is pretty rude. If you know for a fact that you're not ever going to click on an ads, I can't see what harm it would do, but even smart people will sometimes click on them unconsciously.


RE: ad
By msva124 on 12/26/2006 3:02:15 PM , Rating: 3
Well, let me clarify. Advertisers made the first strike with pop-up and pop-over ads, so they are to blame. But if you visit a site regularly and know it does not use these type of ads, why not unblock that site?


RE: ad
By Sharky974 on 12/26/2006 11:51:12 PM , Rating: 1
Well, Dailytech deserves it. If they support piracy against microsoft, show them a dose of their own medicine, and how easy it is to "crack" their ads.


RE: ad
By mindless1 on 12/27/2006 2:38:26 AM , Rating: 1
How naive (or deliberate?) you are to ignore the difference - that we chose to come here for news, Dailytech is not a news monopoly unlike a certain OS that comes on the vast majority of PCs from any major OEM.

That doesn't make piracy right, but let's be honest, MS could give away windows for free until the end of time and not be hurting for money.


RE: ad
By Sharky974 on 12/27/2006 6:18:41 AM , Rating: 2
So what? Nintendo could give away wii's for the next five years and not be hurting for money either. But I bet you wont mention that, because Nintendo is a politically correct company while microsoft is not.


RE: ad
By WhiteBoyFunk on 12/27/2006 12:21:55 PM , Rating: 2
I hardly believe that you are making a truly relative contrast.


RE: ad
By rushfan2006 on 12/27/2006 9:29:28 AM , Rating: 5
I don't see the logic in saying that someone blocking ads on websites is improper, unethical or whatever a few of you seem to imply it is.

I find it actually kind of hypocritical in a sense if you think about it. Businesses can be extremely intrusive with how they show annoying ads, or even let's go out of the cyber world and go to our homes with the pestering calls at all hours of the day and evenings. But that's all ok for them to frustrate us right? But suddenly someone comes a long and says "you know what I have the means now to get rid of these pesky ads and I'm going to do it" and that guy is called out as being "wrong, or uncool" or whatever fot that.

Sorry...life is a bitch, if a business annoys me with their ads....you are damn right I'll annoy them by not patronizing them or viewing their ads.

That all said...I'm fine with the static ads that don't distract me from the article I'm reading ....but even those, why I don't block them...I can count on one hand how many times I've clicked through an ad intentionally....and I started using the Web since its inception in the 90's.



RE: ad
By crazydrummer4562 on 12/26/2006 2:20:27 PM , Rating: 1
Too bad Firefox 2.0 can't run stable for more than ten minutes without having some kind of crash or glitch. A big step backwards from 1.5 in terms of stability. I do appreciate the spellcheck and suggested searches though.


RE: ad
By Suomynona on 12/26/2006 2:39:14 PM , Rating: 3
FF 2.0 will crash with Google toolbar. Uninstalling the toolbar will fix it right up.


RE: ad
By Hydrofirex on 12/26/2006 3:04:16 PM , Rating: 2
It runs stable for WAY more than 10 minutes. You're going to complain about stability in a product that competes with Microsoft?! Wow, how the world has changed.

Even Cnet recently rated Firefox 2.0 over IE7 in EVERY category. I thought I'd never use another browser, and I still have to switch back to IE for some sites that only work with it (work/school related), but it's so completely worth it. Firefox just, as the l33t would say, pawns IE7.

Besides, if it does crash, at least it session restores to exactly what you were doing.

HfX


RE: ad
By da killa on 12/26/2006 3:08:05 PM , Rating: 2
Use the IEtab extension for Firefox, that way you don't have to open another window, you just open your website directly into Firefox in an IE tab inside the program.


RE: ad
By masher2 (blog) on 12/26/06, Rating: -1
RE: ad
By WhiteBoyFunk on 12/27/06, Rating: 0
RE: ad
By Sharky974 on 12/27/2006 6:28:31 AM , Rating: 2
Yep he's right. FF is buggy as shit and you know it no matter how much you protest. I'd say it's way buggier then IE, especially when you have several extensions installed, although I continue to use it because of the extensions.

Lets see, it used to regularly do this maddening thing of popping up the "find text" (and therefore disabling focus from what I was writing, making continuing impossible) bar whenever I used an apostrophe when writing forum posts. I used to commonly have to write posts without any apostrophes. When I searched I found it was a well known bug (possibly associated with extensions, though who knows which one), but I guess slowass FF doesn't fix bugs very often because they didn't fix it. It hasn't done that in a while, maybe they FINALLY got around to fixing it. Now it has this stupid bug of saying I shut down suddenly and do I want to start a new session or restore old session? It does this annoying thing everytime I close FF and restart. Everytime. That's a new 2.0 bug, and yet another very very major one.

I still use it because I cant get IE7 (pirated Windows) and I have grown attached to a couple extensions, and I figure it's security is better because it has low market share. It's not a bad product but there's no question it's buggier than IE, 6 or 7.


RE: ad
By Nocturnal on 12/26/2006 4:11:14 PM , Rating: 2
Maybe you should take a step back and realize that ads are what provide you DailyTech.com and the ability to view their news. It's a reliable source of income and without it, who knows if this site would even exist? I use IE7 and I have no qualms about seeing the ads, I just don't click on them to be honest but if there is something I like or something interesting in the future, I may. But in the mean time, it's a source of income to keep this place running.


RE: ad
By Dustin25 on 12/26/06, Rating: 0
RE: ad
By masher2 (blog) on 12/26/2006 5:40:51 PM , Rating: 2
> "Way back in the early days of the net, there were plenty of review sites like this and there were no ads..."

I suspect a combination of faulty memory and wishful thinking. There are easily several hundred times as many review and news sites today as there were in the early 1990s. Furthermore, the overall quality of these sites is far higher, as those "ad revenues" you so despise allow them to hire personnel. In 1990, nearly every such site was a sideline hobby ran by one person in their spare time, updated infrequently at best.


RE: ad
By Dustin25 on 12/27/2006 12:26:51 AM , Rating: 2
"In 1990, nearly every such site was a sideline hobby ran by one person in their spare time, updated infrequently at best."


Ya, and that is what I liked. I think the faulty memories are on your end. The early 90's had little to no advertisements as the corporate world hadn't caught on like today. It was just like you said, the internet was made up of average geeks. And I could give crap less that there are more review sites as compared to ten years ago. Your opinion about the quality comparison is just that, an opinion.


RE: ad
By Googer on 12/27/2006 1:04:17 AM , Rating: 2
By tacorly on 12/26/2006 2:30:24 PM , Rating: 1
No. Any company that really wants to make money keeps the demands of the consumer in mind. That's how they keep customers and increase sales. Furthermore, even if Bill Gates only gave a shit about money, he donates billions to poor people which IMHO is a more worthy cause than some lame internet security that might require me to speak to my credit card company about a rare fraud attempt or download Norton.


By mindless1 on 12/26/2006 3:29:42 PM , Rating: 2
False. Any company that has a virtual monopoly does not have the same concerns about consumers switching to the competitor's product. There is no question MS does not consider market demand, rather the market is now saying "this is what we GET with Vista".


By masher2 (blog) on 12/26/2006 4:36:51 PM , Rating: 3
> "Any company that has a virtual monopoly does not have the same concerns about consumers switching to the competitor's product"

I suppose you're not aware that the vast majority of Microsoft's revenues are generated from products outside the OS arena. Products which do in fact have a great deal of competition.

Even within the OS market, there most certainly is competition, as any Linux fan will be quick to tell you. If Microsoft felt it had a monopoly, it certainly wouldn't have spent billions developing Vista...it would have continued to sell XP till the end of time.


By mindless1 on 12/27/2006 2:43:27 AM , Rating: 2
You mean like MS Office? Do tell where the "great deal of competition" is there. There is no point pretending MS didn't use the OS domination to gain footholds in other areas. It was an obvious connection.


"The Space Elevator will be built about 50 years after everyone stops laughing" -- Sir Arthur C. Clarke

DailyTech Poll
Which web browser do you use on your primary personal machine? 






44 Comments









botimage
Copyright 2009 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki