KB940510 highlights some counterfeit Windows installations
by Adrian Kingsley-Hughes | February 27, 2008 7:47am PST | Image 1 of 14
Previous | Next
Setup
This gallery relates to the KB940510 highlights some counterfeit Windows installations on Hardware 2.0.
Gallery by Adrian Kingsley-Hughes
Just In
This is what SP1 was supposedly mostly about, I'm glad they finally did it right. Well, glad is not so much the right word for it, I mean I have no desire to steal and install an illegitimate (or legitimate) copy of Vista, I'm perfectly content with WinXP-MCE and Ubuntu. It's good to see that Microsoft got figured it out so quickly. There is however, one hitch to this plan...you dont have to install this update. I'm sure you can opt not to install it as with every update for Windows.
Yeah, this type of detection is a good way to go . . .
. . . but it has the same effect as an antivirus: They have to start playing a cat and mouse game as the hackers try to make their exploits undetectable to this tool, so now this will have to be updated constantly.
In addition, you are right: People who have these programs are probably going to refuse to install the update.
. . . but it has the same effect as an antivirus: They have to start playing a cat and mouse game as the hackers try to make their exploits undetectable to this tool, so now this will have to be updated constantly.
In addition, you are right: People who have these programs are probably going to refuse to install the update.
If you think you can survive without WGA update, you'll loose also many importants updates that Microsoft considers "non critical" but that are still not corrected without installing first WGA. This concerns also all important performance updates (many of them being related to bugs or unfinished software not behaving as documented, and causing lots of softwares to not work properly if this "non critical" update is not installed).
Remember that the only updates that Microsoft says will not need WGA validation are the updates that Microsot considers "critical".
This means that only updates that are are very actively exploited will be fixed without requiring WGA, leaving all the other bugs uncorrected, and opening the gate to many other holes, notably those that could open the door to DoS attacks (due to severe performance problems discovered in some functions that take nearly infinite time to work, such as when closing a session, or opening a network session, or resuming from sleep state or going to sleepng mode).
Note that many parts of Windows, when they don't receive the expected reply to a system uery that is too long to process will exit abruptly with a timeout error, and not all these timeout errors are caught in various softwares (not just Windows bundled components) This can causes some system resources to leak, because they won't be handled correctly, and because Windows still lacks a background idle process to perform garbage collection. The longer your PC runs, the least it performs due to leakage, unless you give it much more memory (so that this leakage remains small enough for not having to reboot at least every day).
Microsoft is now developing all its newer user-level components using managed memory (based on .Net technology) this is certainly a good thing for the stability and security of the OS, but most of the core system (and most drivers) is not managed, so garbage collection to reduce the impact of resource leakage (caused by Windows itself or by softwares built for various versions of Windows) is not smart enough.
And the .Net garbage collector is still not efficient enough to be able to run the whole system, including in the "Windows user-mode drivers model" framework. There is too much things remaining for long in memory, even if it will never be used again after boot or until one performs a true software installation or system update. All this data loaded at boot at code running too early is consuming resources and is leaking. For now the only solution is to increase the size of memory, but this is a solution for lazy programmers, but not a solution for those that want to run high-performance high-load servers, or want to run a OS on smaller devices or PCs. And this affects the performance of all softwares that users may want to run on their PC: the more softwares you'll install, the less your system will perform, even if you have plenty of memory and free disk space.
Linux still has no standard managed subsystem, except possibly Java or indepantly ported C# frameworks. But it is much simpler to isolate problems and to reduce the interdependancies on Linux than on Windows, and much simlpler to perform cleanup, even without using managed code and installation.
In addition the code of most applications and rivers on linux is really small and very optimized; this is not the case of Windows that is constantly increasing in size and inherent complexity with too many interdependant modules, plus many incompatibilities across versions due to API differences (something that side-by-side installation, a.k.a "SxS", has still not helped reducing as it represents only a very small minority of the Windows application and system code, all the rest filling the \Windows\System folder with lots of DLLs with unknown role, and too many of them without even any digital signature like "AuthentiCode": this makes controling the state of the system very difficult to achieve, unless you have built a backup of data/code signatures of every file that is part of the Windows installation, and you can discover what has been added, removed or tampered by malicious code or incorrect installer).
Note also that "critical updates" are now only those for products that are in active support; but many system components that are in "near end of life" are no longer updated unless they contain serious bugs that could spread fast to many PCs.
So even if all critical updates are installed without WGA, it remains lots of other uncorrect area, and this allows tons of malware to interact with the system.
Remember that the only updates that Microsoft says will not need WGA validation are the updates that Microsot considers "critical".
This means that only updates that are are very actively exploited will be fixed without requiring WGA, leaving all the other bugs uncorrected, and opening the gate to many other holes, notably those that could open the door to DoS attacks (due to severe performance problems discovered in some functions that take nearly infinite time to work, such as when closing a session, or opening a network session, or resuming from sleep state or going to sleepng mode).
Note that many parts of Windows, when they don't receive the expected reply to a system uery that is too long to process will exit abruptly with a timeout error, and not all these timeout errors are caught in various softwares (not just Windows bundled components) This can causes some system resources to leak, because they won't be handled correctly, and because Windows still lacks a background idle process to perform garbage collection. The longer your PC runs, the least it performs due to leakage, unless you give it much more memory (so that this leakage remains small enough for not having to reboot at least every day).
Microsoft is now developing all its newer user-level components using managed memory (based on .Net technology) this is certainly a good thing for the stability and security of the OS, but most of the core system (and most drivers) is not managed, so garbage collection to reduce the impact of resource leakage (caused by Windows itself or by softwares built for various versions of Windows) is not smart enough.
And the .Net garbage collector is still not efficient enough to be able to run the whole system, including in the "Windows user-mode drivers model" framework. There is too much things remaining for long in memory, even if it will never be used again after boot or until one performs a true software installation or system update. All this data loaded at boot at code running too early is consuming resources and is leaking. For now the only solution is to increase the size of memory, but this is a solution for lazy programmers, but not a solution for those that want to run high-performance high-load servers, or want to run a OS on smaller devices or PCs. And this affects the performance of all softwares that users may want to run on their PC: the more softwares you'll install, the less your system will perform, even if you have plenty of memory and free disk space.
Linux still has no standard managed subsystem, except possibly Java or indepantly ported C# frameworks. But it is much simpler to isolate problems and to reduce the interdependancies on Linux than on Windows, and much simlpler to perform cleanup, even without using managed code and installation.
In addition the code of most applications and rivers on linux is really small and very optimized; this is not the case of Windows that is constantly increasing in size and inherent complexity with too many interdependant modules, plus many incompatibilities across versions due to API differences (something that side-by-side installation, a.k.a "SxS", has still not helped reducing as it represents only a very small minority of the Windows application and system code, all the rest filling the \Windows\System folder with lots of DLLs with unknown role, and too many of them without even any digital signature like "AuthentiCode": this makes controling the state of the system very difficult to achieve, unless you have built a backup of data/code signatures of every file that is part of the Windows installation, and you can discover what has been added, removed or tampered by malicious code or incorrect installer).
Note also that "critical updates" are now only those for products that are in active support; but many system components that are in "near end of life" are no longer updated unless they contain serious bugs that could spread fast to many PCs.
So even if all critical updates are installed without WGA, it remains lots of other uncorrect area, and this allows tons of malware to interact with the system.
Microsoft has already applied the necessary updates before just in order to be able to modify WGA when it wants without your knowledge. You just need to have a working connection to the Internet, Microsoft has already appleid sveral stealth installations without asking autorization, and even when your installation of Vista was made by asking prior confirmation before installing any update.
The only people that are protected are those running Vista in Enterprise behind a strict firewall, and where Vista on desktops is updated through a private local distribution server: once the admin has integrated the update on the local Microsoft server, he cannot even block this installation of all the desktop PCs that got their licence from that licence server.
Vista contains a true backdoor that allows remote control and running scripts on behalf of the legitimate user.
If WGA suddently switch off Vista, it will be brutal. And you won't be able to reactivate through the internet, you'll have to phone to Ireland, provide personal details, provide again your proof of purchase and details of what may have happened. If you cannot explain what happened and none of your reasons fall into the predefined categories, you'll be denied all access to Vista, and you'll be ransomned by Microsoft to pay an extra licence.
Remember this: OEM licences are extremely exposed at risk of being switched off at any time; and because OEM licences come without support, don't expect Microsoft will help you solve the problem, even if Microsoft is fully liable of your problem.
I personnaly thinl that Microsoft is doing something wrong when it assumes that the presence of traces left by some Vista crack on a system is enough to justify the deactivation of Vista, as if it was illegitimate. We have a lot of Internet security exploits and so huge numbers of PC infected by malwares, that such traces will not be proofs, but many will be unintentional. There should remain a chance for keeping Windows active by providing simple proofs of purchase.
But WGA is so bogous that it deactivates quite often for various reasons, including when some device is not working properly, for example because a display driver is not starting as expected after some update, or because the SATA bus is locked by some misconfiguration of the bus after a software bug, and is not returning one of the expected hardware signatures with the correct format:
I've seen such bugs occuring after trying to burn a DVD and then rereading it: it caused the DVD player to hang in its firmware, and blocking the bus. Even rebooting did not solve the problem but it caused WGA to deactivate the genuine licence. Even after cold start (unplugging physically the power, not just pressing the on/off button), Vista was not reactivated to the state it had before, once the device is functional again, because WGA action is immediately DESTRUCTIVE when it is deactivating a system: there's no recovery, not even through harddisk backup (I suspect that WGA is registering its own activation state within the NVRAM of some PCI devices, or in the non volatile PCI configuration data of the processor or of the chipset; file restoration is not enough, but you can't backup the whole hardware configuration data to restore it without specific tools that are exploring all buses and all NVRAM configuration registers of plugged devices).
It seems that WGA is effectively marking the activation or deactivation status in the non-volatile configuration area of the processor, or graphic adapters or chipset or any PCI or USB or FireWire or ATAPI/SATA device that has some free/unused space in its standard non-volatile 256 bytes device configuration block (whose only about 20 to 50 bytes are effectively used for standard descriptors, leaving many parts unused except by other OSes or in very specifix situations for solving hardware conflicts and allowing PnP resource allocation and recovery).
The only people that are protected are those running Vista in Enterprise behind a strict firewall, and where Vista on desktops is updated through a private local distribution server: once the admin has integrated the update on the local Microsoft server, he cannot even block this installation of all the desktop PCs that got their licence from that licence server.
Vista contains a true backdoor that allows remote control and running scripts on behalf of the legitimate user.
If WGA suddently switch off Vista, it will be brutal. And you won't be able to reactivate through the internet, you'll have to phone to Ireland, provide personal details, provide again your proof of purchase and details of what may have happened. If you cannot explain what happened and none of your reasons fall into the predefined categories, you'll be denied all access to Vista, and you'll be ransomned by Microsoft to pay an extra licence.
Remember this: OEM licences are extremely exposed at risk of being switched off at any time; and because OEM licences come without support, don't expect Microsoft will help you solve the problem, even if Microsoft is fully liable of your problem.
I personnaly thinl that Microsoft is doing something wrong when it assumes that the presence of traces left by some Vista crack on a system is enough to justify the deactivation of Vista, as if it was illegitimate. We have a lot of Internet security exploits and so huge numbers of PC infected by malwares, that such traces will not be proofs, but many will be unintentional. There should remain a chance for keeping Windows active by providing simple proofs of purchase.
But WGA is so bogous that it deactivates quite often for various reasons, including when some device is not working properly, for example because a display driver is not starting as expected after some update, or because the SATA bus is locked by some misconfiguration of the bus after a software bug, and is not returning one of the expected hardware signatures with the correct format:
I've seen such bugs occuring after trying to burn a DVD and then rereading it: it caused the DVD player to hang in its firmware, and blocking the bus. Even rebooting did not solve the problem but it caused WGA to deactivate the genuine licence. Even after cold start (unplugging physically the power, not just pressing the on/off button), Vista was not reactivated to the state it had before, once the device is functional again, because WGA action is immediately DESTRUCTIVE when it is deactivating a system: there's no recovery, not even through harddisk backup (I suspect that WGA is registering its own activation state within the NVRAM of some PCI devices, or in the non volatile PCI configuration data of the processor or of the chipset; file restoration is not enough, but you can't backup the whole hardware configuration data to restore it without specific tools that are exploring all buses and all NVRAM configuration registers of plugged devices).
It seems that WGA is effectively marking the activation or deactivation status in the non-volatile configuration area of the processor, or graphic adapters or chipset or any PCI or USB or FireWire or ATAPI/SATA device that has some free/unused space in its standard non-volatile 256 bytes device configuration block (whose only about 20 to 50 bytes are effectively used for standard descriptors, leaving many parts unused except by other OSes or in very specifix situations for solving hardware conflicts and allowing PnP resource allocation and recovery).
Ridiculous. Simply right-click on the update and select 'Hide this update'. I encourage all genuine Vista users to do this. Unless you view the details of each and every update it would not be very difficult to install this update on a counterfeit Vista PC. Haven't honest hardworking people lost enough of their trustworthiness & civil rights in the past 7 years?
Why would any sane person want to copy Vista when they can have an infinitely better free system ...*** LINUX ***...
I agree, windows is garbage, save yourself some grief get linux instead.
yes you can opt.out.right click hide update. here is another tech here with a different os. in my case it's from sun
The update disables legal versions of Windows that have legally changed hands.
Of course, this matters little to me since I use Linux! I email with Linux. I view video with Linux.
There is one thing my Linux cannot seem to do!
It cannot crash like Windows!
Mark Heinemann
Of course, this matters little to me since I use Linux! I email with Linux. I view video with Linux.
There is one thing my Linux cannot seem to do!
It cannot crash like Windows!
Mark Heinemann
The cure for this is simple:
switch to Linux
Then you will be rid of having to deal with M$ (Malware Society)!!!!
switch to Linux
Then you will be rid of having to deal with M$ (Malware Society)!!!!
I have a Paradox file on the root directory of my genuine installation of Vista (bought from Microsoft!); I hope this won't inactivate my licence, because Paradox is a legitimate software not to be confused with the Paradox OEM exploit.
I am speaking about the legitimate Paradox relational database driver used by some softwares I bought (used through ODBC or OLEDB). My Vista installation was activated with a genuine licence before i even installed this other software.
If Microsoft detets some newer software installed after genuine Vista installation, it will steal the customer.
i absolutely don't know what the Paradox OEM crack is doing, I have never seen it or even tried it.
But if someone tried it by accident and if it left some trace on the genuine system where it was tried (or installed on the PC without user consent due to some viral infection), I just hope that Microsoft will not switch off Windows, but instead will provide the necessary cleanup tool, and will still allow the user to reactivate with its existing genuine licence.
Unfortunately, I have seen my genuine installation of Vista Ultimate OEM being blocked by WGA several times, and I have already had to reactivate it with a complex procude to prove again that I had really bought it. This rehappened the last time I had to change my graphics adapter because the previous one had burnt (due to insufficient power: I also had to change the power for a 450 watts unit, plus another fan for the box, just because of the display adapter): Vista did not want to reactivate.
It rehappens that WGA wants to revalidate by phone only each time I plug or unplug a harddisk. It also happened when I unplugged a DDR SDRAM to put a larger model.
i don't know what WGA is doing, but now, the number of revalidation i have had to do in just one year is really bzcoming a nightmare. Vista is really untolerant and has gone several times in "emergency" situation where i had to revalidate theoretically in the next 48 hours, but where I was given just a couple of hours becfore getting blocked.
Unfortunately, Microsoft does not want to give me another licence number that is not so much compromized by too many reactivations on the same machine. And Vista Ultimate was expensive and bought at Microsoft! Now I always fear loosing everything on my machine, including other non-Microsoft licences linked to my machine (such as DRM-protected medias, that Vista or the DRM provider does not want to transfer to any external backup solution, due to limitation/bugs in Media Player and to the DRM protection scheme that does not work on someting else than Vista and refuses all transfers to external devices).
Microsoft says that WGA validation is needed for our security. But for me, WGA means real insecurity for MY OWN data, this is a bug installed in the system, a malicious stealth backdoor that Microsoft can operate remotely without authorization.
Microsoft is saying to everyone: ALL YOUR DATA ON WINDOWS ARE BELONG TO US. Microsoft is stealing our exclusive rights.
I am speaking about the legitimate Paradox relational database driver used by some softwares I bought (used through ODBC or OLEDB). My Vista installation was activated with a genuine licence before i even installed this other software.
If Microsoft detets some newer software installed after genuine Vista installation, it will steal the customer.
i absolutely don't know what the Paradox OEM crack is doing, I have never seen it or even tried it.
But if someone tried it by accident and if it left some trace on the genuine system where it was tried (or installed on the PC without user consent due to some viral infection), I just hope that Microsoft will not switch off Windows, but instead will provide the necessary cleanup tool, and will still allow the user to reactivate with its existing genuine licence.
Unfortunately, I have seen my genuine installation of Vista Ultimate OEM being blocked by WGA several times, and I have already had to reactivate it with a complex procude to prove again that I had really bought it. This rehappened the last time I had to change my graphics adapter because the previous one had burnt (due to insufficient power: I also had to change the power for a 450 watts unit, plus another fan for the box, just because of the display adapter): Vista did not want to reactivate.
It rehappens that WGA wants to revalidate by phone only each time I plug or unplug a harddisk. It also happened when I unplugged a DDR SDRAM to put a larger model.
i don't know what WGA is doing, but now, the number of revalidation i have had to do in just one year is really bzcoming a nightmare. Vista is really untolerant and has gone several times in "emergency" situation where i had to revalidate theoretically in the next 48 hours, but where I was given just a couple of hours becfore getting blocked.
Unfortunately, Microsoft does not want to give me another licence number that is not so much compromized by too many reactivations on the same machine. And Vista Ultimate was expensive and bought at Microsoft! Now I always fear loosing everything on my machine, including other non-Microsoft licences linked to my machine (such as DRM-protected medias, that Vista or the DRM provider does not want to transfer to any external backup solution, due to limitation/bugs in Media Player and to the DRM protection scheme that does not work on someting else than Vista and refuses all transfers to external devices).
Microsoft says that WGA validation is needed for our security. But for me, WGA means real insecurity for MY OWN data, this is a bug installed in the system, a malicious stealth backdoor that Microsoft can operate remotely without authorization.
Microsoft is saying to everyone: ALL YOUR DATA ON WINDOWS ARE BELONG TO US. Microsoft is stealing our exclusive rights.
Well actually, if this happens to you, for whatever reason, and it says it isnt validated when you start up, just access the system with reduced functionality, it brings up your internet window. now, go to file, open, and open explorer from the windows folder. that will start up windows, and gove you enough tome to copy your data, and then reinstall your uncertified version, without the ethernet cable plugged in, and then disable updates. And if you want to get SP1 without unvalidating the copy, just downlaod the installer, unpack it, remove whatever file it may be that notifies you, and then make a new install package using a freeware app out there. Simple? yes Annoying as hell? very as much of a pain in the ass as calling up the Microsoft and waiting for 4 yours to talk to someone who can help? not even close.
All the more reason to stick with xp.
Or make the switch to Ubuntu.
Gotta keep the cash cow going.
M$ is pissed that there are at least a dozen
key generators for Vista, on Pirate Bay alone!
Or make the switch to Ubuntu.
Gotta keep the cash cow going.
M$ is pissed that there are at least a dozen
key generators for Vista, on Pirate Bay alone!
Join the conversation!
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Vendor Showcase
