Its been reported elsewhere that pirates have already cracked into the Windows 7 RC and are setting up botnets using it. Probably something they practiced on with a Vista shrink-wrap disk. Here is where Microsoft screwed up big time.
The install routine could be set to do some sort of MD5 or better file checksum test and validation. Force the install routine to access a Microsoft server that does some sort of encrypted transaction with the install software BEFORE the software can be installed. The image needs to be fully encrypted and unlockable only when it calls home to the MS mothership and is validated.
They OWN 90% of the entire world's computer desktops. In other words, if you're going to "protect" your IP, start at the freaking beginning Microsoft! Its time they started acting like the responsible adults/citizens/corporate entities they say they are. They had an opportunity to at least slow down bot-nets and other Internet trash and they pissed it away.
Microsoft needs to be regulated, forced, coerced, sued and hammered on until they start up a substantial anti-botnet, anti-piracy effort that goes on the offensive against infected systems running their software.
An infected system once identified needs to get three strikes or its out. If the owner of the system will not take it off the Internet, then Microsoft needs to plant a logic bomb on the system that will prevent that system image from ever working through a network port again. If the User insists on re-installing the same damn infected image, hit it again. Sooner or later the User will disconnect the computer from the Internet and the rest of us will be the beneficiaries.
Microsoft can use that wonderful Terminal Services they've embedded in the OS to contact the owner or user of the system with a message that plants itself on the monitor until the User clicks the AGREE button. The User needs to agree to it. After all, he's already clicked Agree to the EULA! What's one more "meaningless" button push. When he presses Agree, he gets ANOTHER message telling him exactly what Microsoft is going to do to rid the system of viruses, Trojans etc. If he doesn't press Agree, he gets a message detailing the logic bomb action.
Then give him another chance to press Agree.
Pressing Agree, the User will have agreed to allow Microsoft to run their Windows Defender or other Anti-malware software on the system and remove the bot-net, the rootkit or what-have you. If the user doesn't click AGREE, then after two more instances, the logic bomb gets planted and set off.
Its not too late to make this work.
Microsoft can embed the logic bomb software into the install DVDs and the ISO's with the final RTM image. All of this information can likewise be included in a EULA. Microsoft has a huge legal department and they have a PR department. Its time that they started earning their keep on implementing a world-wide Internet security plan. The lawyers can work out the details of the EULA and the PR people can start spinning the new security features of the enhanced Windows 7 and probably make themselves look good even to the EU.
Microsoft has a corporate equivalent to this that prevents domain computers from accessing other systems on the domain. The name escapes me right now. Its a real pain-in-the posterior to setup but it works as advertised. It enforces a standard of settings and application installations to prevent inter-computer infestations. Further policy settings by the IT Admin can prevent the computer from accessing email, getting out on the Internet or sharing files via USB and CDs etc. The catch to all of this is the domain membership, obviously not something that's manageable on millions of Internet connected computers.
Personally I'm tired of Microsoft's passive stance on allowing their customer's computers to be used as Internet versions of Typhoid Mary. They need to be held to account. There are lemon laws for bad cars. Doctors get sued for mal-practice. The EULA only protects Microsoft. Its about time that there was a balance between users as a class or an economic force and Microsoft.
Scare the hell out of the stockholders with a $25 billion fine and maybe Microsoft will move to tighten up OS install security.
Crackers who get caught and prosecuted are fined for their activity. So why can't Microsoft be fined for their apparent malpractice or indifference in really locking down security around their operating system image?